dual detection engines - using layered security to battle cybercrime

© 2014 CYREN Confidential and Proprietary 1

Is Your Embedded Solution an Army of One?Using Layered Security to Battle Cybercrime

17 September 2014Live Webinar Event


WHAT IS LAYERED SECURITY?

Lay•ered Se•cur•i•ty (\ˈlā-әrd\ \si-ˈkyu̇r-ә-tē\) n.1. Combining two or more embedded engines, each of which brings different detection benefits, to enhance threat detection capabilities with the objective being to significantly reduce the risk of cybercrime, including malware, viruses, spam, and phishing. 2.Aggregate threat detection feeds from multiple sources, including other companies and other internal feed sources, into one single threat detection solution that can be delivered to customers


TROUBLING INTERNET SECURITY TRENDS

75% of all sent email Up by 131% in 2013 Up by 264% in 2013

Source: CYREN 2013 Security Yearbook, Q2 2014 Internet Threats Trend Report


HIGH PROFILE SECURITY BREACHES


ATTACKING INDIVIDUALS


For End Users: Increased Frustration Cluttered inboxes Unnecessary exposure to threats, e.g. Phishing Lost communications Lost productivity

For Providers: Lost Profit Increased support burden Increased infrastructure load Customer loss or ‘churn’

…WITH REAL BUSINESS IMPACT


LAYERED SECURITY— TWO ENGINES, TWO VENDORS

IncomingEmail

DeletedAttachments

Clean emails

Service Provider environment or Vendor Endpoint

Other Vendor

MTA or other application


LAYERED SECURITY— TWO ENGINES, ONE VENDOR

IncomingEmail

DeletedAttachments

Clean emails

Service Provider environment or Vendor Endpoint

MTA or other application

Local classification

cache

Cloud-based pattern detection

Multi-layer File scanning


LAYERED SECURITY— CYREN DETECTION COMPONENTS

Polymorphic Scanner Android malware Scanner

Cloud lookup module Encrypted File Scanner

Compressed File scannerPDF/Text Scanner

Heuristics Intelligent Signatures

Threat Data


RPD IN ACTION: REAL‐TIME THREAT MONITORING IN THE CYREN SECURITY CENTER

CYREN.COM/SECURITY‐CENTER


THE KEY: RISK MITIGATION

Assumptions:25,000,000 Emails/Day18,750,000 Spam Emails/Day (75%)

98% Detection Rate: 18,375,000 Spam Emails Detected375,000 Spam Emails Undetected

99% Detection Rate: 18,562,500 Spam Emails Detected187,500 Spam Emails Undetected 0

50,000

100,000

150,000

200,000

250,000

300,000

350,000

400,000

98% Detection Rate 99% Detection Rate

Spam Exposure by Detection Rate

With a 1% improvement in Detection Rate, exposure (risk) is reduced by 50%


\\ LAYERED SECURITY: ANTI‐VIRUS EXAMPLE

Problems: • Initial engine often missed malware ‐> long

wait times (typically up to one hour or more) to get new dat files

• Unable to get bug fixes/enhancements completed from their vendor in a timely manner.

• No consultative support on how to optimize security solution.

Solutions: • Added a second anti‐virus engine

(CYREN) to improve detection rate –capture more malware, reduce risk/exposure to company and users.

• As a result of the second engine, they improved their scanning performance, reducing their operational requirements.

• Qualitative benefit of additional support, consulting services & bug fixed/enhancements on a faster turn.

SERVICE PROVIDER (PREFERS ANONYMITY)

An alternative perspective to consider: Another important goal for AntiVirus is to be FAST & ACCURATE at scanning CLEAN files also ‐ optimizing resources.


\\

INTERNET SERVICE PROVIDER (PREFERS ANONYMITY)

LAYERED SECURITY: ANTI‐SPAM EXAMPLE

Problems: • This company was not getting the detection

rates they desired with their first engine.• They were searching for a company that could

integrate well with their infrastructure and current solution.

• Looking for a dedicated outbound anti‐spam solution

• They were looking to augment their email solution with Virus Outbreak Detection (VOD) and Anti‐Virus solutions

Solutions: • Added a second anti‐spam engine

(CYREN) to improve detection rate –capture more spam, reduce risk/exposure to company and users.

• CYREN was easily integrated into their infrastructure which is based on the Bizanga MTA (now Cloudmark).

• CYREN’s solutions can be combined for bullet proof solution: AS, AV & VOD.


\\ LAYERED SECURITY: URLF DATABASE + PHISHING FEEDS

RSA gets its phishing feeds from different providers, and uses them in combination to set security priorities. RSA uses CYREN’s phishing feed.

How CYREN’s Phishing Feed Works:

RSA’s PROCESS:• An analyst reviews the high priority URLs,

and checks to confirm it is phishing. • If a URL is confirmed as Phishing, RSA will:

1. Check if the URL belongs to one of their customers and, if so, alert them.

2. Use this data to sell their service to new customers: they get this fresh feed every 5 minutes. This is an almost real‐time service that they provide to their customers to protect and notify them on new possible attacks.


LEADING PROVIDER OF INTERNET SECURITY TECHNOLOGY AND CLOUD‐BASED SERVICES

NASDAQ: CYRN


GLOBAL REACH

OFFICESDATA CENTERS


WHAT MAKES US DIFFERENT

++

SPEED, ACCURACY, AND REAL‐TIME INSIGHT

We see more than anyone else.

RECURRENT PATTERN DETECTION

Our patented detection technology

GLOBALVIEW CLOUD

The most robust transaction base in the industry


We focus on our core competencies so you can focus on yours. Products designed for

partners Won’t compete for your

business

COMMITTED TO PARTNER SUCCESSWHAT MAKES US DIFFERENT

dual detection engines - using layered security to battle cybercrime

Technology