With multiple levels of protection to be on the safe side

With multiple levels of protection to be on the safe side

Anti-virus solutions alone are not enough – but they still make sense

The world has become more complex, not only in politics and business but also in the field of IT security. Multi-layered defense measures are a must for companies if they want to effectively protect their IT infrastructure because cyber threats have also become much more versatile and professional. “Simple” solutions by themselves are no longer enough, yet still have their reason for being.

Until a few years ago it was relatively easy to organize the protection of your IT systems. And even today, there are still companies that rely on a few established defensive measures. Together with a firewall and a spam filter, classic AV solutions are still the standard to protect against intruders, and one of the main reasons this type of protection is generally accepted as a proven mechanism against malware. Antivirus products are highly automated and do not require extensive attention from IT administrators or security specialists, which saves money, time and effort.

Modern malware outwits classic AV products

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

On the other hand, the discussion has been smoldering for some time as to whether anti-virus solutions are still effective against malware at all or perhaps do more harm than good and should therefore be abandoned. The fact is, classic products for defending against malware no longer offer adequate protection. Classic AV scanners fail to recognize all malware specimens and many specimens are not recognized at all, even after many weeks or even months.

Strengths and weaknesses in malware detection are widely distributed among the various AV providers. In addition, new types of cyber-attacks are making life increasingly difficult for classic AV scanners. Polymorphic viruses, e.g. in the form of ransomware, are evading signature-based detection mechanisms in slightly modified forms. Classic AV scanners have little or no chance against file-less attacks such as CEO fraud as these do not contain any suspicious objects for investigation.

Equally problematic are links in documents that can lead to downloads of malware. Companies that solely rely on the use of classic security solutions weigh themselves in false security. Nevertheless, the use of classic AV scanners is necessary and sensible.

Many defensive measures spoil the attacker’s success

Modern IT security solutions and suites are built on the principle of multiple protection with multiple defense methods and there are good reasons for employing multi-level protection. If the first protective measures complete part of the task in a relatively simple way, the powerful and more complex filters behind it are no longer so heavily loaded and thus perform better.

Subsequent security levels based on heuristic or behavior-based filter systems significantly improve detection performance and thus increase the chance of being spared damage by malware. These include services that detect hidden links in emails or attachments, analyze the behavior of malware in a sandbox, or hold back suspicious email attachments for a certain period of time and then check these attachments again with updated signatures.

Many companies have recognized this and rely on a multi-part defense strategy with several defensive lines in place. This way, they minimize the risk of experiencing a nasty surprise and becoming victims of a cyber-attack.

Additional information:

  1. Hornetsecurity Managed Spamfilter Service for companies
  2. Want to learn more about Advanced Threat Protection? Find out more now!.
  3. Do you already know the Hornetsecurity Knowledge Base? Click here for more information.
Malware Analysis and Defense

Malware Analysis and Defense

Third part of the multipart “Defense against malware”

The workstations of our malware analysts do not differ from others in Hornetsecurity’s offices, even though the Security Lab is referred to as a “laboratory”. Erlenmeyer flasks, test tubes and Bunsen burners are not to be found, but quite normal computers. The work is done virtually, in sandboxes or by analyzing the data traffic. Nevertheless, the importance of malware analysts should not be underestimated, as it ensures that Hornetsecurity’s defense systems are always as up-to-date as possible and maintain the highest quality standard.

But what is the procedure for analyzing malware? Usually there is a very large, continuous stream of data to analyze. The main task is to extract valuable information from the raw data, process it and make it “intelligent”. To this end, analysts use various tools and programs to answer specific questions: What are the objectives of malware? Which characteristics are typical for the investigated malware? Is there any evidence of the attacker(s)? Ideally, actions can be derived from the findings such as writing new filter rules or creating algorithms.

Two different types of analysis

Two ways of analyzing malware are presented in more detail here. In static analysis, the code itself is viewed without executing the malware, while in dynamic analysis, the behavior of the malicious code is tracked in a secure environment.

