Author Archives: MarkCharleton

virtual-cloud

Bitdefender have announced that its GravityZone solution is now certified by VMWare and has achieved the VMware Ready status.

What this means?

Organisations can now enable agentless scanning on guest virtual machines via NSX introspection, which eliminates the overheads that can be seen when running a separate instance of the agent in each VM.  It also offers increased resilience against APT's which target the security solution.

Enterprise Customers now have access to a new and proactive approach for securing Datacenters and their Network Virtualisation environments.

From Kirsten Edwards, Director, Technology Alliance Partner Program, VMware

“We are pleased that the Bitdefender GravityZone qualifies for the VMware Ready™ logo, signifying to customers that it has met specific VMware interoperability standards and works effectively with VMware cloud infrastructure. This signifies to customers that GravityZone can be deployed in production environments with confidence and can speed time to value within customer environments,”

Harish Agastya, Vice President, Enterprise Solutions, Bitdefender

“Data centers are the heart of the digital economy, and security is paramount for data center operators across the world. The VMware Ready certification marks another step in our commitment to provide security that is easy to deploy and scale, and meets the unique requirements of today’s highly virtualized environments. Our award-winning security solution leverages NSX capabilities in the software-defined data center to provide automated deployment and orchestration of security services,”

About VMware Ready

vmware_readyVMware Ready is a cobranding benefit of the Technology Alliance Partner (TAP) program which makes it easy for customers to identify partner products which have been certified to work within the VMware Cloud infrastructure.  With thousands of members worldwide, TAP includes best of breed technology partners who bring the highest expertise and business solutions for each individual customer.

About Bitdefender GravityZone SVE

Bitdefender GravityZone SVE provide security for virtual machines, virtualised Datacenters and cloud instances, through the GravityZone On Premise console.

  • Best protection for Windows and Linux virtual machines: enabling real time scanning for file systems, processes, memory and registry
  • Best proven performance in datacenters: up to 20% performance improvement compared to traditional security vendors
  • Works on any virtualization platform: VMware, Citrix, Microsoft Hyper-V, KVM, Oracle, and others on demand
  • Agentless security for VMware NSX

 

Keyboard equipped with a red ransomware dollar button.
Keyboard equipped with a red ransomware dollar button.

There has been report of several companies becoming infected by the Crysis Ransomware and as such we have had a look into what it does and how it can be prevented.

History

First detected in February 2016, this virus has multiple methods of infection typically an email which has attachments using double extensions to make them appear non-executable.  Although it has been seen to also come through SPAM emails and compromised websites.  There has also been reports that it has been distributed to online locations and shared networks disguised as an installer for various legitimate programs.

Description

Crysis Ransomware itself is capable of encrypting over 185 file types across fixed, removable and networks drives and uses RSA and AES encryption, once infected it will also look to delete the computers shadow copies.  Whilst also creating copies of itself into the following locations.

  • %localappdata%\­%originalmalwarefilename%.exe
  • %windir%\­system32\­%originalmalwarefilename%.exe

The virus will then look to create/edit certain registry keys to ensure it is run on each system start.

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"

Finally after encryption there is a .txt file placed in the computers desktop folder, sometimes this accompanied by an image set as the desktop wallpaper.

  • %userprofile%\­Desktop\­How to decrypt your files.txt

There has also been reports of Crysis stealing data and credentials from the affected machines and passing these back to its Command and Control server.  This would then allow the computers and local networks that have been infected to become vulnerable to further attack if the credentials are not changed.

It has also been seen that Crysis will monitor and gather data gathered from IM applications, webcams, address books, clipboards and browsers prior to sending this to the C&C server with the windows variant stealing account and password credentials.

Prevention

To reduce the risk of infection we recommend the following

  • Ensure you are using an upto date AV product
  • Ensure any specific Ransomware prevention tools in the AV are used
  • Ensure you have a regular tested backup of the data
  • Educate users in the dangers of opening attachments from an unknown source

 

 

Bitdefender have updated their GravityZone cloud console with some new features over the weekend and here at Blue Solutions we are happy to guide you through these changes and how they will affect you and your customers.

