Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
10/6/2012
1
Integrity of the Ad Supply Chain –
Anti-Malvertising Best Practices
Elias Manousos – CEO & Founder, RiskIQ
Neil Daswani – Engineering Manager, Twitter
Rizwan Husain – Dir. Of Product Management, Symantec
Summer Koide – VP Products & Services, ZEDO
© 2012. All rights reserved. Online Trust Alliance 1
© 2012. All rights reserved. Online Trust Alliance 2
10/6/2012
2
© 2012. All rights reserved. Online Trust Alliance 3
© 2012. All rights reserved. Online Trust Alliance 4
10/6/2012
3
© 2012. All rights reserved. Online Trust Alliance 5
• Malvertising: can generally refer to “malicious” advertising of
various sorts; connotation today is malware drive-by and fake a/v
via syndicated display ads
• Negative Effects ▫ To publishers: brand damage, blacklisting by search engines, support costs
▫ To ad networks: loss of revenue (publishers leave network), blacklisting (for
small/medium networks), loss of reputation (e.g., in ad exchanges), disabling of
ads (ad blockers)
▫ To users: loss of trust in publishers and ads online, data & identity theft
• What can each of the above do to protect themselves in the supply chain?
Malvertising: Negative Effects
Users Publishers
Ad
Network
A
Ad
Network
B
Ad
Network
C
© 2012. All rights reserved. Online Trust Alliance 6
10/6/2012
4
The intent behind this body of research and survey is to measure attitudes and perceptions of malvertising within the advertising operations community.
• Reveal awareness, understanding, and level of concern with respect to malvertising within this community
• Understand current methods employed to address malvertising problem
• Get a better idea of what is lacking in current approaches to malvertising issues
• Measure interest in Symantec solution to malvertising
after
Symantec & AdMonsters Malvertising Research
© 2012. All rights reserved. Online Trust Alliance 7
Methodology:
• Online interactive survey distributed to 6300 AdMonsters subscribers
• All recipients are self-identified advertising operations professionals
• Blind survey – Symantec not mentioned until introduction of Advantage solution
after
Symantec & AdMonsters Malvertising Research
© 2012. All rights reserved. Online Trust Alliance 8
10/6/2012
5
• 165 respondents in total – 2.6% response rate
• 124 from the United States
• 41 from other countries
after
Response to Survey - Demographics
© 2012. All rights reserved. Online Trust Alliance 9
• Out of 165 responses to the survey request, 2/3 of respondents were display advertisement publishers
after
Response to Survey - Demographics
© 2012. All rights reserved. Online Trust Alliance 10
10/6/2012
6
• Vast majority of respondents are familiar with the term “malvertising”, with about 10% overall unfamiliar
• Sub-segments with higher familiarity were those who:
• Have a higher level of concern about malvertising
• Place greater importance on malware protection
• Currently use a method to address malvertising issues
• Are director-level and above
• Are publishers with >1 billion ad impressions per month
after
Ad Ops Professionals Are Familiar with Malvertising
© 2012. All rights reserved. Online Trust Alliance 11
• The majority are concerned about malvertising, with an overwhelming majority saying malvertising protection is very important
• Those outside the US are less likely to place importance on malvertising protection
after
Protection Is Very Important to Publishers
© 2012. All rights reserved. Online Trust Alliance 12
10/6/2012
7
• Just over half of respondents have experienced at least one malvertising incident
• Publishers with > 1 billion ad impressions are significantly more likely to have a malvertising incident
after
Most Publishers Have Experienced Malvertising
© 2012. All rights reserved. Online Trust Alliance 13
• Majority of respondents place malvertising responsibility on the advertiser, and to a lesser extent, the ad network
• Strong majority say the consumer sees the publisher as responsible
after
Responsibility for Malvertising Is Generally Unclear
© 2012. All rights reserved. Online Trust Alliance 14
10/6/2012
8
• Over half of respondents have a method for malvertisement detection
• Satisfaction with current method is low – only 33% indicated a high level of satisfaction
after
Publishers Generally Unsatisfied with Current Methods
© 2012. All rights reserved. Online Trust Alliance 15
• DETECTION
• FORENSICS
• REPORTING
after
In Response To This Research..
Symantec AdVantage : Now Available
© 2012. All rights reserved. Online Trust Alliance 16
10/6/2012
9
Low Frequency, High Impact Problem
© 2012. All rights reserved. Online Trust Alliance 17
How an Advertisement Gets Published
Advertiser Agency Ad Network Ad Server Publisher
Coca Cola works with Advertising
agency McCann to create Coke Zero
Ad campaign.
Ad agency purchases inventory
from Ad Networks (Double
Click) which resells its to other
Ad agencies.
Ultimately the Ad will get sold to
a Publisher and displayed on
website. The ad can be sold
directly by the ad agency or
indirectly through the ad
network.
Points along the chain where malware can be inserted into an advertisement
© 2012. All rights reserved. Online Trust Alliance 18
10/6/2012
10
The Display Advertising Landscape
ADVERTISERS
PUBLISHERS
© 2012. All rights reserved. Online Trust Alliance 19
• Complex and growing ecosystem
• Security against “bad ads” wasn't a consideration In The
Beginning
• Lack of reporting framework makes this very difficult
• Lack of easy attribution makes source-discovery very
difficult
• Numbers Game: Malvertising is rare – won’t drive major
ecosystem improvements
Why This is Hard
© 2012. All rights reserved. Online Trust Alliance 20
10/6/2012
11
Prevention Detection Response
What You Can Do
© 2012. All rights reserved. Online Trust Alliance 21
What You Can Do: Prevention • Onboarding Checklist to vet new
advertising partners
• Work only with certified ad
providers
• Minimize risk by being consistent
with your checks
• Evaluate technical, personal,
corporate details • Don’t forget your Spidey Sense!
© 2012. All rights reserved. Online Trust Alliance 22
10/6/2012
12
• Be vigilant!
• Tag Screening Systems
• Monitoring Teams
• Browser Tools to identify ad
source
• Facilitate internal
communication
• Join industry discussion
groups
What You Can Do: Detection
© 2012. All rights reserved. Online Trust Alliance 23
• Create a response team and
plan
• Categorize complaint types
• Maintain emergency contact
details for all ad providers
What You Can Do: Response
© 2012. All rights reserved. Online Trust Alliance 24
10/6/2012
13
Thank you
Elias Manousos [email protected]
Neil Daswani [email protected]
Rizwan Husain [email protected]
Summer Koide [email protected]
© 2012. All rights reserved. Online Trust Alliance 25