Presentation is loading. Please wait.

Presentation is loading. Please wait.

Webroot Web Security SaaS A Better Approach to Web Security

Similar presentations


Presentation on theme: "Webroot Web Security SaaS A Better Approach to Web Security"— Presentation transcript:

1 Webroot Web Security SaaS A Better Approach to Web Security
Paul Jakobsen Webroot, Inc.

2 Agenda About Webroot The Evolving Threat Landscape
The Shift to Security as a Service Webroot Web Security SaaS Q&A 2

3 Agenda About Webroot The Evolving Threat Landscape
The Shift to Security as a Service Webroot Web Security SaaS Q&A 3

4 About Webroot Largest Private Security Company in North America
Years in Business: 11 Employees: 340+ Headquarters: Boulder, Colorado Sales and Support Offices: US, UK, France, Germany, Australia, & Japan Growth: Avg. 40% Net Income Growth (YoY) since 2005 Broad Security Portfolio: Business: SaaS: , Archiving and Web Security Solutions Endpoint: Antispyware and Antivirus Solutions Consumer: Anti-Spyware: Webroot Spy Sweeper Consumer suites: Webroot AntiVirus, Internet Security Essentials Parental controls, personal privacy, online back-up products 4 4 4

5 Agenda About Webroot The Evolving Threat Landscape
The Shift to Security as a Service Webroot Web Security SaaS Q&A 5

6 Evolving Threat Landscape
Traditionally Targeted at Employee Productivity Low Adoption of Web Security Solutions Shift in Market Focus Threats Focused on Spam Hackers/Malware Writers Now Focused on Web Web is Primary Attack Vector Internet Use Model has Changed Rise in Web 2.0 Applications Major Source of Data Loss IT Spending in Decline Lack of IT Resources to Handle Threat Environment Economic Turmoil

7 Threat Landscape: Shift in Email Threats
Decrease in Malware Delivered via Increase in Spam as a Percentage of Traffic 7 Source: Sophos/Webroot, 2008

8 Threat Landscape: Increase in Web Attacks; Insufficient Protection
Security Risk! If you look across both Web and protocols, you will see that organizations have done a pretty good job in managing threats as 70% of companies have some form of security. As a result, only 15% of malware is distributed via . However, if companies have addressed the threat issue, hackers and malware writers have now begun to focus on the web as the vector of choice. In some recent internal research, we have determined that 85% of malware is now disseminated via the web, while only 15% of companies have sufficient protection. Source: Webroot, 2008 8

9 Threat Landscape: The Number of Malicious Sites is Increasing
Percentage of Google search queries that resulted in at least one malicious URL Here is some additional data from Google validating that the web is becoming more dangerous. If you look at the graph, you will see that the fraction of search queries resulting in at least one malicious URL has increased by 1% over a 10 month period beginning in April, This may not seem like a lot, however, if you consider that Google processes almost 6 billion search queries per month, this means that almost 60 million queries resulted in a malicious URL being returned. In addition, IDC reports that 5% of heavily trafficked web sites have some sort of threat associated with them ranging from adware to malicious spyware (IDC, 2008) Source: “All Your iFRAMEs Point to Us,” Google, Feb. 4, 2008 9

10 Web 2.0 Presents New Challenges
Social Networking Content Syndication Blogs Content Sharing RSS Social and Participatory Dimensions Create New Risks Web mail/Web postings account for 37% of information leaks (IDC, 2008) 62% of companies allow access to social networking sites (Gartner 2008) MySpace, Facebook and Bebo have become vehicles for distributing malware Examples of threats to social networking/Web 2.0 sites: 10

11 Changing Economic Environment
IT Departments Are Being Forced to React Source: Webroot, 2008 11

12 IT Security Departments Already Stretched
Top Challenges for IT Security Departments Source: Forrester, Enterprise And SMB Security Survey, North America And Europe, Q3 2007 Recent Forrester survey on the Top Challenges for IT security departments. Lack of budget and unavailability of security expertise were the top two issues. Understandable, given the evolving threat landscape and the increasing demands placed on an IT department to manage security issues in addition to all the other IT responsibilities. 2,212 security decision-makers at North American and European companies IT organizations are struggling to handle the complex nature of today’s threat environment! 12

13 Agenda About Webroot The Evolving Threat Landscape
The Shift to Security as a Service Webroot Web Security SaaS Q&A 13

14 SaaS is Not New – Business Runs on SaaS
CRM Content Management Web Collaboration Storage/ Archiving HR/Payroll Vulnerability Assessment “The appeal is obvious: SaaS is quicker, easier and cheaper to deploy than traditional software, which means technology budgets can be focused on providing competitive advantage, rather than maintenance.” – The Economist, April 20, 2006. 14

15 Cost Advantages of SaaS
“SaaS can reduce the cost of implementing and supporting an application by 60 percent and lower an organization’s TCO by 5 to 7 percent.” Source: Gartner: TCO of Traditional Software Distribution vs. Application Virtualization. April 16, 2008. The graph on the right indicates the Total Annual Cost per user of a SaaS solution vs. an Appliance, including cost of equipment, personnel and maintenance fees and subscription fees. As you can see, an appliance will cost an organization a little less than $100 per user, with about 60% of this being allocated to personnel costs. With a SaaS solution, because it is a service requiring no on-site maintenance, the personnel costs allocated to this solution are significantly reduced providing a lower total cost of ownership, per user. Total cost here is a little less than $60 per user per year. Sources: Software and Information Industry Association (2006) and Webroot (2008)