Anti-Ransomware

The big news is that Bitdefender has now incorporated Anti Ransomware vaccine to all its cloud customers, and will be rolling this out through the on-premise version on Tuesday 27th Sep 2016.  This module is activated through the policy section  Antimalware --> On Access settings

Gravityzone Ransomware Vaccine Policy Setting
Gravityzone Ransomware Vaccine Policy Setting

By activating this module, machines will be protected from all currently known forms of Ransomware.

Other New Features

Update Rings - this feature allows Administrators of the program to  chose when in the validation cycle an update is received.

Anti-Exploit Techniques - a new set of powerful techniques which further enhances existing technologies to fight targeted attacks.  These are integrated into the existing Advanced Threat Control module.

Web Access Control Rules - The categories list has been updated with multiple new categories added.

Exchange Protection - This can now be enabled/disabled when editing a customer with a monthly license subscription.

 

The above features are now in place for all current users of Bitdefender Gravityzone in the cloud and will be rolled out to Bitdefender Gravityzone on-premise users from the 27th Sep 2016.

For more details on the above features and a look at the other features included please click here

logo     bs-logo

Over the last week we have seen an increase in the amount of companies receiving emails containing Zepto Ransomware, a file encrypting virus based on the infamous Locky cryptoware.
Most of the emails have been carefully crafted to ensnare the victims using social engineering techniques, typically greeting the recipient by first name and asking them to open an attachment which they had requested.
zepto image
The attachment will typically be either a .zip extension or .docm extension and once opened will run a malicious JavaScript which then encrypts all files on the users machine with the .zepto extension

To try and combat the infection, we offer the following advice
1. To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
2. To protect against VBA malware, tell Office not to allow macros in documents from the internet.
3. Ensure your AntiMalware program is upto date
4. Ensure your users are careful with email attachments and only open the ones they are sure they have requested
5. If possible set email filtering to quarantine all .zip and .docm files

What You Need To Tell & Sell To Office 365 CustomersIt seems that industry commentators everywhere have come out in support of Office365, for MSPs, resellers, and end-users alike. In a recent TechTarget Search Cloud Provider piece, for example, one interviewee called it “the single greatest opportunity for MSPs and VARs to enter into the cloud” and “a no-brainer for 99% of customers”.

He goes on: "There are two different categories of MSP and VAR when it comes to Office 365: one that embraces it and one that fights it. Within the fighting group, it's a losing battle … Their customers are getting picked off one at a time."

Sobering stuff. But selling Office 365 is not just about pushing the benefits - there’s money to be made out of its weaknesses, too.

 

Office 365: strengths, benefits, and scary weaknesses

From the end-user perspective, the benefits of Office 365 are legion. Amongst others, it eliminates the need for internal email management, and ensures one consistent environment, no matter how widely distributed the IT infrastructure. Updates happen automatically – so there’s no need for costly, time-consuming manual management of upgrades or patches.

This blog quotes a number of smaller businesses enthusing about the cost benefits of the solution, with one manager saying it costs him “just a few dollars a month per user”, and another projecting “25 to 30 percent cost savings” after transitioning to Office 365.

Seen from the MSP point of view, the benefits are equally persuasive. This piece in Insight.com talks of the budgetary advantages to be had by moving from owning licences (capital expenditure) to subscribing to a service (operational expenditure).

It also emphasises Office 365’s scalability. You pay only for what you use, but what you use can scale up or down based on user count. And then there’s the drastic reduction of hardware and facilities costs, of course...

All good, then. But actually, not. Because Office 365 suffers from some significant weaknesses that put your customers at risk and threaten their reputation.


From weakness to wealth: how partners can monetise Office 365

But the happy news is that, as technology writer Crystal Bedell nails it, partners can “Identify a weakness in the platform and provide customers with a solution” – an approach that she pronounces “profitable” (the partners’ magic word!)

The weaknesses in question relate to known security limitations within the Office 365 solution set. Type “Office 365 vulnerabilities” into Google and you will find no shortage of past security gaps. And although Office365 supposedly boasts integral security, what Microsoft calls “Advanced security for your data” is actually only available in its premium-level E5 plan, as this page shows.

