Tag Archives: Security

Email Backup vs Archiving Graphic

Email backup, email archiving: what’s the difference, and why shouldn’t businesses just rely on one or the other? We explain.

 

Email is alive and well – and growing!

The daily business email volume worldwide will increase from 112.5 billion in 2015 to 128.8 billion in 2019, according to this downloadable report from The Radicati Group.

So there’s an enormous challenge involved in ensuring copies of emails are retained in a manner that both enables them to be quickly accessed in order to support ‘business as usual’ activities, but delivers more extensive and detailed transparency for the purposes of regulatory compliance.

This is the essential difference between email backup and email archiving. Email backup is largely about business continuity, whereas email archiving is largely about protecting a business’s ‘licence to operate’.

Email archiving: a matter of legal record

Email archiving and email backup are two very different beasts – and here’s why.

Email archiving focuses on retaining emails and associated data to ensure legal and regulatory compliance.

Archiving solutions can therefore hold many years’ worth of data demanded by compliance requirements, even for heavily regulated industries like healthcare, banking and finance, pharma, and so on. Email backup does not retain data this long.

Also, email archiving can hold a 100% faithful copy of the email that has been received or sent, because it retains even deleted mails, which backup does not.

Lastly, email backup typically has very granular tools to satisfy compliance requirements around considerations like access control, audit trails, content integrity, and so on – not something you’d typically find in a backup solution.

As an example, take a look at the features in the Libraesva Email Archiver. You’ll see a whole host of refinements that email backup doesn’t offer, including, amongst others:

  • 80 separate permissions to create finely differentiated user roles and restrict access to sensitive information (important for GDPR compliance!)
  • Trusted time-stamping of each email, to securely keep track of creation and modification times
  • Legal hold, to freeze email and data pending litigation or investigation
  • Anti-tampering, to prevent retrospective adulteration of email content and data

Email backup: copy, restore, recover

The objective of email backup, on the other hand, is to easily recover and restore email that is essential to business activity, when that email has either been deleted or made inaccessible in some other way (e.g. by file corruption, deactivation of a leaver’s account, or even a ransomware attack.)

It can be tempting for businesses to convince themselves they don’t really need this service. After all, with cloud services like Office 365, G-Suite and others, isn’t email already backed up - and in some of the most robust data centres in the world?

Actually, no. Once the recycle bin is manually or automatically purged (and that can be after as little as 30 days) the data is gone…forever.

It follows, then, that cloud services still need backup sitting behind them somewhere, and the most readily accessible place to put it is elsewhere in the cloud (cloud-to-cloud backup).

So, for example, a solution like Cloud Ally will back up all the emails (and other data) contained in cloud services like Office 365 Exchange, Sharepoint Online, OneDrive, SalesForce, G-Suite, Box and others) to a cloud-based AWS S3 data centre that is ISO 27001-certified - and indeed to other user-owned storage too.

This process is automated, enabling a business to easily recover backed-up email long after the cloud service providers would have junked it.

So why do businesses need both email backup and email archiving?

Clearly, email backup and email archiving share some DNA.

But neither is a substitute for the other. In fact both, used incorrectly, are risky, and can put the brakes on businesses’ productivity.

Email archiving boasts powerful storage, search and retrieval powers, but for most everyday users - whose emphasis is simply on being able to find and restore email content and attachments, rather than delivering them as legal records in an approved regulatory format – it’s unnecessarily sophisticated to learn and use.

By the same token, the snapshots generated by email backup solutions, whilst typically simple for users to navigate and restore, do not offer the same historical completeness as email archiving – and any attempt to make them do so in answer to a regulatory investigation or similar would entail many hours’ work manually stitching the snapshots together.

Two sides of the same coin? Perhaps. But businesses need both in the bag, or they could end up paying a hefty price - operationally, reputationally, and in the law courts!

Heimdal Security logoHow would your customers feel if they had a Norse warrior stopping malware from reaching their endpoints? Meet Denmark’s Heimdal Security.

In days of old, the sight of Vikings on the horizon was enough to turn decent peasants’ blood to ice.

But the marauding Danes are now playing poacher-turned-gamekeeper – at least in IT security terms.

Because instead of being the threat, they’re now stopping the threats before they make landfall. (Or, at least, before they reach your customers’ endpoints!)

