John Vigouroux, CEO of M86 Security Addresses the State of Modern Web Security
Watch the video for an inside look at the challenges organizations face in combatting today's cybercrime epidemic. Understand why this is a serious, escalating problem, how it impacts all organizations and what you can do to prevent costly malware attacks.
Chief executive of M86 Security says every other security company bar his is misleading consumers about the malware protection they offer.
— IT PRO - Enterprise & Business IT News
Read the Full Article
Today we face a global malware epidemic from which no organization is immune. In fact, millions of organizations of all sizes are impacted. While cybercrime techniques become more sophisticated, dynamic and targeted, the security industry struggles to keep pace as it tries, unsuccessfully, to extend legacy database solutions. This leaves organizations vulnerable to damaging malware attacks, which can result in noncompliance issues, financial loss and expensive reputation damage control.
A Growing Underground Economy
Cybercrime has escalated more than 400% since 20071
As an industry, Cybercrime is experiencing unprecedented growth. What started with disparate hackers seeking notoriety evolved rapidly into specialized, organized businesses that steal sensitive information for profit. Because cyber-attacks are lucrative and easy to perpetrate, criminals remain highly motivated to find new ways to carry out their attacks.
This underground economy continues to thrive for three main reasons:
- Success: Modern malware is so sophisticated that it evades most security systems easily.
- Ease: Exploit kits make it easy for almost anyone to create, launch and monitor an attack.
- Low risk: Cybercriminals are able to carry out attacks with little to no risk of being caught.
What Is the Malware Gap?
Most security solutions block only 40% of malware, leaving a 60% gap in protection
Much of the traffic on enterprise networks is now Web traffic, and this is growing with the popularity of cloud computing and Web 2.0 applications. Most security solutions were developed as much as 20 years ago to protect from known threats on suspicious websites. That has all changed. Now, cybercriminals target legitimate websites for their attacks.
- 92% of attacks originate from the Web2
- 84% of all infected websites are legitimate, trusted sites3
This evolution in cybercrime has rendered most security solutions ineffective against dynamic and targeted malware. Solutions that were satisfactory three years ago, such as antivirus and firewalls, are now outdated. This is evidenced by the fact that URL filtering, antivirus, firewalls and other reputation and database-driven solutions block less than 40% of malware, leaving organizations unprotected from the 60% that evades detection. This malware gap gives cybercriminals easy entry into organizations' networks and data.
Real Threats, Real Damage
Conservative estimates put losses at $100 billion, with some research reporting losses up to $1 trillion4
Attacks on organizations are costly, not only in terms of money lost, but in the resulting damage to a company's brand and reputation. For example, recent attacks on a number of UK banks using the Zeus v3 Trojan (identified by M86 Security), and revelations that another large bank was the victim of hackers (Project Aurora), prove that cybercriminals target large institutions for sources of illicit income.
Furthermore, based on the results of benchmark tests M86 Security performed at a U.S. Fortune 5 bank, the annual cost of re-imaging computers to rid them of malware was approximately $3 million. It's a very real, very damaging problem.
1Detica report, 2011; OECD, IDC, 2004, 2010, FBI/IC3 cybercrime statistics, 2011, FBI 2005
2M86 Labs, 2010
3M86 Labs, 2010
4The Global Cybercrime Industry: Economic, Institutional and Strategic Perspectives by Nir Kshetri
Global News
SC Magazine interview with John Vigouroux
John Vigouroux, CEO of M86, discusses the malware threat landscape and the Global Cybercrime Calamity, June 2011.
» Watch the Video
Related Articles
'Scareware' Distributors Targeted
June 22, 2011
Teenager arrested on suspicion of hacking
June 21, 2011
Sega says hackers stole data of 1.29 million users
June 19, 2011
Microsoft warns of phone phishing scam
June 18, 2011
M86 Security is the only security company that protects against known and unknown (zero-day) threats in true real time. Our intelligent Secure Web Gateway solution uses layered technologies, including dynamic and static page analysis, virtual patching and dynamic Web repair, to provide the most accurate malware protection in the industry. These technologies protect our customers effectively, dynamically and proactively from the modern, sophisticated malware that evades other solutions.
