Business + Partners

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Clavister Partners with Webroot for IP Reputation

Webroot recently announced a new collaboration with Clavister, a leader in the network security market. Clavister selected Webroot’s BrightCloud® IP Reputation Service. The solution detects malicious activity within users’ IT infrastructure and delivers actionable threat intelligence. We sat down with Mattias Nordlund, product manager for Enterprise at Clavister to get the scoop on the new offering and also the importance of IP reputation.

Webroot: Give readers a brief overview of Clavister.

Mattias Nordlund: Clavister is a Swedish security vendor founded in 1997 in the very improbable location of Örnsköldsvik, on the border of Lapland, far in the North of the country. We always joke – because it’s cold and dark so much of the year – our developers don’t have any distractions from making the best security code out there. Our “Swedishness” is a big source of company pride.

The development of our proprietary software – first cOS core and later our cOS stream solution – made the product into an award-winning and industry-respected leader in cybersecurity and digital threat deterrence. We’ve managed to grow the business internationally to an installed base of 20,000 customers with a 95 percent satisfaction rate, which drove Clavister to be one of the few Swedish technology companies listed on the NASDAQ OMX Nordic Exchange. Clavister also has acquired a formidable client list that includes Nokia, Canon ITS, and D-Link, as well as collaborations with Intel, Redhat, and VMware, among others.

I love the source of pride in your heritage. Putting on your security hat, do you see a difference in cyber preparedness in Europe versus the United States?

Of course. The US is a very advanced market when it comes to threat protection and development with some of the biggest vendors operating within its borders. But, if you think of EU legislation, like GDPR, with a more independent tradition that doesn’t appreciate the surveillance and backdoors built by both US and Chinese actors, then you see that Europe is quite advanced in cybersecurity. In Sweden, just as an example, we use a two-factor authentication app for not only our banking but logging into public websites, checking your kid’s daycare schedule, etc. So identity management and using VPNs is far more advanced in the EU than in the US.

That’s great. We are always pushing two-factor authentication, but it isn’t required by many sites here. Switching gears, why is IP reputation important?

For us, it’s important as a tool to help our customers stop Command & Control and Botnet communications, alleviate load on servers from attacks from known Denial of Service (DoS) IPs, or help limit the load on mail servers by stopping known spam sources on the edge. IP reputation in a way becomes a proactive mitigation technique rather than a reactive one. That’s where we see the market for Next-Generation Firewalls (NGFW) going.

Being proactive in your cyber defense is key. What do you hope your customers will gain by including Webroot BrightCloud IP Reputation intelligence in your solutions?

For our customers, it’s one more piece of the puzzle in how to understand traffic flowing through our products. The customer will get insights on the behavior of users. Coupled with other features like web content filtering and application control, it will indicate the behavior of a user and how “risky” it is.

What advice can you share with businesses struggling with their security plans today?

Having a holistic approach to how the company behaves – BYOD, its cloud-based work, endpoint, identity access management (IAM), VPNs, etc. – is really critical. It no longer works to take a partial approach. And then there’s the human firewall factor. Keep in mind, 85 percent of network breaches come from employees hitting phishing emails. That’s very important to bear in mind, as much as the hardware and software solutions.

Wise words, Mattias. Thank you for taking the time to talk cyber.

If you want to learn more about this new collaboration, check out the media release.

Critical Service Announcement

UPDATE 4/28/17 2:11 p.m. MDT

As a reminder, the repair utility to address the false positive issue that arose on Monday, April 24, is available. The utility will release and restore quarantined applications to working order on the affected endpoints.

Please note, the utility was built to address only this specific false positive issue. It will be deactivated in the future.

If applications are operating normally on your systems, you do not need to implement the utility.

To obtain the repair utility, open a support ticket, or reply to your existing support ticket related to this issue. Please include your phone number in the ticket.

I want to thank each of our customers and partners for their patience during this time, and we are committed to earning your trust going forward.

UPDATE 4/27/17 2:47 p.m. MDT:

We have 0 calls in queue on our phone line, and are working through about 130 tickets related to the False Positive repair utility. A good portion of those are simply awaiting customer verification.

If you haven’t yet submitted a support ticket and you need the repair utility, please do so here. Include your phone number as well with the support ticket.

