Business + Partners

Evasive Scripts: What They Are, and What We’re Doing About Them

“What’s an evasive attack? At a very basic level, it’s exactly what it sounds like; it’s a cyberattack that’s designed to hide from you,” says Grayson Milbourne, Security Intelligence Director at Webroot, an OpenText company. Based on Grayson’s initial explanation,...

DoH Is Here to Stay: Why Businesses Should Embrace It

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS – also known as DNS over HTTPS, or DoH – obscures internet traffic from bad actors. But it also has the potential to decrease visibility...

Old Habits vs. New Normal in the Time of Coronavirus

It didn’t take long for COVID-19 to completely alter the way we work. Businesses that succeed in this rapidly changing environment will be the ones that adapt with the same velocity. In our second installment from The Future of Work series, you’ll hear from Webroot...

Top 3 Questions SMBs Should Ask Potential Service Providers

Reading Time: ~ 1 min.

It can be daunting to step into the often unfamiliar world of security, where you can at times be inundated with technical jargon (and where you face real consequences for making the wrong decision). Employing `

In a study performed by Ponemon Institute, 34% of respondents reported using a managed service provider (MSP) or managed security service provider (MSSP) to handle their cybersecurity, citing their lack of personnel, budget, and confidence with security technologies as driving factors. But how do you find a trustworthy partner to manage your IT matters?

Here are the top 3 questions any business should ask a potential security provider before signing a contract:

 

 

 

 

 

While these are not all of the questions you should consider asking a potential service provider, they can help get the conversation started and ensure you only work with service providers who meet your unique needsservice providers who meet your unique nee.

  1. Ponemon Institute. (2016, June). Retrieved from Ponemon Research: https://signup.keepersecurity.com/state-of-smb-cybersecurity-report/
  2. Ponemon Institute Cost of Data Breach Study: (2017 June) https://www.ibm.com/security/data-breach

Thoughts from Webroot’s new President & CEO, Mike Potts

Reading Time: ~ 3 min.

I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.

Thanks to an extraordinary team, Webroot is in a great place today. We lead the market with cloud-based solutions that set the standard for endpoint and network protection, threat intelligence, and now security awareness training. Our solutions provide essential protection for the connected world from an ever-growing number of malicious threats. We have the highest customer satisfaction ratings in the industry and achieved 14 consecutive months of double-digit growth.

That’s an outstanding foundation to build upon. Over the next several months, I’ll focus on People, Process, and Technology as I work to accelerate our momentum in innovation and customer success.

Our cyber community

People will always come first, both the Webroot team and our customers and partners. We’ll continue to invest in recruiting and developing the best talent. Our team has more experience in applying advanced machine learning to the challenges of cybersecurity than anyone, and we’ll continue to push the envelope on using that intelligence to solve the issues that are most impactful to our customers.  I plan to visit many of our business customers in the coming weeks, to understand how we could be doing better today, and how we can build our businesses together.

Process at scale

My focus on process will be about scale. You’ll quickly find that I believe in the value and leverage of working with partners. We have a great footprint with MSPs serving small- and medium-sized businesses today that we will continue to strengthen. We also have strategic technology partners embedding our threat intelligence in their products, and there is potential for many more.  Moreover, I’ll push the team to generate even more innovation, introduce it faster, and to more customers than we have before, while holding true to our core company values of integrity, innovation, excellence, and customer success.

Advancing technology

Finally, I will focus on technology. We disrupted the market with our revolutionary Webroot SecureAnywhere endpoint solutions and our threat intelligence. Since then, we’ve extended our protection to the network layer and added user training to address the last line of defense. I want to ensure we continue to build on this legacy, and just as importantly anticipate the next great market shift.

While new to Webroot, I’m not new to the cybersecurity and technology space. I have been leading companies in the application and security sectors for the past 25 years. Before Webroot, I served as an integration executive in the security business group at Cisco, following the acquisition of my company Lancope in 2015. As president and CEO of Lancope, my team and I led the transformation of the network security company, driving over 600 percent growth in five years. Prior to Lancope, I served as president and CEO of AirDefense and changed the game in wireless security. AirDefense was then acquired by Motorola. With this background and the great Webroot team, I feel we are prepared to do something truly special. Webroot is by far the healthiest company I’ve ever had a chance to lead from day one, so I foresee even greater potential for us!

I look forward to meeting our customers, partners, and advocates in the coming months, and have you all join in this next great chapter of Webroot history.

Regards,
Mike

More Automation. More #MSProfits.

Reading Time: ~ 2 min.

