Safety Detective’s Aviva Zacks had the chance to interview Webroot’s Senior Director of Product, Andy Mallinger, and took it! Here are his thoughts on phishing and how Webroot is helping protect consumers and small businesses from cyberattacks.
Safety Detective: Tell me how you got into cybersecurity.
Andy Mallinger: I worked at a company called Digimarc, which did digital watermarking to protect digital content, like paper currency, -government-issued IDs (driver’s licenses, passports), digital images, sound, and video. We embedded cryptographic content to identify valid currency and data and track where the content ended up. I also worked at iovation, which provides the leading device identification-based fraud prevention solution to banks and online retailers.
I joined Webroot about 3 years ago with a focus on threat intelligence. We have a very significant investment and deep experience with machine learning and artificial intelligence (AI) to determine the reputation and riskiness of billions of websites, IP addresses, URLs, as well as files for businesses and consumers. I currently manage the team responsible for our consumer product portfolio.
SD: Who does Webroot serve?
AM: We serve three segments at Webroot:
- A consumer segment, where we sell Webroot SecureAnywhere directly to consumers and through retail channels such as Best Buy.
- An SMB (small and medium business) segment, where we work primarily with managed service providers (MSPs) to provide cloud security services, management and end-point protection to their SMB customers.
- An original equipment manufacturer (OEM) segment, where we sell our threat intelligence data through industry-leading technology partners, who build that data into their SIEM or network gear.
SD: What are the current cybersecurity issues that we should be concerned about?
AM: For the business and the consumer segments, the main thing that people need to be worried about is ransomware. This threat can scramble your personal information and files and demand a ransom to recover it. These days, ransomware is very individualized. The infected file you get may be different enough from the file someone else gets so that traditional endpoint protection that relies on “signatures” will not catch it. Your antivirus has to be smart enough to detect these kinds of threats regardless of the form they take.
Phishing is another threat that is increasing at a significant rate. The phishers are getting smarter, making their tactics much more complex and difficult to identify. It used to be very easy to notice when you got a phishing email: there were spelling or grammar mistakes, the branding was bad, and it just didn’t look authentic. Phishing scams are now designed to look more authentic and can trick a user that the phishing email, and the fake link provided inside the phishing email, is real. Once the bad guys have your account information, they can do all kinds of damage.
One of the more interesting and growing risks is cryptojacking. This is where criminals mine for cryptocurrency using computer resources (CPUs) they don’t own. Rather than steal your data or personal information, these criminals push malware onto a victim’s computer without them even realizing, then steal their processing and electricity resources to mine (and get paid) for cryptocurrency. Ultimately, this increases the victim’s power bill and affects their device performance.
SD: How does Webroot help the end-user prevent cyberattacks like the ones you mentioned?
AM: We do a great job protecting against all three threats, and more, because our solution suite is unique. We were the first end-point security company to leverage machine learning to recognize ransomware and other threats. We look at suspicious files, and if we don’t recognize them immediately, we start tracking what they’re doing and then send that information up to our cloud. You can imagine the large number of different instances of malware that exist (multi-variant malware). This is why we utilize machine learning, a progressively self-educating system that can recognize threats automatically and protect our customers much faster than threat systems that rely mostly on human recognition of new risks.
If we see a file on your computer that’s doing something we don’t recognize, we start “journaling”—or tracking what it’s doing. Once we recognize that it is bad, we will delete that file and roll back harmful changes that have been made. If it was ransomware and it was going to encrypt your files, we would be able to recover your information in most cases. Nothing’s perfect, but it’s highly, highly effective.
We have phishing protection that is also driven by machine learning, where we are able to look at the contents of webpages at high volumes. We scan the full page and send that information up to the cloud, so now we’re evaluating what’s in your browser rather than a file that’s running on your computer. That machine learning system can recognize indicators of a phishing site, and if it’s identified as such, then we block it.
Phishing sites are notoriously short-lived, the average time is about four to six hours, so even if a list of phishing sites gets published, it becomes irrelevant quickly. Being able to recognize those sites in the cloud, in real time, is definitely the most effective way to do it.
We also offer Security Awareness Training which educates business users on the latest threats through micro-learning style courses and serves up phishing simulations to train employees on what to look out for. After 12 months of security awareness training, users are 70 percent less likely to fall for a phishing attempt.
For cryptojacking, we look at the files and the pages that you visit, and we’re able to detect what kind of activity is happening on your machine and eliminate those programs.
SD: How does Webroot compete with the larger antivirus companies? What’s your specialty?
AM: The cloud-based nature of our system makes our solution extremely lightweight, paired with over a decade of historical threat data which makes our machine learning capabilities stronger than competitors who may have started on this path more recently. When you’re talking about 4 billion IP addresses and 30 plus billion URLs, to be able to look across the entire Internet multiple times a day and make determinations is not an easy task.
When we determine the riskiness of a site we are not considering just that site, but the sites and pages it’s linked to across the web. This is a unique capability of Webroot. We are leaders in network connectivity across the Internet with the ability to journal what’s happening on a machine and roll back.
SD: What are some of Webroot’s new products?
AM: The newest consumer product is Webroot WiFi Security, a virtual private network (VPN) product. What sets Webroot WiFi Security apart from other VPN’s is the incorporation of Webroot threat intelligence. There are many VPNs out there, but only a few from security companies, which I think is an important consideration. A VPN encrypts your information as you travel the internet, and Webroot threat intelligence is built into all our products. So, if you’re about to visit a site that we know is risky, we will notify you, which is an extra level of protection that most VPNs don’t offer.