Tag Archives: Cloud

Avira’s Secure Browser: Plans and Tactics (Part 2)

The goal with the browser is to create an easy-to-use, secure and privacy respecting browser. These are the more advanced tactics we will be using:

Our Cloud DBs

Adding cloud features to file scanning was a large success. The detection quality of malicious files went straight up. Short:

On the client there is a behaviour detection kind of pre-selection. If a file is suspicious the cloud server is asked if the file is already known

If unknown:

  • An upload is requested
  • The file is uploaded to the server
  • There we have several detection modules that cannot be deployed on the customers PCs (an AI with a large database, sandboxes for behavior classification, etc. ). They scan and classify the file
  • The database is updated
  • The results are sent back, you are protected

We built incredible databases covering malicious files during the last years. We should have something similar for the browser and use our large knowledge base and server side classification tools for web threats as well.

It should look something like that:

  • The browser detects something strange (“behavior detection”), this is called pre-selection
  • It asks the backend database if this is already known
  • If not: relevant data (URL, file, …) is uploaded for inspection
  • Our server based tool (and our analysts) will classify the upload and update our databases
  • The result is sent back directly (within milliseconds. Yes, the tools are that fast. We will try to improve our analysts 😉 )
  • You are protected
  • We are improving our “evil parts of the internet” map.

To get there we will have to improve the signal-to-noise ratio. We are only interested in malicious pages. If the pre-selection in the browser is too aggressive and sends non-malicious pages to us, it‘s a waste of CPU cycles and bandwidth. With millions of users as a factor, even minor slips will be expensive and annoying for everyone involved.

We will also remove private data before sending it (we are not interested in user data. We are spying on malware). Personal data is actually toxic for us. Servers get hacked, databases stolen, companies gag-ordered. Not having that kind of data on our servers protects us as well as you. I mean just think of it: Some web pages have the user name in the URL (*/facepalm*). I do not think we can automatically detect and remove that trace of data though. But maybe we could shame the web pages into fixing it …*/think*

The parts in the source that collect the data and prepare them for sending are Open Source. Here I am asking you to NOT trust us and review the code! :-)

I hope we find a simple solution to display the data being sent to us before sending. The only problem is that it could have a negative impact on your browsing experience. Having a modal dialog when you expect a page to load …

One option could be to at least offer a global configuration to switch cloud requests off (always, in incognito mode only, never) and show you in logs what got sent.

Advertising
We are selling libraries and databases covering malicious files and web pages.

You want your own AV? Or protection technology in your Tetris game to make it unique? Just contact our SI department and make a deal.

Other companies have thousands of web-crawlers simulating user behavior to identify malware.

Millions of real Avira users are our scouts and sensors.

Some branding

We need some branding. That would include Avira specific changes in the browser (names, logos, some other texts). But also links. This is not only relevant for brand-awareness but also to keep our users away from Chrome/Chromium support to avoid confusion (“Which Chrome version do you have ?” … listens … “we never released that, can you please click on “about and tell me the version number” … listen … “WTF?!?” => Confusion) and direct them to our support – who actually CAN help.

Hardening

We will always improve the build process. There are compiler switches for features called Position Independent Executable (PIE), Fortify Source, etc. that we should enable on compilation (many are already enabled). Most time here will be spent on ensuring that they do not get disabled by accident, are enabled on all platforms, and do not slow down the browser. This task can start simple and suddenly spawn nasty side effects. This is why we need TestingTestingTesting.

TestingTestingTesting

Google added the Hotwords feature to Chromium and Chrome. It’s a nice feature. But it switches on the microphone and “spies” on the user (this is a convenience feature many users want). For our secure and privacy respecting browser this crossed a line though. This is the reason why we will have to verify that no “surprise !!!”-Extensions get installed by default. One more task for our testers that add verification tasks to the browser to handle our specific requirements. Keep in mind: Chrome and Chromium already have very good unit-tests and other automated test cases. We just need some extra paranoia. That’s the job for our testers in the team.

More transparency

We will write blog posts covering all the features. The attacks they block, their weaknesses, what we did and will be doing to improve them. We will offer you a guided tour Down the Rabbit Hole. Go with us as far as you dare.

