PC PORTAL

Experienced. Trusted. Solutions.

Business + Partners

By

Securing Your Business First: Learn How ADR Can Help

Reading Time: ~ 3 min.

Entrepreneur Jim Rohn once said, “Time is more valuable than money. You can get more money, but you cannot get more time.” I think anyone involved in running a business can relate to this statement, but it carries a particularly deep meaning to those of us who deal with cybersecurity.

When it comes to cyberattacks, even the most minor malware infection can create costly delays and downtime, and the damages from data loss or business disruption can be financially devastating. Dealing with the consequences of denial-of-service attacks, ransomware, and data breaches shouldn’t be an accepted part of your agenda. 

You need to protect your business first. That means having a strong lineup of cyber-defense tools that don’t just mitigate threats, but actually put time back in your day. The key to success is to stop threats before they stop you. One of the most important pieces of that puzzle is the tools you use, particularly to achieve automation.

Learn more about protecting your business first with ADR and other cyber-defense best practices by checking out our Lockdown Lessons podcast series.

What are EDR, MDR, and ADR, and what’s the difference?

I am the first to admit that the cybersecurity world throws around far too many acronyms, and the definitions are not abundantly clear. (I’m definitely guilty of this, myself.) So let’s break down some of the endpoint-related jargon you may have heard lately.

Endpoint Detection and Response (EDR)

Endpoint detection and response (EDR) technology gathers large volumes of data from endpoints and provides security analysts with large amounts of information to help detect and mitigate cyber threats. These solutions significantly improve endpoint visibility, threat remediation, and can even assist with threat hunting. But to take full advantage, a staff of trained security analysts are necessary––and with today’s skills gap, this model does not make sense for the majority of SMBs and MSPs.

Today, EDR is beginning to morph into “enterprise detection and response.” The endpoint telemetry data it produces forms part of a more holistic approach to network security. 

Managed Detection and Response (MDR)

In recent months, cloud-based security service providers have been leveraging EDR data and compensating for the cybersecurity skills gap through managed detection and response (MDR). 

Working around the clock, MDR acts as a security analyst by providing automated threat detection, response, and remediation. It protects the entire network––not just endpoints––and provides the time, commitment, and cybersecurity skills necessary to fully detect, mitigate and resolve issues. The unfortunate truth here is that, for many smaller businesses, MDR is just too expensive. They may need to explore different partnership models or leverage managed services from their vendors.

Automated Detection and Response (ADR)

For businesses and managed service providers without dedicated cybersecurity resources and an ample budget, automated detection and response (ADR) may be the perfect answer. When other solutions become overwhelmed by the vast quantity of incoming malware, ADR leverages AI and machine learning to not only stop threats, but also to proactively predict and prevent them. As a result, this type of solution can actually put time back in your day.

As the cybersecurity landscape evolves and the skills gap continues to grow, MSPs and SMBs must onboard solutions that automate their defenses and offer the missing cybersecurity intelligence that only ADR provides.

ADR: the Next-Gen Evolution of Cybersecurity

As you are probably aware, modern attacks continue to increase in complexity, become more targeted, and are often automated at scale. They can also move unpredictably and laterally, as we have seen with Island Hopping (i.e. the act of compromising one company by infiltrating its affiliates, partner network, and/or supply chain.)

I know that many of you experience challenges that can make your business or clients vulnerable to attack, including:

  • Broad attack surfaces
  • Limited security expertise
  • Lax or inadequate access controls
  • Data loss, email spam, and phishing vulnerabilities
  • Insufficient understanding of compliance

The best way to combat these types of vulnerabilities is to leverage the power in prediction to stop attacks before they happen, and to quickly and automatically remediate threats that do get through. This is where ADR provides a new way to think about cybersecurity.

Currently, your cybersecurity or IT team needs to manage multiple tasks across multiple systems, which requires in-depth knowledge of computer systems and cybersecurity threats. Consequently, response time is often slow. With ADR, tasks are automated, and threats are investigated, validated, and remediated in the background––greatly boosting your operational efficiency and effectiveness.

As the threat environment continues to evolve, you will need to keep pace and ADR changes the security equation by improving the accuracy of detection and speed of response, saving you a lot of time and hassle—not to mention money.

The post Securing Your Business First: Learn How ADR Can Help appeared first on Webroot Blog.

By

Why MSPs Should Expect No-Conflict Endpoint Security

Reading Time: ~ 3 min.

“Antivirus programs use techniques to stop viruses that are very “virus-like” in and of themselves, and in most cases if you try to run two antivirus programs, or full security suites, each believes the other is malicious and they then engage in a battle to the death (of system usability, anyway).”

“…running 2 AV’s will most likely cause conflicts and slowness as they will scan each other’s malware signature database. So it’s not recommended.”

