Webroot Inc. has purchased Portland, Ore.-based security awareness training vendor Securecast, and will use its phishing simulation and employee education platform as the foundation of a new “awareness-as-a-service” offering named Webroot Security Awareness Training.
Terms of the transaction, which closed last month, were not disclosed.
The deal occurs at a time of rising concern about security among SMBs. Indeed, 47 percent of the 600 U.S., U.K., and Australian SMBs surveyed recently by Broomfield, Colo.-based Webroot, with assistance from Wakefield Research, judged themselves susceptible to phishing attacks and 42 percent deemed themselves vulnerable to ransomware attacks.
Though products like Webroot’s SecureAnywhere Business Endpoint Protection and SecureAnywhere DNS Protection are essential elements of a complete defensive strategy, such systems are insufficient on their own to safeguard businesses from today’s constantly evolving threats, according to Chad Bacher, Webroot’s senior vice president of product strategy and technology alliances.
“In some cases, it’s incredibly difficult for them to secure their weakest link, which is their end users,” he says.
Currently in beta testing, with general availability projected for this fall, Webroot Security Awareness Training will enable administrators to create, schedule, and execute mock phishing attacks through the same management interface they use to administer other Webroot solutions. The system can then automatically direct employees who flunk the test to interactive online training courses on topics like using strong passwords, embracing data security best practices, and encrypting email content.
Vendors such as KnowBe4 Inc., of Clearwater, Fla., provide similar testing and training services. According to Bacher, however, Webroot’s security awareness solution will integrate with its endpoint and DNS security systems to identify and address vulnerabilities in ways that stand-alone offerings can’t.
“We can look kind of holistically across the board and see what’s going on from an endpoint protection standpoint, what’s going on from a DNS perspective, and then be able to make recommendations for those end users as far as who could be candidates or should be targeted to take that training,” he says.
Webroot chose to buy, rather than build, a security awareness platform to meet a critical customer requirement rapidly, Bacher continues.
“We just felt it was a very integral part of our overall strategy, and we wanted to be able to get to market as quickly as possible,” he says, adding that the company chose to purchase Securecast specifically based on the strength of its core phishing imitation and learning management features, as well as its compatible product design philosophy.
“They had a lot of the same overall guiding principles as far as it being a cloud-based solution, very easy to use, and geared toward MSPs, and we just felt that there was a really good match there,” Bacher says.
Webroot views security awareness training as a way for MSPs to both increase their top line by collecting incremental fees from customers and fatten their bottom line by reducing the number of data breaches they have to tackle.