Webroot Keynote At DattoCon: Use Multilayer Security To Prevent Phishing, Malware Attacks

MSPs need to educate their customers, especially their SMB clients, about the importance of a multilayered security solution for protecting their businesses from cyberattacks, including ransomware.

That's the message from George Anderson, director of product marketing at Broomfield, Colo.-based security vendor Webroot, who on Wednesday addressed a large audience of MSPs during DattoCon 2017 in Denver.

Customers face a range of security issues, Anderson said. For instance, he cited a Verizon study that phishing now causes 90 percent of security and breach issues. He also cited a Webroot study that 94 percent of all malware is unique to a single endpoint, which makes it important for MSPs to take a careful look at the anti-virus tools their customers require.

[Related: Datto CEO Previews New Products, Tools To Help MSPs Reach SMBs]

Sponsored post

There is a broad range of next-generation offerings from startups, but they mainly provide single-sector protection, Anderson said. "They're very good at protecting one layer, but they don't have a lot of layers behind it," he said.

Ideally, businesses require multi-vector protection, Anderson said. "You need to recognize that attacks come in different stages," he said.

That requires being able to prevent attacks, to detect attacks that were not prevented, and to remediate the impacts of detected attacks, Anderson said.

Analyst firm Gartner also adds predicting where an attack might come from as a fourth layer of protection, he said. "I think we need to add that," he said.

Webroot offers a multilayer protection which starts with Web Threat Shield which aims to stop phishing attacks by, for instance, not allowing suspicious emails reach their target users.

For when an email does get through, the company's Real-Time Anti-Phishing checks the URL in the email before the user clicks on it to test within milliseconds whether the URL leads to a phishing site.

If the user gets through to such a phishing site, Webroot's Realtime Shield looks for files and fragments of files that might cause a security issue.

For a potential attack missed by Realtime Shield, the company's Behavior Shield looks at whether malware causes any actions.

Webroot also looks at the execution layer of an application to determine if there is malware and, if so, contain the malicious software, Anderson said.

"You should be asking your AV [antivirus] providers what they are doing at each layer and how it works," he said.

Webroot is fortunate in that it has about 75 percent of retail consumer malware protection market, Anderson said. "We know that people are going to do stupid things at home," he said. "We take what we learn from the consumer side to the office because the same people go there."

Anderson also said security businesses have to be careful to consider whether information on a possible attack results in a false positive or a false negative report. He did not directly refer to a significant error in April when a Webroot upgrade accidentally flagged Windows system files as malware and marked several major websites as phishing sites.

In the end, stopping attacks before they start is the best protection, but that has to be done in real time, Anderson said. "If it's not real time, your chance of success drops significantly," he said.

The points raised by Anderson are the reason Hill Country Tech Guys partner with Webroot, said Whit Ehrich, owner of the San Marcos, Texas-based MSP and channel partner to both Webroot and Datto.

A lot of people think all antivirus software is the same, but it isn't, Ehrich told CRN. As a result, it is the responsibility of MSPs to ensure they have the right offerings to meet customers' needs, he said.

"Customers don't really ask about the details," he said. "We tell them we provide antivirus. They say, 'OK.' It's our problem if it doesn't work."