The above quotes come from top answers on a popular computer help site and community forum in response to a question about “Running Two AVs” simultaneously.

Seattle Times tech columnist Patrick Marshall has similarly warned his readers about the dangers of antivirus products conflicting on his own computers.

Click here to see 9 top endpoint protection competitors go head to head to see who’s most efficient.

Historically, these comments were spot-on, 100% correct in describing how competing AV solutions interacted on endpoints. Here’s why.

The (Traditional) Issues with Running Side-by-Side AV Programs

In pursuit of battling it out on your machine for security supremacy, AV solutions have traditionally had a tendency to cause serious performance issues.

This is because:

  • Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
  • Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
  • Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.

Putting the Problem Into Context

Those of you reading this may be thinking, But is all of this really a problem? Who wants to run duplicate endpoint security products anyway?

Consider a scenario, one in which you’re unhappy with your current AV solution. Maybe the management overhead is unreasonable and it’s keeping you from core business responsibilities. Then what?

“Rip and replace”—a phrase guaranteed to make many an MSP shudder—comes to mind. It suggests long evenings of after-hours work removing endpoint protection from device after device, exposing each of the machines under your care to a precarious period of no protection. For MSPs managing hundreds or thousands of endpoints, even significant performance issues can seem not worth the trouble.

Hence we’ve arrived at the problem with conflicting AV software. They lock MSPs into a no-win quagmire of poor performance on the one hand, and a potentially dangerous rip-and-replace operation on the other.

But by designing a no-conflict agent, these growing pains can be eased almost completely. MSPs unhappy with the performance of their current AV can install its replacement during working hours without breaking a sweat. A cloud-based malware prevention architecture and “next-gen” approach to mitigating attacks allows everyone to benefit from the ability to change and upgrade their endpoint security with minimal effort.

Simply wait for your new endpoint agent to be installed, uninstall its predecessor, and still be home in time for dinner.

Stop Wishing and Expect No-Conflict Endpoint Protection

Any modern endpoint protection worth its salt or designed with the user in mind has two key qualities that address this problem:

  1. It won’t conflict with other AV programs and
  2. It installs fast and painlessly.

After all, this is 2019 (and over 30 years since antivirus was invented) so you should expect as much. Considering the plethora of (often so-called) next-gen endpoint solutions out there, there’s just no reason to get locked into a bad relationship you can’t easily replace if something better comes along.

So when evaluating a new cybersecurity tool, ask whether it’s no conflict and how quickly it installs. You’ll be glad you did.

The post Why MSPs Should Expect No-Conflict Endpoint Security appeared first on Webroot Blog.

By

5 Must-Haves When Working Outside the Office

Reading Time: ~ 3 min.

When you’re running a business, it’s important to stay connected, whether you’re in the office or not. Modern technology has made this easier than ever, ensuring you can answer emails and stay on top of tasks in hotels, coffee shops, wherever. Social media influencer and serial entrepreneur Gary Vaynerchuk has even said, “The airplane is disproportionately the place where I get the most tangible amount of work done.” 

But if you’re going to get anything done outside the office or on the road, there are a few essentials to have on hand. Here are five must-haves to make sure you are prepared and productive.

#1 Protect Your Devices and Your Data

No, this is not at the top just because you’re reading this on a security blog. Anytime you’re accessing the internet in a hotel, coffee shop, or other public space, your data and devices are at risk. While security may not be at the top of your list of concerns, a whopping 58% of data breaches happen to SMBs, and 60% of those who are attacked fold within 6 months.

This is why security, at the very least endpoint security, should be your number one consideration when working on the go. But not all endpoint security solutions are created equal.

Explore fast and effective endpoint security designed for business.

Modern endpoint security is cloud-based, lightweight (won’t slow your device down), and is powered by 24/7 threat intelligence to make sure you are protected against all known threats. In fact, some do what is known as “journaling” when they encounter an unknown threat so if it is deemed malicious, every action the malware took can be rolled back, step by step.

It’s also worth considering implementing a VPN to secure your connection to your office software and data as well as secure your communications with colleagues. Public WiFi is a favorite target of malicious attacks, including man-in-the-middle attacks, so the more you can anonymize your activity, the better.

#2 Stay Connected

When you’re on the road, there’s no guarantee that you’ll have reliable WiFi. Coffee shop WiFi can vary depending on how many people are using it, and hotel WiFi often costs money. To make sure you can always stay connected to high-quality WiFi, you’ll want to invest in a mobile WiFi device, which will work much better than using your smartphone as a hotspot. Plus, using a mobile WiFi device will help save your phone battery and will free it up for any phone calls you need to make. 

In addition, by using your own WiFi hotspot, you will avoid some of the security risks that come from using public WiFi

#3 Stay Charged

The last thing you want when working on the go is for your devices to run out of battery. Of course, you must remember to bring your basic laptop and smartphone chargers. However, you might not always have convenient access to an outlet. In which case, you’re going to want to bring a portable charger. Smartphones and laptops have different battery needs so you might want to get a portable charger for each.