TL;DR:
There is so much we can do to improve the browser; without touching the core.

We reached the bottom of this specific Rabbit Hole.

Thorsten Sick

#content .entry-content
.bq{width:100%;border:1px
solid #dde5ed;margin-top:0px;margin-bottom:25px}#content .entry-content
.quest{margin:0px;font-weight:bold;font-size:16px;text-shadow:0px 1px 0px #f8fafb;padding:6px
11px;background:#eaeff5;border-top:1px solid #f4f7fa;border-bottom:1px solid #dde5ed}#content .entry-content
.text{line-height:19px;margin:0px;padding:10px;font-size:14px;background:#f8fafd;color:#758fa3}#content .entry-content .text
p{line-height:19px;background:#f8fafd;font-size:14px;color:#758fa3}

The post Avira’s Secure Browser: Plans and Tactics (Part 2) appeared first on Avira Blog.

World Back Up Day: Five Tips for choosing a Cloud Storage Provider

Billions of people use the Internet every day. We use it to work, play, create and share memories. World Back Up Day is an annual reminder to protect our most precious files from being lost forever.

After all, what would you miss if you lost everything?

Cloud based back up services are incredibly cost effective and most allow you to access your files from anywhere in the world.

So if you’re ready to celebrate World Back Up Day, I have five tips on how you can pick a secure cloud storage service.

Is it for business or personal use?

There are plenty of free options, before you trust a service with your personal or critical business files you should make sure it is reliable and secure.

What type of files are you storing and why?
Different cloud services offer various features and options that might suite your particular need. For example video or photos back up.

What level of encryption do they offer?

Does the cloud storage service offer encryption? If the provider is hacked, your data will be vulnerable. If the provider don’t provide encryption then you should consider encrypting it yourself before you upload.

Are there additional security features?
If possible, use additional security features like two-factor authentication and login notifications to help prevent unwanted breaches.

Do you have adequate backups?
Don’t rely on a single backup, especially for your critical files. You should also backup regularly.

 

Until next World Back Up Day, stay safe out there.

Five Tips for choosing a Cloud Storage Service

Cloud services are incredibly convenient and can also be a great cost saving measure. But you shouldn’t blindly place trust in cloud services without doing some research first.

If you are considering using a cloud service, I would strongly advise finding the answers to the following questions before signing on the dotted line.

Is it for personal or business?
There are plenty of free options, but you need to determine which is the most reliable and secure, especially if your business will depend on it.

What are you storing and why?
The different cloud services that are currently available offer a variety of features and options that may be better suited to a particular need.

What sort of encryption is available?
Does the cloud storage service offer encryption? If the provider is hacked, your data will be vulnerable. So if they don’t offer encryption then you might want to encrypt your vital documents before uploading

Does the service offer extra security?
Where possible use additional security features like two-factor authentication and login notifications to ensure you have the added layer of security to prevent unwanted breaches.

Do you have adequate backups?
Don’t rely on a single backup, especially for your critical files. You should also backup regularly.

Is your data secure in the cloud?

It’s a very broad topic so I chose to focus my answers on three particular things.

 

When you put your data in the cloud, someone else holds it?

There’s a security gap between the private and public cloud. You might have invested heavily in your own private cloud or on premise systems, but data on the public cloud are not secured by you. Who controls this data? Who is responsible for it and who is accountable should something go wrong? This needs to be addressed as a priority. Consider that CTOs and CIOs must as part of SOX compliance procedures sign off on their company data being secured and under control. Yet if that data is held in the cloud and you cannot audit the security measures there, then the reality is that it is being managed by someone else – the cloud service provider.

So what we need to focus on is understanding how we can help businesses get back control of securing their data.

 

Cloud and mobile has changed the assumptions businesses had that they can control all the devices being used within their organizations to access their data.

With cloud services, businesses have limited authority to define what security is being used by their provider to protect their data. Company executives might not like this situation, but they will still have had to confirm that their data is secure and compliant with regulations. This is a no-win scenario for businesses.

That fact that critical data is stored on cloud services means that the business is now effectively in someone else’s hands. There is the additional challenge of how the IT department can control a situation where an employee has their own device and wants to use it to connect to this cloud-based data using tools like Salesforce, for example.