Savvy MSPs know that automation improves efficiency and strengthens their bottom line. In a nutshell, automation enables an MSP to reduce the amount of time its technicians spend handling routine or repetitive tasks, thus cutting costs for service delivery and freeing those techs to devote more attention to activities that generate more revenue.

Enabling Creativity Spurs Growth

It’s no secret that computers are more efficient than humans when it comes to performing repetitive work, while humans deliver superior results in situations that require creativity, critical thinking, and decision making. Part of the reason automation is so effective is because it enables MSPs to take advantage of these fundamental truths.

Freeing up your technicians for more appropriate endeavors presents benefits beyond simple cost savings. It also gives you the opportunity to differentiate yourself from other MSPs and position your business for future growth by finally enabling your technicians to see the forest for the trees.

When an MSP’s technicians are mired in routine administration and maintenance responsibilities—such as deploying security upgrades, performing regular disk cleanup, or managing tickets—there’s no time to step back and evaluate the overarching IT challenges that affect that particular client. And that means missed business opportunities.

More Time for Personalization

Proactively identifying a client’s IT challenges will help that client improve their business operations. This will not only differentiate you from other MSPs, it will also establish a foundation of trust upon which you can build long-term relationships with your customers; which, of course, is key to generating recurring, predictable revenue.

But an MSP can only design creative solutions to its clients’ business and IT challenges if its team has the time to identify those challenges. They need the bandwidth to consciously and continuously review each client’s business operations and craft powerful and personalized solutions.

Automation can solve that problem. Not only does it free up your IT team to focus on the specific issues each client faces, it also allows you to deliver a more comprehensive range of services individually tailored to those clients.

Today’s combination of automated and dynamic cloud services let you choose from an array of solutions for each of your clients, while still ensuring management is automated for maximum efficiency. The net result? You’ll boost your profitability by increasing customer satisfaction and long-term patronage, all while significantly reducing your management and operational costs.

Learn More… and Enter for a Chance to Win!

The Webroot #MSProfits Program is dedicated to helping MSPs boost their profitability by automating their business operations. Learn more about the benefits of automation or 5 steps you can take to help automate your MSP business, and enter for a chance to win a sophisticated home technology package.

Talking DNS Protection with ConnectWise

Reading Time: ~ 3 min.

It’s been an exciting week for our partner ConnectWise – they started offering customers Webroot® DNS Protection. To get insight into why this matters, I sat down with George Anderson, Webroot’s product marketing director for business solutions, and Gavin Gamber, vice president of Channel Sales and Alliances at ConnectWise.


Can we start with the basics? What is DNS?

George: DNS stands for Domain Name System. The basic job of DNS is to turn a human-friendly domain name like webroot.com into an Internet Protocol (IP) address like 66.35.53.194. Computers use IP addresses to identify each other. When a user accesses an external website or downloads files, their computer uses a DNS server to look up the domain name and then directs the user to that website.

Ok, kind of like a phone directory for the internet. That helps me understand the power DNS can hold.

George: That’s right. DNS is a powerful part of making the internet work. It also can be an equally powerful avenue for protecting a business. According to our data, many infections are generated through web browsing. Implementing web filtering security at the DNS layer can have a very significant impact on infection rates.

Wow. The internet is a big, beautiful, and scary place.

George: It can be. Using the internet is a high-risk activity for every business, regardless of size. Sometimes good sites can contain bad content. Users can fall victim to drive-by ransomware, employees can click on malvertising, and the list goes on.

Can you give us an example of what security at the DNS layer can stop?

Gavin: Let’s say, for example, you work with medical clients. Most of the end users are protected, but when guests come onto the network there is no way to monitor their web traffic. Since you don’t control the device, you don’t have any antivirus protecting the guest’s endpoint. With DNS filtering, you can protect the network and prevent guests from knowingly or unknowingly going to harmful or sensitive websites.

George: Using a web filtering solution at the DNS layer lets businesses do a few things. First, it creates policies for web usage that can be applied globally or by client. An MSP can decide, for example, whether to block certain content or social media sites. Second, it filters URLs for security risks, preventing infections by automatically sifting out known malicious websites. Finally, it allows a partner to monitor overall web usage and its security risk posture. What’s really different is that this all happens outside the network at the domain layer, so most infections are stopped at the earliest possible stage.

In a nutshell?

George: DNS Protection allows organizations to configure their router or firewall to point to Webroot’s secure DNS resolver servers for granular web filtering. Then, partners simply configure an acceptable internet usage policy. By doing so, they can block malicious URLs, restricted content, social media, or streaming sites they don’t want employees perusing at work.