Here is a list of the top portable chargers for smartphones and another for the top power banks for your laptop.

#4 Stay in the Zone

If you’re out of the office, chances are it might be more difficult to find some peace and quiet. Because of this, you’ll want to make sure you have a good set of headphones to help you get in the zone. 

If you’re choosing headphones, you’ll need to consider whether you want to go with over-the-ear or in-ear models. Over-the-ear models tend to have higher sound quality and better noise canceling features, but there are a variety of high-quality earbuds these days that may be easier to travel with. Whichever you go with, they’ll be useless without productivity-enhancing music to go along with them.

study published on the psychology of music found that those who listened to music completed their tasks more quickly and experienced better creativity. If you want to make your own playlist, it’s largely accepted that classical and other instrumental types of music work best for productivity. However, there are a variety of curated work playlists already in existence that you could use.

#5 Travel with the Right Bag

Now that you have your laptop, smartphone, chargers, portable batteries, headphones, and WiFi hotspot, you’ll need a way to carry it all around. But not just any bag will do. Since you’re traveling, you’ll want something that is compact, organized, and comfortable to carry, even if it’s heavy.

While the briefcase is a classic, it is not very efficient and can be cumbersome when also trying to carry coffee or talk on the phone. Backpacks are definitely the way to go if you want to carry everything comfortably while keeping your hands free. Just make sure to choose a bag made of durable materials with adequately wide and cushioned straps. The last thing you want in a bag is one you wince at the thought of carrying again after a long day.

Here are 13 of the best laptop backpacks according to reviewers.

The post 5 Must-Haves When Working Outside the Office appeared first on Webroot Blog.

By

Smishing Explained: What It Is and How to Prevent It

Reading Time: ~ 3 min.

Do you remember the last time you’ve interacted with a brand, political cause, or fundraising campaign via text message? Have you noticed these communications occurring more frequently as of late?

It’s no accident. Whereas marketers and communications professionals can’t count on email opens or users accepting push notifications from apps, they’re well aware that around 98% of SMS messages are read within seconds of being received

Click here to see how 9 top endpoint security products perform against 15 efficiency benchmarks in the 2019 PassMark Report

As with any development in how we communicate, the rise in brand-related text messaging has attracted scammers looking to profit. Hence we arrive at a funny new word in the cybersecurity lexicon, “smishing.” Mathematical minds might understand it better represented by the following equation:

SMS + Phishing = Smishing

For the rest of us, smishing is the act of using text messages to trick individuals into divulging sensitive information, visiting a risky site, or downloading a malicious app onto a smartphone. These often benign seeming messages might ask you to confirm banking details, verify account information, or subscribe to an email newsletter via a link delivered by SMS.

As with phishing emails, the end goal is to trick a user into an action that plays into the hands of cybercriminals. Shockingly, smishing campaigns often closely follow natural disasters as scammers try to prey on the charitable to divert funds into their own pockets.

Smishing vs Vishing vs Phishing

If you’re at all concerned with the latest techniques cybercriminals are using to defraud their victims, your vocabulary may be running over with terms for the newest tactics. Here’s a brief refresher to help keep them straight.

  • Smishing, as described above, uses text messages to extract the sought after information. Different smishing techniques are discussed below.
  • Vishing is when a fraudulent actor calls a victim pretending to be from a reputable organization and tries to extract personal information, such as banking or credit card information.
  • Phishing is any type of social engineering attack aimed at getting a victim to voluntarily turn over valuable information by pretending to be a legitimate source. Both smishing and vishing are variations of this tactic.

Examples of Smishing Techniques

Enterprising scammers have devised a number of methods for smishing smartphone users. Here are a few popular techniques to be aware of:

  • Sending a link that triggers the downloading of a malicious app. Clicks can trigger automatic downloads on smartphones the same way they can on desktop internet browsers. In smishing campaigns, these apps are often designed to track your keystrokes, steal your identity, cede control of your phone to hackers, or encrypt the files on your phone and hold them for ransom.
  • Linking to information-capturing forms. In the same way many email phishing campaigns aim to direct their victims to online forms where their information can be stolen, this technique uses text messages to do the same. Once a user has clicked on the link and been redirected, any information entered into the form can be read and misused by scammers.
  • Targeting users with personal information. In a variation of spear phishing, committed smishers may research a user’s social media activity in order to entice their target with highly personalized bait text messages. The end goal is the same as any phishing attack, but it’s important to know that these scammers do sometimes come armed with your personal information to give their ruse a real feel.
  • Referrals to tech support. Again, this technique is a variation on the classic tech support scam, or it could be thought of as the “vish via smish.” An SMS message will instruct the recipient to contact a customer support line via a number that’s provided. Once on the line, the scammer will try to pry information from the caller by pretending to be a legitimate customer service representative. 

