A year of full of records for Hornetsecurity

A year of full of records for Hornetsecurity

All quarters show record results for new orders – number of employees grows explosively


Hornetsecurity closes out 2016 with another strong balance sheet: After already having achieved a record number of new orders in the fourth quarter of 2015, the IT security specialists reported an even stronger performance in 2016. They once again managed to outdo their results in all four quarters of the year – with the last quarter clearly surpassing the preceding ones. Overall, Hornetsecurity grew by 44% in 2016. The upcoming year also promises unchecked growth.


The successful development also had an impact on the staffing structure: A total of 19 new employees, including seven trainees, were recruited in 2016. Several additional vacancies are being advertised for 2017, meaning that the office newly occupied only two years ago is already reaching full capacity again.


“The past year has shown that cloud computing is an absolute growth market and that this technology is now much more widely accepted,” says Oliver Dehning, managing director of Hornetsecurity. “This is nevertheless only one of the reasons for the record numbers: New customers come to us primarily thanks to the high quality and the simplicity of our products.”


Hornetsecurity Advanced Threat Protection, which was only launched back in September, has already yielded significant contributions. With the new service, Hornetsecurity is responding to the changing risk situation in the field of email security: Whereas the flood of spam was the predominant problem only a few years ago, today aggressive, yet well-disguised viruses such as Locky or Petya are paralyzing entire companies by encrypting critical data within minutes. Hornetsecurity ATP even fights off CEO fraud and blended attacks.


The company’s will have another reason to celebrate in the upcoming year: Hornetsecurity will be celebrating its tenth anniversary.


Ransomware and CEO fraud interceptor

Ransomware and CEO fraud interceptor

The email gateway has now been permanently closed to attackers: Hornetsecurity Advanced Threat Protection (ATP) now provides companies with effective protection against sophisticated attacks.


Most importantly: The service detects phishing attacks, espionage attempts and ransomware from the first email and ensures that they cannot cause any damage. For this purpose, Hornetsecurity ATP relies on a unique package of protection mechanisms such as sandboxing, URL rewriting, URL scanning and freezing as well as several forensics systems. The package also includes real-time notifications – immediate, automatic notification of the customer in case of attack: Forewarned is forearmed.


The president of the German Federal Criminal Office estimates the extent of the damage caused by cybercrime at 50 billion euros in Germany alone. A significant part of these damages was caused via the email transport route, which is why it is imperative for companies to close this gateway to attacks. Although classic spam filters do help protect against the most common attacks via email, they do not provide sufficient protection against the increasingly frequent personalized attacks, ransomware or CEO fraud, at least in the early stages of an attack. Hornetsecurity ATP, in contrast, is already effective against the first malicious email, thus ensuring end-to-end security.


The forensics package on a variety of filters, which is unique in the market, is especially good at detecting CEO fraud: The filters use Intention Recognition System, Fraud Attempt Analysis, Identity Spoof Recognition, Spy Out Detection or Feign Facts Identification to check the email communication of individuals requiring special protection in a company, such as managing directors, authorized officers or accountants. Hornetsecurity also makes use of ATP Freezing. Here the system retains suspicious emails over a period of time, in order to subsequently re-scan them with updated signatures. Another important defensive tool is URL scanning, which opens links in file attachments that must not be modified and automatically scans them for malicious links.


Hornetsecurity ATP is also equipped with defense mechanisms like sandboxing and URL rewriting: the service uses sandboxing to check suspicious file attachments by opening them in a secure environment. The service then observes the actions the attachment performs and checks whether only one file opens or if it contains hidden links as well as whether the attachment performs malicious activities and accesses generally unneeded systems. Hornetsecurity ATP also replaces all links contained in an email with its own URL and then redirects the user to the intended target website via the Hornetsecurity Webfilter Service. This prevents the email recipient from accidentally surfing to a malicious website or downloading malware.


Another feature of Hornetsecurity ATP is the automatic notification in case of attacks: As soon as the service detects an attack, the customer’s security manager receives a detailed information email, allowing them to quickly warn their colleagues and issue a call for increased caution.


“We have packed more highly effective and multilayered defenses into Hornetsecurity ATP than any other ATP product offers,” says Daniel Hofmann, managing director of Hornetsecurity. “And the demand speaks for itself: We received numerous trial inquiries even before the release. And the customers already testing the Hornetsecurity ATP are full of praise about the product!”

IT Security Tomorrow

IT Security Tomorrow

How should the IT security of tomorrow look like ?


For a long time now, those responsible for IT security have relied on a quite simple principle: They separated protected internal areas, controlled and monitored by themselves (the “good” company network), from unprotected external areas, not monitored by them (the “bad” Internet). Between these was the perimeter. Data requiring protection belonged categorically in the internal area.


