Business + Partners

After the Hack: Tips for Damage Control

According to the Identity Theft Research Center, in 2017 alone, nearly 158 million social security numbers were stolen as a result of 1579 data breaches. Once a cybercriminal has access to your personal info, they can open credit cards, take out loans that quickly...

Cyber News Rundown: Russia Bans Telegram

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask. Russia Blocks Millions of IPs to Halt Use of...

Re-Thinking ‘Patch and Pray’

When WannaCry ransomware spread throughout the world last year by exploiting vulnerabilities for which there were patches, we security “pundits” stepped up the call to patch, as we always do. In a post on LinkedIn Greg Thompson, Vice President of Global Operational...

Use Caution with Free-to-Play Mobile Games

Who doesn’t like a good mobile game? Especially a free one! They allow you to blow off steam while fine-tuning your skills, competing with others or maybe even winning bragging rights among friends. Free games can be fun to play, yet there are some common-sense...

Re-Thinking ‘Patch and Pray’

Reading Time: ~3 min.

When WannaCry ransomware spread throughout the world last year by exploiting vulnerabilities for which there were patches, we security “pundits” stepped up the call to patch, as we always do. In a post on LinkedIn Greg Thompson, Vice President of Global Operational Risk & Governance at Scotiabank expressed his frustration with the status quo.

Greg isn’t wrong. Deploying patches in an enterprise department requires extensive testing prior to roll out. However, most of us can patch pretty quickly after an announced patch is made available. And we should do it!

There is a much larger issue here, though. A vulnerability can be known to attackers but not to the general public. Managing and controlling vulnerabilities means that we need to prevent the successful exploitation of a vulnerability from doing serious harm. We also need to prevent exploits from arriving at a victim’s machine as a layer of defense. We need a layered approach that does not include a single point of failure–patching.

A Layered Approach

First off, implementing a security awareness training program can help prevent successful phishing attacks from occurring in the first place. The 2017 Verizon Data Breach Investigations Report indicated that 66% of data breaches started with a malicious attachment in an email—i.e. phishing. Properly trained employees are far less likely to open attachments or click on links from phishing email. I like to say that the most effective antimalware product is the one used by the best educated employees.

In order to help prevent malware from getting to the users to begin with, we use reputation systems. If almost everything coming from http://www.yyy.zzz is malicious, we can block the entire domain. If much of everything coming from an IP address in a legitimate domain is bad, then we can block the IP address. URLs can be blocked based upon a number of attributes, including the actual structure of the URL. Some malware will make it past any reputation system, and past users. This is where controlling and managing vulnerabilities comes into play.

The vulnerability itself does no damage. The exploit does no damage. It is the payload that causes all of the harm. If we can contain the effects of the payload then we are rethinking how we control and manage vulnerabilities. We no longer have to allow patches (still essential) to be a single point of failure.

Outside of offering detection and blocking of malicious files, it is important to stop execution of malware at runtime by monitoring what it’s trying to do. We also log each action the malware performs. When a piece of malware does get past runtime blocking, we can roll back all of the systems changes. This is important. Simply removing malware can result in system instability. Precision rollback can be the difference between business continuity and costly downtime.

Some malware will nevertheless make it onto a system and successfully execute. It’s at this point we observe what the payload is about to do. For example, malware that tries to steal usernames and passwords is identified by the Webroot ID shield. There are behaviors that virtually all keyloggers use, and Webroot ID Shield is able to intercept the request for credentials and returns no data at all. Webroot needn’t have seen the file previously to be able to protect against it. Even when the user is tricked into entering their credentials, the trojan will not receive them.

There is one essential final step. You need to have offline data backups. The damage ransomware does is no different than the damage done by a hard drive crash. Typically, cloud storage is the easiest way to automate and maintain secure backups of your data.

Greg is right. We can no longer allow patches to be a single point of failure. But patching is still a critical part of your defensive strategy. New technology augments patching, it does not replace it and will not for the foreseeable future.

What do you think about patch and pray? Join our discussion in the Webroot Community or in the comments below!

Security Awareness Training: How to Get Started

Reading Time: ~3 min.

In the past, security awareness training for user education—i.e. empowering users to make more savvy IT decisions in their daily routines—was considered a “nice to have,” not a necessity. The decision to adopt user education was typically passed over because of budget, lack of in-house expertise, and the general lack of availability of high-quality, low-cost, computer-based training. In particular, small- to medium-sized businesses (SMBs) have suffered from these types of constraints, compared to larger, more resource rich organizations.