ConnectWise, what are you hearing from partners about web filtering and its need?

Gavin: This is just one more layer of end user security that is typically time and labor intensive to set up. Our partners and their clients want to mitigate all attack vectors whether they manage all the devices on the network or not. As security risks persist, this is a must-have tool.

So what will all this mean for our ConnectWise partners?

George: First and foremost, it’s simple and easy for ConnectWise partners to deploy and manage. The new DNS Protection service has been fully integrated into the same Global Site Manager (GSM) console they use today for Webroot’s endpoint security. It also benefits from the same pillars of Webroot’s other security services.

  • No hardware or software to install
  • Includes robust reporting options for easy management
  • Direct benefits from Webroot BrightCloud Web Classification Service
ConnectWise, why are you excited for this new product?

Gavin: When we first saw Webroot SecureAnywhere DNS we were blown away by the ease of use and straightforward deployment. Our initial reaction was that our partners would find this incredibly valuable. Additionally, this really leverages the threat intelligence that Webroot has collected over the years and gives that control to our partners in a very powerful and consumable product.


Thank you, both. Glad we could chat all things web filtering.

Interested in learning more? We have additional resources. You also can discover everything Webroot is doing with ConnectWise at Automation Nation, June 19-21 in Orlando, FL. Visit us at booth #201, where you can see a demo of DNS Protection.

Webroot CTO Hal Lonas on Rethinking the Network Perimeter

Reading Time: ~ 4 min.

“What are our cybersecurity protocols?” This question is one that has, undoubtedly, been top of mind for CTOs at numerous corporations and government agencies around the world in the wake of recent ransomware attacks. Given the hundreds of thousands of endpoint devices in more than 150 countries that were infected in the latest global attack, WannaCry, can you blame them?

Cybersecurity stock buying trends are on the rise. According to CNN Money, the PureFunds ISE Cyber Security ETF (HACK), which owns shares in most of the big security companies, was up more than 3 percent in early trading the Monday following the first WannaCry attacks. Positive performance in cybersecurity stocks comes as no surprise as organizations shore up their defenses in preparation for future attacks—big or small. This is the security climate in which we live.

While the numbers have been rising on both fronts, do the affected organizations truly understand what to look for when addressing cybersecurity? Where should the protection start? What obstacles might organizations need to overcome? How can they be better prepared?

Hal Lonas, chief technology officer at Webroot, takes us beyond the sobering wake-up call that attacks like WannaCry bring, and discusses actionable advice companies should consider when fortifying systems against cybercriminals.


Where should an organization start when thinking about combating malicious files entering the network?

Organizations should think about their security in terms of layers. Between the user sitting in the chair and the sites and services they access from their workstations, every level of security is equally important. The vehicles malicious files use to infiltrate the network shouldn’t be ignored either. Is it a URL? Is it a USB key that’s physically carried into the office? Or maybe it’s an employee who takes their laptop home and uses it on an unsecured network—the possibilities are endless. We’re in a very interesting era in which mobility has become the norm, there are more internet-connected devices than ever, and there are more angles every day for cybercriminals to launch attacks. Essentially, the perimeter is dissolving. That means organizations need to rethink how they approach protecting their networks.

We’ve heard the term “dissolving” a number of times recently when talking about the traditional notion of the network. Can you speak more on that?

Let’s use my phone as an example. Right now, it’s connected to the secure employee wireless in this office. When I hit the coffee shop later for a meeting, it might be on their public Wi-Fi. While I’m driving to the airport this afternoon, it’ll be on a cellular network. By tonight, it’ll be on the guest Wi-Fi in a hotel. With each movement and interaction, perimeters converge and overlap, and this phone is exposed to different levels of security across a variety of networks. Each step means I’m carrying data that could be exposed, or even malware that could be spread, between those different networks. These days, company work happens everywhere, not just on a corporate computer within the security of an organization’s firewall. That’s what we mean by dissolving perimeters.

We’re in a very interesting era in which mobility has become the norm, there are more internet-connected devices than ever, and there are more angles every day for cybercriminals to launch attacks.

One line of defense is endpoint protection. Whether you’re using a mobile device or laptop, that protection goes with the device everywhere. Even as you switch between networks, you know that’s one layer of protection that’s always present. Network or DNS-level security is also key, to help stop threats before they even make it as far as the endpoint.

How does Webroot BrightCloud® Streaming Malware Detection fit into the layered approach? Is it cutting edge in terms of protecting against malicious files at the perimeter?