If the malware is running on that device, the IT manager is not in control of identifying and fixing that. They are in the position of having to guarantee to the business that company data is secured when in fact that might not be the case.

Hackers realized this pretty quickly. They started to target individuals within organizations when they were off the network and interacting with the cloud via a device in order to retrieve data they needed.

I expect that this risk will soon become untenable. And in the near future, that we will start to see companies pushing back on signing documents that their data stored in the cloud is secure because in reality, that data is no longer part of their business, no longer within their control.

In small to medium sized businesses, there is less likelihood they will even have any sort of systems in place to manage this and so they ultimately have less control and less confidence that their private, business data is safe in the cloud.

 

The Internet of Things means businesses need long-term perspective for their cloud strategy.

This brings me to this last point. If we fast forward two or even five years, and look at the impact of the Internet of Things, it’s clear we need to start thinking already about how to connect and manage these new devices and sensors for business. More importantly, we need to harness the data that is coming out of them. We’ll want them to be under control and we will all start to use services.

We also have privacy to consider. This is one of the rising stars in security. It’s a big challenge and even law enforcement agencies are becoming more active in this area.

As the panel drew to a close, I emphasized that things will start to change. Cloud service providers should start to work with their client teams on premise to give back to that business a degree of control. This will be the first step towards giving CIOs and CTOs that confidence to sign compliance documents because they will be able to verify that company data is indeed secure.

AVG Technologies Announces New Managed Workplace® Enhancements to Partners at Cloud Summit

AVG’s RMM platform continues to evolve to give partners even tighter applications’ integration experience, reducing cost and complexity

AMSTERDAM and SAN FRANCISCO – October 23, 2014 – AVG Technologies N.V. (NYSE: AVG), the online security companyâ„¢ for 182 million active users, today gave partners attending its Cloud Summit in Arizona a first-look preview of key new features in AVG Managed Workplace®9.0, its open eco-system Remote Management & Monitoring (RMM) tool for IT resellers and managed services providers (MSPs).

Following continued close consultation with its partner-base, AVG is unveiling a number of significant technical refinements to its RMM platform that will enable MSPs to deliver an even more tightly integrated range of streamlined services through the same integrated management console.

Key advances among the new integration features and benefits for MSPs of the enhanced AVG Managed Workplace RMM platform are:

  • Increased automation – extends automation best practices in a scalable, repeatable manner to transform an MSP’s service delivery, thereby reducing the cost of creating and maintaining secure compliant devices
  • Enhanced reporting and alerting – refinements in automated, real-time alerting increase quality and breadth of data available to enable a fast, focused response to help remediate issues before they have a chance to escalate, helping to save time and money.
  • Boosted patch management – increases in efficiency of patch scheduling ability help proactively close the gap between patch availability and patch application, reducing vulnerabilities on individual devices and avoiding costs.

“Recent industry events like Shellshock and Gameover Zeus have shown businesses that it is still best to leave your IT in the hands of experts,” said Mike Foreman, General Manager, SMB, AVG Technologies. “Incorporating the constructive feedback from our partners, combined with a set of technical enhancements to our RMM platform provides our partners with enhanced levels of protection and control that will let their customers sleep at night.”

AVG’s business security portfolio is supported by a worldwide network of more than 10,000 partners.  Its pedigree in this area makes it ideally positioned to help smaller IT companies and MSPs harness low cost, cloud-based tools so they can transition into fully-fledged managed services businesses.

In October 2012 AVG introduced AVG CloudCare™, a cloud-based administration platform offering resellers a new way to implement and manage services such as antivirus, content filtering, online backup and email security services for their business customers. In June 2013 it added AVG Managed Workplace, an open eco-system Remote Management & Monitoring (RMM) tool. AVG‘s vision is to make the lives of MSPs and their business customers as easy as possible, regardless of whether staff are in the office, at home, or on the road.

AVG Managed Workplace 9.0 is scheduled for general availability from November 2014.

About AVG Technologies (NYSE: AVG)

AVG is the online security company providing leading software and services to secure devices, data and people.  AVG has over 182 million active users, as of June 30, 2014, using AVG’s products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVG’s products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.

