The ever growing need for faster protection time

Today’s Internet threats are faster and stealthier than ever, as attackers leverage advanced cloud automation and evasion techniques to bypass cyber defences. Perimeter security appliances and endpoint clients are increasingly too slow to stop these attacks, leaving companies vulnerable for hours, days, or even weeks to these types of attacks. In fact, many vendors appear to have conceded that they can’t stop threats at the perimeter, and have moved their focus to detection of threats after they’ve entered the network.  Here at Cyren we certainly feel that “defence in depth” continues to be the correct security philosophy and strategy, and of course the best form of defence is prevention. But that said a new approach to prevention is needed, one that performs fast enough to counter threats before they even reach users.

At its root cause, the problem lies in the legacy on-premise/appliance-based security architectures that have been put in place over the past 10 years. As the world has changed, with data and applications moving to the cloud and users working remotely outside the office, an on-premise security perimeter has become more and more problematic. With a limited scope of visibility to threats, the need for external periodic updates, and limited CPU cycles, on premise appliances struggle to deliver the depth and breadth of protection needed. Unfortunately this legacy approach will never perform fast enough to keep up with the increasing pace of innovation, automation, and evasive tactics we’re seeing demonstrated every day by cyber attackers.

In our opinion, the best way to deliver protection that is fast enough is to move security into the cloud. This cloud-based perspective provides two critical advantages:

·         Visibility – earliest visibility to emerging threats coupled with real-time shared threat intelligence across all the users in a security network

·         Scale and Performance – the ability to apply cloud-scale computing across a shared multi-tenant infrastructure delivers virtually unlimited throughput

In fact here at Cyren, we are moving strongly in this direction. Cyren has built out the world’s largest security cloud over the past 20 years, processing over 17 billion email, web and DNS transactions every day with a streaming architecture that allows us to detect threats as they emerge on the Internet, before they reach users. This global detection cloud powers our “front end” Security-as-a-Service offerings, including web security gateway, email security gateway, DNS security, and cloud sandboxing. These services provide inline blocking of cyber threats globally within seconds, delivering the industry’s fastest time to protection.

A bold claim you might say but fast time to protection is absolutely critical and this is what we have focused our time on over the years.  I will leave you with a few figures to emphasise the point.  Below are some statistics that provide some data to help paint a picture of the challenges facing the cyber security industry today.

Malware is faster and stealthier than ever…





1 minute

40 seconds


The median time for the first user of a phishing campaign to open the malicious email

Verizon 2016 Data Breach Investigation Report, page 18

3 minutes

45 seconds


The median time for the first click on the malicious attachment for a phishing campaign

Verizon 2016 Data Breach Investigation Report, page 18

50% opened


The number of users that open e-mails and click on phishing links within the first hour of an attack.

Verizon 2015 Data Breach Investigation Report, page 13

Less than 2 hours


Average duration of 25% of all malicious phishing URLs

Cyren analysis, Phishing Threat Report, August 2016

5 million uniques/hour


The Jaff ransomware outbreak that started on May 8, 2017, powered by the Necurs botnet, was delivering 5 million unique emails with 5 million unique ransomware attachments every hour (65 million emails over 13 hours).

Cyren Security Lab




Cyren’s security researchers  have found that HTTPS is now utilized for the distribution of 37% of all malware

Cyren Security Lab, <SSL webinar link>

97% unique


Nearly 97 percent of malware encountered on users’ computers is unique, as criminals automatically generate variants in order to stymie defensive software.

eWeek (


By Dan Maier, Vice President of Marketing, Cyren

GDPR Summit Series is a global series of GDPR events which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.

Further information and conference details are available at