Today, it’s clear that end user education isn’t just “nice to have,” and SMBs know it. As recently as August of 2017, a Better Business Bureau study on the State of Cybersecurity revealed that almost half of SMBs with 50 employees and under regard security awareness training among their top 3 security expenditures, alongside firewalls and endpoint protection.

The increase in interest and budget allocation for end user education is understandable. On average, SMBs face $80,000 in annual losses following a ransomware or data loss breach. Users are on the front lines of your business, and even the most advanced security can’t stop them from willingly, if unwittingly, handing over sensitive access credentials. If you’re not educating your users, then you are putting your organization at an unnecessary and costly risk.

Here are a few tips for managed service providers (MSPs) and SMBs on getting started with end user education:

Introduce to Stakeholders

Like any new program, building a foundation for success begins when you engage your stakeholders and management teams. Send an email explaining the value of security awareness to management, share details and reports around your first phishing and training campaigns, and loop in IT. Not sure how to craft that first email? Check out

Start out with a Phishing Campaign

Consider starting your security awareness program with a simulated phishing campaign. The results of the simulation can also be used to demonstrate value to any more skeptical or reluctant IT decision-makers. Use the first phishing campaign as your baseline to gauge the level of awareness your end users already have. Webroot Security Awareness Training comes with a variety of template options to help you get started. We recommend using a template that mimics an internal communication from HR or the IT department to get the most eyes on the email. For early campaigns, it’s also a good idea to use Webroot’s “404 Page Note Found” template so users who fall for the phishing lure are unaware. This will help keep water cooler talk at a minimum, giving you a more accurate baseline. After that, be sure to link your phishing campaigns to training pages and courses to maximize the training opportunity.

Share results with End Users

Use feedback to inspire smarter habits. A key objective for security awareness training is to engage end users and raise the level of cyber awareness throughout the organization. For instance, sharing results of a simulated phishing campaign can help employees understand the impact of poor online habits and motivate them to practice better behaviors.

Webroot Security Awareness Training lets admins see who clicked what in a phishing simulation. Bear in mind: the point of sharing results is not to shame the unwitting marks who fell for the scam. Instead, try capitalizing on everyone’s engagement by sharing an overall statistical report, so users can recognize whether they clicked or avoided the phishing lure, without fear of embarrassment. More importantly, such a report would show the statistics around the organization as a whole, opening the door for further training programs to fill security gaps and provide a continuous learning experience.

Continuous Training: Set up your phishing and training program

Once end users are engaged and understand the value, the next step is setting up a training program. There is no one-size-fits-all program, but we recommend running at least one to two phishing campaigns per month and a minimum of one to two training courses per quarter. Depending on the needs of each organization, you may want to increase the frequency and adjust intervals throughout the year. Webroot Security Awareness Training includes numerous pre-built phishing templates you can use, including real-world phishing scenarios (defanged from the wild.) It also offers professionally developed and engaging topical training courses, which you can be proud to share with your company. Courses range from cybersecurity best practices and 5-minute micro-learning courses to in-depth compliance courses on PCI, HIPAA, GDPR, SEC/FINRA, and more.

When you start seeing the significant impact that relevant, high-quality, and proven security awareness education has on your employees, you’ll wonder how your business ever managed without it.

Top 3 Questions SMBs Should Ask Potential Service Providers

Reading Time: ~1 min.

It can be daunting to step into the often unfamiliar world of security, where you can at times be inundated with technical jargon (and where you face real consequences for making the wrong decision). Employing an MSP or MSSP is oftentimes in best interest of small and medium businesses (SMBs).

In a study performed by Ponemon Institute, 34% of respondents reported using a managed service provider (MSP) or managed security service provider (MSSP) to handle their cybersecurity, citing their lack of personnel, budget, and confidence with security technologies as driving factors. But how do you find a trustworthy partner to manage your IT matters?

Here are the top 3 questions any business should ask a potential security provider before signing a contract:

 

 

 

 

 

While these are not all of the questions you should consider asking a potential service provider, they can help get the conversation started and ensure you only work with service providers who meet your unique needsservice providers who meet your unique nee.

  1. Ponemon Institute. (2016, June). Retrieved from Ponemon Research: https://signup.keepersecurity.com/state-of-smb-cybersecurity-report/
  2. Ponemon Institute Cost of Data Breach Study: (2017 June) https://www.ibm.com/security/data-breach

Thoughts from Webroot’s new President & CEO, Mike Potts

Reading Time: ~3 min.

I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.

Thanks to an extraordinary team, Webroot is in a great place today. We lead the market with cloud-based solutions that set the standard for endpoint and network protection, threat intelligence, and now security awareness training. Our solutions provide essential protection for the connected world from an ever-growing number of malicious threats. We have the highest customer satisfaction ratings in the industry and achieved 14 consecutive months of double-digit growth.

