Security Experts:

Proofpoint Launches Anti-Malvertising Solution

Cloud-based security solutions provider Proofpoint has launched a new offering designed to combat malvertising.

Based on technology gained from its August 2013 acquisition of Armorize, Proofpoint’s solution addresses malvertising threats for both publishers and enterprises.

For publishers, ad networks, servers, exchanges, optimizers, and demand-side platforms (DSPs), Proofpoint Malvertising Protection tracks the flow of malvertisements and warns owners about problematic ad networks, the company said.

For Enterprises, Proofpoint Targeted Attack Protection prevents malvertising infection of vulnerable site-visiting employees and warns IT teams of the suspect sites.

As more and more business-related sites carry advertisements, and attackers increasingly leverage the online ads ecosystem to target users, the security implications of malvertising are significant for publishers and Enterprises alike, Proofpoint said.

In 2013, it was estimated that more than 10 billion online ad impressions were compromised by malvertising, including ads served to visitors of such well-known sites as The New York Times, the London Stock Exchange, and Yahoo.

Many of the digital ad serving platforms being used today were developed over a decade ago and not designed to cope with today’s massive volume of transactions from buyers and sellers around the world, creating a constant stream of new vulnerabilities in the system.

Advertisers and agencies often utilize “third party ad tags”, allowing them to control and monitor their ads which removing the ability for publishers to be able to control what ads are served. With larger publishers, ad networks and exchanges having thousands of different ad tags running at any given time, monitoring all campaigns and creative being served is a challenge. These disparate systems have had no universal quality control because nothing is tied together, driving the need for automation and technology innovation to eradicate the vulnerabilities of this process.

Because a successful malvertising attack on a high-traffic site can represent a significant bounty for attackers, the threat remains persistent. The Online Trust Alliance [OTA] has been examining the issue (PDF) of malicious ads for years. Among its recommendations is to create an accreditation/authentication process for new clients and ad agencies and to decline those that do not meet its standards.

Google alone is cited as having disabled more than 400,000 malvertising-serving sites in 2013, more than 300 percent from the prior year.

According to Proofpoint, enterprises are challenged because of the prevalence of ads and specificity of targeting; employees often must visit ad-bearing industry-related sites in the course of their job, but such sites target ads based on visitor information, making attackers' jobs easier. The result is a world where a visitor to a legitimate website can have their computer security breached without ever knowing they've been compromised, and where even after being alerted of a malvertising campaign, publishers and networks are still unable to easily identify the problematic chain.

"While the industry has developed technologies to protect against targeted offensives leveraging advanced malware, attackers have continued to evolve their tactics in an attempt to stay ahead of defenses," said John Grady, Program Manager, Security Products at IDC.

"Watering-hole attacks leveraging malicious ad content on otherwise trusted sites are one such example," Grady said. "Enterprises suffer breaches as a result of these attacks, while the content providers unknowingly hosting altered ads lose brand equity and user trust. Proofpoint's Malvertising Protection and enhanced Targeted Attack Protection solutions address this common issue for both constituencies."

For Publishers and Demand Side Platforms, Proofpoint Malvertising Protection (based on technology from Proofpoint's acquisition of Armorize) analyzes not only the ad tags, but also the creative and the actual impressions served, providing unique insight into the entire ad chain and precisely pinpointing the problematic party within the larger ecosystem.

Proofpoint explains that this approach ensures that ads are authentic and unaltered, and that impressions are compliant with brand safety standards, ensuring safer and higher quality ad inventory and overall ad-ecosystem security. For Enterprises, Proofpoint Targeted Attack Protection prevents malvertising infection of site-visiting employees and warns IT teams of the suspect site.

"Malvertising is clearly a huge and growing problem, and we're pleased to introduce the industry's first two-factor solution for web site owners and targeted Enterprises," said David Knight, executive vice president and general manager of Proofpoint's Information Security Products Group. "Attackers prey on complexity and obscurity -- and we believe that Proofpoint Malvertising Protection and Proofpoint Targeted Attack Protection cut through both, providing unprecedented levels of visibility and security."

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.