Streaming Malware Detection is pushing the boundaries of network protection. As files stream through network devices—i.e., as they’re in the process of being downloaded in real time—Streaming Malware Detection determines whether the files are good or bad at the network level. That means the solution can analyze files in transit to stop threats before they ever land on the endpoint at all. We partner with the industry’s top network vendors, who have integrated this and other Webroot technologies as part of their overall approach to stopping malicious files at the perimeter.

In terms of what we’re doing with Webroot products, we’re expanding the levels in which you can be protected—looking at more and more different aspects of where we can protect you. We’re tightening the reigns from endpoint protection, which we’ve traditionally done extremely well, and branching further into the network with Streaming Malware Detection, as well as network anomaly detection with FlowScape® Analytics. We aim to bring value to our customers by protecting holistically. We’re adapting as a company with our product offerings to this new reality we find ourselves in.

What cutting edge approaches is Webroot taking to combat what has already infiltrated the network?

We hear a lot about advanced persistent threats. The reality is that those long-resting, largely undetected threats do make their way through and land in an environment with the intention of wreaking havoc, but doing it low and slow to avoid detection. The malware authors are very smart, which is something we try to anticipate. Webroot is really good at a couple of different things, not least of which is that we’re incredibly patient on our endpoint products. Essentially, we’ll monitor something that’s unknown for however long it takes, journaling its behavior until we’re absolutely sure it’s malicious or not, and then handling it appropriately.

In addition, we’ve recently added a product that does the independent network anomaly detection I mentioned earlier: FlowScape Analytics. Essentially, it analyzes day-to-day activity within a network to establish a baseline, then if something malicious or abnormal happens, FlowScape Analytics instantly recognizes it and alerts us so that we can track it down. In conjunction with our other layers of protection, it’s a solid cybersecurity combination.

What technology do you see helping to protect networks at the same scale and velocity threats are coming?

Streaming Malware Detection is a big one. Traditionally, malware has been sent into a sandbox where it has to execute and takes up resources. The sandbox also has to simulate customer environments. This approach comes with a lot of complexities and ends up wasting time for customers and users while awaiting a response. For scalability, analyzing the malicious files in transit at network speed frees up time and resources.

Is there anything else organizations should take into consideration? Machine learning at the endpoint level?

We’re always asking ourselves, “where’s the right juncture to layer in more security?” I’d like to see more organizations asking the same. You can look at our history, during which we developed a lightweight agent by moving the heavy lifting to the cloud, and that’s the theme we’ll continue to follow. The detection elements of machine learning can fit on our client, but we’ll do the computing-intensive and crowd protection work for machine learning in the cloud. That gives you the best efficacy, shares threat discoveries with all of our products and services in real time, and keeps devices running at optimal levels.

Clavister Partners with Webroot for IP Reputation

Reading Time: ~ 3 min.

Webroot recently announced a new collaboration with Clavister, a leader in the network security market. Clavister selected Webroot’s BrightCloud® IP Reputation Service. The solution detects malicious activity within users’ IT infrastructure and delivers actionable threat intelligence. We sat down with Mattias Nordlund, product manager for Enterprise at Clavister to get the scoop on the new offering and also the importance of IP reputation.


Webroot: Give readers a brief overview of Clavister.

Mattias Nordlund: Clavister is a Swedish security vendor founded in 1997 in the very improbable location of Örnsköldsvik, on the border of Lapland, far in the North of the country. We always joke – because it’s cold and dark so much of the year – our developers don’t have any distractions from making the best security code out there. Our “Swedishness” is a big source of company pride.

The development of our proprietary software – first cOS core and later our cOS stream solution – made the product into an award-winning and industry-respected leader in cybersecurity and digital threat deterrence. We’ve managed to grow the business internationally to an installed base of 20,000 customers with a 95 percent satisfaction rate, which drove Clavister to be one of the few Swedish technology companies listed on the NASDAQ OMX Nordic Exchange. Clavister also has acquired a formidable client list that includes Nokia, Canon ITS, and D-Link, as well as collaborations with Intel, Redhat, and VMware, among others.

I love the source of pride in your heritage. Putting on your security hat, do you see a difference in cyber preparedness in Europe versus the United States?

Of course. The US is a very advanced market when it comes to threat protection and development with some of the biggest vendors operating within its borders. But, if you think of EU legislation, like GDPR, with a more independent tradition that doesn’t appreciate the surveillance and backdoors built by both US and Chinese actors, then you see that Europe is quite advanced in cybersecurity. In Sweden, just as an example, we use a two-factor authentication app for not only our banking but logging into public websites, checking your kid’s daycare schedule, etc. So identity management and using VPNs is far more advanced in the EU than in the US.