That’s an outstanding foundation to build upon. Over the next several months, I’ll focus on People, Process, and Technology as I work to accelerate our momentum in innovation and customer success.

Our cyber community

People will always come first, both the Webroot team and our customers and partners. We’ll continue to invest in recruiting and developing the best talent. Our team has more experience in applying advanced machine learning to the challenges of cybersecurity than anyone, and we’ll continue to push the envelope on using that intelligence to solve the issues that are most impactful to our customers.  I plan to visit many of our business customers in the coming weeks, to understand how we could be doing better today, and how we can build our businesses together.

Process at scale

My focus on process will be about scale. You’ll quickly find that I believe in the value and leverage of working with partners. We have a great footprint with MSPs serving small- and medium-sized businesses today that we will continue to strengthen. We also have strategic technology partners embedding our threat intelligence in their products, and there is potential for many more.  Moreover, I’ll push the team to generate even more innovation, introduce it faster, and to more customers than we have before, while holding true to our core company values of integrity, innovation, excellence, and customer success.

Advancing technology

Finally, I will focus on technology. We disrupted the market with our revolutionary Webroot SecureAnywhere endpoint solutions and our threat intelligence. Since then, we’ve extended our protection to the network layer and added user training to address the last line of defense. I want to ensure we continue to build on this legacy, and just as importantly anticipate the next great market shift.

While new to Webroot, I’m not new to the cybersecurity and technology space. I have been leading companies in the application and security sectors for the past 25 years. Before Webroot, I served as an integration executive in the security business group at Cisco, following the acquisition of my company Lancope in 2015. As president and CEO of Lancope, my team and I led the transformation of the network security company, driving over 600 percent growth in five years. Prior to Lancope, I served as president and CEO of AirDefense and changed the game in wireless security. AirDefense was then acquired by Motorola. With this background and the great Webroot team, I feel we are prepared to do something truly special. Webroot is by far the healthiest company I’ve ever had a chance to lead from day one, so I foresee even greater potential for us!

I look forward to meeting our customers, partners, and advocates in the coming months, and have you all join in this next great chapter of Webroot history.

Regards,
Mike

More Automation. More #MSProfits.

Reading Time: ~2 min.

Savvy MSPs know that automation improves efficiency and strengthens their bottom line. In a nutshell, automation enables an MSP to reduce the amount of time its technicians spend handling routine or repetitive tasks, thus cutting costs for service delivery and freeing those techs to devote more attention to activities that generate more revenue.

Enabling Creativity Spurs Growth

It’s no secret that computers are more efficient than humans when it comes to performing repetitive work, while humans deliver superior results in situations that require creativity, critical thinking, and decision making. Part of the reason automation is so effective is because it enables MSPs to take advantage of these fundamental truths.

Freeing up your technicians for more appropriate endeavors presents benefits beyond simple cost savings. It also gives you the opportunity to differentiate yourself from other MSPs and position your business for future growth by finally enabling your technicians to see the forest for the trees.

When an MSP’s technicians are mired in routine administration and maintenance responsibilities—such as deploying security upgrades, performing regular disk cleanup, or managing tickets—there’s no time to step back and evaluate the overarching IT challenges that affect that particular client. And that means missed business opportunities.

More Time for Personalization

Proactively identifying a client’s IT challenges will help that client improve their business operations. This will not only differentiate you from other MSPs, it will also establish a foundation of trust upon which you can build long-term relationships with your customers; which, of course, is key to generating recurring, predictable revenue.

But an MSP can only design creative solutions to its clients’ business and IT challenges if its team has the time to identify those challenges. They need the bandwidth to consciously and continuously review each client’s business operations and craft powerful and personalized solutions.

Automation can solve that problem. Not only does it free up your IT team to focus on the specific issues each client faces, it also allows you to deliver a more comprehensive range of services individually tailored to those clients.

Today’s combination of automated and dynamic cloud services let you choose from an array of solutions for each of your clients, while still ensuring management is automated for maximum efficiency. The net result? You’ll boost your profitability by increasing customer satisfaction and long-term patronage, all while significantly reducing your management and operational costs.

Learn More… and Enter for a Chance to Win!

The Webroot #MSProfits Program is dedicated to helping MSPs boost their profitability by automating their business operations. Learn more about the benefits of automation, and enter for a chance to win a sophisticated home technology package.

Talking DNS Protection with ConnectWise

Reading Time: ~3 min.

It’s been an exciting week for our partner ConnectWise – they started offering customers Webroot SecureAnywhere DNS Protection. To get insight into why this matters, I sat down with George Anderson, Webroot’s product marketing director for business solutions, and Gavin Gamber, vice president of Channel Sales and Alliances at ConnectWise.


