Q&A: Gerhard Eschelbeck, chief technology officer at Webroot

We spoke to the chief technology officer of one of InfoSecurity 2010’s main sponsors to find out more about the rise of malware in 2010.

Gerhard Eschelbeck

There is a lot of speculation in our industry as to where malware is coming from. There is a lot of data as well [that] has proven there are clearly areas, like Russia, that are big distribution points for malware.

The challenge is it doesn't necessarily mean when malware is being distributed from Russia that people from Russia wrote the malware. It could be people from China who wrote the malware, put it on servers in Russia and distributed it to England for example.

That is the difficulty because there are so many indirection points involved with malware that you don't really know where the real source is.

But speculation lets you believe that Malaysia and the Philippines are big trading points for malware.

How malware-savvy are businesses?

We actually conducted a survey earlier this year globally where we asked security professionals from the US, UK and Australia in terms of their current thinking what the protection strategies are today, how they got hit last year in terms of malware, what they have in place and what they are planning for the next year.

It showed that there is a tremendous amount of awareness for email security and the big worry is around web security. There is a tremendous amount of awareness in IT organisations that they need to do something about web security and this is the big area for organisations. They indicated that 2010 is going to be the year of protection for web security.

So I think email is pretty established already, they know what they need. Web security is really at the forefront of their minds.

I also think there is a great deal of awareness as a lot of people got hit last year with malware infections. The question is now how quickly can companies act.

Is the war against malware ever going to be won?

Malware is constantly changing, constantly evolving. The key is really that we have security solutions that are agile enough that they can adjust to the landscape.

My recommendation, and I think this is consistent with the rest of the industry as well, is a multi-tiered defence. You have the first layer of defence in the cloud, where essentially you can keep 95 per cent of the bad stuff out of your network, and then you have the last layer of defence on your desktop to essentially keep anything else out of there. So this two layer defence is really where I think the industry is going towards for the best protection.

I think here at the show you see companies focused on one side like the end point, or some companies do the cloud and some companies do both areas together but the key is really that companies are looking at this from a multi-tier defence model.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020