Integrity of the Ad Supply Chain Anti-Malvertising Best ...•Malvertising: can generally refer to...

10/6/2012

1

Integrity of the Ad Supply Chain –

Anti-Malvertising Best Practices

Elias Manousos – CEO & Founder, RiskIQ

Neil Daswani – Engineering Manager, Twitter

Rizwan Husain – Dir. Of Product Management, Symantec

Summer Koide – VP Products & Services, ZEDO

© 2012. All rights reserved. Online Trust Alliance 1


10/6/2012

2



10/6/2012

3


• Malvertising: can generally refer to “malicious” advertising of

various sorts; connotation today is malware drive-by and fake a/v

via syndicated display ads

• Negative Effects ▫ To publishers: brand damage, blacklisting by search engines, support costs

▫ To ad networks: loss of revenue (publishers leave network), blacklisting (for

small/medium networks), loss of reputation (e.g., in ad exchanges), disabling of

ads (ad blockers)

▫ To users: loss of trust in publishers and ads online, data & identity theft

• What can each of the above do to protect themselves in the supply chain?

Malvertising: Negative Effects

Users Publishers

Ad

Network

A

Ad

Network

B

Ad

Network

C


10/6/2012

4

The intent behind this body of research and survey is to measure attitudes and perceptions of malvertising within the advertising operations community.

• Reveal awareness, understanding, and level of concern with respect to malvertising within this community

• Understand current methods employed to address malvertising problem

• Get a better idea of what is lacking in current approaches to malvertising issues

• Measure interest in Symantec solution to malvertising

after

Symantec & AdMonsters Malvertising Research


Methodology:

• Online interactive survey distributed to 6300 AdMonsters subscribers

• All recipients are self-identified advertising operations professionals

• Blind survey – Symantec not mentioned until introduction of Advantage solution

after

Symantec & AdMonsters Malvertising Research


10/6/2012

5

• 165 respondents in total – 2.6% response rate

• 124 from the United States

• 41 from other countries

after

Response to Survey - Demographics


• Out of 165 responses to the survey request, 2/3 of respondents were display advertisement publishers

after

Response to Survey - Demographics


10/6/2012

6

• Vast majority of respondents are familiar with the term “malvertising”, with about 10% overall unfamiliar

• Sub-segments with higher familiarity were those who:

• Have a higher level of concern about malvertising

• Place greater importance on malware protection

• Currently use a method to address malvertising issues

• Are director-level and above

• Are publishers with >1 billion ad impressions per month

after

Ad Ops Professionals Are Familiar with Malvertising


• The majority are concerned about malvertising, with an overwhelming majority saying malvertising protection is very important

• Those outside the US are less likely to place importance on malvertising protection

after

Protection Is Very Important to Publishers


10/6/2012

7

• Just over half of respondents have experienced at least one malvertising incident

• Publishers with > 1 billion ad impressions are significantly more likely to have a malvertising incident

after

Most Publishers Have Experienced Malvertising


• Majority of respondents place malvertising responsibility on the advertiser, and to a lesser extent, the ad network

• Strong majority say the consumer sees the publisher as responsible

after

Responsibility for Malvertising Is Generally Unclear


10/6/2012

8

• Over half of respondents have a method for malvertisement detection

• Satisfaction with current method is low – only 33% indicated a high level of satisfaction

after

Publishers Generally Unsatisfied with Current Methods


• DETECTION

• FORENSICS

• REPORTING

after

In Response To This Research..

Symantec AdVantage : Now Available


10/6/2012

9

Low Frequency, High Impact Problem


How an Advertisement Gets Published

Advertiser Agency Ad Network Ad Server Publisher

Coca Cola works with Advertising

agency McCann to create Coke Zero

Ad campaign.

Ad agency purchases inventory

from Ad Networks (Double

Click) which resells its to other

Ad agencies.

Ultimately the Ad will get sold to

a Publisher and displayed on

website. The ad can be sold

directly by the ad agency or

indirectly through the ad

network.

Points along the chain where malware can be inserted into an advertisement


10/6/2012

10

The Display Advertising Landscape

ADVERTISERS

PUBLISHERS


• Complex and growing ecosystem

• Security against “bad ads” wasn't a consideration In The

Beginning

• Lack of reporting framework makes this very difficult

• Lack of easy attribution makes source-discovery very

difficult

• Numbers Game: Malvertising is rare – won’t drive major

ecosystem improvements

Why This is Hard


http://www.gcasavvian.com/

10/6/2012

11

Prevention Detection Response

What You Can Do


What You Can Do: Prevention • Onboarding Checklist to vet new

advertising partners

• Work only with certified ad

providers

• Minimize risk by being consistent

with your checks

• Evaluate technical, personal,

corporate details • Don’t forget your Spidey Sense!


10/6/2012

12

• Be vigilant!

• Tag Screening Systems

• Monitoring Teams

• Browser Tools to identify ad

source

• Facilitate internal

communication

([email protected])

• Join industry discussion

groups

What You Can Do: Detection


• Create a response team and

plan

• Categorize complaint types

• Maintain emergency contact

details for all ad providers

What You Can Do: Response


mailto:[email protected]

10/6/2012

13

Thank you

[email protected]

Elias Manousos [email protected]

Neil Daswani [email protected]

Rizwan Husain [email protected]

Summer Koide [email protected]


mailto:[email protected]

Integrity of the Ad Supply Chain Anti-Malvertising Best ...•Malvertising: can generally refer to...

Documents

Transcript of Integrity of the Ad Supply Chain Anti-Malvertising Best ...•Malvertising: can generally refer to...