Can we start with the basics? What is DNS?

George: DNS stands for Domain Name System. The Basic job of DNS is to turn a human-friendly domain name like webroot.com into an Internet Protocol (IP) address like 66.35.53.194. Computers use IP addresses to identify each other. When a user accesses an external website or downloads files, their computer uses a DNS server to look up the domain name and then directs the user to that website.

Ok, kind of like a phone directory for the internet. That helps me understand the power DNS can hold.

George: That’s right. DNS is a powerful part of making the internet work. It also can be an equally powerful avenue for protecting a business. According to our data, many infections are generated through web browsing. Implementing web filtering security at the DNS layer can have a very significant impact on infection rates.

Wow. The internet is a big, beautiful, and scary place.

George: It can be. Using the internet is a high-risk activity for every business, regardless of size. Sometimes good sites can contain bad content. Users can fall victim to drive-by ransomware, employees can click on malvertising, and the list goes on.

Can you give us an example of what security at the DNS layer can stop?

Gavin: Let’s say, for example, you work with medical clients. Most of the end users are protected, but when guests come onto the network there is no way to monitor their web traffic. Since you don’t control the device, you don’t have any antivirus protecting the guest’s endpoint. With DNS filtering, you can protect the network and prevent guests from knowingly or unknowingly going to harmful or sensitive websites.

George: Using a web filtering solution at the DNS layer lets businesses do a few things. First, it creates policies for web usage that can be applied globally or by client. An MSP can decide, for example, whether to block certain content or social media sites. Second, it filters URLs for security risks, preventing infections by automatically sifting out known malicious websites. Finally, it allows a partner to monitor overall web usage and its security risk posture. What’s really different is that this all happens outside the network at the domain layer, so most infections are stopped at the earliest possible stage.

In a nutshell?

George: DNS Protection allows organizations to configure their router or firewall to point to Webroot’s secure DNS resolver servers for granular web filtering. Then, partners simply configure an acceptable internet usage policy. By doing so, they can block malicious URLs, restricted content, social media, or streaming sites they don’t want employees perusing at work.

ConnectWise, what are you hearing from partners about web filtering and its need?

Gavin: This is just one more layer of end user security that is typically time and labor intensive to set up. Our partners and their clients want to mitigate all attack vectors whether they manage all the devices on the network or not. As security risks persist, this is a must-have tool.

So what will all this mean for our ConnectWise partners?

George: First and foremost, it’s simple and easy for ConnectWise partners to deploy and manage. The new DNS Protection service has been fully integrated into the same Global Site Manager (GSM) console they use today for Webroot’s endpoint security. It also benefits from the same pillars of Webroot’s other security services.

  • No hardware or software to install
  • Includes robust reporting options for easy management
  • Direct benefits from Webroot BrightCloud Web Classification Service
ConnectWise, why are you excited for this new product?

Gavin: When we first saw Webroot SecureAnywhere DNS we were blown away by the ease of use and straightforward deployment. Our initial reaction was that our partners would find this incredibly valuable. Additionally, this really leverages the threat intelligence that Webroot has collected over the years and gives that control to our partners in a very powerful and consumable product.


Thank you, both. Glad we could chat all things web filtering.

Interested in learning more? We have additional resources. You also can discover everything Webroot is doing with ConnectWise at Automation Nation, June 19-21 in Orlando, FL. Visit us at booth #201, where you can see a demo of DNS Protection.

Webroot CTO Hal Lonas on Rethinking the Network Perimeter

Reading Time: ~5 min.

“What are our cybersecurity protocols?” This question is one that has, undoubtedly, been top of mind for CTOs at numerous corporations and government agencies around the world in the wake of recent ransomware attacks. Given the hundreds of thousands of endpoint devices in more than 150 countries that were infected in the latest global attack, WannaCry, can you blame them?

Cybersecurity stock buying trends are on the rise. According to CNN Money, the PureFunds ISE Cyber Security ETF (HACK), which owns shares in most of the big security companies, was up more than 3 percent in early trading the Monday following the first WannaCry attacks. Positive performance in cybersecurity stocks comes as no surprise as organizations shore up their defenses in preparation for future attacks—big or small. This is the security climate in which we live.

While the numbers have been rising on both fronts, do the affected organizations truly understand what to look for when addressing cybersecurity? Where should the protection start? What obstacles might organizations need to overcome? How can they be better prepared?

Hal Lonas, chief technology officer at Webroot, takes us beyond the sobering wake-up call that attacks like WannaCry bring, and discusses actionable advice companies should consider when fortifying systems against cybercriminals.


