F-Secure as part of Trusted Cloud ecosystem has introduced Security Cloud service, which checks the standard of WWW page security for their content.

An application programming interface (API) offered through the Amazon Web Service (AWS) allows access to the F Secure service, which is a cloud-based detection and analysis system for information security threats. It collects information about security threats from around the world in real time using tens of millions of sensors.

F-secure Globe

The F-Secure Security Cloud API has been designed to improve the information security of applications and services that allow users to send documents and links to a third party. With its interfaces, Security Cloud allows the merging of various ecosystems in a secure way. In EIT’s Trusted Cloud HII project, two companies tested F-Secure’s application – software service designer IN2 and Finbiosoft, which specializes in biotechnology and bioinformatics.

Security Cloud collects information about security threats from around the world in real time using tens of millions of sensors.
F-secure Globe

Trusted Cloud ecosystem



Attacks through links, file attachments and hashtags

Even when the data security of a company’s terminal devices is in order, an employee may face a security threat in cloud services, which then poses a threat to the organization’s data systems.

”The attacker might aggregate content in Twitter to the organization’s pages, allowing the attacker to use the organization’s hashtag for sharing harmful content in social media, such as a ransomware link.”

According to F-Secure’s Security Cloud Lead Ville Lindfors, this may happen when an organization faces a targeted attack through email, for example.

“Someone might participate in discussions using things like phishing links or file attachments that contain malware".

Another typical situation is hashtag hijacking, where a hostile party intentionally produces misleading or harmful content for social media using the hashtag of an event held by the organization, for example. Large brands and public figures may become targets for this kind of abuse. This may also involve ransomware, which demands payment for restoring the victim’s data.

”The attacker might aggregate content in Twitter to the organization’s pages, allowing the attacker to use the organization’s hashtag for sharing harmful content in social media, such as a ransomware link.”

How to block and exclude a dangerous WWW page

The service checks URL addresses and files for the organization

The F-Secure Security Cloud API analyzes whether content is harmful and what type of content it is, and passes this information to the software using it. An example of a service targeted at end clients is F-Secure Cloud Protection for Salesforce, which utilizes the same technology and checks URL addresses and links that are processed in the Salesforce service. When processing URL links, access to harmful categories or categories defined by the administrator is blocked. The use of suspicious or infected files is prevented, or they are deleted. The solution offers administrators a comprehensive analytics or reporting service that shows where and how many URL addresses or files have been downloaded, who the user was and where the content was accessed from.

Watch a brief video introduction to the F-Secure Cloud Protection solution

F-Secure Cloud Protection for Salesforce is a real-time protection service that operates on Salesforce’s cloud platform (Cloud-to-Cloud). The service ensures that there are no harmful materials, such as ransomware or spyware, in the Salesforce Community Cloud client or partner portal, customer service requests, or sales tools. The solution also prevents users from sending dangerous WWW links to discussion groups or the Salesforce Chatter chat tool, and blocks access to sites hosting content that has not been approved by the company.

Now developers can integrate information security into their own services by adopting F-Secure’s Security Cloud API for AWS service.

”When the service is adopted, the client gets a key for accessing the interface, and billing is handled through an AWS invoice based on API calls. At the moment, developers are the target group. Later, if an ecosystem develops around the service and someone makes a Wordpress plugin for checking the URLs in comments, for example, less technical users who only need to configure the API key may become another target group.”

Adopting the Security Cloud API for AWS is easy.

“Anyone can start using the service without any contract negotiations simply through usage-based billing. All you need is an AWS account (https://aws.amazon.com/), and the service becomes available. Integration can be done during a coffee break for the price of a cup of coffee. F-Secure has received the AV-Test Best Protection Award five times during the last six years, and this service uses the same technology as all of F Secure’s own products.”

Ari Turunen

F-Secure

F-Secure is a leading cyber security company with decades of experience in protecting businesses and consumers from infectious ransomware and advanced cyber-attacks. F-Secure’s broad service package and award-winning products utilize patented information security innovations and sophisticated threat data to protect thousands of companies and millions of consumer clients. F-Secure products are sold worldwide by 200 operators and thousands of retailers.



About EIT Digital

EIT Digital is one of the first Knowledge and Innovation Communities set up by the European Institute of Innovation and Technology, as an initiative of the European Union. EIT Digital's mission is to drive European leadership in ICT innovation for economic growth and quality of life. Since 2010, EIT Digital has consistently brought together researchers, academics and business people. By linking education, research and business, EIT Digital empowers ICT top talents for the future and brings ICT innovations to life. EIT Digital's partners represent global companies, leading research centres, and top ranked universities in the field of ICT. For more information, visit www.eitdigital.eu.