This is what our newest vendor partner Heimdal Security sees as its killer battle cry when compared to traditional endpoint security. And here’s why malware needs to be very afraid of it.

From last-ditch to proactive: endpoint protection transformed

“Form square and stick out your spears” – that’s basically the traditional approach to endpoint protection. Once the problem has hit the machine, the security software rings the panic bell, musters the garrison, and mounts a defence.

We Brits tried that against the (real) Vikings. It didn’t work.

But if we could have spotted their boats as they cast off – or, even better, seen activity on the quayside that indicated an attack being prepared – we could have taken proactive action against them before they reached Blighty.

This is exactly what Heimdal does. Instead of looking at application code and signatures in files that have already entered the endpoint, to work out if there’s a threat, it looks at the undercurrents in the ‘sea’ of network and internet traffic entering and leaving your customers’ businesses, to detect danger before it surfaces.

Rather cleverly, though, this isn’t just about identifying when users are being taken to places they shouldn’t be sailing towards – e.g. malicious websites – and blocking the connection to them before it’s made (although this is certainly important, as we explore below).

It’s also about using advanced machine-learning, heuristics and network forensics to detect apparently harmless network file ‘plankton’ that is in fact fodder for a coming malware attack.

Traditional security protects an endpoint with a last-ditch defence. Heimdal protects it by turning the entire network into a shield wall.

Which one are you betting your krone on?

Multi Layered Security Graphic
Conventional endpoint security is typically missing the traffic-based anti-malware protection that Heimdal delivers.

“Probably the best malware protection in the world…”

The famous Danish beer ad is tongue in cheek. But there’s a serious point to be made here about the strains of malware that Heimdal can protect against that many other security solutions simply can’t.

Take ransomware, for example. Traditional endpoint security looks for malicious code within files, but a ransomware-triggering hyperlink, or instruction to connect to a website, is neither a file nor, in itself, an inherently malicious piece of code. So, the endpoint security software doesn’t spot it.

But Heimdal is looking at the network, not the endpoint. It detects and blocks the malicious connections (to malvertising, legitimate but compromised web banners, malicious iFrames and redirects, botnets etc.) that signal an intention to activate or propagate attack strains like APTs, ransomware, Trojans, polymorphic malware and others.

In short, Heimdal gets stuck into the melee long before the blunt old endpoint battle-axe can!

Automatic software updates: that’s 85% of web app attacks defeated!

Exploit kits and other threats that exploit programs’ existing security weaknesses are a huge worry for traditional endpoint security vendors, because these weaknesses often exist at a lower level than that at which the security solutions operate.

Consequently, exploits can slip underneath the endpoint radar (the bad guys must feel like they’ve died and gone to Valhalla!)

They’re a huge worry for your customers, too, given that some 85% of web app attacks (like the kind that typically trigger ransomware and steal personal financial data) take hold of endpoints through an existing unpatched security hole of this kind.

But here, Heimdal have put a real edge on their sword. They have coupled their network traffic analysis with an automatic software update tool, to ensure that your customers’ internet-facing and non-internet-facing apps  – from Acrobat to Audacity, Flash to Firefox, Java to Jitsi, and many others besides – are constantly and automatically updated with the latest security fixes and patches, thus denying exploit kits an entry point.

The most security-critical applications are often those that are not concerned with security at all – how’s that for a typically innovative Scandinavian way of looking at a problem?

Why Heimdal
“Proactive” is a word you’ll hear a lot from Heimdal – and the automatic patching capability that embodies it is a good third of the company’s overall value proposition. (Click to enlarge)

Heimdal: the new word in security

Bloodthirsty or not, the Vikings gave their name to some very beneficial concepts. The word ‘law’ comes into English from their language, for example – and from where we’re sitting it looks like they’ve done it again with ‘Heimdal’!

(Loosely translated, we think the name means: “Stop the thing that’s trying to attack the longboat before it reaches the longboat.” Genius.)

Time some of your customers learnt some Danish, perhaps?

Read the latest helpful updates on ransomware and cloud security from our industry partners and contacts.

We like to put our partner and media contacts to good use in helping you and your customers to understand the security landscape.

This month, we bring you three helpful new updates – two guides to ransomware (and how to defeat it) and the other an interesting short article from Cloudworks on the benefits of cloud security for small and medium businesses.