Our sincerest thanks to the MSP beta customers who worked with us to further test and validate this repair. We truly appreciate the support of our customers and thank you for your patience.

Update (Business) April 26, 10:25am MDT:

In addition to the manual fix issued Monday, April 24, we have now issued a standalone repair utility that provides a streamlined fix for business customers.  It will release and restore quarantined applications to working order on the impacted endpoints.

For access to the repair utility, customers should open a support ticket, or reply to your existing support ticket related to this issue.  Please include your phone number within the support ticket.

Our sincerest thanks to the MSP beta customers who worked with us to test and validate this repair. We appreciate the support of our customers and thank you for your patience.

Update (Business) April 25, 9:41pm MDT:

We created a comprehensive repair utility, and have successfully completed QA. We are currently rolling out the utility to a group of beta customers to ensure it works for our broader customer base. We expect to complete that work soon, and then will make it available incrementally to the entire customer base to ensure a successful deployment.

You also can look to our Community for ongoing updates.

Our Support team remains available to those of you who need urgent assistance, and we thank you for working with us through this challenging issue.

On April 24, Webroot experienced a technical issue affecting some business and consumer customers. Webroot incorrectly identified multiple files as malware. Webroot was not breached. Actual malicious files are being identified and blocked as normal.

We recognize that we have not met the expectations of some customers, and are committed to resolving this complex issue as quickly as possible.

For Business

Webroot is making progress on a resolution and will update you when it is available. In the meantime:

  • Do not uninstall the product or delete the quarantine. This will make quarantined files unrecoverable.
  • We have rolled back the false positives. Once the fix is deployed, the agent should pick up the re-determinations and perform as normal.
  • Customers should ensure endpoints are powered on and connected to the internet to receive the fix. Once files have been restored from quarantine, some endpoints may require rebooting.

Those who wish to address the issue manually should follow the instructions posted on Webroot Support.

We are conducting a thorough technical review to ensure we have a complete understanding of the root cause.  A summary will be posted in the Webroot Community, and Webroot account representatives will be prepared to discuss the findings in greater detail with you.

For Home

To resolve the issue, customers need to restore the quarantined file(s). Please follow the steps on the Webroot Community and restore the file(s). Webroot offers free 24/7 support for consumers, and can open a ticket for any questions here.

We apologize for the inconvenience this has caused our customers and are taking the actions to earn your trust going forward.

Integration Holds the Keys to the Castle

Talks of integration are often met with audible sighs of displeasure. It’s a lot of work. You have to combine various platforms, software, and the list goes on. At Webroot, we decided to take some of the pain out of this process by partnering with Kaseya to deliver a fully integrated endpoint security solution for its customers.

Kaseya, a provider of complete IT management solutions for managed service providers (MSPs) and mid-sized businesses, was looking for ways to reduce complexity and steer its customers in the right security direction.

Charlie Tomeo, vice president of worldwide business sales at Webroot, sat down to answer a few questions about why we chose to integrate.

Webroot: Integration is practically a buzzword today. I think I just ‘integrated’ my winter and spring wardrobes. What does integration mean for Kaseya customers?

Charlie Tomeo: Integrating Webroot status and monitoring into VSA reduces management complexity by presenting this new information into the familiar tools they already use today. This gives technicians a single pane of glass and makes it easier to follow security best practice standards, which increases protection and security for their customers.

That makes sense. I’ve heard complexity is a “hackers best friend,” so any streamlining is good in my book. What can users expect in the module?

The Webroot SecureAnywhere® endpoint product is the easiest solution to deploy and maintain on the market, but our Kaseya module makes it even easier for VSA users through an intuitive, straightforward GUI-driven install/uninstall. Deployment hierarchy can mirror your Kaseya groups with Webroot groups or sites. Once deployed, the combined deployment and status dashboard gives you that single pane of glass view to manage Webroot protection within the VSA dashboard.

Day-to-day management suddenly gets easy with customized alerts that flow directly into Kaseya, creating tickets and executive dashboard reports quickly summarize infection history and endpoints under protection.

What if I’m reading this and thinking, I don’t need that, my customers are too small to have to worry about security threats. What advice would you provide?

