Q & A with Gerhard Eschelbeck
Q & A with Gerhard Eschelbeck Webroot Software, Inc. is the creator and publisher of Spy Sweeper anti-spyware products for consumers, small businesses and enterprises worldwide. IT Security interviewed security expert and Webroot CTO and SVP of Engineering Gerhard Eschelbeck about the spyware problems in the enterprise.IT Security: How do you define spyware?Gerhard Eschelbach:  Spyware is any unwanted program that either monitors a user"s online activities, or installs programs without a user"s consent with the intention of profit or the capture of personal information. IT Security: How extensive is spyware in enterprises?Gerhard Eschelbach: Webroot has been tracking spyware infection rates in consumer and enterprise environments for several years. During this time, infection rates within the enterprise remain at unacceptably high levels. Currently, more than 80 percent of enterprise desktops are infected with at least one type of spyware. Even more concerning, malicious spyware, which includes system monitors and Trojan horses, remains prevalent within the enterprise, averaging more than one per infected machine. IT Security:How aware are enterprises of the problem?Gerhard Eschelbach: Today, every enterprise is aware of spyware, but unfortunately, many still do not fully appreciate the scope of problems it presents. Although equipping the enterprise to combat the rising tide of spyware ranks among the top two or three security priorities in every IT department, traditional approaches and general, broad-based security solutions do not adequately address the issue as many hope to believe. IT Security: What problems does spyware pose for enterprises? Are they limited to such things as privacy, for example, or do they also encompass productivity, business processes and others?Gerhard Eschelbach: The primary complaint associated with spyware and adware in the early days was productivity issues like workstation breakdowns, bandwidth suck, and the mix of IT and employee productivity issues associated with these problems. However, cybercriminals quickly realized the great economic potential of the enterprise and began to develop spyware programs of incredible complexity in order to infiltrate and expose sensitive network data for financial gain.Exposed network data might include: intellectual property and trade secrets; passwords, administrator privileges, applications; sensitive customer data, such as credit card or bank account information; employee and company financial information; litigation data, etc.The loss of network data integrity does not just adversely affect an enterprise’s competitive advantage, but can also open up an organization to legal and compliance problems. The more nefarious forms of spyware, such as system monitors and Trojan horses have the ability to push an enterprise out of compliance with the three major initiatives, HIPAA, Gramm-Leach-Bliley Act and Sarbanes-Oxley.IT Security:What are some of the mistakes that enterprises generally make in opening themselves up to spyware threats?Gerhard Eschelbach: A common mistake enterprises make with respect to spyware is the deployment of an inadequate solution to combat the threat, and the false sense of security this creates. Spyware and other unwanted programs often bypass traditional security defenses like firewalls and other perimeter solutions because the malicious programs are often disguised as legitimate traffic entering through well-established ports. Additionally, legacy security solutions and anti-virus software underestimate the differences between spyware and viruses. Many anti-virus solutions employ the same engine that was developed for virus removal when combating spyware and other unwanted programs - which has proven ineffective.Another mistake is the failure to protect the mobile workforce with a solution on the desktop. Because so many of today’s workers are mobile and often connect to the Internet from outside the protection of the network firewall and perimeter defenses, enterprises that fail to deploy centrally managed, client-server anti-spyware solutions that offer remote protection are putting the integrity of their network data at great risk.IT Security:Is everything that can be defined as spyware of concern to enterprises, and why? If not, what spyware should enterprises be most concerned about, and why?Gerhard Eschelbach: We see enterprises mostly concerned with two categories of spyware. Top of mind are the more malicious forms of spyware, which are focused on stealing confidential and proprietary information from organizations. The less malicious, but productivity-impacting variants of spyware are also key concerns for enterprises. IT Security: Can the security protections enterprises now have in place (firewalls, intrusion detection etc.) be used to also protect against spyware, and if so how? If they can’t, why can’t they?Gerhard Eschelbach: Only enterprises that have currently deployed dedicated, corporate-level, centrally managed anti-spyware solutions, or anti-malware solutions that include best-of-breed anti-spyware capabilities are adequately protected from spyware. IT Security: What extra protections if any do enterprises need to deal with spyware, and why do they need them?Gerhard Eschelbach: Aside from deploying dedicated anti-spyware defenses, enterprises should educate their corporate users on proper browsing habits, as well as safe email and IM usage. Enterprises must also ensure that operating systems are patched on a regular basis and that other security defenses in addition to anti-spyware systems are constantly updated with the latest definitions and threat information.IT Security: How will spyware evolve? What should enterprises expect with spyware in the future?Gerhard Eschelbach: What is so unique about the spyware threat is that it is financially motivated, making it one of the most rapidly evolving forms of malware. We expect spyware to become more aggressive in terms of ability and distribution, while web browsers will continue to act as the main gateway for spyware infections. To remain ever more stealthy and avoid detection, rootkit techniques are being blended with keyloggers and Trojans to build next generation spyware.IT Security:If enterprises put spyware protections in place now will they be enough to cope with spyware in the future? What should enterprises do to ensure they can deal with spyware in the future, as far as is practical?Gerhard Eschelbach: As spyware writers are refining their sophisticated techniques, defense mechanisms need to stay ahead of the curve. A combined signature- as well as behavior-based protection approach provides the ability to adjust to the changing threat landscape. It is also important to see spyware protection as part of a comprehensive protection strategy, and there are a few additional steps organizations should keep in mind: * Always keep your systems updated and patched with latest security patches* Login to your systems as a non privileged user – Administrative privileges should only be used if absolutely needed* Keep anti-virus and anti-spyware updated