Business guide to ransomware

New from AppRiver, this guide is subtitled ‘Understand, Analyze and Protect’, and is a very readable resource covering what ransomware is, how it works, how it spreads, and the best practices and employee training that can help defend against it.

Ransomware: Malwarebytes bytes back!

Another take on ransomware and how to combat it comes from security experts Malwarebytes, who major on the importance of endpoint security (keeping PCs and devices protected) in this informative and short PDF.

Five reasons why cloud security is important for SMEs

Big servers, large infrastructure, lots of IT staff – these are all security components that SMEs just can’t afford! This is why they must look cloudward – and this article from Cloudworks describes the benefits of cloud security neatly.

We’ll be back with more helpful advice soon!

AppRiver Nautical PlatformAppRiver’s Nautical platform makes all aspects of security service provision manageable from a “single pane of glass”. We look at the benefits.

For security service providers, or resellers wanting to break into the MSP space, there is a double challenge at hand: selecting solutions whose performance will delight their customers, yet that are easy enough to “drive” on a day-to-day basis to prevent margins being eaten away by costly management overheads.

This is why the appearance of AppRiver’s Nautical platform has set our antennae a-twitching. It promises a unified management console that enables service providers to deliver and manage a raft of cloud-based security solutions from one place, without the profit-sapping expense.

Here are just a few ways in which that could benefit service providers and their business.

The business benefits of Nautical, (1): Devolved management

Managing everything from under a “single pane of glass” is a seductive sell, but (I hear you say) doesn’t that just make for a crammed and complex window onto your world, which in turn drives management and admin costs up?

But Nautical turns this on its head, by enabling role-based interaction, so that different users each have different views of what is under the pane and can exercise different levels of control over it – and this includes the end-users themselves.

In this way, management workflows are made more targeted and efficient, but also flexibly devolved to customers where possible - taking even more of the admin burden off the service provider’s desk.

AppRiver Nautical Management
A single pane of glass, multiple kinds of access and interaction - cost reduction through targeted workflows and customer self-service (Click to enlarge)

The business benefits of Nautical, (2): Easy upscaling

Theoretically, cloud-delivered services can easily scale up to meet the needs of increasing numbers of end-users, thus supporting service providers’ revenue growth.

But critical to this process is the ease with which those new users can actually be brought on board. All the cloud service capacity in the world is no money-spinner if it is difficult, time-consuming and costly to connect users to it.

One of the killer new features in Nautical is a configurable user account management function that enables new users to be brought on board, and the overall user count to be increased, very easily.

Previously, this would have entailed multiple workflows in multiple environments; using Nautical, however, it is now a far simpler (and therefore cheaper) process.

AppRiver easy upscaling
More users, more usage, more revenue – and bringing them on board’s a cinch (Click to enlarge)

The business benefits of Nautical, (3): App-style agility and healthchecks

To go back to a previous point, bringing on additional users also inevitably drives demand for more products and services. Any service provider that delivers on the first point but not the second is painting themselves into a corner.

Nautical, however, makes it possible for both service providers and their customers to add and integrate new products and services with the kind of pick-and-mix agility you’d expect from something like an app store.

But (I again hear you ask) doesn’t that, in itself, create another management challenge – namely, monitoring all those disparate products and services without excessive (and expensive) manual intervention?

Here, too, Nautical comes up with the goods, thanks to its cross-product diagnostics that deliver a single, regular, unified application healthcheck to service providers’ customers and all the solutions they’re using.

Apps on demand
Apps on demand – and a unified monitoring and management system to keep them profitable (Click to enlarge)

What else should you know about Nautical?

Nautical has been described as “an entire channel programme in one portal”, but what’s really striking is that this deep integration across all aspects of security service provision comes at no charge.

Nautical simply becomes automatically available when a service provider chooses to deliver AppRiver’s security solutions – including anti-spam / anti-virus, web protection, email encryption, Exchange and mailbox protection – and this of course covers existing AppRiver service providers, too.

All in all, Nautical takes the hard work out of delivering MSP services that can really boost service providers’ bottom line, by making all business activities manageable from one place.

Now that really is something you should know.

Business Continuity2017 will see greater demand for security products than ever before. Backup and recovery are predicted to be big business for security channel partners!