All data traffic which needed to be transmitted from the internal to external area, or vice versa, had to pass the perimeter. What data left the protected area could as a result be well monitored at the perimeter.Protection at the perimeter assumes that there are secure inner and insecure outer areas which can be clearly separated from each other. This has, however, not been the case for a long time now.


Important resources are today found outside the company borders (Cloud) and usage can basically occur from anywhere (Mobile) – with an increasing tendency. Systems that are actually operated within the inner area, and therefore count as protected, also have numerous access possibilities that circumvent the security mechanisms at the perimeter, be that through encrypted transmissions of data or because they, for example, establish their own wireless Internet connection.


Therefore, while perimeter security is still important for the protection of central internal systems, for a growing portion of the usage of IT systems in companies it is completely ineffective. Gartner estimates that as early as 2018, 25 % of the network traffic from companies will circumvent traditional security measures.Added to this is the fact that detection mechanisms for malware no longer function effectively. A broad analysis of the virus scanners available on the market undertaken by Lastline Labs in 2014 came to the following conclusions:


  • Only 51 % of the scanners were capable of detecting new malware samples within two days
  • After two weeks, the detection rate had merely improved to 61 %
  • Even after a year, 10 % of the scanners still did not detect a range of malware samples
  • Some malware samples were never detected


Added to this is the fact that malware is becoming increasingly short-lived. FireEye determined in an investigation that 82 % of malware is distributed within one hour and that it hardly re-surfaces after this, and 70 % of malware is only used in one single attack.


 In summary:

It is neither possible to cleanly separate secure network areas and systems from the insecure ones, nor to adequately prevent the penetration of malware, even in closely monitored systems and networks.And yet, it is clear: IT security is more important than ever before, also given the dramatically growing number of systems connected to the Internet – including critical systems – and the growing importance of data. So what can be done? IT security experts met recently in Cologne for a meeting of the Competence Group Security from eco – Association of the German Internet Industry, and discussed this question and possible approaches to the form IT security will assume in the future.


Starting point for deliberation:

Attacks on IT systems and networks can hardly be effectively prevented with traditional methods – at best they can be impeded. The enemy is already inside the gates. This is why it is all the more important to detect the intruder as quickly as possible and to analyze their actions so as to limit the damage as much as possible, prevent the leakage of important data, correct any possible alterations that have been made, and close any backdoors that have been installed.


Many attacks remain undetected for a period of time – weeks, month or even years can pass before the damage is noticed.In order to provide better protection, it is necessary to have permanent monitoring of the IT systems, networks and data streams, and in addition, the system events must be recorded and the logs retained for some time, in order to allow analysis and also to gain insight in retrospect into the actions of an intruder:


  • How did the intruder get into the system?
  • Which vulnerabilities aided his intrusion?
  • What data has been accessed?
  • Has data been leaked?
  • Have changes been made?
  • Exactly which systems have been affected?


It is also important to have a proactive, forward-looking view of the security of the systems and data in use:


  •  What are the security risks?
  • What could an attacker be interested in?
  • Which data is particularly valuable?


Critical systems and data must be especially well protected. For this, it is necessary to have a comprehensive view of company IT systems and an estimation of the importance of individual systems and data sets. Only then can special protection measures be effectively undertaken for these systems and data, without limiting the usability of the IT systems as a whole – which would result in a reduction in the acceptance of the security measures, or make them uneconomical.


Further important points:


  • Networked security: Joint action of a range of security tools that exchange information and through this allow a better overview and improve the detection and tracing of attackers.
  • Secure identification of systems and people: Who accesses systems and data?
  • Consistent use of encryption: Encryption may not prevent access to data in itself, but certainly prevents the unauthorized use and alteration of this data.


Professor Pohlmann, from the Institute for Internet Security from the Westphalia University of Applied Sciences, calls for a paradigm shift in IT security:


  • More encryption instead of open data: Fortunately, the acceptance and use of encryption has been increasing since the Snowden revelations, although there is still far too little encryption in use.
  • Reliability instead of indifference: Manufacturers and providers should take on complete responsibility for the security of the systems and solutions they offer.
  • Certification: Verifiable and verified level of security.
  • Proactive rather than reactive security: This leads overall to more robust and more reliable systems.
  • Object security instead of perimeter security
  • More collaboration rather than separation: Combatting the imbalance between attackers and defenders – e.g. through use of Cloud security solutions.


What is also becoming more important is that IT users must have at least basic knowledge of IT security and an understanding of its requirements. For this, measures are necessary for awareness and training.