Know Thy Enemy
When it comes to managing your clients’ threat exposure, the venerable maxim “knowledge is power” is particularly relevant. We’re certainly strong proponents of that credo; in fact, you could say it serves as the philosophical foundation for our approach to online threat intelligence.
Webroot BrightCloud Threat Intelligence Services continuously scans the internet, capturing data through millions of sensors and analyzing it in just milliseconds, enabling us to identify and stop even brand new, previously unknown threats in real time (see below).
How BrightCloud Threat Intelligence is Captured, Analyzed, Classified, Correlated and Published
Simply put, Webroot continuously classifies and scores 95% of the Internet, and monitors the entire IPv4 space and in-use IPv6s. So it should come as no surprise that the sheer scope of our analyses is pretty mind-blowing:
- 20+ billion URLs
- 7+ billion file behavior records
- 4+ billion IP addresses
- 600+ million domain names
- 15+ million mobile apps
- 10+ million connected sensors
Leveraging the mountains of data we’ve collected, the Webroot 2015 Threat Brief digs deep into the primary factors that are defining today’s security landscape. For example, the following brief excerpts from the 2015 Threat Brief reveal:
85,000 Net New Malicious IPs Are Launched Every Day
- Key takeaway: IPs are highly dynamic, and security teams cannot rely on static blacklists to protect against inbound malicious IPs.
- Bottom line: IP blacklists need to be updated continuously.
Less Than 55% of All URLs Are Trustworthy
- Key takeaway: It’s critical to leverage URL reputation data, as filtering purely by IPs may not be enough to keep networks and users secure. Relying on content classification by itself isn’t sufficient—an independent URL reputation feed must also be leveraged.
- Bottom line: URL classification and reputation must be independent of each other, but used together to protect users from unwanted sites.
30% of Internet Users Access Phishing Sites
- Key takeaway: Phishing sites are often only online for a few hours, or until a threshold of visits are reached. Real-time detection can protect against sites that are seconds old, whereas blacklists will never be sufficient.
- Bottom line: Phishing attacks come and go quickly—making real-time anti-phishing security controls a necessity.
15% of New Files are Malicious Executables
- Key takeaway: Executable threats are emerging rapidly, and are highly customized and tailored.
- Bottom line: Malware has become more individualized and targeted in order to infiltrate systems successfully.
Only 28% of Mobile Apps are Trustworthy or Benign
- Key takeaway: There is a shift from benign and trustworthy apps (52% in 2013 to 28% in 2014) to malicious, suspicious and unwanted apps.
- Bottom line: Android device users are being threatened more often than ever before.
Summing Up
The above excerpts only scratch the surface of Webroot’s findings; we strongly encourage you to download the complete 2015 Threat Brief.
But for those harried MSPs who just want to read the report’s recommendations (hey, we know you’re out there!), they boil down to this:
- MSPs must look to bolster their security posture with real-time, highly accurate threat intelligence to protect their clients from cybercriminal activity.
- Utilizing this intelligence enables MSPs to set proactive policies to automatically protect networks, endpoints and users as part of a defense-in-depth strategy; setting such policies is crucial when MSPs consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting their clients.
- Users also need to be more vigilant than ever about the websites they visit, the URLs they follow from emails, and the applications and mobile apps that they use.
To learn more about the Webroot Channel Edge Partner program, click here, or start your free trial and discover first-hand how Webroot security solutions protect, lower your costs and boost your bottom line.
Guest blogs such as this one are published monthly and are part of MSPmentor’s annual platinum sponsorship.