Q&A: Gerhard Eschelbeck, chief technology officer at Webroot
We spoke to the chief technology officer of one of InfoSecurity 2010’s main sponsors to find out more about the rise of malware in 2010.
There is a lot of speculation in our industry as to where malware is coming from. There is a lot of data as well [that] has proven there are clearly areas, like Russia, that are big distribution points for malware.
The challenge is it doesn't necessarily mean when malware is being distributed from Russia that people from Russia wrote the malware. It could be people from China who wrote the malware, put it on servers in Russia and distributed it to England for example.
That is the difficulty because there are so many indirection points involved with malware that you don't really know where the real source is.
But speculation lets you believe that Malaysia and the Philippines are big trading points for malware.
How malware-savvy are businesses?
We actually conducted a survey earlier this year globally where we asked security professionals from the US, UK and Australia in terms of their current thinking what the protection strategies are today, how they got hit last year in terms of malware, what they have in place and what they are planning for the next year.
It showed that there is a tremendous amount of awareness for email security and the big worry is around web security. There is a tremendous amount of awareness in IT organisations that they need to do something about web security and this is the big area for organisations. They indicated that 2010 is going to be the year of protection for web security.
So I think email is pretty established already, they know what they need. Web security is really at the forefront of their minds.
I also think there is a great deal of awareness as a lot of people got hit last year with malware infections. The question is now how quickly can companies act.
Is the war against malware ever going to be won?
Malware is constantly changing, constantly evolving. The key is really that we have security solutions that are agile enough that they can adjust to the landscape.
My recommendation, and I think this is consistent with the rest of the industry as well, is a multi-tiered defence. You have the first layer of defence in the cloud, where essentially you can keep 95 per cent of the bad stuff out of your network, and then you have the last layer of defence on your desktop to essentially keep anything else out of there. So this two layer defence is really where I think the industry is going towards for the best protection.
I think here at the show you see companies focused on one side like the end point, or some companies do the cloud and some companies do both areas together but the key is really that companies are looking at this from a multi-tier defence model.