Threat Intelligence and Cloud-Based Cybersecurity Solutions from Webroot Enable Real-Time Protection for SMBs and Home Users

TL; DR: Since 1997, Webroot has helped consumers and businesses stay safe online. SecureAnywhere Business Endpoint Protection, its flagship product for SMBs, uses the cloud-based Threat Intelligence Platform to protect devices against attacks across email, web browsers, social media apps, and connected devices. Using a multilayered approach backed by machine learning, it warns against malicious links while also monitoring local files for harmful activity. Webroot also trains SMBs to encourage user vigilance in the office and at home and promotes common sense strategies like keeping software updated and files backed up. And as cybercriminals devise new methods to exploit network vulnerabilities, Webroot technology, based on advanced, real-time data analytics, protects sensitive information by making those threats visible as they arrive on the scene.

As the internet grows, the challenge of protecting it — and the data that passes through it — also grows more complex. Today’s cybercriminals attack in stages using a combination of technologies across email, web browsers, social media, and more. They move quickly, working just as hard as the good guys to discover previously undetected vulnerabilities.

It’s no longer enough to protect devices after a threat becomes known and software can be updated — sometimes after days or weeks of vulnerability. Modern attacks take advantage of the holes in that type of security and allow malicious software to infect systems undetected — before the victims of the attacks know what hit them.

What’s required today is continuous monitoring of devices and a real-time response to any unusual or unexpected activity. Unfortunately, that’s not easy to accomplish. If a security solution protects only after malware has infiltrated a system, for example, or against some attack vectors but not others, it will fall short. The same is true if the solution doesn’t have the power to see and analyze the entire web to develop the threat intelligence necessary to recognize new forms of attacks as they occur.

With more than 20 years of experience in protecting businesses and individuals against computer security threats, Webroot is uniquely positioned to provide real-time mitigation against modern multi-stage, multi-vector attacks. When deployed as the foundation of a common-sense strategy for responsible user behavior, SecureAnywhere Business Endpoint Protection, Webroot’s flagship product for SMBs, can detect and stop an attack before the intended target even becomes aware of its existence.

“All software can be hacked,” said David Dufour, VP of Engineering and Cybersecurity at Webroot. “Our cloud-based Threat Intelligence Platform, which has been in continuous development since 2007, dynamically updates a list of millions of malicious links and detects sites that want to steal user data as they pop up in real time. This prevents our customers from visiting questionable websites and reduces their chance of encountering malware in the first place.”

Those features are combined with sophisticated machine-learning technology to round out a highly accurate solution that’s always up to date.

“In this day and age, if you’re hyper-aware of your security solution, it’s probably not doing its job. We put a lot of work into ensuring that ours rarely calls attention to itself,” Dufour said.

While a business shouldn’t have to constantly worry about its security solution, keeping valuable online data safe does require vigilance. Dufour recommends that SMBs follow a three-part strategy that includes some rather old-school — but fail-safe — routines.

“After installing SecureAnywhere, the next best thing a business can do is back up critical data to CD or DVD and put it in a drawer,” Dufour said. “If you have a physical backup, you can recover if something bad happens: simply reformat the computer and restore the data to get back to work.”

SMBs should also keep their software updated. Although today’s cybercriminals specialize in exploiting previously undetected vulnerabilities, malware doesn’t go away after a software company fixes a problem and sends out a patch.

“It’s annoying to go through the update process, but follow the instructions and spend the extra few minutes to make it happen. There’s no downside,” Dufour said.

Just like a chain is only as strong as its weakest link, computer security is only as effective as the least-sophisticated user on the network. To make the chain as strong as possible, Webroot offers computer-based security awareness training to SMBs and internet providers.

“Recent data shows that up to 90% of successful security breaches are caused by user error,” Dufour said. “The easiest way into a business network is through a user clicking that bad link, opening an attachment from an unfamiliar sender, or giving up credentials and other sensitive information online.”

In the office and at home, Dufour recommends a few additional back-to-basics security strategies:

• To thwart attempts to obtain personal information, hover over links in email messages and on social media to make sure they’re pointing to the expected sites.
• If a bank requests a site visit via a link in an email message, go to the bank’s website by typing the address into the browser rather than by clicking on the link.
• Always use a credit card online, not a debit card. Credit cards carry more consumer protection.
  To make monitoring personal financial activity easier, use a single card for all online financial transactions.

Following these simple tips can thwart most attempts by hackers to infiltrate a company network — or even a personal network.

The best-case security mitigation scenario, however, is the one that never happens. That’s what Webroot’s SecureAnywhere solution is designed to facilitate.

Based on the Webroot Threat Intelligence Platform, the cloud-based system integrates billions of pieces of information from millions of sensors to create a threat detection net capable of protecting against both known and unknown attacks.

“The original purpose of antivirus software was to scan a machine and identify good files and bad files. So it was a reactive approach,” Dufour said. “Our next-generation solution offers a proactive, multilayered approach to security.”

When a user performs an internet search, for example, SecureAnywhere’s Web Threat Shield places a small green, yellow, or red circle next to each result, calling on Webroot’s dynamic list of malicious sites to identify ones that may be suspicious.

“Because we see and understand these patterns among our users, we’re always watching files and comparing their behavior against what we know is normal. When things don’t measure up, we stop it.” — David Dufour, VP of Engineering and Cybersecurity at Webroot

And if a user absent-mindedly clicks a suspicious link, Real-Time Anti-Phishing technology scans it to determine its legitimacy, sending out an alert if it isn’t.

“We’re not just looking at files. We take these high-level approaches to prevent users from doing things they shouldn’t do,” Dufour said.

But if an attack does manage to breach SecureAnywhere’s protective walls, file-pattern and predictive-behavior-recognition technology powered by the Threat Intelligence Platform stops it before it starts.

“Because we see and understand these patterns among our users, we’re always watching files and comparing their behavior against what we know is normal,” Dufour said. “When things don’t measure up, we stop it.”

If one thing is certain in the world of internet security, it’s that the war between the good guys and the bad guys will continue to escalate.

For example, cybercriminals are beginning to use artificial intelligence (AI) to get past anti-malware software. In a recent demonstration, researchers saw malware variants using open-source AI technology breach antivirus solutions in up to 16% of instances.

But no one knows what the future will bring. As cybersecurity moves beyond reactive mode, the key to future success will be automating threat responses and preventing attacks before they happen. The Webroot Threat Intelligence Platform has the extensive data, machine-learning support, and vector integrations to make predictive threat intelligence a reality.

“To be truly useful as a predictive tool, threat intelligence must be built on the right foundation, with insight based on analyzing behavior over time,” Dufour said. “It must use appropriate and sufficient sources and employ effective machine learning to improve its predictive capabilities. It must learn to see the big picture better and better over time.”

Webroot delivers on that potential. The platform is structured to organize massive amounts of information so it can find the right signals among the noise to predict new threats. Because it has a global reach and an interconnected infrastructure, any singular breach results in almost immediate protection for everyone on the network. And the results are trustworthy because the data on the platform reaches back more than a decade.

“Our continually improving platform draws on an ever-broader set of intelligence sources and better tools for contextual analysis,” Dufour said. “As a result, we have the speed, scale, scope, and trustworthiness to stay ahead of the game and continue to deliver highly actionable, timely, and predictive threat intelligence to thousands of customers and millions of users.”