A collection of tools that can either be managed, or self-managed by your organization. Our tools encompass defacement checking, malware scanning, remote backups, log analysis, database scanning, Active attack blocking and Web File Integrity Checking!

 

Full Web Server Security

Any type of hosting platform can and will have it's own issues associated with it. With that said it's difficult to find a solution to help assist with your small business that will respond to threats as they are seen. With any solution that is on the market, you will need to understand how to tune the rules and assure that any "threats" that come down the pike are in fact harmful to your system(s). Our products are designed to take the guess work out of the equation. By simplifying the identification of attack traffic our tools will block any intrusion attempt the first time it is seen!

Whats Covered

File System - A set of tools designed to actively scan your server files, or passively identify new, deleted or modified files.
Defacement - A set of tools that remotely monitor your web location for changes and react within the time span of the change.
Database - A set of remotely automated, and manually operated tools that monitor your database for malicious data.
Full Site Backup* - A set of tools designed to make a weekly backup of your web site.
Backup Anti-Virus Scanning - A custom scan engine that scans your backups after they are created with the latest anti-virus signatures*
Active Log Scanning - A custom scan engine that scans your logs for attack signatures and automatically blocks offending IP addresses
Pre-Intrusion - Analysis to determine what attacks are being thrown at your server and what we can forecast before it becomes a problem
Post Intrusion Analysis - Analysis tools that enable you to understand what an attacker did and how you need to respond and report an incident.

File System Monitoring

File system monitoring encompasses two methods to deliver a solid report on your file system. The first method is passive scanning. This scan method records file location, file creation time, file hash and permissions. Every day, at the end of the work day you will receive a report detailing which files were Deleted, Created, Modified Then, you can take the appropriate actions. The Active File System Monitor will monitor the web directory for files that have been Created or, Modified and take control of the files. If the process was in part due to an attacker gaining access to the system, he or she will not be able to gain access to the files. Once this is established, the log analysis tool will be fed information detailing the attack, and it will automatically attempt to determine who accessed the server, and what attempted to access the object automatically!

Defacement Monitoring

Defacement monitoring is a two-fold process that monitors your web location for defacements every 30 seconds to 1 minute. If the site sustains a defacement, the defacement tool engages in one of a few methods. The first method it will archive the site and preserve the information for forensic purposes. The second phase, it will delete everything on the web server and push a backup of the application with a default welcome page* / under construction*. Once a defacement is detected, you will be notified via e-mail and SMS. If your hosting provider is notified before you have a chance to engage the server, you will be e-mailed instructions based on your host, host contact and further steps you need to take to resolve the issue. Once our tools have detected your password(s) have been changed, they will push a backup and bring your site up online without any intervention.

Should any of the systems fail during the process, we will be notified to manually assist and bring your services back up online. There will not be a time when your system will not be protected!

Database Monitoring

Most database breaches include some type of malvertising where new tables are created. To new site owners, or small businesses keeping a watchful eye on this process can be daunting. Our systems can record details about your database and then scan them if in the event something is wrong. With round the clock monitoring you will be the first to know if a database has been modified, or injected with malvertising campaigns. Not only will you know what changed, you will also have a record time between 1 - 30 minutes of a window where to look within your logs!

Other features to this set up will be restoring from a known good backup and changing the database passwords. This will also accompany an SMS alert notifying you of a password change that needs to be made.

Full Site Backup

Web site backups from your host are a good thing to have. However, off-site backups are another thing all together! You should be maintaining an off-site backup of your location for multiple reasons. Either you want to one day move form your host, or your host sustains a breach, or even -- your own web site sustains a breach. In any case you want to maintain your own backups. Our systems allow you to maintain backups without having to think about it. And, with multiple points of checking your backups will never be forgotten. Should a backup fail, another automated system that checks the backups will automatically kick in and back-date a backup for you, just so you are covered.

With the add-on for anti-virus you don't have to worry about viruses being part of your backups, or worse, a malicious script that is allowing an attacker access to your web location*. Should a malicious file be discovered on your site, your backup and the malicious files will be archived and removed. This way you have a method to file an abuse report.

Currently our systems support both Joomla! and Wordpress and we are looking to expand to other content management systems as time progresses.

Site Backup Anti-Virus

With an add-on option of including an anti-virus scan to your backups you don't have to worry about backups containing malware. Should a backup come down the pike infected, our systems will automatically record, archive and remove the offending application and start a new backup! Once malware is found, the applications and tools (depending on services) will start an investigation and pull relevant information from the server should you choose to compile an abuse report.

With an automated back-end you wont have to worry about malware, backups or security. Our systems will handle 90% of it for you!

Active Log Scanning

Active attack scanning is a new feature that we are rolling out to customers. The feature monitors your log files for attack signatures. If an attack is discovered the IP address is automatically blocked and written to your .htaccess file.

Weekly reports will also be generated for you so that you can see what IP addresses have been blocked and for what reason (SQL Injection, Encoding Attack, LFI/RFI, etc.) You won't have to worry about repeat IP addresses being written to the logs. Once an IP address is stored, the software will sift through the logs to determine if that IP address has already been blocked. If it has, the rule is excluded.

Pre-Intrusion Log Analysis

Scanning your web location to help assist with current trends, or what types of attacks are being thrown at your server can be helpful in protecting your server. With regular scanning and log analysis you can see exactly what attackers are attempting to do to your server. On top of which, you can even test the same attacks to determine if anything is being leaked. Armed with this information you can either protect your site or, better prepare for an attack. With a vantage point of an attack before and after testing you'd have a leg up on your attackers!

With these tools, with a simulated attack or, penetration test you can see how and where your site is holding up to attacks and; where you'd need to respond to incidents. Knowing where your weak points are will enable you to make sound security decisions that are cost effective!

Post-Intrusion Log Analysis

Cost is a big concern after an attack. Without a backup strategy or a method to respond to an attack 90% of businesses that are not prepared will fold within the year they come back online. Having a security suite, and a scanning methodology will assure this does not happen to you! You can easily export and explore the information, logs and artifacts that were part of the breach, identify objects that you would normally skip over and create a robust report. Not only will you get to see what files were created, but how and where your information was accessed and from what location(s). Having an overall 360º of protection will provide you with a birds eye view of the attack.

Not only can you identify how the attack was executed against you, you can even determine if any of your backups were affected by the incident. This will help you pull a known good configuration of your web site to re-deploy, or even better -- allow you to determine which databases and files were unscathed in the attack. Not only will this save you precious time, it will also save you on costs associated with the cleanup.

{loadformmaker 16}