16 Advantages Over On-Premise Solutions
SaaS On-Premise No hardware/software to purchase or mange Hardware purchase and management required Easy to deploy Lengthy deployment process Lower total cost of ownership High capital and replacement costs Application managed by experts On-site management required Easy to scale/unlimited capacity Additional HW purchase required Flexible platform – ability to add/subtract technologies No flexibility Difficult to change configuration Guaranteed service performance (SLAs) No guarantee if HW/SW fails 16

17 Convergence of SaaS and Security
Security SaaS leverages advantages of SaaS as a delivery model and helps to alleviate the challenges facing IT Security departments: Better Value in Any Economic Climate Pay only for what you need Operational cost, not capital expenditure Increased IT efficiency Much Easier to Manage and Deploy No on-premise equipment to manage Web based management console Unlimited processing power in the cloud Built in redundancy Better Security, More Effective Multiple technologies/multiple vendors for best protection 24x7 security experts Service level agreements to guarantee availability 17

18 Agenda About Webroot The Evolving Threat Landscape
The Shift to Security as a Service Webroot Web Security SaaS Q&A 18

19 Webroot Security Approach
Customer Environment Webroot Global Datacenter Network Webroot Security Software as a Service (SaaS) Webroot Endpoint Security Threat Protection Anti-spam Anti-virus Anti-spyware Anti-phishing DDoS/DHA Business Enablement URL Filtering Message Continuity Mobile User Protection Data Security Content Scanning Application Control Encryption Compliance Archiving Compliance Dictionaries Secure Storage Web Traffic Internet Webroot Security SaaS Anti-Virus Anti-Spyware Application Control Webroot Web Security SaaS Traffic Webroot Archive Service Mobile Users 19

20 Webroot Web Security SaaS
Customer Environment Outbound Web Traffic Webroot Security SaaS Datacenter Outbound Scanning - URL Filtering by Policy - URL Allow/Deny Lists - Application Control - File Type Blocking - ‘Scan Ahead’ Search Inbound Scanning - Virus Scanning - Spyware Scanning - Phishing Site Analysis - Content Control X Web Content Host Internet Slide Build… X Clean Web Traffic Admin Inbound Web Traffic Mobile Users

21 Web Security SaaS Features & Benefits
Inbound scanning for virus, spyware, phishing attacks Block viruses and spyware before they infect your network Seamless authentication for roaming end-users Apply security policy to mobile users, regardless of location URL filtering/ custom allow and deny lists Enforce company Internet acceptable user policies Application and file type blocking Prevent loss of company and personal data Intuitive web management portal Easy to set and manage end-user policies and report on activity 21

22 Web Admin Console: Dashboard
22

23 Web Admin Console: Policy Creation
Control web access policies based on site category and time period Allow, deny, or coached access Customized allow and deny lists Set access based on account, group, or individual user 23

24 Web Admin Console: Reporting
Real-time Management Dashboard Top categories Spyware/malware sites Top search terms Ad-hoc and Scheduled Reporting Reports based on: Bandwidth Site category/URL Time frame Account, Group or User level reporting Compare group data Graphical reports Scheduled for delivery as PDF 24

25 Web Threat Protection: Anti-spyware and Anti-virus
Webroot Anti-spyware Powered by Webroot Spy Sweeper technology Automated spyware detection Blocks URLs with malware characteristics Only SaaS solution with an integrated anti-spyware engine Anti-virus Protection Signature detection guarantees 100% virus protection Heuristics protect against zero-day attacks The Webroot Web Security SaaS solution also comes complete with multiple best-of-breed threat protection engines. These include: 25 25 25 25

26 Web Filtering: URL Filtering Engine
URL database of over 25+ million websites Constantly updated Flexible policy management based on: 12 main categories 96 sub-categories URL reputational analysis Block URL’s based on site reputation and potentially malicious behavior Create customized allow/deny lists for greater protection 26

27 Web Filtering: ‘Scan Ahead’ Search
Apply Internet use policy to search results Results are color coded to denote access Access policy based on individual user 27

28 Web Filtering: Custom Blocked/Coached Pages
28

29 Web Filtering: Anti-phishing
Advanced heuristics analyze website behavior to protect against new phishing attacks 29

30 Web Filtering: Proxy Bypass Sites
…they go to an anonymizer site that states “Browse the web through our service to get past pesky url or ip based filters!”. . However, most such anonymizer sites are already blocked by the Anonymizer policy [under Risk/Fraud/Crime] and therefore the user won’t even be able to get to them. However, if the employee is technically astute they can build their own anonymizer at home with simple downloadable code and use their own anonymizer to access the blocked site. Both newly established sites and sites set up by an employee or student will not be in those URL lists. The anonymizer shown above is the most difficult of the various anonymizers to defeat because it uses an encrypted URL to obfuscate the site that the users is trying to access.

31 Roaming User Protection
Apply Internet use and security policy to mobile users No additional hardware or server software to manage Enables roaming user authentication from anywhere without having to establish VPN connection Integrated component of service 31

32 Global Coverage and Infrastructure
32

33 Questions? Paul Jakobsen Webroot 33


Download ppt "Webroot Web Security SaaS A Better Approach to Web Security"

Similar presentations


Ads by Google