Study after study shows that small customers are just as at-risk as any other organization. But providing enterprise level security protection to small customers is expensive without an MSP that uses a system of streamlined processes. These partners provide an affordable solution to their customers without compromising security or margins. Using the Webroot integration inside the Kaseya VSA allows the MSP to manage their Webroot agents and streamline numerous management tasks, like alerting, reporting, deployment, and updates.

That’s a wrap. To learn more or start a free trial of the Webroot Kaseya Module, visit .

Introducing Webroot BrightCloud® Streaming Malware Detection

We’re not telling you anything new when we say that malware continues to pose a major challenge for businesses of all sizes. Polymorphism, in particular, is especially dangerous. Polymorphic executables constantly mutate without changing their original algorithm, meaning the code can change itself each time it replicates, even though its function never changes at all. That’s why it’s so problematic; organizations that rely on traditional endpoint protection methods have little hope of detecting and blocking all the variants that might hit their network, even if they combine their antivirus technologies with network sandboxing.

How BrightCloud® Streaming Malware Detection Works

With all this in mind, we’ve developed Webroot BrightCloud Streaming Malware Detection. This brand new, innovative technology detects malicious files in transit, in real time, at the network perimeter. It can be integrated into perimeter network security devices to complement existing functionality by identifying and eliminating malicious files before they enter the network or have the chance to spread or mutate internally.

In most cases, Streaming Malware Detection can make determinations without requiring the entire file to be downloaded. It scans files in real time to make determinations after only a small portion of the file has streamed through a network perimeter device. Streaming Malware Detection determines quickly whether files are benign or malicious, enabling the device itself to block, drop, or route the file for further investigation, depending on how the technology partner or end customer chooses has configured the appliance.

For partners, Streaming Malware Detection…

  • Adds malware detection functionality to your network device and enhances your ability to detect and block known and never-before-seen malware
  • Makes determinations on a high percentage of previously unknown, zero-day, and malicious files at the network level
  • Processes files at a rate of 5,700 files/min (over 500 times faster than a typical sandbox at 11 files/min)
  • Continuously improves its own capabilities via self-learning
  • Provides the flexibility to tune and adjust thresholds to minimize false positive rate
  • Integrates quickly and efficiently in network edge security devices via precompiled SDK
  • Provides an incremental revenue opportunity
How To Get Streaming Malware Detection

We’re currently planning to make this extra layer of protection against polymorphic malware, and targeted malware in general, available for GA in the second calendar quarter of 2017. For the time being, we’re pleased to invite existing and prospective Webroot technology partners to join our beta program. Contact your Webroot account representative to participate.

For more info about Streaming Malware Detection and other new Webroot services, read our press release.

What’s new from Webroot in early 2017?

Throughout 2016, many of the attacks and risks in the world of cybercrime followed “analog” crime: holding something for ransom/extortion, propaganda, theft, and identity scams. You might expect a cybersecurity vendor to see these trends as good for business, but in fact it’s the opposite. The modern world relies heavily on the internet and web applications for all types of transactions. For these technologies to continue advancing, users have to feel safe when they conduct those transactions online. That means those of us in the cybersecurity field are dealing with trust as our most valuable commodity. Erode the trust too deeply and many internet users will either take their business elsewhere, or try to avoid online transactions altogether.

Maintaining customers’ trust should always be the core of any cybersecurity provider’s strategy. In 2017, we plan to continue coming up with new ways to use our threat intelligence and cloud-based security platform to do just that. Here’s a look at what’s in store.

Webroot SecureAnywhere® DNS Protection

To kick off the year, we’ve introduced our new Webroot SecureAnywhere® DNS Protection service. By redirecting users’ internet traffic through the Webroot DNS cloud, businesses now get enhanced visibility, control, and peace of mind. Web requests are checked in real time to ensure they are not malware connecting to a Command and Control server, or requests to visit high risk sites. SecureAnywhere DNS Protection also lets businesses fine-tune web access policies by IP address or IP range, and limit access to websites based on their category—with 82 URL categories to choose from. This simple, domain layer security improves productivity, provides great visibility, and is a smart and cost-effective way to dramatically reduce web risks.

Webroot FlowScape®

The second new offering is a state-of-the-art approach to early threat detection that works by analyzing all the traffic taking place within your network; not just communications to and from the internet, but also those that occur between network-connected devices. Using supervised and unsupervised machine learning and behavioral analytics, the Webroot FlowScape® solution cuts through everyday network noise to reveal network anomalies and threats that other security technologies miss, and does so early enough for security administrators to prevent those threats from compromising the network. The FlowScape solution is designed for MSSPs and other IT security professionals who need to identify all the adversarial anomalies and risks within their networks.