Hardly surprising, then, that many vendors have realised there is demand from partners and end-users alike to extend Office 365’s standard security features.

Spam and virus filtering appears to be an area of concern, with vendors offering “Plus”-type solutions (like the one in this video), rather than trusting to Office 365’s inbuilt defences.

Perhaps most excitingly of all, “sandbox” malware detection developed for Office 365, like this solution, can now monitor the actual behaviour of suspect files in multiple virtual sandbox environments using multiple operating systems.

This effectively turns the tables on the malware, uncovering how it targets different kinds of Office 365 users, before it can actually do so.

 

Tell your customers, sell the solutions

All in all, then, it seems that Office 365 isn’t lacking in security issues – but then it isn’t exactly lacking in solutions that partners can sell to fix them, either!

All you have to do is make sure your customers know about them. So what say you share this blog with them?

buy-rentAs far back as 2009, industry media (in articles like this one) were announcing the factors that were already triggering a critical move from the reseller model to the MSP model.

Customers’ reduction in staff and IT budget, hardware end of life, and the rise in remote and virtual working were foremost amongst them.

None of these things have gone away. So if you’re still a traditional reseller, how do you break out of break-fix and into this thriving MSP market? What are the benefits? And is your business really suited to doing it anyway?
 

From reseller to MSP: the benefits

Let’s start with the upside, distilled from these points, previously identified by IT channel analyst Paul Myerson (with some caveats!):

  • Recurring revenue – The MSP model is based around an established monthly income that can increase as more users are brought on board, whilst keeping the costs of that onboarding extremely low. Result: more predictable budgetary planning, but also keener margins!
  • Add-on sales – The delivery of MSP solutions, particularly in a cloud context, is much easier to “build out” than in a traditional reseller scenario. The MSP can bundle additional products and services during the term, which enables them to extend the contract.
  • Brand trust or marketing muscle? – Many major vendors now sell solutions that were designed from the ground up for the MSP and cloud market, so there is a strong baseline of credibility in these offerings.

But if you choose to white-label your service (and many MSPs now do) you lose much of this brand association, so you need to hook up with a vendor that helps you to plug the credibility gap by giving you ready-made end-user marketing campaigns and content.

These help position you as a knowledgeable, trusted advisor. And, as Myerson notes, “The trusted advisor can charge more…”

  • Customer penetration – The MSP model is often seen as a “hands-off” approach, but the fact that an MSP can quickly spin up and remotely support new services is a catalyst to further customer demand. The MSP model doesn’t eliminate customer touch-point - it gives the ones that remain the potential to be much more lucrative!

In addition, as we’ve noted in a previous post, as the MSP model essentially allows you to move from owning reseller licences (capital expenditure) to subscribing to a service (operational expenditure), it avoids those big upfront licensing hits to your bottom line.


But is the MSP model right for my business?

All that said, the MSP model is not a panacea for all resellers’ ills. As this excellent piece in SearchITChannel explains, you might struggle if you have issues with:

  • Technical and support expertise – You can buy this expertise in from the vendor if you can’t front it yourself, but if you’re sourcing the solutions from a distributor then relying on the vendor adds an extra dependency into your service capability. Look for a distributor with their own in-house technical and support expertise.
  • Complexity of service delivery – Acccording to research from Markets and Markets2, the annual growth of the SMB managed services market will exceed 20% by 2020. So even if you don’t focus on enterprise clients, as an MSP you would likely be delivering more services and managing more customers and users than you ever were in the reseller regime.

If your reseller business can’t shift, technically and culturally, to using more automated methods to accommodate this, such as the RMM (Remote Monitoring and Management) tools that we explored in an earlier post, it’s heading for meltdown.

As one RMM vendor opined in this piece, “…a new MSP must be careful not to over-commit themselves; doing so may put them at risk of losing money very quickly”.

But if they can avoid this by being “proactive” and automating “some of the routine IT support responses”, they can “offer far more value to their customers.”

  • Change and evolution – Lack of MSP market knowledge and skills can be a serious hindrance, but many partners have been reluctant to embrace MSP and cloud learnings, even though they are capable of boosting their business.

