Monthly Archives: December 2015

Anti-Malware’s Like Your Winter Clothes: Layered Is Better!

Outdoors magazines, sports coaches, your mother – they all teach you that at this time of year, when the cold snap bites, layers of clothing are far more effective against the cold than one monstrous overcoat. Nobody pretends the cold’s not going to find its way into a fold or two, but after that, other folds stop it.

Seems like common sense, doesn’t it? Yet when it comes to anti-malware and the like, too many vendors (and partners!) still favour the overcoat – one big protective mantle that, once compromised, is a single point of chilly failure.

So for you, and your customers, the question is this: where can you get access to the kind of layered anti-malware solutions that don’t let you down like an overcoat, and how can you be sure they’ll deliver on the promise?

What are these anti-malware layers – and what benefit do they deliver?

Layered security’s central philosophy is that no one solution can cover every base. (Wikipedia describes this neatly here). You need layers of solutions, as well as layers of protection within those solutions.

Take one of the most vicious breeds of malware, for example – zero-day exploits, like the ones that placed millions of Android Chrome users at risk. These target vulnerabilities in newly-released browser and application software, often using these undefended pathways to deliver ransomware payloads.

To fight these threats effectively, each vulnerable program – it could be an Office app, a PDF reader, a media player, or anything else – needs its own dedicated protection.

But this kind of exploitation protection isn’t necessarily focused on threat profiles like viruses, Trojans, worms, rootkits, adware and spyware, so an additional anti-malware layer is needed.

And, critically, malware detection is not the same as malware removal – which, again, is a layer in itself.

Put all these items of “protective clothing” together, of course, and you have a multi-layered solution, something like this one, that covers all the critical malware and exploit vulnerabilities.

That chill wind might find its way in here and there, but it’s not going to hit skin.

Anti-malware’s layers within layers

Drilling down into these solutions, we find that there, too, layers are the key to trapping the threat, wherever it comes from and whatever form it takes.

So for example, an anti-malware solution might have four distinct layers:

  • Application hardening, to make outdated or unpatched applications less susceptible to attack
  • Operating System security, to stop exploit shellcode executing
  • Malicious memory protection, to prevent the execution of payloads
  • Application behaviour protection, for specific applications like Word, PowerPoint and others

 In short, there’s a trigger to raise a red flag on all the hot buttons that malicious code typically tries to press!

“Is layered anti-malware really that effective? Not convinced…”

At this point, if I were your mother I’d be telling you to come inside and get some hot soup. As it is, I’m going to tell you to come in from the cold and smell the coffee.

The effectiveness of layered anti-malware is documented fact, not hearsay. Here are some recent threat-busting stats from the layered anti-malware landscape:

  • It was a layered malware removal technology that recently earnt the only perfect score in tests by the internationally respected laboratory AV-TEST.
  • It was a layered malware tool that removed over five billion separate varieties of malware in 2014 alone.
  • It was a layered malware removal technology that, according to OPSWAT, who release periodic studies on security vendors’ market share, is the most popular security product installed by users.
  • Layered anti-malware technology is hot property, ranking 186th in Deloitte’s 2015 Technology Fast 500 nominations.

So what’s stopping you from (if you’re a partner) offering these solutions profitably to your customers, and (if you’re an end-user organisation) deciding to take the partners up on their offer?

Layered anti-malware as revenue multiplier!

The short answer is “nothing.”

Firstly, distribution businesses like mine (and others) already make these solutions available to partners, and not just in conventional subscription-based agreements.

The MSP model, for example, gives partners a powerful differentiator in their portfolio. This is primarily because it enables partners and their customers to pay only for what they use, but it also makes aggregated billing possible, reducing customer acquisition costs and so supporting the growth of the partners’ business.

Secondly – and this is where layers take on a dimension that’s probably a lot more interesting to you than it is to your mother – layered anti-malware not only gives partners the opportunity to combine (and charge for) multiple solutions, as we’ve already seen, it can also work with the customer’s existing security solutions and need not automatically displace them.

In short, every layer’s a revenue stream in itself, but any other security solutions you have already sold to your customers can stay in place too – so the revenue opportunity is multiplied!

So, that’s a whole load of stuff I bet you (and your mother) didn’t know about the similarity between what you wear and what you sell.

Either way, it’s going to make you look good.

Brian-A-Jackson1

On a weekly basis there are now articles regarding a big brand company which has been hacked, these usually relate to what data has been lost, how they are notifying those affected and what they are going to be doing to prevent this from happening again.

So how do you prevent it from happening in the first place?

From experience I can see that if a hacker wants to get details from somewhere they will take the easiest target, the ‘Low Hanging Fruit’ as they say, in ensuring your company has some basic security principles in place can help mitigate this.