Webroot BrightCloud® Streaming Malware Detection

Last, but not least, we are releasing Webroot BrightCloud® Streaming Malware Detection for polymorphic malware protection. This technology detects malicious files as they stream through the network perimeter in real time, without having to download the entire file, and without causing undue network latency. Streaming Malware Detection is designed to be integrated into network security devices to help identify and eliminate malicious files before they enter the network.

2017 will bring many new security challenges, but with these new solutions in place and other innovations on the Webroot drawing board, we plan to keep building our customers’ safety, security and trust.


Webroot Attends RSAC 2017

Twitter is buzzing with chatter about the RSA Conference 2017 (RSAC). Attendees, vendors, and speakers alike are anxiously awaiting the opportunity to discuss information security and the latest technology at the largest security conference in the world. Attending RSAC? Here’s what you should know about Webroot.

What’s new with Webroot in 2017

Today, we announced the expansion of our platform with 3 new products; Webroot FlowScape® Analytics, Webroot BrightCloud® Streaming Malware Detection, and Webroot SecureAnywhere® DNS Protection leverage the security industry’s most sophisticated artificial intelligence engine to give customers greater protection against today’s most dangerous known and unknown cyber threats.

By providing deeper insight into behaviors in the web and network layers, our new products offer better protection against today’s most advanced threats—both known and unknown—no matter where users are or what devices are connected. – Chad Bacher, SVP of product strategy and technology alliances, Webroot

During RSAC, be sure to visit us in the South Expo at booth #S1307 to experience Webroot threat intelligence and security products in action.

The Webroot Briefing Center Presentation at RSAC

Identifying threats within the barrage of everyday network traffic can be difficult. During our Briefing Center Presentation Securing the Internet of Everything: How Webroot Keeps a Smart City Safe, Chad Bacher will be discussing this how smart cities and other organizations can use advanced inspection modeling, and analytics inside the network to avoid security risks.

In-Booth Presentations

Webroot is hosting multiple in-booth presentations throughout the conference.  Presentation topics will include our insights into the most recent threat trends, stopping polymorphic malware, using machine learning to detect zero-day threats, and more. Be sure to set a private meeting with Webroot security experts, also.

Join leading security pros and innovators, including the Webroot team, at RSAC 2017 to learn about the current state of cybersecurity. Get our thoughts on what the future holds.

How F5 is Changing the Application Security Game

To address the need for application security in the digital transformation era, F5 is releasing a new host of products and services.

“The digital transformation has really changed security as a whole,” says Preston Hogue, Director of Security Marketing and Competitive Intelligence. What he means is that everything—EVERYTHING—is moving to the cloud. Think about the companies from years ago, such as Blockbuster, versus their modern counterparts, like Netflix or Hulu. Think about the fact that most of today’s twenty-somethings have never set foot in a physical bank branch, but use online banking daily. Now think about the fact that every service I’ve mentioned so far has an application, which is the primary method of interaction for users.

The application is the new perimeter and identity is the key to that perimeter. Over 70% of all data breaches occur by accessing applications. At F5, we are focused on securing our customers’ applications; both by securing access to the apps, and by securing the apps themselves where they reside.

We spoke with Preston about the newest security products F5 is launching, and how they’re using Webroot BrightCloud® IP Reputation intelligence to help power their solutions.

Webroot: Tell us a little bit about the security launch. What should we expect to see?

Preston Hogue: First, we are launching a family of dedicated security products called Herculon. The first two components of the Herculon product family are the Herculon SSL Orchestrator and the Herculon DDoS Hybrid Defender. These products are dedicated to solving the challenges of SSL/TLS encrypted traffic and ensuring application availability.

Second, we’re announcing a new service called Silverline WAF Express, which will give customers easy, self-service access to our cutting-edge web application firewall. We’ve been deploying web application firewalls on premises for some time and also offer a fully managed service. Since some customers don’t have the time or resources to install and maintain the software, or maintain the racks and stack and everything within their environment, we’re giving them a simpler self-service experience.

