Webroot’s Next Generation Approach to Malware Protection

Jan 22, 2016

Webroot’s Next Generation Approach to Malware Protection

BY Melissa Stanton

Listen to the entire podcast.

As business continuity, backup and disaster recovery solutions become increasingly advanced, unfortunately, so does malware. According to the most recent SMB Threat Report by Webroot, 62% of those surveyed are not completely confident in their readiness to counterattack malware and protect themselves.

This is where Webroot comes in. This week’s podcast guest is George Anderson, Product Marketing Director for Webroot. Anderson will discuss Webroot’s “next generation” malware solutions, provide some insight into what makes Webroot’s products so effective, and reveal the shocking findings of the Webroot SMB Threat Report.

Podcast host is Datto VP of Business Development, Rob Rae.

Could you tell us a little bit about Webroot and about yourself?
George says, “Okay, I’m the Product Marketing Director. I look after our SMB products and also our enterprise products for Endpoint web, and also now for mobile products, as well, we have a mobile offering. My main task is basically to champion those products to the market, to help train our partners on them and part of that task there pulls in a lot of the collateral. I actually deal with also the legal side and deal with customers and also with MSP partners. In fact, almost everybody. It’s a great job from that perspective. On the Webroot side, we’ve obviously been, went marching ahead this year with endpoint products, as you mentioned in the introduction we’ve gone from something like 150-180 MSPs to now nearly over 5,000 MSP’s in the space of just over 2 years. Huge growth. Partly through partnerships, mainly actually through partnerships. We like working with people at Datto, we work with other partners, things like LabTech, who are more like an RMM, and continue working with Kaseya which are more sort of the tools that people use to manage the delivery, and they’re great partners of ours too, and they take our message through. Our main focus has been that. Endpoint, we’re an introducing our web products slowly but surely. We’ve got a cloud-based web offering, and the mobile part has always been something it would be well to offer to protect mobile devices. I’ve been at Webroot, 5, 6 years now. Since before we launched Webroot SecureAnywhere, before we launched our next generation Endpoint security product, which we’ve almost had to guide as an anti-virus when we entered the market because nobody understood what we were doing, to be honest with you. It took, 10 is a long time, and now of course there’s quite a few players coming into the next generation space, and I suppose we’re rapidly becoming the most proven next generation solution.”

What makes it next generation?
“I think AB Test or something are saying as we speak today, it’s about over, just over 140 odd million brand new pieces of malware last year, and we’re not yet at ending December, and I think we’re almost touching 140 million for this year,” George says, “The problem has been that since about 2007, you’ve just seen rapid upgrowth in malware, and then really around 2011, 2012, we saw what you call automation starting to come in. We saw the whole effect of the fact that it was just really easy to go and get exploit tools, and these were all automated tools, and they would just generate new variants of malware. The problem people were facing was, if I’m trying to keep up with a signature and using this traditional AV to stop that, I can’t do that very easily. A lot of MSPs started using another layer. They would buy an anti-malware tool, something like Malwarebytes or Hitman Pro and run that alongside their traditional AV. The problem is still that that volume of malware was pretty significant, so our approach was completely different from that. We had a very, very small agent which we could deploy on the Endpoint very, very easily and very quickly. Talking about something like under 2 minutes. That’s it fully deployed. It would actually go onto the machine. It would look at all the files and processes, actually active on that machine at that particular point in time, it was able to then develop hashlists, send those to the cloud, to our BrightCloud threat intelligence platform. It was actually called WIN in those days, but now called BrightCloud. BrightCloud was able to come back pretty instantaneously, and say, “This is something that’s known good. This is something that’s known bad.” Obviously we’re block it and stop it right away, but we also dealt with this area of what people call the gray area of the undetermined, the unknown. You’re immediately really different from an AV because an AV will only just say something is bad, and block it; that’s all they do. They don’t have a notice service here, they have known bad, if you like, but they don’t have known good, and they don’t have this undetermined states, so I think the next generation products are far more capable at sorting out what’s absolutely good, what’s absolutely bad, and also be able to deal with, hopefully deal with, the stuff that’s undetermined. I still say Webroot’s pretty unique in that way because I know some of our competitors are really good at the known bad and the known good, using masks and things to do it, but in fact their rate of actually being able to stop things is actually not high, because they don’t deal with that gray undetermined area. That’s where we’ve been really successful, is actually looking at undetermined, being able to monitor that, journal that. If we decide it is malware and we can take the time to decide it’s malware because we’re containing it as it works on the machine, then we can then actually block it, or we can actually remediate the machine back, so that for MSPs, of course, is huge because it means they don’t have to reimage machines and they don’t have to get involved there with that as well. So from that point of view it’s next generation. It’s very much that stuff, being very, very effective at stopping malware. I think the next part of it which is really key is the visibility it gives. We actually were the first, I think we’re the only vendor still to say, give people alerts, what we call “dwell time” so that’s the point in time exactly when the machine was infected, how long the infections remained on the machine. Usually it’s less than zero seconds, it’s less than a second, but some of these obviously longer because of the gray areas. That ability to have that visibility, know what the attacker was and know what it was trying to do, the fact that it’s been stopped is all very next generation an approach.”

Do you want to talk a little bit about the report, and what an MSP would get out of it?
George says, “Yeah, I think it was interesting. We were approaching the SMB market. We tributed that out to about 1,000 seats in size. I think the nice thing about this research, we did it in the US, the UK and Australia, and it’s about 700 IT decision-makers. The whole thing was 1,000 employees. We asked them a whole ton of questions. Some nice things came out. How is their IT security managed? Because obviously for us that’s important. By the way, on the backup side, and the reason why we do a lot with you guys is the crypto-ransomware and the malware that people are seeing at the moment. We have a very, very, very good track record. We’ve had a lot of MSPs buy our product because of the fact we do that rollback in remediation and we can stop the encrypting ransomware, but we don’t do it 100% of the time, so really in those situations, if something does manage to get through and it’s a brand new attack, it’s probably something they’ve tested against us and tried to fool us. At that stage, we can’t recover the machine back necessarily, and then at that stage backup is really essential for bringing that back. I want to go back to the threat report, I sort of deviated away because I wanted to cover back, so just another point there, but tell you about how things were managed, and I think it was really, really interesting. Only 24% actually have a dedicated in-house IT security professional team. If you think we’re going out to about about 1000 customers, that’s quite small. A lot of the people that handle IT security in those small businesses are obviously not professional. They’ve got other responsibilities. 9% of them are outsourcing IT security at the moment, to a managed service provider so that’s quite interesting. I thought that was quite low, actually. I think that’s a huge potential thing for them to do. As I said, a mix, and there’s about 27% had what they call a mix of in-house and outsource IT security solutions. What you see here really, what you expect really is there’s a lack of resources and skills are a major issue within those organizations. That’s quite a key thing. We asked them how they were prepared for their IT security preparedness, and really I think we saw about 39% said they were almost ready to manage and protect against threats. That’s like 40% saying, “Well, we’re not quite there.” 37% were completely ready to manage, so that wasn’t bad actually. That was better than we thought, but all the rest of the stats are pretty much underneath, so what you can see is that really, there’s very few of them are really that prepared. 62% of those surveyed are really not completely confident in that readiness to counterattacks and protect themselves. SMBs are still a huge target.”

Listen to the full interview now on iTunes.  If you are enjoying our podcasts, we would love for you to leave us a review on iTunes. Please email any feedback, including ideas for future podcasts, to podcast@datto.com.

Subscribe to the Blog