Security predictions for 2017 are coming thick and fast – and there’s little for businesses to be cheery about.

“A major bank will fall as a result of cyber-attack,” the BBC relates in this article, whilst, at the other end of the scale, a solicitor has found itself embroiled in an email fraud scam that has, to date, left a homeowner £67,000 out of pocket.

But it’s perhaps ransomware, explored in a previous post, that will see the most noticeable growth in 2017, and it’s a major factor driving businesses’ and security partners’ interest in business continuity solutions like backup and recovery.

After all, if a business can reinstate critical backed-up data at will, ransomware loses much of its bite, and therefore its attractiveness to those who perpetrate it!

So what does an effective business continuity solution look like?

Business continuity solutions – what to look for

True business continuity is about more than just security applications – there’s a whole host of cultural and organisational requirements too, as this basic guide from CSO Online explains.

But from the solutions point of view, business continuity is basically about two things: reliable and bomb-proof (perhaps literally!) data backup, and rapid data recovery.

Two metrics are critical, here: Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

The former dictates how much data a business could afford to lose before it caused any real and lasting damage – and therefore reflects considerations like how often backups need to be performed, what volumes and formats of data need to be involved, and how robust the backup environment is.

The latter dictates how rapidly that backed-up data can not only be accessed (hint: off-site tapes just don’t cut it any more!) but actually redeployed in a form that the business’s hungry systems can once again get to work on – not just files and folders, but settings, too - to get the business back on its feet post-incident.

Between them, these two metrics hinge on a host of solution capabilities that can be problematic.

For example, one oft-cited issue is that when backup and recovery data is being streamed back into a stricken business, the data can’t be accessed or used until the recovery process is complete – and that can take many precious hours, days, or even longer. Unhelpful.

Reliance on recovery via hardware is also a sticking point, since it may be impaired by the very hack that caused the data incident in the first place (ransomware is a very good example of this!)

What’s the appetite for business continuity solutions in 2017?

Nonetheless, business continuity has been a problem crying out for a solution for a long time before 2017; ransomware has simply put an especially shrill edge on it!

Scary statistics abound; did you know, for example, that according to a study by Onyx Group, 71% of UK SMEs only ever manage to back up part of their data?

Or that 75% of SMBs have no disaster recovery plans in place at all?

But even more terrifying, when considered in the light of the ransomware issue, is that, according to one estimate, 58% of small businesses could not withstand any amount of data loss whatsoever!

Think about that for a moment. It means the hackers’ job is made much, much easier. Even holding the slightest amount of a business’s data to ransom could easily provoke a payout. Minimum effort, maximum return – which means more hackers getting involved in this kind of activity in the future, of course!

Not for nothing is the Business Continuity Institute’s agenda focused “overwhelmingly” on cyber-resilience in 2017.

(And in case you’re wondering, the disaster recovery-as-a-service market, in which backup will play a key role, is estimated to be worth $11.11 billion - £8.83 billion - by 2021. Ripe for the picking!)

Where can I check out the latest business continuity solutions?

Clearly, what we’ve said above also means that the competitive landscape for security partners in this space is going to become challenging.

But for an insight into how one backup and recovery solution is evolving to deliver both strengthened protection to end-users and a more compelling proposition to the security partners who sell to them, take a look at this data backup and recovery features update.

And keep watching this series of blogs – we’ll be looking at a whole range of security solutions for 2017, covering email, web, cloud, data centre, and Office 365.

General data protection regulationGDPR is coming! Here’s what the security channel needs to focus on to create opportunity out of regulatory upheaval.

On 25th May 2018, the EU General Data Protection Regulations (GDPR) become law.

But despite the burden of compliance that this places on the channel, isn’t it also a major opportunity for channel partners to sell more of the solutions that help end-users to address GDPR-related issues?

Here’s what we found when we dug into GDPR, and the opportunities it potentially presents, a little further…

GDPR opportunities – 1: Greater technology freedom?

A noteworthy feature of GDPR is that it does not prescribe specific data protection technologies – like a certain encryption algorithm, for example – and, therefore, does not automatically exclude others.

Instead, it prescribes processes, meaning that partners potentially have greater freedom than before to choose from a palette of vendor solutions that can satisfy those process requirements.