Our focus on securing applications means our overall threat research is geared toward application threat intelligence—really trying to get to the root cause of the 70+% of data breaches I mentioned previously—so we’re also announcing increased investment in our F5 Labs threat intelligence team.

Last but not least, we’re also announcing that the services of our security incident response team (SIRT), a dedicated team of highly trained individuals within the support organization, are now available to all F5 customers around the world. This team will be the highest level of escalation for security and service response.

Since threat intelligence is such a huge component of your offerings, what should your target customers consider when choosing threat intelligence sources for themselves?

There are a lot of companies that offer threat intelligence, but it’s challenging because they all claim a kind of broad, generic expertise. We advise that customers look for specificity; for targeted, actionable information that pertains to what they’re trying to do. Looking at a company like Webroot, you’ve taken on very specific aspects of threat intelligence and you’ve been able to master those particular areas—like the Webroot IP reputation intelligence that we integrate.

We see a lot of organizations trying to take on too much. That’s why we’re very definitive about the scope of what we’re trying to accomplish, and why we focus on leveraging our application security expertise around threats and ensuring we can provide very specific, clear, actionable threat intelligence with F5 Labs.

What do you hope your customers will gain by implementing your solutions with Webroot BrightCloud IP Reputation intelligence?

We know we have the expertise when it comes to understanding the overall threat to an application. We partner with companies like Webroot for insight into a particular aspect of threats; in Webroot’s case, it’s insight into IP addresses and additional threat information around user agents and anonymous proxies. We’re very specific in our threat intelligence, and we know we’re not always able to show the entire picture on our own. So we are able to fill in other areas of the overall threat landscape through our partnerships to ensure that we can give our customers the full picture they need.

How do you see the F5 security launch changing the security industry?

F5 has been in application security for over 20 years. From what we’ve seen, digital transformation is changing security as a whole. It has driven applications out of the data center and into the cloud. That means there are 3.2 billion users on the internet, who all potentially have access to these applications, which makes them a big target for breaches. Because of our expertise within the field, F5 is in the perfect position to provide visibility into this threat landscape, and also the control our customers need to achieve a secure application experience.

In his closing comments, Hogue had the following to say, “To secure access to applications and to secure the apps where they reside, you need a complete picture of the threats that target apps. You need a team like F5, with an ecosystem of intelligence partners like Webroot to provide that picture. And that’s how, ultimately, we can help our customers solve today’s security challenges and keep users safe.”

Learn more about Webroot BrightCloud IP Reputation intelligenceOr, for more information about F5’s security launch, read the press release.


Webroot named among the Best Software Products for IT Teams 2017

“Highest average score for ease of use, quality of support, and […] requirements in endpoint protection.” That’s how Marty Duffy, Director of Research at G2 Crowd, describes Webroot after seeing the results of this year’s G2 Crowd survey on Best Software for IT Teams 2017. We’d be lying if we said we weren’t over the moon.

Webroot Endpoint Protection’s users consistently commended the product in 2016. Mid-market users recognized the tool as a stand-out product to be used by IT teams. It received the highest average score for ease of use, quality of support, and meets requirements in endpoint protection (mid-market). – Marty Duffy, Director of Research, G2 Crowd

G2 Crowd is a peer-to-peer business software review platform. Since 2014, they’ve recognized the best software products based on reviews by professionals across numerous markets. Their awards are supported exclusively by actual user satisfaction ratings, not obscure testing methodologies or paid industry reviewers. This is important to us for a couple of reasons.

Integrity and Customer Focus

At Webroot, two of our core company values are integrity and customer focus. We believe in respect, honoring our commitments, and measuring our success by our customers’ success. Our strength as a company is defined by the people who trust us to protect their businesses, clients, homes, and families. We’re proud to repay their trust by giving them the best possible service.

Real-time Protection

Cybersecurity continues to be a topic that gets more groans than cheers. Most users, both at home and at work, consider cybersecurity to be a kind of necessary evil. Sure, it keeps you safe from malware and other attacks, but it can also slow down your computer and get in the way of your activities. But we’re in the business of changing people’s minds on the subject. We devised a smarter way to protect businesses and individuals in the connected world. Our cloud-based protection and threat intelligence stop threats using behavior and contextual data, without draining system resources. We eliminated the hassle of system-intensive updates. And when any Webroot-protected device encounters a new threat, every device connected to our advanced threat intelligence platform is protected in real time.