 Market researcher ESG, for example, cited in this piece in MSPMentor, found that “most partners remain dependent on traditional product resale and express discomfort when it comes to the financial risk of change.”

Again, this is a strong argument for working with distributors who have extensive MSP market knowledge and can help influence internal stakeholders by “hand-holding” them - from validating prospects to providing support when the service is up and running

But it’s also a strong argument for going for the low-hanging fruit first. According to this piece in MSP Alliance, for example, “Even the least skilled MSPs can deploy an effective cloud backup solution… Backup can be a very lucrative business line for MSPs… it does have the potential to be a big part of any MSP's service catalog.”

And that data backup is just one part of a much wider cloud security opportunity; one that, according to the same publication, is “set to experience double-digit growth” from 2014 to 2017, with “everything from email security to identity and access management heading to the cloud.”

Focus here first, then, perhaps?

Conclusion: MSP is not without its challenges

But the MSP market’s not all fat margins and cake for everybody. In fact, as this recent article argues, it’s becoming something of a bear pit.

Companies that previously had no MSP aspirations or skills at all – office equipment dealers, print companies, and so on – have all “thrown their hats into the ring as managed service companies.”

On the one hand, perhaps if they’ve made the leap to MSP, you can. But unless you can differentiate yourself in a crowded market – through vendors, solutions and distributors that give your services some kind of distinctive edge – you could find the going rough.

BS-RMM

What’s behind the importance of Remote Monitoring and Management (RMM) tools in the partner universe?

As Techopedia helpfully explains, RMM is the “proactive, remote tracking of network and computer health”, and typically delivers a set of IT management tools that enable technical staff to maintain service delivery more efficiently and productively - like trouble ticket tracking, and remote desktop monitoring and support.

But, inevitably, not all RMM solutions are created equal. So what is it that makes for a RMM tool that keeps your customers happy and your support teams’ productivity keen?

We looked into a number of recent comparative articles and reviews (like this one in Business Solutions and this one in TechTarget’s SearchIT Channel, amongst others) and came up with this (hopefully!) helpful wish-list:

1. Ease of deployment

“The choice you make when selecting RMM software often boils down to the best combination of integration, deployment and automation characteristics”, writes SearchIT Channel’s John Moore, and to my mind, deployment ranks right at the top of this hierarchy.

Why? Because the less you can disrupt your (and, by potential extension, your customers’) business with your RMM deployment, the better.

So look for solutions that can deploy selectively to one device or a group of devices, and to one location or multiple locations, in one smooth movement.

Consider the hardware onboarding, too; automatic provisioning is far less disruptive than manual, but Mobile Device Management (MDM), for example, will need to be cross-platform (iOS and Android) and offer easy enrolment and configuration functions.

Ultimately, you need to be comfortable with the vendor’s and solution provider’s role in all this, too. What sort of hand-holding or on-boarding will you receive during those crucial first few weeks? Is it restricted to self-help online tutorials, or will it follow a structured statement of work delivered by an engineer on a 1-to-1 basis?

And will they offer you any kind of satisfaction guarantee to protect you against the potential infelicities that shifting a hefty slice of your business productivity to a single platform could occasion?

Much of this is driven, in reality, by whether you choose a cloud-based RMM platform or an on-premise one – so shop around for solutions providers who offer options, to enable you to properly balance risk and return.

 2. Asset coverage and management

RMM can’t effectively monitor or manage anything unless it’s pointing to the right sources of information, and has within it the appropriate management tools.

Your RMM solution needs to work tightly with customers’ workstations, servers, printers, routers and mobile devices, but you also need to be able to slice and dice the monitoring and management by whatever criteria suit you best in any particular situation – by OS, by application, by location, and so forth.

The more geographically, technically, and logistically complex your and your customers’ operations, the more beef you need under your RMM bonnet!


3. Usability and minimal training requirements

Whichever kind of RMM you deploy, users have to be able to use it! For partners and MSPs, that’s principally operators in their own organisation (technical support staff, or perhaps, on occasion, account managers) but customers might need access to the solution, too (in a corporate enterprise deployment scenario, for example)          .

