4
Recent global research by Webroot* revealed that 83 percent of enterprises were infected with some form of malware in the past 12 months, and other independent surveys show similar and even higher infection levels. A new malware protection approach is desperately needed. The Webroot Intelligence Network (WIN) is the key component of a revolutionary approach to next-generation malware protection. When WIN is combined with Webroot’s ultra-efficient endpoint agent—Webroot SecureAnywhere™ – Endpoint Protection—the resulting solution ensures that both known and unknown infections are removed before they do harm. Malware is at such high levels (more than 60 million unique samples per year) that protecting an endpoint with traditional antivirus software has become futile. More than 100,000 new types of malware are now released every day, and antivirus vendors are racing to add new protection features to try to keep their protection levels up. But new features need even more CPU and RAM resources, which reduces performance and usability to even more unacceptable levels. The torrent of new malware is also forcing antivirus vendors to continually update their signature/protection files, with more than 5MB of updates per day being commonplace. The underlying problem is that even with all these “advances,” not all new malware exploits are detected, and machines are becoming infected. Simply put, protection using traditional malware detection techniques is no longer adequate. So many unknown infections are being distributed by cyber- criminals that everyone is at risk. Webroot ® Intelligence Network Real-Time Protection From Every Malware Infection How the Webroot Intelligence Network (WIN) Works * Research in January 2011 by Research Now—IT decision-makers in firms 100 to 5,000 seats in the USA, UK, and Australia Webroot SecureAnywhere Business

Real-Time Protection From Every Malware Infection

  • Upload
    webroot

  • View
    326

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Real-Time Protection From Every Malware Infection

Recent global research by Webroot* revealed that 83 percent of enterprises were infected with some form of malware in the past 12 months, and other independent surveys show similar and even higher infection levels.

A new malware protection approach is desperately needed. The Webroot Intelligence Network (WIN) is the key component of a revolutionary approach to next-generation malware protection. When WIN is combined with Webroot’s ultra-efficient endpoint agent—Webroot SecureAnywhere™ – Endpoint Protection—the resulting solution ensures that both known and unknown infections are removed before they do harm.

Malware is at such high levels (more than 60 million unique samples per year) that protecting an endpoint with traditional antivirus software has become futile. More than 100,000 new types of malware are now released every day, and antivirus vendors are racing to add new protection features to try to keep their protection levels up.

But new features need even more CPU and RAM resources, which reduces performance and usability to even more unacceptable levels. The torrent of new malware is also forcing antivirus vendors to continually update their signature/protection files, with more than 5MB of updates per day being commonplace.

The underlying problem is that even with all these “advances,” not all new malware exploits are detected, and machines are becoming infected. Simply put, protection using traditional malware detection techniques is no longer adequate. So many unknown infections are being distributed by cyber-criminals that everyone is at risk.

Webroot® Intelligence NetworkReal-Time Protection From Every Malware Infection

How the Webroot Intelligence Network (WIN) Works

* Research in January 2011 by Research Now—IT decision-makers in firms 100 to 5,000 seats in the USA, UK, and Australia

Webroot SecureAnywhere Business

Page 2: Real-Time Protection From Every Malware Infection

The Webroot Intelligence Network (WIN)

The Webroot Intelligence Network integrates billions of pieces of information from multiple sources—including data from customers, test laboratories, and intelligence shared between security vendors—to create the world’s largest malware detection net.

WIN incorporates Webroot’s patented fourth-generation Phileas® malicious code identification system, as well as ENZO, our threat-processing system for categorizing every software file with intimate knowledge of more than 125 million executables, including their behavioral characteristics. WIN also uses systems that let us instantly categorize files and their interactions with other files. It uses our Webroot IP Reputation Service to track every malicious IP address on the Internet and provide accurate content classification, threat reputation, and threat vector data. These systems, along with another 50+ terabytes of threat data, ensure that the Webroot Intelligence Network is always up to date and ready to detect any new malware infections.

The Good, The Bad, And The Unknown

WIN uses the Internet to connect with Webroot SecureAnywhere – Endpoint Protection through a secure firewall connection. It identifies and learns about everything installed on a user’s endpoint, and then classifies the files as Good, Bad, or Unknown. During the short “learning” phase, Webroot inventories everything on the user’s machine, while automatically stopping bad activities and removing malware.

