How VARs Add Value In Protecting Computer Networks From Security Threats
Written by: Bob Gagnon, Vice President of Sales, AVG
It's no secret that computer viruses, Web exploits, malware, and other Internet-based threats can wreak havoc on a company’s computers and network. Security problems not only threaten any business that buys and sells merchandise online, but any company that relies on a fully functional network for its day-to-day operations. A decade ago, hacks and viruses tended to be more benign in nature, often created for bragging rights. Today’s exploits are much more sinister, aimed at stealing your identify or passwords, or taking over your computer. In light of this rapid rise in cyber crime, it’s surprising that some VARs would view security software as a commodity rather than a strategic purchase decision.How important is the need for Internet security today, regardless of the size of your customer’s business? There was a time when being secure online meant not going to dodgy Web sites and not downloading plug-ins and other software that a site ‘requires’ in order to view something. Web filtering software and company policies about safe surfing and clean (no porn) surfing offered a lot of simple protection. There was also a time when cyber criminal’s activities were eventually discovered, and their malicious sites subsequently shutdown. Unfortunately, these criminals have learned how to run and hide, and sites you thought were trustworthy, aren’t.
The Transient Hack
Our research team learned early on that cyber criminals are now covering their tracks using a new technique called transient hacks. These new threats are not only growing in number, but also in sophistication. For those who haven’t come across this type of threat before, a transient hack attempts to take advantage of a browser vulnerability and will appear on one or more Web sites temporarily, from a few weeks to just a few minutes. Because they’re not in one place for any length of time, they’re very tough to track and block from users’ machines. The main delivery method used for transient hacks is ads on Web sites. The criminals buy a block of ad space from an advertising aggregator and run their exploit on an ad that scrolls through hundreds or thousands of trusted sites — frequently targeting social networks. The infected ads only run for a short period of time.
The transient hack and other types of cyber crime present a challenge and opportunity for the VAR, who should re-evaluate the security software it sells. Does the software address the new methods used by cyber criminals? Old, central database methods rely on checking a URL against a database of sites that are known to have delivered malware in the past. This approach is ineffective against transient threats because the threat is gone before it can be recorded into the database. Worse, at least for the operator of the affected site, the site shows up in a database as infected even after the threat is gone.
Remember that cyber criminals are always thinking of new ways to not get caught, and defeat the latest methods used by security software. A better approach is real-time scanning that inspects the Web page for exploits before the user visits. It’s more effective against transient threats because it’s looking for types of delivery mechanisms rather than types of malware. This is important, because most cyber criminals try to avoid detection by disguising their malware in a wrapper. The signatures on the wrappers are tracked, so you know it’s a threat before it’s unwrapped.
VARs as Educators
VARs play an important role in educating end users on the new threats and also in helping customers choose the right type of security software for their needs. Some VARs feel pressured into offering a big, bloated security vendor’s software to everyone, to keep things simple and to protect themselves from the criticism of not choosing the big software incumbent. But, along with this software come frequent complaints from customers about how much the software slows down their computers.
System impact is a key concern for the customers of Luke Walling, founder and president of Walling Data Systems, a VAR and VAD based in North Carolina that offers security software throughout North America. Walling specializes in education and government customers, and serves resellers as well. “Lightweight security software has an edge in the decision process of my customers,” says Walling. “No one likes resource-hogging software, but our education customers in particular feel the pain. They usually do not have the IT infrastructure to support bloated software.”
Walling also recommends doing the leg work to fully understand a vendor and its products and then sticking with them. “As a VAR, you are often the first-line educator on the vendor’s product. Even customers in the technology field may not understand the breadth and depth of today’s security threats. Many customers are not familiar with Web exploits and think they’re covered with anti-virus software alone. It’s your job to keep your customer informed.”
Security software is far from a commodity. It must adapt and keep step with the every-changing methods of the cyber-criminals. Software choices differ in ability to fight new types of Web exploits, including the ever-elusive transient hack. And this high level of protection shouldn’t have to come at the price of slowing system resources to a crawl. Through offering education and a multi-layer approach to providing security protection, VARs have the edge in helping their customers stay protected.
Bob Gagnon is VP, AVG Technologies USA, and has 15 years experience in the security, storage/disaster recovery, virtual server migration and document management solutions spaces.