How to Prevent Smishing

For all the conveniences technology has bestowed upon us, it’s also opened us up to more ways to be ripped off. But if a text message from an unknown number promising to rid you of mortgage debt (but only if you act fast) raises your suspicion, then you’re already on the right track to avoiding falling for smishing.

Here are a few other best practices for frustrating these attacks:

  • Look for all the same signs you would if you were concerned an email was a phishing attempt: 1) Check for spelling errors and grammar mistakes, 2) Visit the sender’s website itself rather than providing information in the message, and 3) Verify the sender’s telephone address to make sure it matches that of the company it purports to belong to.
  • Never provide financial or payment information on anything other than the trusted website itself.
  • Don’t click on links from unknown senders or those you do not trust
  • Be wary of “act fast,” “sign up now,” or other pushy and too-good-to-be-true offers.
  • Always type web addresses in a browser rather than clicking on the link.
  • Install a mobile-compatible antivirus on your smart devices.

The post Smishing Explained: What It Is and How to Prevent It appeared first on Webroot Blog.

By

Thoughtful Design in the Age of Cybersecurity AI

Reading Time: ~ 3 min.

AI and machine learning offer tremendous promise for humanity in terms of helping us make sense of Big Data. But, while the processing power of these tools is integral for understanding trends and predicting threats, it’s not sufficient on its own.

Thoughtful design of threat intelligence—design that accounts for the ultimate needs of its consumers—is essential too. There are three areas where thoughtful design of AI for cybersecurity increases overall utility for its end users.

Designing where your data comes from

To set the process of machine learning in motion, data scientists rely on robust data sets they can use to train models that deduce patterns. If your data is siloed, it relies on a single community of endpoints or is made up only of data gathered from sensors like honeypots and crawlers. There are bound to be gaps in the resultant threat intelligence.

A diverse set of real-world endpoints is essential to achieve actionable threat intelligence. For one thing, machine learning models can be prone to picking up biases if exposed to either too much of a particular threat or too narrow of a user base. That may make the model adept at discovering one type of threat, but not so great at noticing others. Well-rounded, globally-sourced data provides the most accurate picture of threat trends.

Another significant reason real-world endpoints are essential is that some malware excels at evading traditional crawling mechanisms. This is especially common for phishing sites targeting specific geos or user environments, as well as for malware executables. Phishing sites can hide their malicious content from crawlers, and malware can appear benign or sit on a user’s endpoint for extended periods of time without taking an action.

Designing how to illustrate data’s context

Historical trends help to gauge future measurements, so designing threat intelligence that accounts for context is essential. Take a major website like www.google.com for example. Historical threat intelligence signals it’s been benign for years, leading to the conclusion that its owners have put solid security practices in place and are committed to not letting it become a vector for bad actors. On the other hand, if we look at a domain that was only very recently registered or has a long history of presenting a threat, there’s a greater chance it will behave negatively in the future. 

Illustrating this type of information in a useful way can take the form of a reputation score. Since predictions about a data object’s future actions—whether it be a URL, file, or mobile app—are based on probability, reputation scores can help determine the probability that an object may become a future threat, helping organizations determine the level of risk they are comfortable with and set their policies accordingly.

For more information on why context is critical to actionable threat intelligence, click here.

Designing how you classify and apply the data

Finally, how a threat intelligence provider classifies data and the options they offer partners and users in terms of how to apply it can greatly increase its utility. Protecting networks, homes, and devices from internet threats is one thing, and certainly desirable for any threat intelligence feed, but that’s far from all it can do.

Technology vendors designing a parental control product, for instance, need threat intelligence capable of classifying content based on its appropriateness for children. And any parent knows malware isn’t the only thing children should be shielded from. Categories like adult content, gambling sites, or hubs for pirating legitimate media may also be worthy of avoiding. This flexibility extends to the workplace, too, where peer-to-peer streaming and social media sites can affect worker productivity and slow network speeds, not to mention introduce regulatory compliance concerns. Being able to classify internet object with such scalpel-like precision makes thoughtfully designed threat intelligence that is much more useful for the partners leveraging it.

Finally, the speed at which new threat intelligence findings are applied to all endpoints on a device is critical. It’s well-known that static threat lists can’t keep up with the pace of today’s malware, but updating those lists on a daily basis isn’t cutting it anymore either. The time from initial detection to global protection must be a matter of minutes.

This brings us back to where we started: the need for a robust, geographically diverse data set from which to draw our threat intelligence. For more information on how the Webroot Platform draws its data to protect customers and vendor partners around the globe, visit our threat intelligence page.

The post Thoughtful Design in the Age of Cybersecurity AI appeared first on Webroot Blog.