Organisations of all sizes continue to face the challenge of defending against increasingly sophisticated security threats. Under a high level of financial motivation, attackers are constantly inventing new ways to penetrate corporate defences and access valuable data. This causes resellers to play catch-up with new security technology in an attempt to capitalise on the emerging opportunities for sales.
One emerging threat that has caught the eye of resellers is blended threats. Recent research found that 42% of current spam traffic contains web links to malware, making it the highest single type of threat today. This new type of threat exploits the blind spot in typical signaturebased anti-virus products by drawing users to websites where malware is downloaded, often without user intervention. With the majority of today’s malware focused on accessing or extracting confidential data, businesses can’t afford to ignore this emerging threat. For resellers, there is an opportunity to assist customers in developing strategies to deal with these ever-changing and increasingly sophisticated threats.
New attack vectors
New innovations in the malware industry have increasingly focused on avoiding detection by traditional anti-virus products through different tactics. For example, the time-lag between a new virus arriving and a new security signature being created – which can be hours, days or longer – can be sufficient time for the virus to spread before being stopped by anti-virus products. In addition, the use of malware variants has been a successful tool used by virus writers to avoid detection.
Also, the use of stealthy, targeted threats has increased dramatically. These email-based attacks, which are often sent to one or a few individuals, are designed to circumvent signature-based products and IP reputation services that rely on previously-written signatures or high volumes of traffic for detection. Even more concerning, these targeted threats are highly customised and may appear to come from familiar internal or external sources, dramatically increasing their success rate. Very frequently, the threats use common Microsoft Office documents such as Word or PowerPoint to infect the user’s system.
The nature of these, and other new threats designed to avoid detection, has placed the reseller channel on a virtual treadmill where it is forced continuously to keep up with both the volume and the sophistication of an onslaught of new attacks, in order to provide quality solutions and services to end users.
The sales approach
Attackers are using alternative communication streams, email or web, to breach organisations’ security walls and are developing blended threats as a new tool of choice. Blended threats can include the use of more than one of the communication streams to initiate and execute a malware attack.
What’s needed is an adaptable solutions-based approach to sales. While it can be an overused expression when selling, too often sales teams only pay lip service to the solutions approach. It is important to the channel to ‘shift product’; however a true, adaptable solutions-based approach to selling security will build better relationships with end user customers and ultimately provide an opportunity for additional business as resolutions for new threats emerge. The channel should build adaptable security solutionsby choosing vendor products and solutions that can easily increase security functionality through new plug-in or add-on capability as new threats arise. Channel resellers will then be able to provide regular and highly valuable security updates for their customers’ solutions in a structured andefficient manner.
The increasing emergence of blended threats requires advanced threat detection and analysis technologies, along with a holistic approach to looking at threats across an organisation’s inbound and outbound communications streams.
Ultimately, as the end user’s machine is compromised, consequences can include the loss of valuable and confi dential information and slower performance as the computer joins the attacker’s growing botnet population and is used to perpetuate the process.
Emerging channel opportunity
The challenge and the opportunity for the reseller channel is to build up the necessary knowledge to play an advisory role to end users. Particularly with the increasing consolidation amongst security vendors, there is a need to stay ahead of emerging threats and to keep up with new solutions being marketed.
Current trends indicate that the amount of blended threats willcontinue to rise. On the web side, attackers also take advantage of product weaknesses and exploit browser vulnerabilities to download malware from websites that are missed by web filters that may not block URLs linked to malware. Web security gateways with inbound anti-virus capability can likewise be ineffective, as the sites often contain polymorphic viruses modified to be missed by traditional signature-based antivirus applications.
The nature of blended threats requires a sales approach that covers threats beyond traditional web-crawling techniques, malware signatures and attachments. More broadly, the attack should be stopped at both the email and web gateways. An off-the-shelf anti-virus product clearly isn’t going to do this; end users will only benefit from an approach that first analyses all the communications streams within an organisation.
There is a huge opportunity for resellers to revisit their customers, conduct a risk assessment and build an adaptable, solution-based strategy for protection against current and emerging threats, such as the blended threats I have outlined. Only then can you develop the expertise needed to advise end users, rather than just sell product.
Jeremy Hulse is the Vice President of Sales, Asia Pacifi c for Marshal8e6, the global leader in secure web gateway and email security solutions.
+61 2 9466 5822