AVG Technologies Previews New Identity-as-a-Service “CloudCare SSO” at Cloud Summit

AMSTERDAM and SAN FRANCISCO –  22 October, 2014 – AVG Technologies N.V. (NYSE: AVG), the online security company for devices, data and people, today unveiled a preview of its new Identity-as-a-Service (IDaaS) services to partners attending its Cloud Summit in Phoenix, Arizona.   Managed services provider (MSP) partners at the Summit had an exclusive first-look at how AVG’s full Cloud-security and remote monitoring & management (RMM) services portfolio can help MSPs deliver secure sign-on (SSO) for easy, one-click security and control over their customers’ cloud applications and mobile data.  Partners will soon be able to experience the breakthrough integration of Multi Factor Authentication, Secure Sign-On, Mobile Device Management and Mobile Application Management all managed through Active Directory to ease complexity and simplify management.

“The aim of today’s game changing advance in the expansion of AVG CloudCare’s cloud-based security and mobile management capabilities is to help MSPs grow their businesses further by enhancing the levels of protection and control built in to their customer services,” said Mike Foreman, AVG’s General Manager, SMB. “We know that with the rapid adoption of mobile, BYOD and Cloud applications customers will require additional expertise from partners to help control and manage all their users’ applications and data.  We are listening. That’s why, for the first time in this space, AVG is combining Centrify’s IDaaS capability with our existing RMM platform to provide a single, secure access layer to all our Cloud services as well as more than 2,500 of the most popular Cloud-based business apps for partners and their business customers.”

Underlying technology for AVG’s new IDaaS capability is driven by Centrify, a leader in unified identity management across cloud, mobile and data center environments.  Management of multiple passwords is a major headache for businesses, especially as they adopt more and more mobile and cloud-based applications.   Figures show up to 80 percent of end user breaches are password related. Furthermore, industry events like the Heartbleed bug have raised popular consciousness of the need for stronger password protection, especially in sectors like financial services or health where tight data security and privacy requirements are mandatory.

“IDaaS is solving real problems for the enterprise and thanks to the initiative of market-savvy companies like AVG the technology will soon be giving AVG partners and their businesses the same benefits in a format they can afford,” said Shreyas Sadalgi, Centrify’s SVP of Business Development for Centrify. “We are thrilled to be working closely with AVG, a globally respected security brand with one of the largest active partner bases in the industry.

An exclusive preview of the Centrify IDaaS solution is available to resellers and MSPs attending AVG’s inaugural Cloud Summit for partners taking place from October 20th-22nd 2014 at The Sheraton Wild Horse Pass Resort in Chandler, Arizona.

For more information or to contact sales for a free, not for resale account, please email [email protected]

AVG’s business security portfolio is supported by a worldwide network of more than 10,000 partners.  Its pedigree in this area makes it ideally positioned to help smaller IT companies and MSPs harness low cost, cloud-based tools so they can transition into fully-fledged managed services businesses.

In October 2012 AVG introduced AVG CloudCare™, a cloud-based administration platform offering resellers a new way to implement and manage services such as antivirus, content filtering, online backup and email security services for their business customers. In June 2013 it added AVG Managed Workplace, an open eco-system Remote Management & Monitoring (RMM) tool. AVG‘s vision is to make the lives of MSPs and their business customers as easy as possible, regardless of whether staff are in the office, at home, or on the road.

About Centrify

Centrify provides unified identity management across data center, cloud and mobile — resulting in one single login for users and one unified identity infrastructure for IT. Centrify’s software and cloud services let organizations securely leverage their existing identity infrastructure to centrally manage authentication, access control, privilege management, policy enforcement and compliance across on-premise and cloud resources. More than 5,000 customers have deployed Centrify across millions of servers, workstations, and applications. With Centrify, organizations are reducing their costs associated with identity lifecycle management and compliance by over 50 percent.

About AVG Technologies (NYSE: AVG)

AVG is the online security company providing leading software and services to secure devices, data and people.  AVG has over 182 million active users, as of June 30, 2014, using AVG’s products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVG’s products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.

All trademarks are the property of their respective owners.