So how do you ensure you are not the ‘Low Hanging Fruit’

Simple measures can be taken within your environment to help secure it. As a basic level you should be meeting the following guide - CyberEssentials Requirements

This sets out some advice regarding Firewalls, User access control, Passwords, Malware protection and Patch management.

Once you have met the standards given within this document you should be looking to increase the security standards within your organisation. The most effective we have found is the use of education, once educated your staff will be able to react to the threats quicker and reduce the risks to your company.

McAfee Security

It’s getting to that time of year when thoughts turn to peace and goodwill, and we look to reward those who have worked hard and the customers who have stayed loyal.

Which is why the big bag of coal that McAfee has dropped in your Christmas stocking this year is an especially nasty surprise. For you and your customers alike.

McAfee – the situation

Here’s the Christmas story, McAfee-style.

Firstly, you buy MX Logic to strengthen your digital security portfolio. Then, you get bought by Intel. Then Intel drops your name. Then Intel says that it’s working on a comprehensive new security package, and promptly puts McAfee’s SaaS email security into end-of-life.

It’s the gift that keeps on giving. Because although the announcement was originally reported at the end of October, we’ve since learnt that many other security offerings (like Nuvotera, Spam Soap, Spambrella, etc.) were white-labelling McAfee’s service, so end-of-life becomes a potentially huge issue for all of them – and the end-users they serve.


“What does this mean for me and for my customers?”

In January 2016, Intel Security will stop selling McAfee SaaS Endpoint and SaaS Email Protection and Archiving, with the majority of subscriptions and support ending in 2017.  As this table shows, some limited support will continue for certain subscriptions until 2021.

Now, Christmas hangovers don’t usually come this early in the month, but rest assured that the decision to discontinue McAfee SaaS products represents one ho-ho-ho-hell of a headache for partners.

They must now identify new solutions and then go through entire deployment and provisioning processes all over again - just so their customers can keep the endpoint and email security that they’ve previously enjoyed.

They have to factor in the time it takes to learn new technology and user interfaces (this includes both internal and customer training), how pricing models will be affected, and what support they need to give and receive.


A frenetic festive season for McAfee users

Needless to say, all this is a massive annoyance to end-user customers, too.

Apart from all the usual pain associated with sudden business and technology platform change, across potentially hundreds or thousands of users, email security often gives rise to complex requirements around archiving - as explained in guides like this one – through which Intel has now successfully driven a sleigh and reindeers.

While customers’ email archiving will continue until their subscriptions’ expiry dates, new emails will no longer be archived after the subscription has expired.

Additionally, customers will only have six months to import their archived emails into their new platform, and any emails that have not been moved at that point will be permanently deleted.


What should partners do next?

If there’s a cheering undertone to this seasonal lament, it’s this: SaaS is an enduringly and increasingly popular delivery model for email, security, and archiving, and is not going away anytime soon.

Add to this the fact that there are other vendors that can provide similar security solutions, and my advice to partners seeking new solutions providers boils down to these basic points:

  • Security pedigree: How long has the solution provider been in business?  Are they security-focused (i.e. how much of their business does security represent? Do they seem distracted by other revenue streams?)
  • Reputation: Who do they partner with (e.g. software distributors) and what level of respect do those partners have in the security space? What do their partners say about them publicly? Will they let you speak with partner references privately? If not, why not?
  • Support: Can you access live customer support whenever needed, provided by employees of that company? If the support expertise is coming from somewhere else, is that support provider trained and qualified? Where’s the proof (certification)?
  • Commitment to the Channel: Does the vendor offer good margins, friendly terms, competitive pricing? Do they have proven relationships with distributors and other partners who can add value through automated management tools, MSP options, dedicated account managers?

Wanting to move quickly to transition your customers to viable alternatives, don’t end up choosing alternative vendors who aren’t truly viable.

(That would be turkeys voting for Christmas.)


“So where do I point my McAfee customers now?”

As a specialist security software distributor who’s been working with some of the world’s biggest security names for over 15 years - and some very agile newer ones, too - I’m ideally placed to consider the choices that your customers can make.

I’m not going to tell you that any one vendor is now the definitive star on the top of the Christmas tree. (Intel has hastily named Proofpoint as a quick fix for McAfee customers, and to me it smacks of expediency, rather than suitability).

But consider this: if a security vendor’s business was born in the cloud, and has been established almost as long as my own, I regard it as being worth a look.

If it offers 24/7 support, is capable of securing much more than just email, and has innovative pricing plans that means savings can be passed on to the end-users, it’s worth a look.

If it protects more than 8.5 million mailboxes for over 47,000 corporate clients worldwide, but is still prepared to give you and your customers a free trial to try it out for yourselves, it’s worth a look.

So do you want to keep the present under wraps until Christmas? Or do you want to be the one to bear early gifts to all those desperate McAfee customers? It’s your call, but ripping off the paper is as easy as this.

And the Three Wise Men? That’ll be the first three partners who click on the link above…