Endpoint Security

Hal Lonas: “Webroot Delivers The Full Spectrum Of Security For MSPs and SMBs”

Expert Insights speaks to Hal Lonas, CTO of Webroot, to talk about how their solutions protect MSP and SMB customers from the full range of cyber threats

Expert Insights Interview With Hal Lonas Of Webroot

Webroot is one of the world’s leading enterprise cybersecurity companies. It provides Endpoint Protection, DNS Web Filtering and Security Awareness Training for Managed Service Providers (MSPs) and small and medium sized businesses (SMBs) around the globe.

Expert Insights spoke to Hal Lonas, Chief Technical Officer at Webroot and Founder of BrightCloud, the threat intelligence platform powering many of Webroot’s services, to talk about his industry experience, the Webroot platform, and to hear his insights on the cyber security landscape.

BrightCloud Threat Intelligence

Hal Lonas joined Webroot after they acquired BrightCloud Threat Intelligence, but his history with the cyber security industry goes back further.

“I’ve been a software engineer for you know, a zillion years, and I got started on this track when I became Director of Software Engineering at Websense in the year 2000,’ Lonas tells me.

“My role was looking at how Websense was classifying websites and innovating in helping people with security problems and even way back then, our thinking was that there had to be a better way to classify sites than getting roomfuls of people and getting them to browse the web and classify websites. Now that concept seems unbelievable, but that’s what was going on!”

“So, I became the founder of a company called BrightCloud, in 2006. Brightcloud’s mission was really to classify the web and IP addresses using automated methodologies such as machine learning.”

“Webroot was an early customer of BrightCloud, and decided to buy the company and technology,” Lonas explains. “This became a transformative event for Webroot, who were looking for a way to differentiate themselves from the other antivirus companies that were out there.”

Changing the Game with A New Security Approach

Webroot’s next purchase was PrevX, a leading provider of anti-malware solutions. Webroot integrating BrightCloud and PrevX was the beginnings of the endpoint protection platform they now offer.

“Webroot set out to transform the anti-virus game by investing in threat intelligence with BrightCloud, and with next generation cloud endpoint security, with PrevX,” Lonas tells me.

“Webroot figured out that by combining cloud-based, super lightweight, next gen endpoint security, with cloud-based threat intelligence, we could really have a game changer.”

“And so that’s what we did. In 2011, 2012, we developed really the beginnings of a platform approach that we feel has revolutionised the industry.”

“We architected the solution to be cloud based, based on machine learning threat- intelligence, and to be multi-tenant, globally distributed and to have all the customers on the same platform.  This means that if you were to hit a new website, or a new strain of malware on your machine, all of our other customers would be protected within about five minutes. This really changed the game, from what used to be a top-down, signatures, technology, to be really one of crowd protection, and a network effect based on everyone participating.”

“The other element to our success has been our very lightweight agent. This has meant that MSPS and SMBs love us because we have a very low impact on the machine, and because we have this cloud-based management console. We got these features before a lot of other companies, and so we were early to the game with the MSP centric management capability.”

“We have over 15,000 MSP customers representing 350,000 SMB businesses, so we’ve been very successful because of that.”

Why Small and Midsized Businesses Need Strong Cyber Security

“SMB customers are big targets for the bad guys,” Lonas tells me. “A lot of smaller and even midsized companies don’t realise this. They think, ‘oh, the bad guys are after enterprises and big companies.’ But this is simply not true.”

“The bad guys have learned to automate. So, for them, it’s easy for them to attack 10,000 small businesses, via phishing email campaigns. Many small businesses believe in this idea of security through obscurity, that they’re too unknown to get attacked. But that’s unfortunately not the case.”

Despite these issues, it can be difficult for small and midsized businesses to find the right solution. The cyber security market is very crowded, and it can be difficult to find the solution with the right features to protect your business.  
“We’ve done a ton of analysis from our product management standpoint, to figure out what to supply for small business,” Lonas explains. “There are four key technologies that we think small businesses need.”

How Webroot Protects Small and Midsized Businesses

“The first is definitely endpoint security.” Lonas says. “Small businesses need to have next generation, machine learning threat intelligence based, lightweight endpoint security. This is the best place to see the threats, and it’s the best place to protect against them.”

“We’ve done some really cool things on the endpoint that make it easy to own and basically completely automated. So unlike technologies that give you a lot of alerts and require a lot of management, ours will just protect you. So, it actually makes life easier for small businesses and for MSPs.”

“After all, the reason that SMBs are using MSPs is that they can’t afford the IT people to do security. So, the fact we can supply MSPs with world class threat intelligence, and enterprise grade security makes a big difference to their constituent businesses.”