It’s a growth outlook reinforced by the IT industry’s most high-profile membership and training organisation, CompTIA. They have publicly stated to IT channel partners that GDPR means “Clients will be relying on their providers to help them meet regulations, which is a great opportunity to build on your relationships, all while creating new business with current and potential end users.”

So, given that GDPR is seemingly less proscriptive on the technology front than we might have previously assumed, what are the GDPR hot topics to which security partners’ offerings need to provide a compelling (and compliant) response, if they are to make the most of the opportunities at hand?

 GDPR opportunities – 2: Data protection controls

GDPR has serious teeth, but given our background in security software distribution, and from the point of view of security partners’ offerings, we believe it bites hardest around three key internal and three key external threat scenarios, which we’ve paraphrased from this recent research:

(including employee mistakes and malicious insiders)

  • Making lost data valueless if found – in other words, encryption methods that keep data safe if a device with personally or professionally identifiable information on it is lost or stolen.
  • Remote kill and wipe, to easily remove data from lost or stolen devices, or render them unusable, no matter where they are in relation to the user.
  • Data loss prevention (DLP), to control the types and sensitivities of data that users move around or out of the organisation.

(third-parties exploiting the organisation)

  • Locking-down, to control what kind of applications can and can’t run on an endpoint
  • Virtual patching, to stop remote exploitation of unpatched vulnerabilities
  • Breach detection, to flag where a network has been compromised, and thus enable users to block attempted data theft.

Should security partners be quaking at the sound of these snapping jaws? Not a bit of it.

Security solutions are already available that enable partners to deliver many of these GDPR-focused benefits to end-users, from vendors including Trend Micro (in both SMB and Enterprise formats) and others.

Plus, a recent survey of European businesses cited in this Information Age article found that 69% of those polled are not only likely to invest in security technology as a result of GDPR, but to do so in areas including file-sharing. (This hints at a growth in the cloud app-centric security requirement space, into which, as we discussed in an earlier post, at least one vendor already plays strongly.)

GDPR opportunities – 3: The size of the market

But it’s filthy lucre, predictably, that hints most effectively at the pot of GDPR gold at the end of the partner rainbow. And make no mistake, we are talking big money here.

, for example, has predicted that GDPR will create a $3.5 billion market opportunity for security and storage vendors – in which their partners, of course, will share – as the severity of fines drives enterprises to “radically shake up their data protection practices, seeking…new technologies to assist with compliance.”

An additional push factor in the groundswell of GDPR opportunities for security partners also came with the recent comment by the European Commission's Justice Directorate, according to the International Association of Privacy Professionals (IAPP), that companies judged to have invested responsibly in security can, under certain conditions, see any fines for non-compliance reduced.

Security partners, it seems, are likely to become many businesses’ new best friends!

GDPR: What next for security partners?

This piece in ChannelPro perhaps best expresses what partners need to do, as GDPR relentlessly approaches, to turn a disruptive regulation into a profitable business opportunity:

“1. Read up on the changes and ensure they become the trusted expert on the new regulations

  1. Educate their customers about the impact of the EU GDPR
  1. Ensure they’ve got the solutions available to help customers with compliance”

From where we’re standing, point 3 looks to be the least of partners’ worries…

Over the last week we have seen an increase in the amount of companies receiving emails containing Zepto Ransomware, a file encrypting virus based on the infamous Locky cryptoware.
Most of the emails have been carefully crafted to ensnare the victims using social engineering techniques, typically greeting the recipient by first name and asking them to open an attachment which they had requested.
zepto image
The attachment will typically be either a .zip extension or .docm extension and once opened will run a malicious JavaScript which then encrypts all files on the users machine with the .zepto extension

To try and combat the infection, we offer the following advice
1. To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
2. To protect against VBA malware, tell Office not to allow macros in documents from the internet.
3. Ensure your AntiMalware program is upto date
4. Ensure your users are careful with email attachments and only open the ones they are sure they have requested
5. If possible set email filtering to quarantine all .zip and .docm files

cloud-application-controlWhat customers' employees do within web, cloud and social apps can be a significant threat to their business. We look at how they can limit the risks.

We recently took a look at vendors’ web security offerings, and came to the conclusion, in this post, that much of this risk landscape is being driven by employees and their ceaseless interactions with the raft of web, cloud and social media applications on which so many agile business processes now depend.