From the point when Webroot SecureAnywhere – Endpoint Protection is installed, all suspicious processes are closely monitored, analyzed, and resolved in real time through WIN. Its vast intelligence net keeps Webroot users safe from both known and completely new and unknown infections. Even when Webroot SecureAnywhere – Endpoint Protection is not connected to the Internet, it is able to function, detect malware, and take the appropriate steps to stop infections.

No approach to stopping and protecting machines from infection is perfect, however, and false positive mistakes are possible. Webroot SecureAnywhere – Endpoint Protection and WIN minimize these inaccuracies, even allowing a change to be reversed should files be incorrectly categorized.

Webroot Intelligence Network

How Webroot SecureAnywhere Works

Webroot Intelligence Network

Remote Laptop Users (client app<1MB)

Corporate Workstations (client app<1MB)

Known FileHash Database

BehaviorsDatabase Other

Threat Databases

Admin Console (browser)

REAL-TIME FILE DATA

External Threat Data Feeds

Webroot Customer Data Feeds

Page 3: Real-Time Protection From Every Malware Infection

Webroot Intelligence Network

Protection From Infection, Not Protection Through Detection

By combining the hugely powerful cloud interrogation of WIN with a completely new endpoint, Webroot SecureAnywhere – Endpoint Protection is able to stop infections without requiring lots of signature updates. WIN harnesses the collective community of Webroot customers to continuously refine file categorizations, even for low-level and unique malware that normally remains undetected by traditional AV methods.

This capability ensures that all Webroot endpoints are always protected against malware, including viruses, worms, Trojans, spyware, adware, bots, rootkits, and unique zero-day threats.

With its advanced heuristics and behavior-based interception analyzing all files and potential threats in real time, WIN ensures that every user’s window of vulnerability— the time between when a threat emerges and when users are protected —is minimized. And most important, it is this high level of protection against “unknown” malware that makes Webroot SecureAnywhere – Endpoint Protection and WIN so powerful when compared with every other solution.

How is WIN different from other “cloud” antivirus solutions?

Other vendors have invested in threat intelligence networks, but they are used as bolt-on supplements to their traditional antivirus solutions. None of these systems delivers or offers the breadth of in-depth capabilities offered by WIN. WIN is purpose architected to be an integral part of the Webroot SecureAnywhere – Endpoint Protection solution.

When comparing Webroot with competitors’ solutions, the differences and advantages of Webroot’s revolutionary new approach to infection protection quickly become clear:

1. WIN allows Webroot SecureAnywhere – Endpoint Protection to have a footprint that is less than 1MB in size—the world’s smallest endpoint security solution. In comparison, the nearest traditional or “cloud” antivirus solution installation file is more than 128MB, and antivirus solutions can easily use 750MB of hard disk space when fully installed.

2. Because of its exceptionally small installation size, Webroot SecureAnywhere – Endpoint Protection installs in seconds. And it doesn’t require traditional AV software solutions to be uninstalled beforehand, since it doesn’t conflict with their detection processes.

3. WIN allows ultrafast scan times—a PC scan will typically take less than one minute, so it never noticeably interrupts users or unacceptably slows down their PC.

4. WIN promotes low PC resource usage. Webroot SecureAnywhere – Endpoint Protection needs only 5MB of RAM; even when scanning, it uses less than 50 percent of the CPU’s resources.

5. WIN also allows Webroot SecureAnywhere – Endpoint Protection to be completely update free, with only ultra-low data exchanges between them needed. All the updating happens in the “cloud,” resulting in WIN network traffic of only about 120KB per day—significantly less than bandwidth usage by other antivirus solutions.

WIN with Webroot SecureAnywhere – Endpoint Protection is a brand-new way of protecting PCs from malware. It eliminates traditional signature-based detection and fully exploits the benefits of cloud computing and a central intelligence net. Its unique approach to preventing malware infection provides enterprises with not only the best security protection available, but also improvements to PC performance and greatly reduced management overheads.

Page 4: Real-Time Protection From Every Malware Infection

Webroot Intelligence Network

© 2012 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, Webroot SecureAnywhere and Phileas are trademarks or registered trademarks of Webroot Inc. in the United States and/or other countries.

Try the Webroot Intelligence Network for yourselfDownload a free trial, or request a demonstration of Webroot SecureAnywhere – Endpoint Protection and its intuitive web-based security policy management console at www.webroot.com.

