Helping Your Customers Go Beyond Signature-Based Security

Your clients face a barrage of security threats every day. Unfortunately, many of them are probably using legacy, signature-based endpoint security systems. Here's how MSPs and channel partners can press forward.

Your clients face a barrage of security threats every day. Unfortunately, many of them are probably using legacy, signature-based endpoint security systems. Those products struggle to keep up with the rapid evolution of malware and the increasingly ingenuity of attacks. They have become ineffective in today’s cybersecurity environment.

Consider the following:

Market research firm IDC reported in 2012 that “signature-based tools … are only effective against 30-50 percent of the current security threats.

Gartner weighed in on the topic, describing signature-based malware detection as “limping along on life support.”

In a white paper, Symantec referred to signature-based approaches as “useless in encounters with new malware.”

In a May 2013 CIO magazine article, Simon Hunt, CTO of endpoint solutions at McAfee, stated “We are seeing about 150,000 new pieces of malware every day… we’re purely on the defensive.”

Tellingly, the CIO article ran under the following headline: “Signature-Based Endpoint Security on Its Way Out.” That’s a sobering declaration and one that may unnerve your customers. But MSPs and resellers can provide their clients with an alternative to signature-based security. Webroot, with its SecureAnywhere cloud-based endpoint security technology, addresses the weaknesses found in archaic, signature-based solutions.

Here’s How It Works

Conventional antivirus and anti-malware products rely on signature databases that reside on each client device. The client-constrained signature database is inherently limited. Webroot SecureAnywhere, in contrast, employs the Webroot Intelligence Network (WIN), which exists in the cloud. WIN serves as a vast malware detection net, pulling in billions of pieces of information including data from customers, test laboratories and security vendors that cooperatively share intelligence.

Customers install the Webroot SecureAnywhere client on the devices they want to protect. From the point when Webroot SecureAnywhere – Endpoint Protection is installed, all suspicious processes are closely monitored, analyzed, and resolved in real time through WIN. Since threat intelligence and malware detection lives in the cloud, the Webroot client is extremely lightweight (less than 1 MB).

In another departure from conventional products, Webroot uses predictive intelligence to monitor the behaviors of applications and executables running on customers’ systems. When the Webroot client software detects questionable behavior, it queries WIN to determine whether the behavior has been previously observed. If the behavior hasn’t been encountered before, Webroot taps a range of heuristics that search for particular attributes characteristic of malicious activity.

If Webroot and its heuristics capability can’t definitively label an activity as malicious, the solution lets the questionable software run in a “sandbox” — a a type of secure virtual machine. Webroot monitors the executable’s behavior in the sandbox and will capture the hash value for that file and upload it to WIN.

If an infection occurs on a Webroot-protected device, the process of virus removal is faster and easier compared with conventional endpoint security software. SecureAnywhere Business Endpoint Protection, for example, uses rollback remediation to undo every action a malicious piece of software executed. The device is returned to its prior state. For additional detail, please consult the new Webroot white paper, Lowering MSP TCO for Endpoint Security Solutions.

MSP Benefits

While clients benefit from Webroot’s security approach, so do MSPs. Webroot SecureAnywhere offers a less labor-intensive alternative to traditional antivirus products that rely on desk-side support for troubleshooting. The rollback process, for instance, can be handled remotely so an MSP can support its customers without dispatching a technician onsite. The rollback remediation saves MSPs the cost of a truck roll, while freeing technicians to focus on more profitable activities.

Overall, Webroot lets MSPs offer endpoint security solutions on a more cost effective and profitable basis. Webroot’s cloud approach eliminates the cost of deploying and maintaining hardware at the customer’s site. The technology also offers MSPs the advantage of efficient, Web-based management.

Learn more about Webroot’s MSP Partner Program here.

Monthly guest blogs such as this one are part of MSPmentor’s annual platinum sponsorship.