Either way, complexity can spell disaster. The Standish Group, a research outfit that tracks corporate IT purchases, has found that complexity is at the root of some 66% of all IT project failures or late deliveries.

Consequently, your RMM solution has to be built on intuitive features that are easy to master, should be able to orchestrate workflows to prevent human error, and must generally reduce the learning curve for the operators.

Look in particular for features like pre-configured groups, searches, templates and schedules, so that your teams don’t have to hand-craft monitoring and corrective routines on a day-to-day basis.

4. Automation

Related to what I said above about training, automation is the secret ingredient in making an RMM solution function effectively out of the box, and therefore enhancing the productivity and customer satisfaction it can deliver.

In any event, insist on pre-loaded monitors and alerts (so that you can go from both proactive and reactive investigation.)

But be wary: you need to get to the bottom of how quickly and precisely you can choose which of the hundreds of automated elements should be ‘on’ and which should be ‘off’. Does it involve cumbersome, costly trawling through countless groups, and individually cherry-picking the elements?

Or is there a more business-driven approach (such as allowing you to selectively turn off, say, all the Exchange or SQL server performance monitors at once, as opposed to their individual constituents?)

In the search for RMM zen, not all automation is nirvana!

5. Remote capability

Of course, none of this really works for your customers at all if your RMM solution’s remote support capability is lacking. If you can’t easily deliver support straight to a user’s screen, you’re not providing much of a service.

In an ideal world, the “stealth” functions of the RMM platform – the ones that enable you to support customers by making helpful changes and adjustments to their machines without them even knowing, and without interrupting their work – rule.

But sometimes, interrupting the user is unavoidable. Whichever situation you find yourself in, prefer a RMM solution with a native remote support capability, rather than a connection to a third-party one.

The former is controllable from within the solution itself, with one click, alongside all the solution’s other functions (the oft-cited “single pane of glass” approach) and will deliver a more seamless support experience to the end-user.

6. Integration capability

Finally, integration looms large on many MSPs’ and resellers’ RMM agendas. The ability to work with a “supporting cast” of existing applications (including security) not only diminishes customers’ operational headaches, it also creates a three-stage virtuous commercial circle.

The RMM solution becomes saleable because it works securely with existing applications sold by the partner, enabling it to potentially add an extra revenue stream to each customer.

New applications become saleable because they can be easily controlled thanks to the RMM solution, enabling the partner to into existing customers.

And for new customers? Rinse and repeat on both counts!

RMM: which solution to choose?

Essentially, it boils down to this: MSPs and resellers don’t know how their markets are going to diversify in the future. They may be selling one kind of service today, tomorrow it could be another, depending on where there’s profit to be made.

But they’ll all be online, they’ll all be remote, and they’ll all bankrupt the partner if they don’t integrate with a RMM solution that helps to transform the burden of keeping the service running into a highly automated – rather than costly manual – process.

One RMM solution to serve them all? Now that would be a great thing to sell.

manage-backup-banner

Here’s the terrifying truth: according to industry analysts Gartner Group, in this recent article, only 35% of small and medium businesses have data backup in place for disaster recovery (DR) - and 70% of them do not believe that their backup and DR operations are well planned!

So that’s 65% of SMBs just waiting, apparently, for IT channel partners to sweep in with a convincing new backup or DR solution, and swathes more of them looking to the channel to help them either replace or improve the solutions they are already using.

Only it’s not quite that simple. Firstly, there is a fast-changing regulatory environment, which is outpacing many of the DR and backup solutions available.

Secondly, end-users are clamouring for unprecedented ease of use. Forget complex on-premise applications that suck up admin resource; in Gartner’s words, today’s business users want one simple data backup solution that meets all their RPO (Recovery Point Objective) and RTO (Recovery Time Objective) requirements.

A big ask?

Backup and recovery challenges: is MSP the panacea?

On the face of it, backup and DR services delivered in an MSP model would seem to be a great fit for these eager but choosy end-users.

Rapid to set up (often within an hour or two), easily scalable (so the service builds margin and profitability for the channel partner as it grows), the MSP approach also removes complexity from the mix, smoothly delivering viable alternatives to partners whose long-standing offerings have too limited a scope for their business today.