That’s great. We are always pushing two-factor authentication, but it isn’t required by many sites here. Switching gears, why is IP reputation important?

For us, it’s important as a tool to help our customers stop Command & Control and Botnet communications, alleviate load on servers from attacks from known Denial of Service (DoS) IPs, or help limit the load on mail servers by stopping known spam sources on the edge. IP reputation in a way becomes a proactive mitigation technique rather than a reactive one. That’s where we see the market for Next-Generation Firewalls (NGFW) going.

Being proactive in your cyber defense is key. What do you hope your customers will gain by including Webroot BrightCloud IP Reputation intelligence in your solutions?

For our customers, it’s one more piece of the puzzle in how to understand traffic flowing through our products. The customer will get insights on the behavior of users. Coupled with other features like web content filtering and application control, it will indicate the behavior of a user and how “risky” it is.

What advice can you share with businesses struggling with their security plans today?

Having a holistic approach to how the company behaves – BYOD, its cloud-based work, endpoint, identity access management (IAM), VPNs, etc. – is really critical. It no longer works to take a partial approach. And then there’s the human firewall factor. Keep in mind, 85 percent of network breaches come from employees hitting phishing emails. That’s very important to bear in mind, as much as the hardware and software solutions.

Wise words, Mattias. Thank you for taking the time to talk cyber.

If you want to learn more about this new collaboration, check out the media release.

Critical Service Announcement

Reading Time: ~ 3 min.

UPDATE 4/28/17 2:11 p.m. MDT

As a reminder, the repair utility to address the false positive issue that arose on Monday, April 24, is available. The utility will release and restore quarantined applications to working order on the affected endpoints.

Please note, the utility was built to address only this specific false positive issue. It will be deactivated in the future.

If applications are operating normally on your systems, you do not need to implement the utility.

To obtain the repair utility, open a support ticket, or reply to your existing support ticket related to this issue. Please include your phone number in the ticket.

I want to thank each of our customers and partners for their patience during this time, and we are committed to earning your trust going forward.

UPDATE 4/27/17 2:47 p.m. MDT:

We have 0 calls in queue on our phone line, and are working through about 130 tickets related to the False Positive repair utility. A good portion of those are simply awaiting customer verification.

If you haven’t yet submitted a support ticket and you need the repair utility, please do so here. Include your phone number as well with the support ticket.

Our sincerest thanks to the MSP beta customers who worked with us to further test and validate this repair. We truly appreciate the support of our customers and thank you for your patience.

Update (Business) April 26, 10:25am MDT:

In addition to the manual fix issued Monday, April 24, we have now issued a standalone repair utility that provides a streamlined fix for business customers.  It will release and restore quarantined applications to working order on the impacted endpoints.

For access to the repair utility, customers should open a support ticket, or reply to your existing support ticket related to this issue.  Please include your phone number within the support ticket.

Our sincerest thanks to the MSP beta customers who worked with us to test and validate this repair. We appreciate the support of our customers and thank you for your patience.

Update (Business) April 25, 9:41pm MDT:

We created a comprehensive repair utility, and have successfully completed QA. We are currently rolling out the utility to a group of beta customers to ensure it works for our broader customer base. We expect to complete that work soon, and then will make it available incrementally to the entire customer base to ensure a successful deployment.

You also can look to our Community for ongoing updates.

Our Support team remains available to those of you who need urgent assistance, and we thank you for working with us through this challenging issue.


On April 24, Webroot experienced a technical issue affecting some business and consumer customers. Webroot incorrectly identified multiple files as malware. Webroot was not breached. Actual malicious files are being identified and blocked as normal.

We recognize that we have not met the expectations of some customers, and are committed to resolving this complex issue as quickly as possible.

For Business

Webroot is making progress on a resolution and will update you when it is available. In the meantime:

  • Do not uninstall the product or delete the quarantine. This will make quarantined files unrecoverable.
  • We have rolled back the false positives. Once the fix is deployed, the agent should pick up the re-determinations and perform as normal.
  • Customers should ensure endpoints are powered on and connected to the internet to receive the fix. Once files have been restored from quarantine, some endpoints may require rebooting.

Those who wish to address the issue manually should follow the instructions posted on Webroot Support.

We are conducting a thorough technical review to ensure we have a complete understanding of the root cause.  A summary will be posted in the Webroot Community, and Webroot account representatives will be prepared to discuss the findings in greater detail with you.