As this excellent piece in ITPro explains, it is now imperative for businesses to “understand exactly how data is moving in, around and out of your organisation”, and to provide the “visibility and the ability to discover, analyse and control the information staff are accessing or sharing.”

Whether businesses are updating marketing posts on Facebook, drilling down into Salesforce, uploading price lists to Dropbox, liking comments on Twitter, or using cloud data storage applications (as some 52% of small and medium-sized businesses in the US alone seem now to be doing, according to this Cloudwards article), the potential for both intentional and unintentional data compromise or reputational damage is high.

So how do security vendors tackle this end-user challenge, and create cloud application control solutions that MSPs and other partners can sell and provision to customers profitably?

 Cloud application control: the all-seeing-eye?

The first thing to say here is that cloud application security is not simply about automatically blocking malware, or filtering out clicks on risky URLs, or scanning for abusive language.

Rather, it is about being able to visualise and analyse all users’ application activity simultaneously and in one place, make informed human business risk decisions on it, and, where necessary, change parameters and automated settings to suit.

So, for example, why is a user uploading or deleting a profile image? Are they trying to hide their identity?

Why is someone removing a public link – was something there that should not have been exposed to public view in the first place? If so, how do you address the process failure that allowed such a link to then be posted?

Why is someone permanently deleting files from a recycle bin – are they trying to cover their tracks? For what reason?

With or without malicious intent, these are potentially damaging behaviours – but it takes a human eye to assess them, and that can only happen if all relevant information and alerts are assembled in one dashboard, where they are easy to interpret, at minimum management overhead.

Cloud application control consoles are therefore critical, enabling end-user and MSP alike to monitor and manage both users’ behaviours and the service that is being delivered.

Cloud app control – it’s not everywhere

Yet take a look at the “Treacherous 12” top cloud computing threats recently listed by the Cloud Security Alliance at the recent RSA Cybersecurity Conference, as reported in this Infoworld article, and it hardly paints a picture of a cloud application risk landscape that has been comprehensively tamed.

On the one hand, this presents a healthy sales opportunity for MSPs, who can deliver cloud application control solutions as an inroad into new clients.

But it also provides MSPs with a means of protecting themselves against the ever more litigious risks associated with other cloud applications that they already deliver to their customers.

To give just one rather urgent example, according to this TechTarget article some 75% of all cloud apps used in European enterprises are out of compliance with the new EU data protection regulations that are set to take effect in less than two years – and any MSP providing or provisioning them will be liable, as the incumbent “data processor”, for any security breaches sustained.

Overlaying cloud application control on these existing apps could help to significantly reduce many MSPs’ exposure to this kind of risk, or at least expel any ambiguity as to what is a breach occasioned by vulnerabilities in the application itself, and what is a breach caused by risky operator interaction with the cloud application environment.

Who sells cloud application control solutions?

Unsurprisingly, these factors (and others) have encouraged industry analysts to comment enthusiastically on the projected rise of cloud application-specific security solutions. Channel Pro, for example, has cited Gartner’s statement that, in 2016, 25% of enterprises will use a cloud access security broker.

But this presents something of a difficulty, given that there are actually so few vendors producing solutions in this space.

One player that has broken the mould, however, is CensorNet, and for good reason. It has developed a cloud app control solution that hits on all the critical MSP hot buttons at once – it is white-labelled to boost the MSP’s brand profile, can be up and running without infrastructure costs, is deployable in minutes, and offers stellar system performance and scalability thanks to its proxy-less architecture.

Yet one swallow does not a summer make. Can MSPs take cloud application control mainstream with so few vendors in the frame?

Put it this way, they’re going to let down a lot of customers if they don’t. Consider this: the average employee already accesses seven different web applications at work, but according to one recent article, 58% of respondents had no training in how to use those apps safely, 39% were unaware of the risks associated with them, and 44% hadn’t been trained in how to transfer and store corporate data securely.

Add to that the revelation, in the same article, that 23% of respondents have already experienced cloud data losses or breaches, and 20% have reported unauthorised access to their data or services, and the need for organisations to understand who is doing what in the cloud, to what, and why, is no longer a nice-to-have – it’s a critical imperative.

Over to you, MSPs...