Being recognized for this award serves to underscore our commitments as we continue to grow and innovate throughout the coming year. And, hot on the heels of being named Most Customer Friendly Company of the Year, we’ve only got one more thing to say: Thank you!

See for yourself what all the fuss is about. Take a free 30-day trial of Webroot SecureAnywhere® Business Endpoint Protection today. It won’t conflict with your existing security, and only takes a few seconds to install.

Your 6-Step MSP Guide for Stopping Ransomware


While a lot of the hype around ransomware paints it as daunting and virtually impossible to combat, there are several very straightforward steps for managed service providers to dramatically reduce the risk that their clients’ will fall victim to ransomware.

  1. Proven endpoint security backed by industry-leading threat intelligence.

    Security shouldn’t just spot and quarantine threats that have already infiltrated a system. It should prevent threats from infecting the endpoint in the first place. Be sure to select a solution that protects web browsing in real time, secures system settings, controls outbound traffic, provides proactive anti-phishing, and continuously monitors and reports on individual endpoints.

  2. Get your house in order with backup and business continuity.

    If any of your clients do become ransomware victims, the only real course of action is to restore their data as quickly as possible to minimize business downtime. These days, there are a fair number of automated, on-premises and cloud-based business continuity solutions that will back up data and get your clients’ business back on track after a breach.

  3. Implement strong Windows policies. 

    As part of your ransomware defense strategy, you can use Windows policies to block certain paths and file extensions from running. If you need varying levels of access, you can set up policies in groups. Some useful policies include blocking executables in temp or temp+appdata and the creation of startup entries. For instance, .SCR, .PIF, and .CPL file types should not be run in the following in users’ temp, program data, or desktop directories.

  4. Block volume shadow copy service. 

    Windows uses the VSS copy service to create local copies of files. CryptoLocker and other ransomware variants will encrypt this area because it holds VSS copies for the local (C:) drive. By setting Windows policies to block access to the service, you can help stop ransomware like CryptoLocker from erasing local drive file backups. Make sure that policies point to the VSSAdmin executable. Attempts to access or stop the service will be blocked.

  5. Get rid of macros and autorun. 

    Numerous kinds of ransomware use macros to infect systems, but you can easily disable them in the Trust Center of every version of Microsoft Office. You can also enable individual macros, if they’re necessary for a particular task, while disabling all others. Additionally, autorun might be a handy feature, but many types of malware use it to propagate. As an example, a USB stick uses autorun, but so do Visual Basic Script (VBS) malware and worms. As a general rule, we recommend disabling autorun.

  6. Keep clients in the know about ransomware. 

    It’s no secret that human error is a large part of successful cybercrime. As long as staff members remain relatively unaware and undereducated about the risks of the internet, malware will continue to be a viable business. Make sure clients understand the basics and what to watch out for so they stay safe both at home and in the office.

The first step to securing endpoints against ransomware is deploying a next-generation security solution. Take a free 30-day Webroot trial, no risk, no obligation to buy. In less than five minutes you can install Webroot SecureAnywhere® Business Endpoint Protection with Global Site Manager and see first-hand how it delivers superior malware protection while lowering your costs and boosting your bottom line—without conflicting with your existing security.



Maximizing MSP Profits with Cybersecurity Partnerships


Managed service providers are tasked with serving a broad range of markets, from construction to healthcare; accounting to legal; staffing firms to manufacturing; media and advertising to technology. But the day-to-day MSP challenges, even across so many diverse verticals, remain the same. Let’s break it down: modern technology changes fast and keeps gaining momentum, so how do you stay current and relevant? Providing quality goods and services gets complicated and pricey fast; how do you give your customers the value they expect without your own margins taking a hit? As the managed services sector continues to grow, how do you differentiate yourself from the competition?

Let’s switch gears a little and talk about cybersecurity. It’s no surprise that MSPs often think of endpoint protection as a “necessary evil.” MSPs have to supply endpoint cybersecurity services that satisfy their clients’ demands, but most solutions involve time-consuming infection remediation, awful system performance, mountains of malware-related downtime, not to mention the resulting customer frustration.