For Home

To resolve the issue, customers need to restore the quarantined file(s). Please follow the steps on the Webroot Community and restore the file(s). Webroot offers free 24/7 support for consumers, and can open a ticket for any questions here.

We apologize for the inconvenience this has caused our customers and are taking the actions to earn your trust going forward.

Integration Holds the Keys to the Castle

Reading Time: ~ 2 min.

Talks of integration are often met with audible sighs of displeasure. It’s a lot of work. You have to combine various platforms, software, and the list goes on. At Webroot, we decided to take some of the pain out of this process by partnering with Kaseya to deliver a fully integrated endpoint security solution for its customers.

Kaseya, a provider of complete IT management solutions for managed service providers (MSPs) and mid-sized businesses, was looking for ways to reduce complexity and steer its customers in the right security direction.

Charlie Tomeo, vice president of worldwide business sales at Webroot, sat down to answer a few questions about why we chose to integrate.


Webroot: Integration is practically a buzzword today. I think I just ‘integrated’ my winter and spring wardrobes. What does integration mean for Kaseya customers?

Charlie Tomeo: Integrating Webroot status and monitoring into VSA reduces management complexity by presenting this new information into the familiar tools they already use today. This gives technicians a single pane of glass and makes it easier to follow security best practice standards, which increases protection and security for their customers.

That makes sense. I’ve heard complexity is a “hackers best friend,” so any streamlining is good in my book. What can users expect in the module?

The Webroot SecureAnywhere® endpoint product is the easiest solution to deploy and maintain on the market, but our Kaseya module makes it even easier for VSA users through an intuitive, straightforward GUI-driven install/uninstall. Deployment hierarchy can mirror your Kaseya groups with Webroot groups or sites. Once deployed, the combined deployment and status dashboard gives you that single pane of glass view to manage Webroot protection within the VSA dashboard.

Day-to-day management suddenly gets easy with customized alerts that flow directly into Kaseya, creating tickets and executive dashboard reports quickly summarize infection history and endpoints under protection.

What if I’m reading this and thinking, I don’t need that, my customers are too small to have to worry about security threats. What advice would you provide?

Study after study shows that small customers are just as at-risk as any other organization. But providing enterprise level security protection to small customers is expensive without an MSP that uses a system of streamlined processes. These partners provide an affordable solution to their customers without compromising security or margins. Using the Webroot integration inside the Kaseya VSA allows the MSP to manage their Webroot agents and streamline numerous management tasks, like alerting, reporting, deployment, and updates.


That’s a wrap. To learn more or start a free trial of the Webroot Kaseya Module, visit http://wbrt.io/WebrootKaseya .

Introducing Webroot BrightCloud® Streaming Malware Detection

Reading Time: ~ 2 min.We’re not telling you anything new when we say that malware continues to pose a major challenge for businesses of all sizes. Polymorphism, in particular, is especially dangerous. Polymorphic executables constantly mutate without changing their original algorithm, meaning the code can change itself each time it replicates, even though its function never changes at all. That’s why it’s so problematic; organizations that rely on traditional endpoint protection methods have little hope of detecting and blocking all the variants that might hit their network, even if they combine their antivirus technologies with network sandboxing.

How BrightCloud® Streaming Malware Detection Works

With all this in mind, we’ve developed Webroot BrightCloud Streaming Malware Detection. This brand new, innovative technology detects malicious files in transit, in real time, at the network perimeter. It can be integrated into perimeter network security devices to complement existing functionality by identifying and eliminating malicious files before they enter the network or have the chance to spread or mutate internally.

In most cases, Streaming Malware Detection can make determinations without requiring the entire file to be downloaded. It scans files in real time to make determinations after only a small portion of the file has streamed through a network perimeter device. Streaming Malware Detection determines quickly whether files are benign or malicious, enabling the device itself to block, drop, or route the file for further investigation, depending on how the technology partner or end customer chooses has configured the appliance.

For partners, Streaming Malware Detection…

  • Adds malware detection functionality to your network device and enhances your ability to detect and block known and never-before-seen malware
  • Makes determinations on a high percentage of previously unknown, zero-day, and malicious files at the network level
  • Processes files at a rate of 5,700 files/min (over 500 times faster than a typical sandbox at 11 files/min)
  • Continuously improves its own capabilities via self-learning
  • Provides the flexibility to tune and adjust thresholds to minimize false positive rate
  • Integrates quickly and efficiently in network edge security devices via precompiled SDK
  • Provides an incremental revenue opportunity
How To Get Streaming Malware Detection

We’re currently planning to make this extra layer of protection against polymorphic malware, and targeted malware in general, available for GA in the second calendar quarter of 2017. For the time being, we’re pleased to invite existing and prospective Webroot technology partners to join our beta program. Contact your Webroot account representative to participate.