Where should an organization start when thinking about combating malicious files entering the network?

Organizations should think about their security in terms of layers. Between the user sitting in the chair and the sites and services they access from their workstations, every level of security is equally important. The vehicles malicious files use to infiltrate the network shouldn’t be ignored either. Is it a URL? Is it a USB key that’s physically carried into the office? Or maybe it’s an employee who takes their laptop home and uses it on an unsecured network—the possibilities are endless. We’re in a very interesting era in which mobility has become the norm, there are more internet-connected devices than ever, and there are more angles every day for cybercriminals to launch attacks. Essentially, the perimeter is dissolving. That means organizations need to rethink how they approach protecting their networks.

We’ve heard the term “dissolving” a number of times recently when talking about the traditional notion of the network. Can you speak more on that?

Let’s use my phone as an example. Right now, it’s connected to the secure employee wireless in this office. When I hit the coffee shop later for a meeting, it might be on their public Wi-Fi. While I’m driving to the airport this afternoon, it’ll be on a cellular network. By tonight, it’ll be on the guest Wi-Fi in a hotel. With each movement and interaction, perimeters converge and overlap, and this phone is exposed to different levels of security across a variety of networks. Each step means I’m carrying data that could be exposed, or even malware that could be spread, between those different networks. These days, company work happens everywhere, not just on a corporate computer within the security of an organization’s firewall. That’s what we mean by dissolving perimeters.

We’re in a very interesting era in which mobility has become the norm, there are more internet-connected devices than ever, and there are more angles every day for cybercriminals to launch attacks.

One line of defense is endpoint protection. Whether you’re using a mobile device or laptop, that protection goes with the device everywhere. Even as you switch between networks, you know that’s one layer of protection that’s always present. Network or DNS-level security is also key, to help stop threats before they even make it as far as the endpoint.

How does Webroot BrightCloud® Streaming Malware Detection fit into the layered approach? Is it cutting edge in terms of protecting against malicious files at the perimeter?

Streaming Malware Detection is pushing the boundaries of network protection. As files stream through network devices—i.e., as they’re in the process of being downloaded in real time—Streaming Malware Detection determines whether the files are good or bad at the network level. That means the solution can analyze files in transit to stop threats before they ever land on the endpoint at all. We partner with the industry’s top network vendors, who have integrated this and other Webroot technologies as part of their overall approach to stopping malicious files at the perimeter.

In terms of what we’re doing with Webroot products, we’re expanding the levels in which you can be protected—looking at more and more different aspects of where we can protect you. We’re tightening the reigns from endpoint protection, which we’ve traditionally done extremely well, and branching further into the network with Streaming Malware Detection, as well as network anomaly detection with FlowScape® Analytics. We aim to bring value to our customers by protecting holistically. We’re adapting as a company with our product offerings to this new reality we find ourselves in.

What cutting edge approaches is Webroot taking to combat what has already infiltrated the network?

We hear a lot about advanced persistent threats. The reality is that those long-resting, largely undetected threats do make their way through and land in an environment with the intention of wreaking havoc, but doing it low and slow to avoid detection. The malware authors are very smart, which is something we try to anticipate. Webroot is really good at a couple of different things, not least of which is that we’re incredibly patient on our endpoint products. Essentially, we’ll monitor something that’s unknown for however long it takes, journaling its behavior until we’re absolutely sure it’s malicious or not, and then handling it appropriately.

In addition, we’ve recently added a product that does the independent network anomaly detection I mentioned earlier: FlowScape Analytics. Essentially, it analyzes day-to-day activity within a network to establish a baseline, then if something malicious or abnormal happens, FlowScape Analytics instantly recognizes it and alerts us so that we can track it down. In conjunction with our other layers of protection, it’s a solid cybersecurity combination.

What technology do you see helping to protect networks at the same scale and velocity threats are coming?

Streaming Malware Detection is a big one. Traditionally, malware has been sent into a sandbox where it has to execute and takes up resources. The sandbox also has to simulate customer environments. This approach comes with a lot of complexities and ends up wasting time for customers and users while awaiting a response. For scalability, analyzing the malicious files in transit at network speed frees up time and resources.

Is there anything else organizations should take into consideration? Machine learning at the endpoint level?

We’re always asking ourselves, “where’s the right juncture to layer in more security?” I’d like to see more organizations asking the same. You can look at our history, during which we developed a lightweight agent by moving the heavy lifting to the cloud, and that’s the theme we’ll continue to follow. The detection elements of machine learning can fit on our client, but we’ll do the computing-intensive and crowd protection work for machine learning in the cloud. That gives you the best efficacy, shares threat discoveries with all of our products and services in real time, and keeps devices running at optimal levels.

