Business owners continue to learn the importance of going on the offensive to fend off cyberattacks. Unfortunately, many learn the hard away — after they’ve experienced a costly attack.
With a slew of cyber security products hitting the market over the last few years, it’s hard to know which ones to select for your business. I’m here to fill you in on one of my favorite security tools.
That tool is Webroot Evasion Shield, which helps safeguard businesses against ransomware, phishing, viruses, identify theft and other “digital dangers.”
The Overview: What Is Evasion Shield?
Evasion Shield is one of Webroot’s newest features. It’s a critical security layer that detects, blocks and quarantines script attacks, including file-based, fileless, obfuscated and encrypted threats. Evasion Shield is effective at protecting businesses from advanced cyberattacks.
To see Evasion Shield in action, you can watch this video.
The Nitty Gritty: What Exactly Does Webroot Evasion Shield Do?
Webroot Evasion Shield works to block file-based scripts like PowerShell, JavaScript, Visual Basic Scripts, wscript, cscript and more. It also works to block fileless, obfuscated or encrypted scripts.
I bet some IT administrators just read “block PowerShell scripts” and thought, “Oh, heck no!” Yes, as handy as scripts are (I’m guilty, I use all kinds of scripts to automate tedious or mundane tasks), the bad guys have leveraged the simplicity and ease of these scripts to encrypt your network.
Two important notes:
- Because so many people use scripts, Webroot added the Evasion Shield feature but didn’t enable it. Administrators have to go in and enable it.
- If you’re already a Gross Mendelsohn client and we manage your anti-virus/anti-malware subscription, Evasion Shield has already been silently working in the background for you.
How Is Evasion Shield Different From Anti-Virus?
You might be thinking that just about any anti-virus tool should pick up on a malicious payload in a Word document. Seems logical, right? The answer is maybe. Here’s why.
Once the anti-virus companies get a whiff of those kinds of files, they can create a definition so they’re blocked. However, what if a script kiddy whipped up a malicious script and there’s no definition for it yet? Most anti-virus tools will allow that script to run. But Webroot Evasion Shield will block it so even the zero-day malware cannot execute.
This is also handy for zero-day ransomware where the file may not be recognized yet, but if it starts running scripts in the background to lock up your data, this too can be blocked by Evasion Shield.
One cool feature of Evasion Shield is its “Detect and Notify” mode. Webroot detects scripts but lets you review them before taking action. This allows you to whitelist any known good scripts.
Still Not Convinced You Need a Tool Like Evasion Shield?
According to Barracuda, 48% of malicious attacks in 2018 came from document-based scripts. In 2019 that number grew to 59% in just the first quarter! These malicious attacks can be executed from Word, Excel, PowerPoint and PDFs, just to name a few. In most cases the Microsoft Office Suite warns you not to enable and run these scripts, but a lot of users ignore these warnings and enable them anyway, which often leads to an IT disaster.
With these kind of statistics, adding Webroot Evasion Shield to your organization’s cyber security arsenal is a good call!
Need Help?
Our Technology Solutions Group includes a team of cyber security experts. We’re happy to meet with you for a free cyber security assessment of your organization’s IT infrastructure. Or, you can contact us online or call 410.685.5512 with any questions.