For more info about Streaming Malware Detection and other new Webroot services, read our press release.

What’s new from Webroot in early 2017?

Reading Time: ~ 2 min.Throughout 2016, many of the attacks and risks in the world of cybercrime followed “analog” crime: holding something for ransom/extortion, propaganda, theft, and identity scams. You might expect a cybersecurity vendor to see these trends as good for business, but in fact it’s the opposite. The modern world relies heavily on the internet and web applications for all types of transactions. For these technologies to continue advancing, users have to feel safe when they conduct those transactions online. That means those of us in the cybersecurity field are dealing with trust as our most valuable commodity. Erode the trust too deeply and many internet users will either take their business elsewhere, or try to avoid online transactions altogether.

Maintaining customers’ trust should always be the core of any cybersecurity provider’s strategy. In 2017, we plan to continue coming up with new ways to use our threat intelligence and cloud-based security platform to do just that. Here’s a look at what’s in store.

Webroot SecureAnywhere® DNS Protection

To kick off the year, we’ve introduced our new Webroot SecureAnywhere® DNS Protection service. By redirecting users’ internet traffic through the Webroot DNS cloud, businesses now get enhanced visibility, control, and peace of mind. Web requests are checked in real time to ensure they are not malware connecting to a Command and Control server, or requests to visit high risk sites. SecureAnywhere DNS Protection also lets businesses fine-tune web access policies by IP address or IP range, and limit access to websites based on their category—with 82 URL categories to choose from. This simple, domain layer security improves productivity, provides great visibility, and is a smart and cost-effective way to dramatically reduce web risks.

Webroot FlowScape®

The second new offering is a state-of-the-art approach to early threat detection that works by analyzing all the traffic taking place within your network; not just communications to and from the internet, but also those that occur between network-connected devices. Using supervised and unsupervised machine learning and behavioral analytics, the Webroot FlowScape® solution cuts through everyday network noise to reveal network anomalies and threats that other security technologies miss, and does so early enough for security administrators to prevent those threats from compromising the network. The FlowScape solution is designed for MSSPs and other IT security professionals who need to identify all the adversarial anomalies and risks within their networks.

Webroot BrightCloud® Streaming Malware Detection

Last, but not least, we are releasing Webroot BrightCloud® Streaming Malware Detection for polymorphic malware protection. This technology detects malicious files as they stream through the network perimeter in real time, without having to download the entire file, and without causing undue network latency. Streaming Malware Detection is designed to be integrated into network security devices to help identify and eliminate malicious files before they enter the network.

2017 will bring many new security challenges, but with these new solutions in place and other innovations on the Webroot drawing board, we plan to keep building our customers’ safety, security and trust.

 

Webroot Attends RSAC 2017

Reading Time: ~ 2 min.Twitter is buzzing with chatter about the RSA Conference 2017 (RSAC). Attendees, vendors, and speakers alike are anxiously awaiting the opportunity to discuss information security and the latest technology at the largest security conference in the world. Attending RSAC? Here’s what you should know about Webroot.

What’s new with Webroot in 2017

Today, we announced the expansion of our platform with 3 new products; Webroot FlowScape® Analytics, Webroot BrightCloud® Streaming Malware Detection, and Webroot SecureAnywhere® DNS Protection leverage the security industry’s most sophisticated artificial intelligence engine to give customers greater protection against today’s most dangerous known and unknown cyber threats.

By providing deeper insight into behaviors in the web and network layers, our new products offer better protection against today’s most advanced threats—both known and unknown—no matter where users are or what devices are connected. – Chad Bacher, SVP of product strategy and technology alliances, Webroot

During RSAC, be sure to visit us in the South Expo at booth #S1307 to experience Webroot threat intelligence and security products in action.

The Webroot Briefing Center Presentation at RSAC

Identifying threats within the barrage of everyday network traffic can be difficult. During our Briefing Center Presentation Securing the Internet of Everything: How Webroot Keeps a Smart City Safe, Chad Bacher will be discussing this how smart cities and other organizations can use advanced inspection modeling, and analytics inside the network to avoid security risks.

In-Booth Presentations

Webroot is hosting multiple in-booth presentations throughout the conference.  Presentation topics will include our insights into the most recent threat trends, stopping polymorphic malware, using machine learning to detect zero-day threats, and more. Be sure to set a private meeting with Webroot security experts, also.