Clavister Partners with Webroot for IP Reputation

Reading Time: ~3 min.

Webroot recently announced a new collaboration with Clavister, a leader in the network security market. Clavister selected Webroot’s BrightCloud® IP Reputation Service. The solution detects malicious activity within users’ IT infrastructure and delivers actionable threat intelligence. We sat down with Mattias Nordlund, product manager for Enterprise at Clavister to get the scoop on the new offering and also the importance of IP reputation.


Webroot: Give readers a brief overview of Clavister.

Mattias Nordlund: Clavister is a Swedish security vendor founded in 1997 in the very improbable location of Örnsköldsvik, on the border of Lapland, far in the North of the country. We always joke – because it’s cold and dark so much of the year – our developers don’t have any distractions from making the best security code out there. Our “Swedishness” is a big source of company pride.

The development of our proprietary software – first cOS core and later our cOS stream solution – made the product into an award-winning and industry-respected leader in cybersecurity and digital threat deterrence. We’ve managed to grow the business internationally to an installed base of 20,000 customers with a 95 percent satisfaction rate, which drove Clavister to be one of the few Swedish technology companies listed on the NASDAQ OMX Nordic Exchange. Clavister also has acquired a formidable client list that includes Nokia, Canon ITS, and D-Link, as well as collaborations with Intel, Redhat, and VMware, among others.

I love the source of pride in your heritage. Putting on your security hat, do you see a difference in cyber preparedness in Europe versus the United States?

Of course. The US is a very advanced market when it comes to threat protection and development with some of the biggest vendors operating within its borders. But, if you think of EU legislation, like GDPR, with a more independent tradition that doesn’t appreciate the surveillance and backdoors built by both US and Chinese actors, then you see that Europe is quite advanced in cybersecurity. In Sweden, just as an example, we use a two-factor authentication app for not only our banking but logging into public websites, checking your kid’s daycare schedule, etc. So identity management and using VPNs is far more advanced in the EU than in the US.

That’s great. We are always pushing two-factor authentication, but it isn’t required by many sites here. Switching gears, why is IP reputation important?

For us, it’s important as a tool to help our customers stop Command & Control and Botnet communications, alleviate load on servers from attacks from known Denial of Service (DoS) IPs, or help limit the load on mail servers by stopping known spam sources on the edge. IP reputation in a way becomes a proactive mitigation technique rather than a reactive one. That’s where we see the market for Next-Generation Firewalls (NGFW) going.

Being proactive in your cyber defense is key. What do you hope your customers will gain by including Webroot BrightCloud IP Reputation intelligence in your solutions?

For our customers, it’s one more piece of the puzzle in how to understand traffic flowing through our products. The customer will get insights on the behavior of users. Coupled with other features like web content filtering and application control, it will indicate the behavior of a user and how “risky” it is.

What advice can you share with businesses struggling with their security plans today?

Having a holistic approach to how the company behaves – BYOD, its cloud-based work, endpoint, identity access management (IAM), VPNs, etc. – is really critical. It no longer works to take a partial approach. And then there’s the human firewall factor. Keep in mind, 85 percent of network breaches come from employees hitting phishing emails. That’s very important to bear in mind, as much as the hardware and software solutions.

Wise words, Mattias. Thank you for taking the time to talk cyber.

If you want to learn more about this new collaboration, check out the media release.

Critical Service Announcement

Reading Time: ~3 min.
UPDATE 4/28/17 2:11 p.m. MDT

As a reminder, the repair utility to address the false positive issue that arose on Monday, April 24, is available. The utility will release and restore quarantined applications to working order on the affected endpoints.

Please note, the utility was built to address only this specific false positive issue. It will be deactivated in the future.

If applications are operating normally on your systems, you do not need to implement the utility.

To obtain the repair utility, open a support ticket, or reply to your existing support ticket related to this issue. Please include your phone number in the ticket.

I want to thank each of our customers and partners for their patience during this time, and we are committed to earning your trust going forward.

UPDATE 4/27/17 2:47 p.m. MDT:

We have 0 calls in queue on our phone line, and are working through about 130 tickets related to the False Positive repair utility. A good portion of those are simply awaiting customer verification.

If you haven’t yet submitted a support ticket and you need the repair utility, please do so here. Include your phone number as well with the support ticket.

Our sincerest thanks to the MSP beta customers who worked with us to further test and validate this repair. We truly appreciate the support of our customers and thank you for your patience.

Update (Business) April 26, 10:25am MDT:

In addition to the manual fix issued Monday, April 24, we have now issued a standalone repair utility that provides a streamlined fix for business customers.  It will release and restore quarantined applications to working order on the impacted endpoints.