70 Percent of MSPs Must Adapt Services to Capitalize on Internet of Things, AVG Study Reveals

AMSTERDAM and SAN FRANCISCO – October 22, 2014 – Roughly 1-in-4 (26 percent) small- to medium-sized businesses (SMBs) and managed services providers (MSPs) expect the Internet of Things (IoT) including multiple devices, wearables and Cloud-based services in general to generate more money for them than any of the other current big IT trends, according to a new survey announced today by AVG Technologies N.V. (NYSE: AVG), the online security company for devices, data and people. Almost three out of five (57 percent) SMBs agreed that IoT will help boost their revenues, a sentiment that was echoed by around two-thirds (67 percent) of MSP respondents. However just 18 percent of SMB respondents thought their IT provider was ahead of the curve regarding IoT management while 70 per cent of MSPs themselves admitted the need to adapt their services to meet customer expectations in this regard.

“Our MSP partners are telling us that the ‘Internet of Things’ is the one IT trend making an immediate difference to their bottom line and the business customers that they serve. A massive 7 out of 10 stated they need to amend their offerings to enable business growth.”  said Mike Foreman, AVG’s general manager, SMB

The study*, which interviewed 1,770 small businesses and MSPs in the U.S., Canada, the UK, Germany and Australia, also revealed more than half (55 percent) of MSP respondents say customers are demanding Internet of Things related services and over three quarters (77 percent) are planning to expand their service/product portfolio. However, they had better adapt quickly. Of those SMBs with an IT provider, 68% feel that their provider could improve their service with regard to Internet of Things offerings and understanding.

“The study shows clearly that as businesses grow to rely more and more on the Internet of Things and Cloud-based services to help generate revenue most MSPs are still some way short of being ready to help customers’ manage this,” continued Mike Foreman. “The research strongly indicates that MSPs need to significantly up their game and demonstrate enhanced levels of protection and control over their customers’ ever changing data and device needs.”

A summary of the other key findings in the study were:

SMBs

Almost half (46%) of SMBs think that the Internet of Things will be the IT trend that has the greatest impact on their organization over the next five years. An even higher proportion -around seven in ten (71%) – say that due to the Internet of Things their organization will need to take extra steps to secure and protect their data

  • Around three fifths (62%) of SMB respondents report that their organization has budget specifically assigned over the next 12 months for the development of Internet of Things solutions. 49% have a moderate or substantial budget assigned for these solutions.
  • Only 18% of SMB respondents say that their IT provider is completely ahead of the curve with regard to the Internet of Things and the potential for their business. Of those with an IT provider, 68% feel that their provider could improve their service with regard to Internet of Things offerings and understanding.
  • The majority (84%) of SMB respondents say that their organization has purchased mobile devices within the last year, spending an average of over $6,500 on these devices. Of those who have purchased mobile devices within the last 12 months, SMB respondents estimate that their organization spends an average of around $4,500 in hidden costs annually.

MSPs

  • Over half (55%) of MSP respondents state that customers are demanding Internet of Things related services and seven in ten (70% but only 56% Germany) say that they will amend their services based on the wants of the customer.
  • However, less than two fifths (38%) of MSPs say that their organization currently has an integrated remote monitoring and management platform.
  • Around three fifths (58%) of MSP respondents say that they will need to join up with cutting edge partners in order to successfully offer Internet of Things-related services. Currently only 38% of MSP respondents feel that the vendors they work with are cutting edge.
  • Furthermore around three in ten MSP respondents feel that their current vendor helps make efficiency savings (31%) or productive gains (25%) for their customers.

* AVG commissioned independent technology market research specialist Vanson Bourne to undertake this research.  1770 interviews were carried out during September 2014 with IT and marketing decision-makers of organizations with of 1 – 500 employees with and 85/15 per cent split between SMBs and MSPs. Interviews were performed across five countries: UK, US, Canada, Germany and Australia. Respondents to this research came from a range of industry sectors, with only the public sector excluded.

For more information, please see our video on the survey findings:

http://www.prnewswire.com/news-releases/70-percent-of-msps-must-adapt-services-to-capitalize-on-internet-of-things-avg-study-reveals-573155550.html

About AVG Technologies (NYSE: AVG)

AVG is the online security company providing leading software and services to secure devices, data and people.  AVG has over 182 million active users, as of June 30, 2014, using AVG’s products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVG’s products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.

All trademarks are the property of their respective owners.