Magazine Article | November 14, 2009

Malware Threats Will Only Increase

Security vendors say the security market will remain a growth opportunity as cyber criminals strive to outfox solutions.

Business Solutions, December 2009

Let's admit it: No one can stop the reality that the Internet, websites, and even Web 2.0 applications have evolved into necessary business tools. The days of reprimanding employees for Googling are past (and advice on handling company policy surrounding Web 2.0 usage is an entirely different article). Part of the growing role of the Web in businesses of all sizes is the gateway that usage provides for malware. First distributed on infected storage devices such as floppy disks, today's malware can slide undetected into a network with the simple, unintentional click of a mouse.

"The delivery of malware has undergone quite an evolution as the end user and technologies became more effective at detecting email-borne malware," explains Jeff Debrosse, director of research at ESET. "The distribution methods changed to ensure maximum penetration, with the end result being what's known as a ‘drive-by download' — malware that is unknowingly downloaded and installed in the machines of users visiting the exploited sites."

ESET and other vendors say the more complicated the delivery method, and the more valuable the information being siphoned away, the more opportunity for VARs and managed security services providers (MSSPs). "Malware used to be about fame — the ‘script kiddies' writing malware to become well known. Now it is all about money. Malware is written to compromise people out of their savings and property," says Bradley Anstis, director of technical strategy at Marshal8e6. Matthew Dieckman, product manager for SonicWALL, adds that the evolution of content delivery on the Web has also played a role in the continued proliferation of malware. "Website content is no longer static — ads and other content are served up from third-party sources, leaving the door open for hackers to exploit weaknesses in the network layer and lure in unsuspecting users," he says. So now that we know the opportunity is there — and growing each day — let's talk about how a VAR or MSSP can tackle malware solutions.

Step 1: Talk To Customers About Protecting Their Assets
Most industry experts agree that big hurdles to security sales include end users that underestimate the impact of malware on their networks and misconceptions about what kind of security products handle different kinds of security threats. "With the constantly changing nature of malware and its distribution methods, the end user faces the significant challenge of understanding the threats to their networks," says Debrosse. "VARs have an equally challenging task of educating the end user, and with the increase of users connected to the Internet and volumes of malware out there, VARs' responsibilities have become more critical and complex."

Many security VARs have found that accessing the volume of threat assessments and reports found on most security vendor websites can provider great fodder for an opening conversation with a potential customer or to reopen talks with an existing customer. Another approach is to use a security assessment tool — again, talk to your security vendor partners for support — to illustrate where your customer's network is protected, where it isn't, and what might already be lurking in the network because of erroneous perceptions about what security needs are met by security products they may have installed. "Some end users believe a firewall alone will take care of security problems, but that is not the case," warns Kendra Krause, VP of channel sales for Fortinet. "The continuously changing nature of today's malware attacks requires a multilayered defense enabled with around-the-clock updates for the latest signatures."

Step 2: Learn How Web 2.0 Has Impacted Security
Impacting both the solution sets offered by security vendors and the resellers and MSSPs handling those solutions is Web 2.0. The acceptance of social media sites (e.g. Facebook, LinkedIn, Twitter, etc.) as businessapproved Web resources has opened entirely new routes for malware to reach business networks. "Web 2.0 has had tremendous impact on the delivery of malware. Customers must now contend with employees connecting to Web application, whether they be for personal email, social media tools or for work-related, cloud-based collaborative applications," says Krause. "The gap of infection with Web 2.0 is much more immediate compared to email. With email, there is a delay when the email messages can be scanned, cleaned, and/or quarantined. Web 2.0 allows users to immediately become infected."

With Web 2.0, users are often more complacent about trusting URLs and other links — they expect such popular sites to be safe — making it even easier for malware to slip through. "Two of the key features of Web 2.0 are user-generated content and social networking. Malware (or its distribution sites) are easily pointed to via URLs in articles or messages that take users to sites hosting malware," explains Debrosse, using the "tinyurls" on Twitter as an example. "There are also a large number of applications that run within many social networking sites, and those applications add to the threat vectors that can be exploited."

Additionally, many businesses are learning the hard way that mobile workforces using smartphones are also providing an easy in for hackers. "Smartphones have evolved to the point where they are essentially laptops," says Roger Thompson, chief research officer at AVG Technologies. As such, he warns, they are increasingly vulnerable to malware threats. Although IT solutions are available to protect those devices, many customers aren't even aware of the risk they pose and may not disclose to their IT partner the presence of Internet access via mobile units in their businesses.

Step 3: Understand Security Product Parameters
Beyond discovering the full range of security needs a customer may have, VARs also face the challenge of staying fully up-to-date with the threat landscape and the best technologies to meet their customers' needs. "The biggest mistakes VARs make are thinking a single layer of protection will suffice, that best practices alone are sufficient, and that static solutions are sufficient," says Thompson. Krause agrees, "VARs need to understand the differences in all the security offerings on the market and the capabilities of each to properly assess what a customer might need." To do that, VARs should take advantage of the threat research and training offered by their security vendor partners. Once VARs are comfortable with the threat landscape and the products available (and how they work to address particular threats), they will have to develop a system for monitoring each solution, from updating patches delivered by vendors to ensuring new employee identities aren't opening up a security hole.

One way to do that, says Krause, is to look beyond traditional solutions such as firewalls or Web content filters to newer technology that offers real-time inspection and "smarter" evaluation tools that prior generations of security products lacked. Many vendors have also developed management tools that pull reporting in from all deployed security solutions on a network. The bottom line, however, is that VARs have to understand the current threat landscape and the newer, innovative solutions that are tackling it, says Anstis. "VARs simply must also understand the strengths and weaknesses of all solutions to ensure the best fit for their customers."

He adds that some common mistakes for VARs include assuming their longtime security vendor is the best there is, believing any single vendor's hype about what customers need to be protected today, and getting too comfortable with the products and technology they are used to selling. That said, Dieckman adds that focusing purely on the "newest and greatest" solutions can also have its pitfalls. "VARs must guard against imparting to a user that some newly deployed hardware or service is all that is needed to make that user's network safe. New technology must be combined with continuous education about what end user actions put a network at risk of a malware infection."

Step 4: Sell Security Now
The market for reliable security products, regardless of their focus, is only expected to grow as cybercrime continues to focus on serendipitous attacks geared at collecting business and personal information undetected. Add to that the focus of the federal government on cyber security, and the market is bound to continue to hold opportunity. "Technological innovation by cyber criminals will continue to drive sales, plus the threat will continue to evolve and grow in both complexity and scope," says Debrosse. "With the current global Internet penetration rate at approximately 26%, there still exists tremendous opportunity for cyber criminals to take advantage of existing and new users on the Internet. Malware will continue to evolve to attempt to evade scanners, attack new vectors, and increase the scale of infection."