Heimdal Security

PatchingPatching is critical in defending your customers against vulnerabilities in everyday applications. It can now be automated from within security software, making it easier than ever to manage.

Think of all those vulnerable third-party applications your customers’ businesses basically run on. Can you rely on your humans to keep their patches up to date?

According to those involved in the recent Equifax debacle, for example, no! Break the human protocol, and the whole patching process falls apart. That’s terrifying when it’s been estimated that, overall, software exploits that target unpatched vulnerabilities account for 85% of all attack angles!

So, automating the patching process seems like a great idea, taking the cost, effort, disjointedness and sheer human fallibility out of keeping users protected against one of the most insidious forms of cyber-attack.

And, indeed, system management software (like the RMM solutions explored in this post) have arguably been doing this for a long time.

But wouldn’t it be neater, easier - and even cheaper – if this automated patching capability were simply built into the security software itself, rather than relying on an extraneous monitoring system? After all, we’re constantly being told patching is security!

Well, two vendors have listened.

Patching done the hard way

But before we look at what Heimdal Security and Bitdefender are offering , (for they are the vendors in question), let’s contemplate just a few of the manual patching challenges faced by end-user businesses and their security partners every day:

  • Slowcoaching – As the Equifax issue shows, being slow off the mark to patch a vulnerability sharply increases the likelihood of falling victim to it, but timeliness is a difficult thing to sustain when workloads are heavy.
  • Proliferation – By definition, the applications requiring patching tend to be big-name office and productivity solutions, so they are not only highly ubiquitous but also available in many different versions (including legacy products). Managing these kind of complex patching scenarios manually can create a massive drain on resources or – worse – a helpdesk meltdown!
  • Patch provenance – Obtaining patches from third-party websites is widespread practice, but does anybody seriously check the hashing of the patch with the hashing on the vendor’s website to make sure they’re downloading exactly what they think they are? Hmmm.
  • System workloads – Downloading and installing patches across large user populations can negatively impact core system workloads, ultimately resulting in disruption and loss of productivity
  • Cost – Every manual process involved in managing or deploying a patch burns through expensive admin and management minutes. Manual patching, though critical, eats readily into margins.

Now let’s consider the alternative.

Automatic patching = business as usual

Between them, what Heimdal and Bitdefender have done is to turn pesky patching (reactive, unpredictable, requiring extraordinary resource) into everyday ‘business as usual’ practice.– simply by automating it.

At a stroke, they have shifted third-party application security into the security layer (where it rightfully belongs), but in a way that it is easy (dare we say profitable?) to manage.

Here’s a snapshot of what this delivers:

  • Automatic patching of apps including Microsoft, Acrobat, Java, Flash and many more, with zero setup - and scheduling also possible.
  • Constant, instant protection – Heimdal checks for patches and updates every two hours and applies them from the moment they’re available
  • Non-disruptive operation – The update process happens ‘silently’ in the background whilst users carry on their work; Bitdefender also makes clever use of cacheing to maximise bandwidth and optimise performance.
  • Trustworthy patches – Updates are guaranteed authentic by automatic checking of the hash patterns against the vendors’ sites
  • Flexible legacy deployments – Updates can be set up to apply to specific software versions, enabling full coverage or legacy-specific deployments

Needless to say, none of this requires the additional cost of an RMM solution, either, but the financial benefits don’t stop there. The Heimdal solution, for example, is available with monthly aggregated billing, so upfront costs are zero and average margin rises with every additional seat.

(Bitdefender are currently pursuing a reseller model with perpetual upfront licensing, but an MSP variant is expected… watch this space!)

Human error: a thing of the patching past?

It’s tempting to see a miracle cure-all in solutions of this kind, but it pays to be appropriately cautious about their market viability.

Security partners can rely on their own product testing, of course – and they certainly should invest time and effort in this.

But the reality is that a security distributor with extensive experience of evaluating hundreds of solutions for sale using their own in-house technical experts is probably a more reliable source for determining the next rising star or the next puff of vapourware.

We like what we see. You should take a look too.

Heimdal Security logoHow would your customers feel if they had a Norse warrior stopping malware from reaching their endpoints? Meet Denmark’s Heimdal Security.

In days of old, the sight of Vikings on the horizon was enough to turn decent peasants’ blood to ice.