For access to the repair utility, customers should open a support ticket, or reply to your existing support ticket related to this issue.  Please include your phone number within the support ticket.

Our sincerest thanks to the MSP beta customers who worked with us to test and validate this repair. We appreciate the support of our customers and thank you for your patience.

Update (Business) April 25, 9:41pm MDT:

We created a comprehensive repair utility, and have successfully completed QA. We are currently rolling out the utility to a group of beta customers to ensure it works for our broader customer base. We expect to complete that work soon, and then will make it available incrementally to the entire customer base to ensure a successful deployment.

You also can look to our Community for ongoing updates.

Our Support team remains available to those of you who need urgent assistance, and we thank you for working with us through this challenging issue.


On April 24, Webroot experienced a technical issue affecting some business and consumer customers. Webroot incorrectly identified multiple files as malware. Webroot was not breached. Actual malicious files are being identified and blocked as normal.

We recognize that we have not met the expectations of some customers, and are committed to resolving this complex issue as quickly as possible.

For Business

Webroot is making progress on a resolution and will update you when it is available. In the meantime:

  • Do not uninstall the product or delete the quarantine. This will make quarantined files unrecoverable.
  • We have rolled back the false positives. Once the fix is deployed, the agent should pick up the re-determinations and perform as normal.
  • Customers should ensure endpoints are powered on and connected to the internet to receive the fix. Once files have been restored from quarantine, some endpoints may require rebooting.

Those who wish to address the issue manually should follow the instructions posted on Webroot Support.

We are conducting a thorough technical review to ensure we have a complete understanding of the root cause.  A summary will be posted in the Webroot Community, and Webroot account representatives will be prepared to discuss the findings in greater detail with you.

For Home

To resolve the issue, customers need to restore the quarantined file(s). Please follow the steps on the Webroot Community and restore the file(s). Webroot offers free 24/7 support for consumers, and can open a ticket for any questions here.

We apologize for the inconvenience this has caused our customers and are taking the actions to earn your trust going forward.

Integration Holds the Keys to the Castle

Reading Time: ~2 min.

Talks of integration are often met with audible sighs of displeasure. It’s a lot of work. You have to combine various platforms, software, and the list goes on. At Webroot, we decided to take some of the pain out of this process by partnering with Kaseya to deliver a fully integrated endpoint security solution for its customers.

Kaseya, a provider of complete IT management solutions for managed service providers (MSPs) and mid-sized businesses, was looking for ways to reduce complexity and steer its customers in the right security direction.

Charlie Tomeo, vice president of worldwide business sales at Webroot, sat down to answer a few questions about why we chose to integrate.


Webroot: Integration is practically a buzzword today. I think I just ‘integrated’ my winter and spring wardrobes. What does integration mean for Kaseya customers?

Charlie Tomeo: Integrating Webroot status and monitoring into VSA reduces management complexity by presenting this new information into the familiar tools they already use today. This gives technicians a single pane of glass and makes it easier to follow security best practice standards, which increases protection and security for their customers.

That makes sense. I’ve heard complexity is a “hackers best friend,” so any streamlining is good in my book. What can users expect in the module?

The Webroot SecureAnywhere® endpoint product is the easiest solution to deploy and maintain on the market, but our Kaseya module makes it even easier for VSA users through an intuitive, straightforward GUI-driven install/uninstall. Deployment hierarchy can mirror your Kaseya groups with Webroot groups or sites. Once deployed, the combined deployment and status dashboard gives you that single pane of glass view to manage Webroot protection within the VSA dashboard.

Day-to-day management suddenly gets easy with customized alerts that flow directly into Kaseya, creating tickets and executive dashboard reports quickly summarize infection history and endpoints under protection.

What if I’m reading this and thinking, I don’t need that, my customers are too small to have to worry about security threats. What advice would you provide?

Study after study shows that small customers are just as at-risk as any other organization. But providing enterprise level security protection to small customers is expensive without an MSP that uses a system of streamlined processes. These partners provide an affordable solution to their customers without compromising security or margins. Using the Webroot integration inside the Kaseya VSA allows the MSP to manage their Webroot agents and streamline numerous management tasks, like alerting, reporting, deployment, and updates.


That’s a wrap. To learn more or start a free trial of the Webroot Kaseya Module, visit http://wbrt.io/WebrootKaseya .

Introducing Webroot BrightCloud® Streaming Malware Detection

Reading Time: ~2 min.