Anti-Malware’s Like Your Winter Clothes: Layered Is Better!

Outdoors magazines, sports coaches, your mother – they all teach you that at this time of year, when the cold snap bites, layers of clothing are far more effective against the cold than one monstrous overcoat. Nobody pretends the cold’s not going to find its way into a fold or two, but after that, other folds stop it.

Seems like common sense, doesn’t it? Yet when it comes to anti-malware and the like, too many vendors (and partners!) still favour the overcoat – one big protective mantle that, once compromised, is a single point of chilly failure.

So for you, and your customers, the question is this: where can you get access to the kind of layered anti-malware solutions that don’t let you down like an overcoat, and how can you be sure they’ll deliver on the promise?

What are these anti-malware layers – and what benefit do they deliver?

Layered security’s central philosophy is that no one solution can cover every base. (Wikipedia describes this neatly here). You need layers of solutions, as well as layers of protection within those solutions.

Take one of the most vicious breeds of malware, for example – zero-day exploits, like the ones that placed millions of Android Chrome users at risk. These target vulnerabilities in newly-released browser and application software, often using these undefended pathways to deliver ransomware payloads.

To fight these threats effectively, each vulnerable program – it could be an Office app, a PDF reader, a media player, or anything else – needs its own dedicated protection.

But this kind of exploitation protection isn’t necessarily focused on threat profiles like viruses, Trojans, worms, rootkits, adware and spyware, so an additional anti-malware layer is needed.

And, critically, malware detection is not the same as malware removal – which, again, is a layer in itself.

Put all these items of “protective clothing” together, of course, and you have a multi-layered solution, something like this one, that covers all the critical malware and exploit vulnerabilities.

That chill wind might find its way in here and there, but it’s not going to hit skin.

Anti-malware’s layers within layers

Drilling down into these solutions, we find that there, too, layers are the key to trapping the threat, wherever it comes from and whatever form it takes.

So for example, an anti-malware solution might have four distinct layers:

  • Application hardening, to make outdated or unpatched applications less susceptible to attack
  • Operating System security, to stop exploit shellcode executing
  • Malicious memory protection, to prevent the execution of payloads
  • Application behaviour protection, for specific applications like Word, PowerPoint and others

 In short, there’s a trigger to raise a red flag on all the hot buttons that malicious code typically tries to press!

“Is layered anti-malware really that effective? Not convinced…”

At this point, if I were your mother I’d be telling you to come inside and get some hot soup. As it is, I’m going to tell you to come in from the cold and smell the coffee.

The effectiveness of layered anti-malware is documented fact, not hearsay. Here are some recent threat-busting stats from the layered anti-malware landscape:

  • It was a layered malware removal technology that recently earnt the only perfect score in tests by the internationally respected laboratory AV-TEST.
  • It was a layered malware tool that removed over five billion separate varieties of malware in 2014 alone.
  • It was a layered malware removal technology that, according to OPSWAT, who release periodic studies on security vendors’ market share, is the most popular security product installed by users.
  • Layered anti-malware technology is hot property, ranking 186th in Deloitte’s 2015 Technology Fast 500 nominations.

So what’s stopping you from (if you’re a partner) offering these solutions profitably to your customers, and (if you’re an end-user organisation) deciding to take the partners up on their offer?

Layered anti-malware as revenue multiplier!

The short answer is “nothing.”

Firstly, distribution businesses like mine (and others) already make these solutions available to partners, and not just in conventional subscription-based agreements.

The MSP model, for example, gives partners a powerful differentiator in their portfolio. This is primarily because it enables partners and their customers to pay only for what they use, but it also makes aggregated billing possible, reducing customer acquisition costs and so supporting the growth of the partners’ business.

Secondly – and this is where layers take on a dimension that’s probably a lot more interesting to you than it is to your mother – layered anti-malware not only gives partners the opportunity to combine (and charge for) multiple solutions, as we’ve already seen, it can also work with the customer’s existing security solutions and need not automatically displace them.

In short, every layer’s a revenue stream in itself, but any other security solutions you have already sold to your customers can stay in place too – so the revenue opportunity is multiplied!

So, that’s a whole load of stuff I bet you (and your mother) didn’t know about the similarity between what you wear and what you sell.

Either way, it’s going to make you look good.