But the marauding Danes are now playing poacher-turned-gamekeeper – at least in IT security terms.

Because instead of being the threat, they’re now stopping the threats before they make landfall. (Or, at least, before they reach your customers’ endpoints!)

This is what our newest vendor partner Heimdal Security sees as its killer battle cry when compared to traditional endpoint security. And here’s why malware needs to be very afraid of it.

From last-ditch to proactive: endpoint protection transformed

“Form square and stick out your spears” – that’s basically the traditional approach to endpoint protection. Once the problem has hit the machine, the security software rings the panic bell, musters the garrison, and mounts a defence.

We Brits tried that against the (real) Vikings. It didn’t work.

But if we could have spotted their boats as they cast off – or, even better, seen activity on the quayside that indicated an attack being prepared – we could have taken proactive action against them before they reached Blighty.

This is exactly what Heimdal does. Instead of looking at application code and signatures in files that have already entered the endpoint, to work out if there’s a threat, it looks at the undercurrents in the ‘sea’ of network and internet traffic entering and leaving your customers’ businesses, to detect danger before it surfaces.

Rather cleverly, though, this isn’t just about identifying when users are being taken to places they shouldn’t be sailing towards – e.g. malicious websites – and blocking the connection to them before it’s made (although this is certainly important, as we explore below).

It’s also about using advanced machine-learning, heuristics and network forensics to detect apparently harmless network file ‘plankton’ that is in fact fodder for a coming malware attack.

Traditional security protects an endpoint with a last-ditch defence. Heimdal protects it by turning the entire network into a shield wall.

Which one are you betting your krone on?

Multi Layered Security Graphic
Conventional endpoint security is typically missing the traffic-based anti-malware protection that Heimdal delivers.

“Probably the best malware protection in the world…”

The famous Danish beer ad is tongue in cheek. But there’s a serious point to be made here about the strains of malware that Heimdal can protect against that many other security solutions simply can’t.

Take ransomware, for example. Traditional endpoint security looks for malicious code within files, but a ransomware-triggering hyperlink, or instruction to connect to a website, is neither a file nor, in itself, an inherently malicious piece of code. So, the endpoint security software doesn’t spot it.

But Heimdal is looking at the network, not the endpoint. It detects and blocks the malicious connections (to malvertising, legitimate but compromised web banners, malicious iFrames and redirects, botnets etc.) that signal an intention to activate or propagate attack strains like APTs, ransomware, Trojans, polymorphic malware and others.

In short, Heimdal gets stuck into the melee long before the blunt old endpoint battle-axe can!

Automatic software updates: that’s 85% of web app attacks defeated!

Exploit kits and other threats that exploit programs’ existing security weaknesses are a huge worry for traditional endpoint security vendors, because these weaknesses often exist at a lower level than that at which the security solutions operate.

Consequently, exploits can slip underneath the endpoint radar (the bad guys must feel like they’ve died and gone to Valhalla!)

They’re a huge worry for your customers, too, given that some 85% of web app attacks (like the kind that typically trigger ransomware and steal personal financial data) take hold of endpoints through an existing unpatched security hole of this kind.

But here, Heimdal have put a real edge on their sword. They have coupled their network traffic analysis with an automatic software update tool, to ensure that your customers’ internet-facing and non-internet-facing apps  – from Acrobat to Audacity, Flash to Firefox, Java to Jitsi, and many others besides – are constantly and automatically updated with the latest security fixes and patches, thus denying exploit kits an entry point.

The most security-critical applications are often those that are not concerned with security at all – how’s that for a typically innovative Scandinavian way of looking at a problem?

Why Heimdal
“Proactive” is a word you’ll hear a lot from Heimdal – and the automatic patching capability that embodies it is a good third of the company’s overall value proposition. (Click to enlarge)

Heimdal: the new word in security

Bloodthirsty or not, the Vikings gave their name to some very beneficial concepts. The word ‘law’ comes into English from their language, for example – and from where we’re sitting it looks like they’ve done it again with ‘Heimdal’!

(Loosely translated, we think the name means: “Stop the thing that’s trying to attack the longboat before it reaches the longboat.” Genius.)

Time some of your customers learnt some Danish, perhaps?