And as the MSP model is naturally compatible with the cloud, it helps get the thorny mechanics of backup and recovery off hard-pressed IT managers’ desks, slashing on-premise risk and admin overheads.

But beware - there are dizzyingly stringent forces at work in the background, potentially challenging many MSP backup and DR solutions’ licence to operate. EU data protection directives are now being reworked and will become regulations – that is, they will assume uniform force of law across the 28 signatory countries – by 2017.

Make no mistake, for MSPs and other service providers, these changes are a big deal. They make MSPs, as data processors, explicitly responsible for breaches in any data they have “touched.”.

Fines may be as high as €100m or 5% of global revenue (whichever is higher), in stark contrast to the current UK limit of £500,000!

 

Backup & DR: the MSP proof points

Clearly, the data regulators are upping the ante, so here’s how to ask questions that will help to identify the MSP backup and DR solutions that can be profitably delivered in this newly draconian environment - without engendering insane levels of legal and reputational risk!

1) Data centre - citadel or sitting duck? Firstly, Is the data all in one centre, or is it mirrored between different sites so that data can instantly fail over to another centre in the case of an outage? Is the data centre elsewhere in the EU, or in the UK, where it’s ultimately more manageable?

At the very least, the data centre should be ISO 27001-certified. But additionally, consider what physical security there is on site, and how long the generator fuel will keep the centre online in the event of a power failure.

(If all this seems like nitpicking, remember that €100 million fine for the consequences of getting it wrong…)

2) Speed, frequency, and data volume – Some 80% of businesses experience a shutdown if they can’t get to their data.

 Yet the fact is that, often, when backup software is tested against large, complex data sets that emulate those of a real-world production system, the time it takes for the backup to complete  - despite even the most ample computing, I/O and bandwidth resources – does not fit within the required backup window.

And that window is shrinking. Indeed, as Information Age recently put it, “with today’s expectation that services will be available around the clock, every day of the week and with an increasing data volume, the back-up window is constantly being squeezed… more than ever before.”

This raises another pertinent point. When uploading of data is not an option, due to bandwidth constraints, can large data sets be “seeded” to the solution provider instead? And will this attract extra fees that will eat into partners’ margins?

Likewise, does the solution make it possible for the partner or end-user to instantly access large amounts of data without the prior need to download it in its entirety? The most powerful MSP backup solutions use clever technology to eliminate this latter bottleneck.

3) Security – In a multi-tenant cloud MSP environment, global encryption keys and space-saving deduplication (each of which can be used to unlock customer-confidential data) should frighten partners and their end-users alike!

 Partners need to be sure that their solution providers’ offerings use both source-side and global deduplication. This makes the data tamper-proof by ensuring that each customer’s unique encryption key remains valid only for their own data set, whilst intelligently managing the shared data pool as it changes.

Finally, solution providers should use the latest, government-standard 256-bit AES GCM encryption technology, both for data in transit and at rest.

Settle for nothing less!

4) Cost, effort, and complexity – Managing hundreds of DR and backup end-users manually does not scale, invites security errors and, ultimately destroys margins. Partners need to quiz solution providers about whether they offer integrations that simplify customer and technical management, including remote monitoring (RMM) and “single pane of glass” operating consoles.

Likewise, when things do go wrong, where is the support coming from? Chasing it down across continents and timezones is stressful, time-consuming, and, therefore, expensive. Prefer a service provider that offers UK-based support, 24/7.

 

The size of the MSP backup/DR opportunity

So with regulations stricter, but end-user expectations higher, than ever before, is there still money to be made from managing the provision of a MSP backup and DR service?

The answer seems to be a resounding “Yes”! Analyst MarketsandMarkets, for example, predicts global growth in the DR service market from $1.42 billion last year to $11.92 billion by 2020, a compound annual growth rate of 52.9%.

But, like everything else in business, it’s about backing the right horse - so choose your tipster wisely.

Anti-Malware’s Like Your Winter Clothes: Layered Is Better!