We’re not telling you anything new when we say that malware continues to pose a major challenge for businesses of all sizes. Polymorphism, in particular, is especially dangerous. Polymorphic executables constantly mutate without changing their original algorithm, meaning the code can change itself each time it replicates, even though its function never changes at all. That’s why it’s so problematic; organizations that rely on traditional endpoint protection methods have little hope of detecting and blocking all the variants that might hit their network, even if they combine their antivirus technologies with network sandboxing.

How BrightCloud® Streaming Malware Detection Works

With all this in mind, we’ve developed Webroot BrightCloud Streaming Malware Detection. This brand new, innovative technology detects malicious files in transit, in real time, at the network perimeter. It can be integrated into perimeter network security devices to complement existing functionality by identifying and eliminating malicious files before they enter the network or have the chance to spread or mutate internally.

In most cases, Streaming Malware Detection can make determinations without requiring the entire file to be downloaded. It scans files in real time to make determinations after only a small portion of the file has streamed through a network perimeter device. Streaming Malware Detection determines quickly whether files are benign or malicious, enabling the device itself to block, drop, or route the file for further investigation, depending on how the technology partner or end customer chooses has configured the appliance.

For partners, Streaming Malware Detection…

  • Adds malware detection functionality to your network device and enhances your ability to detect and block known and never-before-seen malware
  • Makes determinations on a high percentage of previously unknown, zero-day, and malicious files at the network level
  • Processes files at a rate of 5,700 files/min (over 500 times faster than a typical sandbox at 11 files/min)
  • Continuously improves its own capabilities via self-learning
  • Provides the flexibility to tune and adjust thresholds to minimize false positive rate
  • Integrates quickly and efficiently in network edge security devices via precompiled SDK
  • Provides an incremental revenue opportunity
How To Get Streaming Malware Detection

We’re currently planning to make this extra layer of protection against polymorphic malware, and targeted malware in general, available for GA in the second calendar quarter of 2017. For the time being, we’re pleased to invite existing and prospective Webroot technology partners to join our beta program. Contact your Webroot account representative to participate.

For more info about Streaming Malware Detection and other new Webroot services, read our press release.

What’s new from Webroot in early 2017?

Reading Time: ~2 min.

Throughout 2016, many of the attacks and risks in the world of cybercrime followed “analog” crime: holding something for ransom/extortion, propaganda, theft, and identity scams. You might expect a cybersecurity vendor to see these trends as good for business, but in fact it’s the opposite. The modern world relies heavily on the internet and web applications for all types of transactions. For these technologies to continue advancing, users have to feel safe when they conduct those transactions online. That means those of us in the cybersecurity field are dealing with trust as our most valuable commodity. Erode the trust too deeply and many internet users will either take their business elsewhere, or try to avoid online transactions altogether.

Maintaining customers’ trust should always be the core of any cybersecurity provider’s strategy. In 2017, we plan to continue coming up with new ways to use our threat intelligence and cloud-based security platform to do just that. Here’s a look at what’s in store.

Webroot SecureAnywhere® DNS Protection

To kick off the year, we’ve introduced our new Webroot SecureAnywhere® DNS Protection service. By redirecting users’ internet traffic through the Webroot DNS cloud, businesses now get enhanced visibility, control, and peace of mind. Web requests are checked in real time to ensure they are not malware connecting to a Command and Control server, or requests to visit high risk sites. SecureAnywhere DNS Protection also lets businesses fine-tune web access policies by IP address or IP range, and limit access to websites based on their category—with 82 URL categories to choose from. This simple, domain layer security improves productivity, provides great visibility, and is a smart and cost-effective way to dramatically reduce web risks.

Webroot FlowScape®

The second new offering is a state-of-the-art approach to early threat detection that works by analyzing all the traffic taking place within your network; not just communications to and from the internet, but also those that occur between network-connected devices. Using supervised and unsupervised machine learning and behavioral analytics, the Webroot FlowScape® solution cuts through everyday network noise to reveal network anomalies and threats that other security technologies miss, and does so early enough for security administrators to prevent those threats from compromising the network. The FlowScape solution is designed for MSSPs and other IT security professionals who need to identify all the adversarial anomalies and risks within their networks.

Webroot BrightCloud® Streaming Malware Detection

Last, but not least, we are releasing Webroot BrightCloud® Streaming Malware Detection for polymorphic malware protection. This technology detects malicious files as they stream through the network perimeter in real time, without having to download the entire file, and without causing undue network latency. Streaming Malware Detection is designed to be integrated into network security devices to help identify and eliminate malicious files before they enter the network.

2017 will bring many new security challenges, but with these new solutions in place and other innovations on the Webroot drawing board, we plan to keep building our customers’ safety, security and trust.

 

Page 1 of 212