Staying Relevant and Seizing Opportunity

Because SMBs typically lack the internal resources needed to effectively manage complex systems, cybersecurity is an ideal avenue for putting the managed services model to use. Faced with modern threats and the hassles of traditional endpoint protection products, most users feel overwhelmed by security awareness and management, so offering next-generation protection that’s easy to manage, won’t conflict with other software, and won’t slow users down as it keeps them safe is an excellent way to stay relevant and build customer loyalty.

The High Cost of Living

As you well know, providing services isn’t sustainable if your solutions don’t amplify your profitability. But you can drive down operational costs by selecting an endpoint cybersecurity vendor that uses a cloud-based architecture and requires no infrastructure investment, thereby enabling faster deployment and less intensive management. If the vendor offers highly responsive support, automatic remediation, and low resource usage, you can improve customer satisfaction while reducing time spent repairing systems—without having to skimp on quality.

Looking to the Future

When choosing a cybersecurity partnership, be sure to look for a vendor whose solutions foster predictable, recurring revenue to help quantify future revenue for business decisions, and who provides marketing resources and sales enablement to boost MSP margins. And keep your options open—find a partner who offers flexible billing to lower your overhead and enable easy scalability (and won’t lock you into a contract you’re unhappy with in the long run.) Finally, pick a partner with a strong reputation, so you can leverage their proven protection to increase your customer loyalty and generate more referrals.

Proving the Point

Ultimately, these tips are just hearsay. Until you can properly vet a solution in a real-world environment, it’s hard to determine what will and won’t work for your business. Try to find solutions you can trial easily, and look to industry experts and your peers for their experiences and advice.

Read this case study to find out how SWAT Systems, an MSP managing over 3,300 endpoints, drastically improved their customer satisfaction, reduced time spent remediating infections by 75%, and increased profitability an average of 10-20%—just by switching cybersecurity vendors.

Or, take a free, no-risk, no-conflict 30-day trial of Webroot SecureAnywhere Business Endpoint Protection with the Global Site Manager to see the solution SWAT Systems chose in action.


Bringing Threat Intelligence to the Device

Previous posts in this series provided an overview of threat intelligence, its role within the IoT space, and how it can be used to prevent threats at the network perimeter in IoT Gateways. With the evolution of internet-connected devices and their growing resource capabilities, these “things” will increasingly become connected directly to the internet, forgoing connectivity through traditional perimeter appliances, and in essence becoming their own gateways or firewalls. This evolution will require a new approach to security in terms of moving protective mechanisms from robust perimeter equipment into the devices themselves. This post focuses on how the use of separation kernel technology can help in this move from security at the perimeter to enabling the use of threat intelligence on the device.

An effective way of bringing threat intelligence to devices is through the use of a separation kernel. Separation kernel technology provides a mechanism for controlling the flow of data and commands between an operating system and the hardware on which the operating system resides. In its simplest form, it is a tiny kernel that sits between all hardware functions on a device and the operating system. This separation provides a mechanism for identifying threats outside of a host operating system. Here are two very straightforward ideas on how to quickly implement threat intelligence at the device level through the use of separation kernels:

  • Traffic Flow Monitoring: Most gateway or perimeter devices provide a mechanism for traffic flow analysis through the use of packet inspection and threat intelligence. This can be achieved on a device by building tiny monitoring applications that live in a secure memory space outside of a host operating system, but are accessible by the separation kernel. Traffic can be analyzed in this secure space for threats so action can be taken before it is allowed to pass into the operating system or out of the device. This essentially brings the ability to apply network security and policy management to the “thing”.
  • Malicious File Identification: Using the same model described above, it would be possible to analyze files outside of a user’s operating system by identifying threats before they have access to user memory and application space. Files could be assembled in a secure memory space for hashing and looked up in a cloud-based ecosystem for threat determination. In the case of unknown files, additional analysis could be performed locally to identify any threats before they have access to the user memory or application space.

These are only two basic examples of what could be done through the use of threat intelligence on a device. As the Internet of Things continues to expand, there will undoubtedly be more and more approaches that bring existing network and perimeter security to the device. The next and final installment of this series will explore some of these ideas.

Helping Organisations Stay Secure In An Unsecure Age

Seemingly every day, we’re reminded that companies need to work harder to stay secure during a time where cybercrime is rampant and many organizations remain vulnerable to attack.  I’ve recently been speaking to the press about what can and should be done to mitigate these risks. I hope the following questions and answers will help shed some light on some key problems many organizations face, and help you decide what’s best for your business.