Network Level Protection

“The second component businesses need is network-level protection, so we offer a DNS security product.” Lonas tells me. “This means if a user clicks on a bad link, or tries to go to a bad IP address, the DNS security will save you from going there. This is really important”

“Our DNS protection also allows admins to set policies on where their users can go, and offers cool reporting features. This means that if someone’s getting into trouble, admins get visibility into that. We provide a really strong level of network protection with our DNS Protection product.

Security Awareness Training

“The third crucial security element for small businesses,” Lonas tells me, “is Security Awareness Training. We all know that humans are the weak link in security, so training your users to be aware of security issues such as spear phishing attempts is crucial.”

“Our Security Awareness Training product is very MSP friendly. A lot of the time, MSPs can use it to get their foot in the door with a customer. An MSP may go up to a customer and tell them they need to beef up their security, and the customer may so “’oh no, we’re fine.’”

“But then the MSP can suggest running a simulated phishing campaign against their business, and if a lot of users fall for it, then the business knows they need to beef up their defences. Security Awareness Training is a very useful tool to show people how vulnerable they are.”

Back-up and Disaster Recovery

The fourth component that businesses need to be fully secure, is backup and disaster recover, Lonas tells me.

“Webroot was recently acquired by Carbonite, and they bring that backup element,” Lonas says. “We have a huge opportunity ahead of us to integrate Carbonite products onto the platform we have and then offer that to MSPs.”

Full Spectrum of Security

After the Carbonite acquisition, Webroot’s ability to offer these four core elements of security to their customers, makes them the strongest solution for small and medium sized businesses, in Lonas’ view.

“We provide the full spectrum,” Lonas says. “We defend businesses at the early aspects of an attack vector, such as clicking on a malicious link or going to a bad IP address, right up to the final layer of security, which is the case that ransomware has encrypted files on your machine, and we can provide a backup which means you can recover very quickly.

“Small businesses really need this kind of full spectrum protection, and this is really exciting for us going forward.”

How Webroot Keeps It’s Edge

The cyber security landscape has become very crowded, and it’s difficult for vendors to differentiate themselves to customers. With Webroot’s history of innovation in its space, I asked Hal how Webroot keeps its edge over other cyber security competitors.

“There’s two main aspects to it,” Lonas tells me. “One is that we have the best threat intelligence in the land. Some evidence for that is that we have over one hundred OEM customers of our threat intelligence service.”

“The other aspect is that you can have this great technology, but unless you understand your customers, and how they want to do business, you’re just going to miss the mark. We understand what MSPs and SMBs need and that’s really important.”

“We try to be available everywhere and work with MSPs however they want to work. So, you can integrate us with the top RMM providers like ConnectWise, Continuum, Kaseya and Ninja, so we can get to the MSP through whatever channel they want. 

“So those are the two big aspects that give us an edge, threat intelligence, and then understanding your customer, what they want to buy and how they want to buy.”

The Future of Cyber Security Threats

For my final question, I asked Lonas what he saw as the growing threats, or the threats on the horizon, that small and midsized businesses need to be aware of now.

“I think phishing is the biggest threat at the moment, Lonas says, “And that will continue to be the case. I think what may be overlooked is that the old days of phishing messages, or phishing emails being very easy to spot, you know the whole joke about the prince of Nigeria and stuff like that, or these really obvious typos in emails, those are going away.”

“I often talk about the fidelity of the adversary of these emails, and phishing sites getting better and better. There’s evidence that people are actually using machine learning and AI, very sophisticated technology, on the bad side of the equation.

“This means that we need to work, to redouble our efforts, to train our users and make sure they’re aware that the threats never stop.”

“I think that’s the most challenging aspect of what we do, as it’s an ever evolving, ever changing game, because we have a human adversary right, which is working on the other side to breach customers and try and circumvent what we do. It’s a very challenging thing to be up against.”

“So, people need to be aware that it’s a moving threat, and it’s actually becoming much more difficult to detect a sophisticated phishing email from a legitimate email.”

“Our DNS and Endpoint Protection products protect your email, because a user gets an email with a malicious link, we’ll protect them if they click that link.”

“The other threat we see more of is insider threats. We see disgruntled employees, that have an axe to grind with a company, and I think this is a very up and coming threat. It’s happening in big businesses, and it’s happening in small business that have intellectual property that’s key to their business and it’s a growing problem that hasn’t gotten enough attention.”

“Sophisticated phishing attacks and insider threats are the two big things I think people now currently underestimate, and the software and security levels we’ve talked about can really help guard against these threats too.”

You can read verified customer reviews of the Webroot platforms here:

Webroot Endpoint Protection

Webroot DNS Protection

Webroot Security Awareness Training

An In-Depth Look at Webroot Security Awareness Training