About Webroot

Webroot is committed to taking the misery out of Internet

security for businesses and consumers. Founded in 1997,

privately held Webroot is headquartered in Colorado and

has operations across North America, Europe and the Asia

Pacific region. For more information visit www.webroot.com.

Webroot Headquarters

385 Interlocken Crescent, Suite 800

Broomfield, Colorado 80021 USA

800 772 9383

Next steps:

Talk to an enterprise product expert by calling 800 870 8102


Malware Protection Center...online email services can help prevent macro-based malware infection. Network administrators can use the Office Customization Tool (OCT) to deploy changes

Malware Protection Center...online email services can help prevent macro-based malware infection. Network administrators can use the Office Customization Tool (OCT) to deploy changes

Documents
1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do

Documents
malware response and analysis - InfoSecWriters.com · infect with the malware, and monitor pre-infection network traffic to isolate it from the malware inspired traffic. I discuss

malware response and analysis - InfoSecWriters.com · infect with the malware, and monitor pre-infection network traffic to isolate it from the malware inspired traffic. I discuss

Documents
Malware Protection II White Paper Windows 7 · 2019-03-24 · Malware Protection II White Paper Windows 7 Rohde & Schwarz recognizes the potential risk of computer virus infection

Malware Protection II White Paper Windows 7 · 2019-03-24 · Malware Protection II White Paper Windows 7 Rohde & Schwarz recognizes the potential risk of computer virus infection

Documents
Measuring and Optimizing Malware Analysis: An Open Model · Malware Analysis Quant to kick-start development of a refined and unbiased metrics model for confirming infection from

Measuring and Optimizing Malware Analysis: An Open Model · Malware Analysis Quant to kick-start development of a refined and unbiased metrics model for confirming infection from

Documents
Forensic Investigation & Malware Analysis against Targeted ...–For root cause of malware infection, we can trace back timeline based on the timestamps •Registry File Extraction

Forensic Investigation & Malware Analysis against Targeted ...–For root cause of malware infection, we can trace back timeline based on the timestamps •Registry File Extraction

Documents
AirBag: Boosting Smartphone Resistance to Malware Infection · 2014-02-20 · AirBag: Boosting Smartphone Resistance to Malware Infection Chiachih Wu †, Yajin Zhou , Kunal Patel

AirBag: Boosting Smartphone Resistance to Malware Infection · 2014-02-20 · AirBag: Boosting Smartphone Resistance to Malware Infection Chiachih Wu †, Yajin Zhou , Kunal Patel

Documents
Behind a Malware Lifecycle and Infection Chain€¦ · Malware infection chains and lifecycles are often talked about in the advanced threat discussions in a generic way, addressing

Behind a Malware Lifecycle and Infection Chain€¦ · Malware infection chains and lifecycles are often talked about in the advanced threat discussions in a generic way, addressing

Documents
Aims and Objectives of Project Understand and analyse current malware strategies Analyse in detail various malware infection vectors and new revenue

Aims and Objectives of Project Understand and analyse current malware strategies Analyse in detail various malware infection vectors and new revenue

Documents
WHOSE PHONE IS IN YOUR POCKET? - Botconf 2020 · ANDROID MALWARE STATISTICS The geography of Android malware infection attempts in Q3 2015 * We eliminated countries from this ranking

WHOSE PHONE IS IN YOUR POCKET? - Botconf 2020 · ANDROID MALWARE STATISTICS The geography of Android malware infection attempts in Q3 2015 * We eliminated countries from this ranking

Documents
CyRiM Report 2019 Bashe attack Global infection by contagious malware · 2019-01-29 · 3 Bashe attack – Global infection by contagious malware Key contacts Trevor Maynard Head

CyRiM Report 2019 Bashe attack Global infection by contagious malware · 2019-01-29 · 3 Bashe attack – Global infection by contagious malware Key contacts Trevor Maynard Head

Documents
Keep Cyber Threats From Destroying Your Clients’ …...Antivirus & Anti-malware – McAfee catalogs more than 100,000 new malware samples every day, which translates to about one

Keep Cyber Threats From Destroying Your Clients’ …...Antivirus & Anti-malware – McAfee catalogs more than 100,000 new malware samples every day, which translates to about one

Documents
Malware Nilgün Kablan. Malware …………………………………….…….……………………………………………… Geschichte der Malware ……………….…………………………………………………

