How Webroot Uses Machine Learning to Maximize Protection for MSP Clients

February 15, 2017

Machine learning offers MSPs an alluring promise of greater protection for their clients. Webroot CTO and rocket scientist Hal Lonas explains why it’s the only way to solve the growing threat problem, and why a cloud-based threat intelligence platform is key to maximizing machine learning benefits.

In our last post, we discussed machine learning and how it can enable managed service providers to deploy endpoint protection solutions that deliver superior security for their clients. As noted in that analysis, however, making the theoretical benefits of machine learning a practical reality for today’s MSPs requires a combination of capabilities and commitment that some security vendors may not possess.

In comments excerpted from an interview, Webroot CTO Hal Lonas discusses Webroot BrightCloud Threat Intelligence and how it allows Webroot to fully exploit the benefits of machine learning. Lonas begins by explaining the origins of the BrightCloud platform:

“I’ve been developing software products for years and got into the security software space as Director of Development with Websense in 2000. At the time, websites were being classified manually, even though the number of sites and security breaches were already increasing exponentially. It just seemed like the wrong way to solve the problem.”

He continues, “A few of us saw the trends of cloud computing, machine learning advances and threat escalation as an opportunity to do things differently. So we dropped out of Websense and started BrightCloud, which was founded and architected on the belief that automated classification with machine learning and the scalability of the cloud was the only way to go.”

Why Webroot Delivers Fundamentally Better Protection

Given Webroot’s superior ability to combat against dynamic threats that appear, inflict damage and then disappear, it may appear that the Webroot BrightCloud platform was specifically designed to address polymorphism. However, Lonas quashes that assumption: “We actually didn’t build BrightCloud tech with polymorphic or transitory malware in mind,” he explains. “We built it to bring speed, scale and flexibility to finding threats.

“So when polymorphism came to the forefront several years ago and started overwhelming traditional signature-based solutions, we were at the right place at the right time,” recalls Lonas. “There are many other security problems that BrightCloud technology solves based on the architecture and platform we’ve built–for example, finding phishing and fraudulent sites in real time.”

Lonas goes on to cite other factors that enable MSPs to ensure significantly better protection for their clients with Webroot solutions rather than conventional security products: “You also have to credit Webroot’s vision in combining cloud-based endpoint security with BrightCloud intelligence. Webroot endpoint technology was designed from the ground up to be cloud-based and globally scalable, to minimize the time from threat detection to global protection.”

He observes, “Additionally, Webroot had the BrightCloud technology, which made them uniquely capable of … transforming the product and the company from a traditional antivirus offering to a platform-based service approach. That’s a key aspect to the entire ecosystem we protect.”

What Differentiates Webroot from Competing Solutions

When asked to explain how Webroot’s approach to threat intelligence differs from typical security vendors, Lonas immediately responds, “Well, for one thing, we don’t generate white lists, black lists or static feeds of data. You could use our data in that way, but the threat landscape is way too big and dynamic for that, and we offer so much more. As soon as you publish a list, it’s out of date.”

He elaborates: “Security professionals need a service where they can ask questions and get security advice at the moment of truth, which is just before you click on a website, before your firewall accepts a connection from an unknown IP, and before you run that downloaded file or mobile app. That’s what we do with the BrightCloud platform at Webroot. And that’s what gives our products and partners protection no one else can provide.”

Lonas then drills down to operational details of Webroot solutions: “The way our technology works, everything on the internet has a reputation score somewhere between totally trustworthy—so a score of 100—down to clear and present danger scores of single digits. That allows our customers to set a risk threshold for activity they want to allow or block, and decide when to warn users.

“That’s a very different approach than others in the field are taking,” he emphasizes. “When we say ‘actionable threat intelligence,’ that’s exactly what we mean; we inform critical decisions at the moment of truth, billions of times every day.”

Why Machine Learning Is the Future

In response to a question as to whether machine learning can help combat today’s most worrisome threats, Lonas does not hesitate. “Absolutely,” he answers. “Not only can it help, but we believe it’s the only way to solve the growing threat problem. Of course, you have to be smart about it, and threat researchers and analysts are still key parts of the puzzle, but we’ve figured out how to leverage and amplify their knowledge and productivity a thousand-fold. As threats become more transitory and harder to find, humans are going to be even more overwhelmed and won’t be able to keep up without the type of automation machine learning brings.”

For more information, see the Webroot whitepaper Automating Threat Defense: Using Machine Learning to Prevent Modern Cyberattacks.

This guest blog is part of a Channel Futures sponsorship.