How MSPs Can Combat Current Malware & PUA Plague

Ransomware and PUAs are proliferating and causing operational problems for MSPs’ clients and damage to MSPs’ reputations. While sandboxing, endpoint protection suites and other antimalware techniques deliver strong malware and PUA detection capabilities, they can cause unacceptable latency. See how Webroot BrightCloud Streaming Malware Detection boosts protection and minimizes latency.

September 21, 2017

4 Min Read
Channel Futures logo in a gray background | Channel Futures

If you’re like many MSPs, your clients are being overwhelmed by malware and potentially unwanted applications (PUAs) such as spyware and adware. While MSPs have been vigilant about malware and PUAs for years, 2017 is bringing reasons for a whole new level of concern. Even though proactive MSPs continue to boost their investment in security technologies, more attacks are succeeding. These and other alarming findings are contained in the June 2017 edition of the Webroot Quarterly Threat Trends report.

In particular, the popularity of ransomware has rapidly increased, and it’s causing major operational problems for MSPs’ clients and damage to MSPs’ reputations. As many MSPs can ruefully confirm, first-generation antimalware technologies (such as signature-based antivirus software) are just not effective
 at detecting and stopping current malware and PUAs on endpoints or networks.

The good news is that sandboxing, endpoint protection suites and other newer antimalware techniques can deliver much stronger malware and PUA detection capabilities. The bad news? These technologies are resource-intensive because they depend on queueing files for analysis and monitoring each file’s behavior during execution. This can introduce unacceptable latency that disrupts your clients’ business operations.

Why Current Malware and PUAs are So Damaging

Malware and PUAs reach users through many mechanisms, including email, instant messaging and drive-by downloads, where visiting a malicious website causes malware or PUA files to be transferred from the web server to the victim’s computer. More than 85% of malware infections are occurring via web browsing. Basic internet use is a high-risk activity for every organization, regardless of size or sector, according to Webroot research. Over 60% of companies have already been affected by ransomware, with financial and retail sectors hit the hardest.

The characteristics of malware and PUA files have changed a great deal over the years. While cybercriminals used to deliver a single malicious file to thousands or millions of users, they now often deliver a unique malicious file to each user. The most successful modern malware and PUA files are polymorphic, automatically generated via tools that produce vast numbers of unique, single-use files. By delivering each malicious file to only one user or a small number of users, it’s difficult or impossible for signature-based antivirus technologies to identify these zero-day files as malicious.

Another significant change in malware and PUAs is that today’s attackers usually intend for them to be short-lived, hosting their files on malicious websites that exist only for a few hours each. These techniques further hamper efforts to detect and stop malware and PUA files.

Webroot Solution: Machine-Learning Based Technology

New advances in machine learning from Webroot have enabled it to develop innovative malware detection capabilities to identify traditional, zero-day and polymorphic malware–even malware that avoids being detected by sandboxing techniques. Webroot has evolved its own technologies to complement existing malware detection products by addressing their major drawbacks:

  • Resource consumption

  • Latency

  • Dependence on signatures

Webroot created a new patent-pending technology called Webroot BrightCloud Streaming Malware Detection, which is significantly faster than signature-based and sandboxing techniques (and is available for other vendors to integrate into their security solutions). This machine learning-based technology combats the challenges of zero-day, polymorphic and highly targeted malware, blocking malicious files in transit at the network edge—without needing to download the entire file—and effectively complements existing antimalware solutions.

In essence, Streaming Malware Detection works as a network-based pre-filter that reduces the number of sandboxes, endpoint protection suites and other tools needed to analyze files. The combination of a sandboxing technology or endpoint protection suite and a Streaming Malware Detection-enabled solution helps improve file delivery times while enabling MSPs to maximize the return on investment for their existing security technologies.

Find Out More

To learn more about the latest malware and PUA trends, as well as complete details on how Webroot BrightCloud Streaming Malware Detection functions, download your free copy of the June 2017 Webroot Quarterly Threat Trends report.

Questions? Simply fill out the online Request for Contact form and you’ll receive a call from a Webroot Technology Expert.

[50 Word Abstract]

Ransomware and PUAs are proliferating and causing operational problems for MSPs’ clients and damage to MSPs’ reputations. While sandboxing, endpoint protection suites and other antimalware techniques deliver strong malware and PUA detection capabilities, they can cause unacceptable latency. See how Webroot BrightCloud® Streaming Malware Detection boosts protection and minimizes latency.

Read more about:

AgentsMSPsVARs/SIs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like