Malware Threats Will Only Increase
Let's admit it: No one can stop the reality that the Internet, websites, and even Web 2.0 applications have evolved into necessary business tools. The days of reprimanding employees for Googling are past (and advice on handling company policy surrounding Web 2.0 usage is an entirely different article). Part of the growing role of the Web in businesses of all sizes is the gateway that usage provides for malware. First distributed on infected storage devices such as floppy disks, today's malware can slide undetected into a network with the simple, unintentional click of a mouse.
"The delivery of malware has undergone quite an evolution as the end user and technologies became more effective at detecting email-borne malware," explains Jeff Debrosse, director of research at ESET. "The distribution methods changed to ensure maximum penetration, with the end result being what's known as a ‘drive-by download' — malware that is unknowingly downloaded and installed in the machines of users visiting the exploited sites."
ESET and other vendors say the more complicated the delivery method, and the more valuable the information being siphoned away, the more opportunity for VARs and managed security services providers (MSSPs). "Malware used to be about fame — the ‘script kiddies' writing malware to become well known. Now it is all about money. Malware is written to compromise people out of their savings and property," says Bradley Anstis, director of technical strategy at Marshal8e6. Matthew Dieckman, product manager for SonicWALL, adds that the evolution of content delivery on the Web has also played a role in the continued proliferation of malware. "Website content is no longer static — ads and other content are served up from third-party sources, leaving the door open for hackers to exploit weaknesses in the network layer and lure in unsuspecting users," he says. So now that we know the opportunity is there — and growing each day — let's talk about how a VAR or MSSP can tackle malware solutions.
Step 1: Talk To Customers
About Protecting Their Assets
Most industry experts agree that big hurdles to
security sales include end users that underestimate
the impact of malware on their networks and misconceptions
about what kind of security products
handle different kinds of security threats. "With the
constantly changing nature of malware and its distribution
methods, the end user faces the significant
challenge of understanding the threats to their
networks," says Debrosse. "VARs have an equally
challenging task of educating the end user, and
with the increase of users connected to the Internet
and volumes of malware out there, VARs' responsibilities
have become more critical and complex."
Many security VARs have found that accessing the volume of threat assessments and reports found on most security vendor websites can provider great fodder for an opening conversation with a potential customer or to reopen talks with an existing customer. Another approach is to use a security assessment tool — again, talk to your security vendor partners for support — to illustrate where your customer's network is protected, where it isn't, and what might already be lurking in the network because of erroneous perceptions about what security needs are met by security products they may have installed. "Some end users believe a firewall alone will take care of security problems, but that is not the case," warns Kendra Krause, VP of channel sales for Fortinet. "The continuously changing nature of today's malware attacks requires a multilayered defense enabled with around-the-clock updates for the latest signatures."
Step 2: Learn How Web 2.0 Has Impacted Security
Impacting both the solution sets offered by security vendors
and the resellers and MSSPs handling those solutions
is Web 2.0. The acceptance of social media sites
(e.g. Facebook, LinkedIn, Twitter, etc.) as businessapproved
Web resources has opened entirely new routes
for malware to reach business networks. "Web 2.0 has
had tremendous impact on the delivery of malware.
Customers must now contend with employees connecting
to Web application, whether they be for personal
email, social media tools or for work-related, cloud-based
collaborative applications," says Krause. "The gap of
infection with Web 2.0 is much more immediate compared
to email. With email, there is a delay when the
email messages can be scanned, cleaned, and/or quarantined.
Web 2.0 allows users to immediately become
infected."
With Web 2.0, users are often more complacent about trusting URLs and other links — they expect such popular sites to be safe — making it even easier for malware to slip through. "Two of the key features of Web 2.0 are user-generated content and social networking. Malware (or its distribution sites) are easily pointed to via URLs in articles or messages that take users to sites hosting malware," explains Debrosse, using the "tinyurls" on Twitter as an example. "There are also a large number of applications that run within many social networking sites, and those applications add to the threat vectors that can be exploited."
Additionally, many businesses are learning the hard way that mobile workforces using smartphones are also providing an easy in for hackers. "Smartphones have evolved to the point where they are essentially laptops," says Roger Thompson, chief research officer at AVG Technologies. As such, he warns, they are increasingly vulnerable to malware threats. Although IT solutions are available to protect those devices, many customers aren't even aware of the risk they pose and may not disclose to their IT partner the presence of Internet access via mobile units in their businesses.
Step 3: Understand Security Product Parameters
Beyond discovering the full range of security needs a
customer may have, VARs also face the challenge of staying
fully up-to-date with the threat landscape and the
best technologies to meet their customers' needs. "The
biggest mistakes VARs make are thinking a single layer of
protection will suffice, that best practices alone are sufficient,
and that static solutions are sufficient," says
Thompson. Krause agrees, "VARs need to understand the
differences in all the security offerings on the market and
the capabilities of each to properly assess what a customer
might need." To do that, VARs should take advantage
of the threat research and training offered by their
security vendor partners. Once VARs are comfortable
with the threat landscape and the products available (and
how they work to address particular threats), they will
have to develop a system for monitoring each solution,
from updating patches delivered by vendors to ensuring
new employee identities aren't opening up a security
hole.
One way to do that, says Krause, is to look beyond traditional solutions such as firewalls or Web content filters to newer technology that offers real-time inspection and "smarter" evaluation tools that prior generations of security products lacked. Many vendors have also developed management tools that pull reporting in from all deployed security solutions on a network. The bottom line, however, is that VARs have to understand the current threat landscape and the newer, innovative solutions that are tackling it, says Anstis. "VARs simply must also understand the strengths and weaknesses of all solutions to ensure the best fit for their customers."
He adds that some common mistakes for VARs include assuming their longtime security vendor is the best there is, believing any single vendor's hype about what customers need to be protected today, and getting too comfortable with the products and technology they are used to selling. That said, Dieckman adds that focusing purely on the "newest and greatest" solutions can also have its pitfalls. "VARs must guard against imparting to a user that some newly deployed hardware or service is all that is needed to make that user's network safe. New technology must be combined with continuous education about what end user actions put a network at risk of a malware infection."
Step 4: Sell Security Now
The market for reliable security products, regardless of
their focus, is only expected to grow as cybercrime continues
to focus on serendipitous attacks geared at collecting
business and personal information undetected.
Add to that the focus of the federal government on cyber
security, and the market is bound to continue to hold
opportunity. "Technological innovation by cyber criminals
will continue to drive sales, plus the threat will continue
to evolve and grow in both complexity and scope,"
says Debrosse. "With the current global Internet penetration
rate at approximately 26%, there still exists tremendous
opportunity for cyber criminals to take advantage of
existing and new users on the Internet. Malware will continue
to evolve to attempt to evade scanners, attack new
vectors, and increase the scale of infection."