Why Are M86 Security Technologies More Effective than Competitive Solutions?
- Proactive versus reactive
Solutions such as anti-virus and URL filtering rely on a database that must be updated before it can protect users. With these reactive techniques, organizations gamble that their security vendor will find the attack before their users do. Our technology is able to detect new and targeted attacks without having already seen the attack. This is because it does not rely on signatures or databases; instead it analyzes code on a Web page and determines its intent in milliseconds, so malware gets blocked proactively—before it can reach a user. - True real-time code analysis versus real-time classification
Rapid crosschecking of content against a list of known malware is completely different than scanning and analyzing code in real time. M86 Security's real-time static and dynamic code analysis technology actually blocks new malware milliseconds before it can execute, whereas our competitors compare code against a database quickly, but cannot actually prevent malware in real time. - Accuracy versus "best guess" methods
Other solutions look at individual pieces of code on a page to identify malware, but this will not find cross vector attacks, which use two or more separate pieces of code that work together to execute an attack. M86 catches malicious code that is hidden in cross vector attacks by correlating the individual Web components to provide the most accurate means of malicious code detection.
Proven Results
To back up our assertions, we ran benchmark tests for our customers to see just how effective our Secure Web Gateway solution is against the competition.
Identified the Most Malware; No False Positives
A large, independent U.S. financial institution conducted a non-biased test using our Proxy Comparator tool, which allows users to test the M86 Secure Web Gateway against up to four major Web security solutions. The results were compelling. Not only did our solution catch significantly more malware, it also produced no false positives, unlike the competition.
Accredited Claims
Our real-time protection claim has been certified after independent testing by the UK Government Information Assurance Body. The M86 Secure Web Gateway is the only product to receive this accreditation, proving that it delivers real-time, immediate protection against zero-day threats without the need for signature updates or databases.
Industry reports show that cybercrime cost organizations at least $100B in 2010. And that number is projected to double by 2012. How has the problem grown so out of control? And what can you do to fill the giant gap caused by antiquated security solutions? Find out in our live webinar, The Cost of Complacency: How Malware Impacts your Cost of Doing Business.
Join John Vigouroux, CEO of M86 Security and Michael Osterman, President of Osterman Research as they explore the current state of global Web security and find out what your peers really think about security in their organizations. Topics include:
- The financial and business productivity impact of malware
- How Web 2.0 and the increased proliferation of mobile devices accelerate the problem
- The level of protection available through various types of security solutions (hint: you may not be as protected as you think)
- How to address threats effectively and efficiently, every time
Featured Speakers
John Vigouroux
CEO, M86 Security
John Vigouroux is M86 Security's chief executive officer. He joined the company in April 2009, bringing with him more than 25 years of technology industry experience. John has led both public and privately held companies and is an expert in the remediation of Web security threats using modern, real-time technologies.
Michael Osterman
Principal of Osterman Research, Inc,
Michael Osterman is the principal of Osterman Research, Inc, a leading analyst firm in the messaging and collaboration space, providing research, analysis, white papers and other services to companies like Microsoft, IBM, Google, EMC, Symantec, and Hewlett Packard among others.
Read the Informative White Paper
According to a recent survey by Osterman Research:
- 78% of the organizations surveyed experienced at least one malware attack during the preceding 12 months
- Each organization experienced a median of five attacks during the period
- A typical organization experiences a malware attack every 73 days
These are just a few of the survey findings revealed in a new white paper prepared by Osterman Research and sponsored by M86 Security. To learn more about today's critical malware problem, the direct and indirect costs to organizations, and the hurdles faced in preventing these threats, read the white paper, "The Global Malware Problem: Complacency Can Be Costly."