Join leading security pros and innovators, including the Webroot team, at RSAC 2017 to learn about the current state of cybersecurity. Get our thoughts on what the future holds.

How F5 is Changing the Application Security Game

Reading Time: ~ 3 min.To address the need for application security in the digital transformation era, F5 is releasing a new host of products and services.

“The digital transformation has really changed security as a whole,” says Preston Hogue, Director of Security Marketing and Competitive Intelligence. What he means is that everything—EVERYTHING—is moving to the cloud. Think about the companies from years ago, such as Blockbuster, versus their modern counterparts, like Netflix or Hulu. Think about the fact that most of today’s twenty-somethings have never set foot in a physical bank branch, but use online banking daily. Now think about the fact that every service I’ve mentioned so far has an application, which is the primary method of interaction for users.

The application is the new perimeter and identity is the key to that perimeter. Over 70% of all data breaches occur by accessing applications. At F5, we are focused on securing our customers’ applications; both by securing access to the apps, and by securing the apps themselves where they reside.

We spoke with Preston about the newest security products F5 is launching, and how they’re using Webroot BrightCloud® IP Reputation intelligence to help power their solutions.


Webroot: Tell us a little bit about the security launch. What should we expect to see?

Preston Hogue: First, we are launching a family of dedicated security products called Herculon. The first two components of the Herculon product family are the Herculon SSL Orchestrator and the Herculon DDoS Hybrid Defender. These products are dedicated to solving the challenges of SSL/TLS encrypted traffic and ensuring application availability.

Second, we’re announcing a new service called Silverline WAF Express, which will give customers easy, self-service access to our cutting-edge web application firewall. We’ve been deploying web application firewalls on premises for some time and also offer a fully managed service. Since some customers don’t have the time or resources to install and maintain the software, or maintain the racks and stack and everything within their environment, we’re giving them a simpler self-service experience.

Our focus on securing applications means our overall threat research is geared toward application threat intelligence—really trying to get to the root cause of the 70+% of data breaches I mentioned previously—so we’re also announcing increased investment in our F5 Labs threat intelligence team.

Last but not least, we’re also announcing that the services of our security incident response team (SIRT), a dedicated team of highly trained individuals within the support organization, are now available to all F5 customers around the world. This team will be the highest level of escalation for security and service response.

Since threat intelligence is such a huge component of your offerings, what should your target customers consider when choosing threat intelligence sources for themselves?

There are a lot of companies that offer threat intelligence, but it’s challenging because they all claim a kind of broad, generic expertise. We advise that customers look for specificity; for targeted, actionable information that pertains to what they’re trying to do. Looking at a company like Webroot, you’ve taken on very specific aspects of threat intelligence and you’ve been able to master those particular areas—like the Webroot IP reputation intelligence that we integrate.

We see a lot of organizations trying to take on too much. That’s why we’re very definitive about the scope of what we’re trying to accomplish, and why we focus on leveraging our application security expertise around threats and ensuring we can provide very specific, clear, actionable threat intelligence with F5 Labs.

What do you hope your customers will gain by implementing your solutions with Webroot BrightCloud IP Reputation intelligence?

We know we have the expertise when it comes to understanding the overall threat to an application. We partner with companies like Webroot for insight into a particular aspect of threats; in Webroot’s case, it’s insight into IP addresses and additional threat information around user agents and anonymous proxies. We’re very specific in our threat intelligence, and we know we’re not always able to show the entire picture on our own. So we are able to fill in other areas of the overall threat landscape through our partnerships to ensure that we can give our customers the full picture they need.

How do you see the F5 security launch changing the security industry?

F5 has been in application security for over 20 years. From what we’ve seen, digital transformation is changing security as a whole. It has driven applications out of the data center and into the cloud. That means there are 3.2 billion users on the internet, who all potentially have access to these applications, which makes them a big target for breaches. Because of our expertise within the field, F5 is in the perfect position to provide visibility into this threat landscape, and also the control our customers need to achieve a secure application experience.


In his closing comments, Hogue had the following to say, “To secure access to applications and to secure the apps where they reside, you need a complete picture of the threats that target apps. You need a team like F5, with an ecosystem of intelligence partners like Webroot to provide that picture. And that’s how, ultimately, we can help our customers solve today’s security challenges and keep users safe.”

Learn more about Webroot BrightCloud IP Reputation intelligenceOr, for more information about F5’s security launch, read the press release.