What happens if an organization focuses too much on the technology aspect of security and not enough on people and process?

Unfortunately, an organization is only as strong as its weakest link – and in terms of security, employees are by far the weakest link.

Technology plays an essential role in any defense, but at the same time technologies cannot stop an employee giving their details out over the phone to someone they believe is from the IT department.  And it cannot stop an employee using their corporate password for on their favorite social media sites or writing down their hard to remember passwords.

Relying purely on technology as an organization’s only form of defense is extremely short-sighted; failure is inevitable.

How often are companies attacked because of a vulnerability caused by employees or company processes?

It’s hard to put an exact number this. But from experience, I would suggest it’s a very high percentage.  Why wouldn’t it be? Cybercriminals spend so much time, effort and money defeating a technology or defense when employees are such an easy target.

In terms of hackers getting in, the most common issues are misuse of social networking, weak passwords and password re-use, privilege creeping, malware and lack of system patching. But the real danger is employees being unaware of internal security policies or the ones that unfortunately do not care enough and are careless and complacent.

How can CIOs and CISOs go about strengthening their strategy around people and process to ensure cyberattacks aren’t successful?

There’s no magic wand. There’s an infinite number of initiatives that can be introduced to help mitigate risk, all at differing costs and complexity.  In simple terms, it’s about completing comprehensive risk assessments, creating policies and understanding industry best practices, evaluating possible technologies, and then, implementing a solution.  More than anything, the plan needs buy-in at all levels and needs an appropriate budget.

Training should always be at the heart of an organization’s security program as technology alone will not stand up against a motivated attacker.  Everyone within the organization should be made responsible for the security of its assets.

It’s also vital that personnel understand the technologies they are asked to manage and monitor. The intelligence gathered by security systems needs to be understood, so when an attack occurs, it is detected at the first possible opportunity with the correct processes and procedures, then followed.

How can CIOs and CISOs approach internal training and education in regard to security?

Employee involvement is crucial for the success of an organization’s security strategy. Creating a security task force whose members rotate so each employee has eventually been part of the task force is a great way to get everyone involved. Each task force could have a ‘security champion’, who would be the person who identifies the most beneficial improvement to current security processes. This system encourages employees to think actively as well as creatively about security to improve the company’s security.

There is often a disconnect between what employees know they should do security-wise, versus what they actually do in practice. This is one of the most challenging parts of cybersecurity training and education. In these cases, businesses need to make sure it is clearly explained what is prohibited and why – using real world examples of the repercussions of not following procedure. What might seem harmless to an employee, like using an unsecure WiFi network, could cause a business serious problems further down the line.

There’s no point just preaching security, it should be made fun.  It’s also important to understand if the information given has been taken in.  This is where regular security tests play a vital role.  Bad security practices should not be tolerated if appropriate training and guidance has been given.  At the same time good security practices should be rewarded.

Can you provide an example of an organization that suffered a major cyberattack because their people and process strategy was not up to scratch?

The breach at Target Corp in late 2013 springs to mind for a number of reasons.  It is understood the attack initiated at a third party vendor, an air conditioning subcontractor through a phishing email.  User education with regards to the opening of emails may have been able to stop such an attack from escalating.

An assessment by security experts at Verizon noted that while Target had a password policy, it was not followed.  A file containing valid network credentials was found stored on several servers, with weak or default passwords used on many internal systems.

It was also reported that many systems were found to be unpatched, something a patch management policy should have covered even after Target’s security systems warned of possible issues. No credible incident response plan was in place, as a Target statement at the time highlighted that after the company learned criminals had entered the network, the team decided it did not warrant immediate follow-up.

Do you expect to see people and process strategies around security improving this year?

Security is finally climbing up organizations’ agendas, so hopefully improvements around people and processes will continue to be made.

Communications and information flow between the organization and its employees is vital – the risks and potential consequences need to be understood by employees through continued user education.  It’s arguably the most cost effective approach to improving the security posture of any organization.

However, cybercriminals only need to find one hole in the defense, whereas as security professionals, we have to secure all.  It’s never going to be an easy task, but sound user education and relevant processes are now more important than ever and should never be underestimated.