Understanding and Mitigating the Enterprise Spyware Threat Webroot

Understanding and Mitigating the Enterprise Spyware Threat Webroot Software Chris Echelmeier Regional Account Manager Tim Greenfield Regional Sales Engineer (303) 442 -3813 x 539 (303) 442 -3813 x 622 Chris. E@webroot. com TGreenfield@webroot. com

Agenda privacy ● protection ● peace of mind • • About Webroot State of Spyware Q 3 2005 Spyware vs. Viruses Next generation spyware characteristics Importance of focused spyware research Solution overview & architecture Spy Sweeper Enterprise Demo 2

About Webroot Software privacy ● protection ● peace of mind Market LEADING provider of Best-of-Breed anti-spyware technology § § § § Founded 1997 by a “white hat” – always a privacy company Privately held and continuously profitable Installed base of 5, 000+ enterprise desktops 10, 000+ enterprise customers Installed on over 10, 000 consumer desktops 35, 000 units/week by Geek Squad #1 best seller across all software & PC game categories 12/2005 Industry’s largest spyware research center § Proactive spyware research methodology via Phileas Global sales and support, HQ in Boulder, Colo. Advanced Technology Center HQ in Silicon Valley 3

The Market Leader - Webroot Software privacy ● protection ● peace of mind Source: Radicati Group August, 2005 4

Webroot Customers privacy ● protection ● peace of mind 5

State of Spyware Report – Q 4 2005 privacy ● protection ● peace of mind • Industry’s first & only report specific to this security category § Quantifies the spyware threat based on solid statistical data • Details threat prevalence, infection rates, and delivery mechanisms § Tracks data for consumer & enterprise segments • Utilizes Webroot’s Spy Audit and Phileas© technology • System Monitors increased 50% in the last three quarters • FBI survey: 64% of businesses experienced a business disruption caused by spyware…extrapolated costs across US businesses…$62 B • Next generation: targeted & blended threats (Trojan delivers custom Keylogger) 6

Sample Spy. Audit data privacy ● protection ● peace of mind 7

The Spyware Problem - Risk Impact privacy ● protection ● peace of mind • Access proprietary corporate information § Compromised passwords, admin privileges, applications • • Intellectual Property Sensitive customer data Employee & company financial information Litigation data • Direct implications to Compliance § Gramm Leach Bliley § Sarbanes Oxley § HIPAA • FDIC Guidance on Mitigating Risks from Spyware - July 2005 § Sent to all FDIC insured banks in the United States § Advises consideration of spyware as part of the overall risk assessment process § Recommends actions to mitigate threat – including implementing anti-spyware solutions 8

How is Spyware Different from Viruses? privacy ● protection ● peace of mind § Fame vs. Fortune § “Vandalism” & “Internet Graffiti” vs. $$$ …Have virus writers grown up and moved out of Mom & Dad’s basement? § Harder to Find § Passive vs. Active Research – “Honey Pot” vs. Webroot’s “Phileas” § Harder to Remove § Virus - 1 file (“trace”) on an infected desktop § Spyware - between 10 and 2000 traces § Tedious, step-by-step removal routines…polymorphic code, registry entries, watcher programs, related processes § Propagation vs. Hiding § More Complex “Engine” § AV engine designed to detect a few types of malware, good at blocking/detection, but weak at removal. § Spyware can be literally any program…defining is difficult…engine needs to keep pace § Signature, memory “fingerprinting, ” behavioral detection, advanced shields § Harder to Keep Up § AV = commodity threat; anti-spyware is an evolving threat § Ever-changing websites aimed at breaking through perimeter defenses § 99% are new variants aimed at avoiding detection and removal § Bottom Line § RESEARCH is KEY § Suite vendors have always been late to address new threats (spam, …) § Too much dependency on a single vendor weakens security and enables exorbitant fees without recourse 9

Advanced Research - PHILEAS© privacy ● protection ● peace of mind • Overview of Webroot Phileas© System § Largest database of spyware web-pages § 1 hour of 1 Phileas© bot equals 10 days of manual work § Finds malware globally – language independent § 50 person Spyware R&D – largest in the world – and now the most efficient • Traverses 1000 s of urls/second § Visit over 60, 000 html pages/day § Optimized constantly for speed of web traversal § Database updated on a real-time basis • Benefits § Catches bad guys’ R&D/beta spies! Zero day protection “Google for Spyware ” 10

Second Generation Spyware privacy ● protection ● peace of mind § § § § Disguised as legitimate traffic (services. exe, explorer. exe) Polymorphic (Self-modifying code) Process monitoring to prevent removal Changes system security levels, properties and preferences Embeds itself deeper into the OS…ring 0…harder to remove “Hijacker mentality” Uses vulnerabilities and Trojans to install (recent WMF) 11

Patent Applications Last Quarter privacy ● protection ● peace of mind • Webroot is an agile innovator, which has led to our success • Celebrating over 65 Patents Pending § Mike Wilson – System and Method for Removing Multiple Related Running Processes § Justin Bertman/Matt Boney – Statistical Analysis of Web Content § Michael Burtscher – Disk Scan Speed Improvements § Jeff Horne – Advanced Memory Scanning of Encrypted Executables § Jeff Horne – Dynamic Memory Offset Signature § Jeff Horne – Advanced Inline Memory Scanning § Jeff Horne – Zero Day & Custom Keylogger detection § 12 Patents on Phileas and 7 pending 12

Technology Evolution / Roadmap privacy ● protection ● peace of mind Technology Research Methodology Frequency/ Accuracy of definitions Targeted attack protection Comprehensiveness of Removal Advanced behavioral shields Kernel / driver level protection Business Model In memory analysis Basic shields MD 5 signature checking File name matching 2003 2004 2005 2006 13

Suites & Best-of-Breed privacy ● protection ● peace of mind • • Is a suite the best solution when it is multiple products cobbled together? If they are all Best-of-Breed…Of course And customers lose control – of technology, pricing, & support What does Best-of-Breed mean? § § § Best at current threat…more agile to adapt to future threats Best research Best definitions Best engine Most effective • Detect – knowing what’s there is the first step in cleaning • Block – prevent from coming back • Remove – fully remove from system…leave no traces behind which can be used in future Defense-in-Depth / Defense-in-Disparity / Best-of-Breed 14

Block / Detect / Remove privacy ● protection ● peace of mind 15

Spy Sweeper Enterprise 2. 5. 1

Webroot Solution Architecture privacy ● protection ● peace of mind Centrally managed, scalable solution with most comprehensive removal engine available 17

Spy Sweeper Enterprise Demo