Malware Nilgün Kablan. Malware …………………………………….…….……………………………………………… Geschichte der Malware ……………….…………………………………………………

Documents
Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, Wenke Lee- BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation

Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, Wenke Lee- BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation

Documents
HTTP-Based APT Malware Infection Detection Using URL

HTTP-Based APT Malware Infection Detection Using URL

Documents
Detecting Malware Infection Through IDS-Driven Dialog Correlationfaculty.cs.tamu.edu/guofei/paper/BotHunter_security07_slides.pdf · Detecting Malware Infection Through IDS-Driven

Detecting Malware Infection Through IDS-Driven Dialog Correlationfaculty.cs.tamu.edu/guofei/paper/BotHunter_security07_slides.pdf · Detecting Malware Infection Through IDS-Driven

Documents
Case study: the tale of one Emotet infection · In about 15 minutes from the infection the device is also infected by Trickbot malware. Below is a typical Trickbot infection of checking

Case study: the tale of one Emotet infection · In about 15 minutes from the infection the device is also infected by Trickbot malware. Below is a typical Trickbot infection of checking

Documents
Avira Test Results - Your #1 resource for antivirus sales ...€¦ · Avira Test Results 2011. Avira ... flood of new malware emerging every day from every part the world. The malware

Avira Test Results - Your #1 resource for antivirus sales ...€¦ · Avira Test Results 2011. Avira ... flood of new malware emerging every day from every part the world. The malware

Documents
Scaling Web 2.0 Malware Infection

Scaling Web 2.0 Malware Infection

Technology
Advanced Systems Security: Malware Detectiontrj1/cse544-f15/slides/cse544-malware.pdf · 2015-10-22 · that your antivirus and anti-spyware can't detect it. ... As every malware

Advanced Systems Security: Malware Detectiontrj1/cse544-f15/slides/cse544-malware.pdf · 2015-10-22 · that your antivirus and anti-spyware can't detect it. ... As every malware

Documents
Malware: No One Is Safe - PUT.AS · Anti-Malware and Anti-Virus • Anti-virus software is 20% effective • Two ‘new’ viruses generated every minute • Encryption and packing

Malware: No One Is Safe - PUT.AS · Anti-Malware and Anti-Virus • Anti-virus software is 20% effective • Two ‘new’ viruses generated every minute • Encryption and packing

Documents
Infection Prevention & Control Every-ones business

Infection Prevention & Control Every-ones business

Documents
Novel Deception Techniques for Malware Detection on ... · malware infection spreads to most of the host in ICS, the hosts would not work and the ICS would be stopped, i.e. its availability

Novel Deception Techniques for Malware Detection on ... · malware infection spreads to most of the host in ICS, the hosts would not work and the ICS would be stopped, i.e. its availability

Documents
Linux Package Management · ... Risk of infection by virus, spyware, or other malware installed surreptitiously

Linux Package Management · ... Risk of infection by virus, spyware, or other malware installed surreptitiously

Documents
Detecting Malware Infection Through IDS-Driven Dialog ...faculty.cs.tamu.edu/guofei//paper/BotHunter_security07_slides.pdf · – RBot, RxBot – WisdomBot/SdBot/SpyBot – GTBot

Detecting Malware Infection Through IDS-Driven Dialog ...faculty.cs.tamu.edu/guofei//paper/BotHunter_security07_slides.pdf · – RBot, RxBot – WisdomBot/SdBot/SpyBot – GTBot

Documents
How security broken? - Android internals and malware infection possibilities

How security broken? - Android internals and malware infection possibilities

Technology
Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are

Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are

Documents
Malware & Anti-Malware

Malware & Anti-Malware

Engineering
Intrusion Detection and Malware Analysis - Malware collection134.2.173.140/lehre/ws10/ids-malware/12-malware-collection.pdf · Intrusion Detection and Malware Analysis Malware collection

Intrusion Detection and Malware Analysis - Malware collection134.2.173.140/lehre/ws10/ids-malware/12-malware-collection.pdf · Intrusion Detection and Malware Analysis Malware collection

Documents
Malware - Georgia Institute of Technology › ~pearce › misc › cs161_malware.pdf · • Malware = malicious code that runs on a victim’s system – Infection can occur in a

Malware - Georgia Institute of Technology › ~pearce › misc › cs161_malware.pdf · • Malware = malicious code that runs on a victim’s system – Infection can occur in a

Documents