Outdoors magazines, sports coaches, your mother – they all teach you that at this time of year, when the cold snap bites, layers of clothing are far more effective against the cold than one monstrous overcoat. Nobody pretends the cold’s not going to find its way into a fold or two, but after that, other folds stop it.

Seems like common sense, doesn’t it? Yet when it comes to anti-malware and the like, too many vendors (and partners!) still favour the overcoat – one big protective mantle that, once compromised, is a single point of chilly failure.

So for you, and your customers, the question is this: where can you get access to the kind of layered anti-malware solutions that don’t let you down like an overcoat, and how can you be sure they’ll deliver on the promise?

What are these anti-malware layers – and what benefit do they deliver?

Layered security’s central philosophy is that no one solution can cover every base. (Wikipedia describes this neatly here). You need layers of solutions, as well as layers of protection within those solutions.

Take one of the most vicious breeds of malware, for example – zero-day exploits, like the ones that placed millions of Android Chrome users at risk. These target vulnerabilities in newly-released browser and application software, often using these undefended pathways to deliver ransomware payloads.

To fight these threats effectively, each vulnerable program – it could be an Office app, a PDF reader, a media player, or anything else – needs its own dedicated protection.

But this kind of exploitation protection isn’t necessarily focused on threat profiles like viruses, Trojans, worms, rootkits, adware and spyware, so an additional anti-malware layer is needed.

And, critically, malware detection is not the same as malware removal – which, again, is a layer in itself.

Put all these items of “protective clothing” together, of course, and you have a multi-layered solution, something like this one, that covers all the critical malware and exploit vulnerabilities.

That chill wind might find its way in here and there, but it’s not going to hit skin.

Anti-malware’s layers within layers

Drilling down into these solutions, we find that there, too, layers are the key to trapping the threat, wherever it comes from and whatever form it takes.

So for example, an anti-malware solution might have four distinct layers:

  • Application hardening, to make outdated or unpatched applications less susceptible to attack
  • Operating System security, to stop exploit shellcode executing
  • Malicious memory protection, to prevent the execution of payloads
  • Application behaviour protection, for specific applications like Word, PowerPoint and others

 In short, there’s a trigger to raise a red flag on all the hot buttons that malicious code typically tries to press!

“Is layered anti-malware really that effective? Not convinced…”

At this point, if I were your mother I’d be telling you to come inside and get some hot soup. As it is, I’m going to tell you to come in from the cold and smell the coffee.

The effectiveness of layered anti-malware is documented fact, not hearsay. Here are some recent threat-busting stats from the layered anti-malware landscape:

  • It was a layered malware removal technology that recently earnt the only perfect score in tests by the internationally respected laboratory AV-TEST.
  • It was a layered malware tool that removed over five billion separate varieties of malware in 2014 alone.
  • It was a layered malware removal technology that, according to OPSWAT, who release periodic studies on security vendors’ market share, is the most popular security product installed by users.
  • Layered anti-malware technology is hot property, ranking 186th in Deloitte’s 2015 Technology Fast 500 nominations.

So what’s stopping you from (if you’re a partner) offering these solutions profitably to your customers, and (if you’re an end-user organisation) deciding to take the partners up on their offer?

Layered anti-malware as revenue multiplier!

The short answer is “nothing.”

Firstly, distribution businesses like mine (and others) already make these solutions available to partners, and not just in conventional subscription-based agreements.

The MSP model, for example, gives partners a powerful differentiator in their portfolio. This is primarily because it enables partners and their customers to pay only for what they use, but it also makes aggregated billing possible, reducing customer acquisition costs and so supporting the growth of the partners’ business.

Secondly – and this is where layers take on a dimension that’s probably a lot more interesting to you than it is to your mother – layered anti-malware not only gives partners the opportunity to combine (and charge for) multiple solutions, as we’ve already seen, it can also work with the customer’s existing security solutions and need not automatically displace them.

In short, every layer’s a revenue stream in itself, but any other security solutions you have already sold to your customers can stay in place too – so the revenue opportunity is multiplied!

So, that’s a whole load of stuff I bet you (and your mother) didn’t know about the similarity between what you wear and what you sell.

Either way, it’s going to make you look good.