In the static analysis, the analysts break down the malware to the smallest detail in order to draw conclusions from the code itself. For example, significant strings are extracted or shell scripts are started and further results are generated with disassemblers. Here you can find information on the activities of the malware and which features it shows, the so-called Indicators of Compromise (IoC). Based on the findings, the individual filter systems can be updated to prevent further attacks by this and similar malware as quickly as possible.

One possibility for dynamic analysis is to let the malicious code perform its task in the secure environment of a sandbox. This method can be well automated to obtain certain results. The filter systems can be updated based on these results. Does the code change certain files, does it make changes in the registry or has it generally adapted the system settings to DNS servers, for example? Who does the malware contact? These and other questions can be answered in the following way.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Various possibilities of use

The most obvious application of the data obtained from malware analysis for IT security companies is to improve their defense methods and thus better protect their customers from attacks. To do this, analysts extract certain binary patterns and use them to create so-called Yara rules with which malware samples can be found, categorized and grouped. Behavior signatures applied in the sandbox can detect and categorize certain behavior patterns of malicious code.

An example: In the sandbox, an Office document in the file attachment is opened. There the behavioral signatures recognize that the document to be examined begins to collect and send information about user accounts. If this analysis takes place in a cloud-based environment, it is then possible to intercept the conspicuous emails and thus completely block the attacks.

All of these and many other defense measures should help to intercept and prevent an attack at the earliest possible point so that the damage caused by malware is as small as possible or, better yet, does not occur at all.

Much of the raw data obtained by malware analysis and the findings derived from it are also useful for general prevention. Research projects can benefit from this and make their scientifically-sound results available to the general public. In addition, the publication of malware analyses also serves to educate the public. Increasing knowledge about the approaches of cyber attacks and malware attacks helps to limit their success rates.

Avira migration in record time

Avira migration in record time

Hornetsecurity successfully migrates more than 3,000 customer domains of the Avira spam filter in 8 weeks

Hannover, Germany, June 11, 2018 – The migration of existing Avira Managed Email Security customers to Hornetsecurity’s Managed Spam Filter Service has been completed. In just two months, the cloud security specialist from Hannover moved all customers and partners, including the existing configurations, to its cloud. In advance, Hornetsecurity, in cooperation with Avira kept partners informed about every step of the migration. The training team held weekly online training sessions on the new functions, and Hornetsecurity’s 24/7 support team was also available to assist the partners at all times.

“This was the fastest and smoothest migration we have ever experienced,” said Beat Kramer, CEO of Avira’s US distributor Contronex. “In the first webcast with the Hornetsecurity support team, it became clear that we can now offer a significantly extended feature set to our customers. The Hornetsecurity Spamfilter Service offers a multitude of additional functions and a transparent, multi-tenant management console. In addition, the other Hornetsecurity services perfectly complement our existing cloud security portfolio. That’s why we started selling to new customers shortly after the migration and signed a distribution agreement with Hornetsecurity for the USA”.

“We are very satisfied with the process of moving all active customers into our system,” adds Daniel Blank, Managing Director of Hornetsecurity. “Thanks to good preparation and professional project management we have succeeded in migrating almost 80% of the existing domains. This enabled us to expand our global partner network by more than 150 partners. This is an excellent starting position to further drive our growth in the USA, South America and Europe”.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

As a result of the conversion, partners and customers now benefit from numerous additional features offered by Hornetsecurity’s spam filter service: Additional anti-virus engines, an infomail filter for advertising mails, an individually adjustable spam report and an Outlook add-in to name but a few. In addition, new customers can enjoy the guaranteed detection rates of 99.9% for spam messages and even 99.99% for virus mails, which guarantees a very high level of protection.

“The cooperation with Hornetsecurity during the migration of our customers and partners was extremely smooth”, says Christian Milde, VP Partner Sales of Avira. “We have done everything to support the migration process and Hornetsecurity has welcomed our partners with open arms right from the start. I am convinced that there could not have been a better partner for this mammoth task.”

