Guest Column | October 3, 2012

How Thinking Differently About Security Will Positively Impact Your Bottom Line

By Tom Clare, senior director of product marketing, Websense

Reducing risk today is hard, which is why it's no surprise that today's typical IT shop sees its malware incidents and helpdesk ticket metrics rise every year. The typical customer has a difficult time keeping up with increasingly sophisticated threats and malware that continue to knock on their door. The question is, as a partner, are you ready to answer that knock as a call to opportunity?

The opportunities in the IT security market are incredibly rewarding for those who understand how to tackle today's sophisticated threats.  According to Gartner, by 2015, spending on IT security services will reach more than $49 billion. That's tens of billions of ready money for value-added services like risk assessments, compliance consulting and data protection, all on the table waiting for partners willing to innovate and open up their margin.

So, what does it take to bring customer environments in line with today's advanced threats and take advantage of this security service revenue opportunity? There are a number of ingredients to success, but I believe there is one that will make or break a partner's efforts to reinvigorate a security practice. That is finding a comprehensive security platform that can reliably stop threats in real time thus reducing malware incidents and helpdesk ticket levels. Traditional defenses are simply not addressing these important areas today.

It isn't enough to just block attacks with antivirus, firewalls and URL filtering anymore. Traditional defenses, while still required, are proving to be less effective against advanced threats and data theft. Customers want forensic details on who was attacked, how attacks function, where communications and data theft are destined, plus what data is being targeted. Using malware sandboxing, that provides actionable data and step-by-step details on infection processes and call-home communications, can teach customers how to better identify infected systems for remediation. And adding outbound containment defenses against data theft and communications enhances existing forward facing-only defenses. Customers need security solutions, services and training to make these next steps in the fight against cybercrime.                                                       

Our researchers have been diligently analyzing advanced threats and how cybercriminals are stealing data. Here are a few insights we’ve uncovered:

  • Criminal encryption — The bad guys have been using proprietary encryption methods to hide malicious payloads and communications from traditional content inspection and security check points. To combat this, you need a solution that can examine communications and files obscured by non-standard encryption. Then, criminal encrypted uploads can be detected, blocked and set-off a high-severity alert. Password file data theft detection of files containing password data or AD/SAM database information is also important.
  • “Non Document” Data Theft — When is a document not a document? When it is an image. Up until now, data loss protections have not been able to analyze data images while in motion or in use. And data thieves know it. Criminals are accessing proprietary files and using images or a non-document form to steal the data because they know data loss defenses aren’t analyzing images in motion or in use. That's particularly scary considering the prevalence of smartphone cameras in the enterprise and the fact that more and more companies store confidential data in image form. Look for a security solution that provides an Optical Character Recognition (OCR) security solution for data-in-motion through Web gateways, dat-in-use with end point security, and data-at-rest with data discovery.
  • “Low and Slow” Data Theft (Drip DLP) — Organizations often have a threshold in place defining how many data incidents of confidential information per document or request that can leave an organization. Bad guys learn these thresholds and steal data under the designated allowance by sending out items one at a time or in small batches, in what is often referred to as the “low and slow” approach. Be sure your security solution is capable of recognizing the low and slow pattern of behavior for multiple requests over a defined time period to prevent “low and slow” data theft (or Drip DLP). Also, for any security incident when applicable, forensic data capture functionality is preferred for administrators alongside forensic reporting details.
  • Email Security Evasion — Cybercriminals know that email security solutions will block emails they send containing known embedded links to malicious websites. So they've developed a sort of malware time-release capsule to evade these measures. They now send out emails with lures to specific website links, but they wait to upload the malicious code to the site (or a redirect link to a malicious site) for a few days to give the email enough time to pass through email security checks. If it is sent on a Friday night, it passes through the email security checks as clean, then on late Sunday the destination of the web link is weaponized. The user is then on track for infection on Monday.  Advanced security solutions now have the capability to mark these emails with embedded links for real-time cloud sandboxing analysis for point-of-click protection whenever and wherever the email is opened. The end result is removing the ability of cybercrime to time their malicious payloads and redirects into destination web links embedded in email.

Together, these innovations provide a solution greater than the sum of their parts. For the channel, this kind of comprehensiveness offers a foundation to build more profitable security services and value-added products into a portfolio. And it provides the kind of visibility that makes it easy to communicate to the customer how much value the partner is bringing to the table.

For more information, please visit