“Of course, we at Avira are now also using Hornetsecurity’s cloud solutions” adds Christian Milde. “Our technicians and developers are used to keeping IT security under control at all times. In this case, the migration went smoothly and our administrators are absolutely thrilled.”

“Security Made in Germany – a promise that combines Avira and Hornetsecurity.”
concludes Daniel Blank.

Partnership between Hornetsecurity and SourcetekIT

Partnership between Hornetsecurity and SourcetekIT

Cyber security solutions providers Hornetsecurity and SourcetekIT have announced a partnership to resell Hornetsecurity’s cloud-based software solutions to SourcetekIT’s existing managed services customers across North America.

Hornetsecurity’s global headquarters is in Hannover, Germany, and SourcetekIT is based just outside Toronto. Both recently opened their first United States offices in Pittsburgh.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

The partnership provides an opportunity for the companies to combine their services in collaboration against current and potential online threats.

In April, Cyber Defense Magazine awarded Hornetsecurity with a 2018 InfoSec “Cutting Edge” award in the category of Advanced Persistent Threat.

“This is an excellent fit for both companies,” Hornetsecurity CEO Oliver Dehning said. “We pride ourselves on offering flexible, personal care to our clients and being a channel-focused company with a network of partners like SourcetekIT who are trained to support the individual needs of customers.”

SourcetekIT was recently named one of the top 100 service solution providers from Computer Dealer News (CDN), Canada’s leading IT security news outlet.

“To expand our vision for our Next Generation Managed Security Service offerings, we needed a cost effective and powerful solution to meet the security needs of businesses,” said Dan Gribble, vice president of sales and business development for SourcetekIT. “With Hornetsecurity, our partnership will help companies reduce risk, provide threat detection and ensure compliance.”

Hornetsecurity updates Advanced Email Signature and Disclaimer with new features

Hornetsecurity updates Advanced Email Signature and Disclaimer with new features

Pittsburgh, May 08, 2018 – Hornetsecurity, a German-based cloud security solutions company that recently opened its first United States base of operations in Pittsburgh, has updated its Advanced Email Signature and Disclaimer service with new features that provide significant upgrades and additional user-friendly applications.

Advanced Email Signature and Disclaimer Editor

Advanced Email Signature and Disclaimer Editor

Advanced Email Signature and Disclaimer - Hide empty fields in the editor

Advanced Email Signature and Disclaimer – Hide empty fields in the editor

Advanced Email Signature and Disclaimer Disclaimer offers an elegant solution for creating uniform company-wide content by ensuring all email signatures are attached in the same format, regardless of whether the message was sent from a PC, tablet or mobile phone.

Advanced Email Signature and Disclaimer Editor

Advanced Email Signature and Disclaimer Editor

In the original version, some fields in certain signatures would remain empty. Thanks to this upgrade, users can create additional sub-signatures within existing signatures, including slogans, logos or banners that promote upcoming trade shows or new products a company wants to highlight within a specific timeframe. Companies can activate and centrally manage the sub-signatures on a group basis, as well as use them for targeted marketing campaigns.

Advanced Email Signature and Disclaimer Mobile View

Advanced Email Signature and Disclaimer Mobile View

Advanced Email Signature and Disclaimer Mobile View (empty fields)

Advanced Email Signature and Disclaimer Mobile View (empty fields)

Advanced E-Mail Signature and Disclaimer Editor Untersignaturen

Advanced E-Mail Signature and Disclaimer Editor Untersignaturen

In addition, users can now include signatures and disclaimers not only within HTML emails, but also in plain text emails, significantly increasing the consistency and professional appearance of corporate email traffic.

Advanced E-Mail Signature and Disclaimer

Advanced E-Mail Signature and Disclaimer bei E-Mails mit Plain Text

“The signature at the end of a professional email is like a digital business card and serves as an important branding tool for every company,” Hornetsecurity CEO Oliver Dehning said. “With these newly added features, IT administrators and corporate marketing teams will have fresh opportunities to shape, sharpen and strengthen their company’s image.”

Further information to Hornetsecurity Advanced Email Signature and Disclaimer :