SiteLock Infinity Automates Website Security Scans
SiteLock, a website security company that performs scans and decontamination of websites with malware and viruses, launched a service that automates the previously manual process of scanning, testing and repairing sites.
Dubbed SiteLock Infinity, the service automatically and continually scans sites for newly added code and URL redirects to known malicious sites, then alerts the site owner of the vulnerability, said Neill Feather, president of SiteLock. For the most serious vulnerabilities, such as embedded code that delivers a malware package or redirects a user to a known malware site, the service automatically fixes the offending code to mitigate the vulnerability, he said. If the vulnerability must be repaired manually by a technician or programmer, then that is done when the vulnerability is identified.
For less serious vulnerabilities, such as new code that does not appear to be a breach or a redirect to a site for which there is no database information about malware, an alert is sent to the customer via email. Sometimes, he added, code might appear to be suspicious to the Infinity software or SiteLock analysts. This too can generate a query to the company about the new code or redirects.
When SiteLock first contracts with a company to protect the client web site, Feather said, SiteLock obtains the source code for the client’s site. This way, it has a baseline from which it can track all future changes. Generally the software looks for behavioral changes for how the changed code handles operations, but it also checks virus and malware signatures where appropriate, he said.
Once the source code is put into SiteLock’s cloud-based database, it can create rules and policies for the type of code that it allows and does not allow, Feather noted. For example, rules can be created to remove scripts automatically if they take actions that are outside the permitted actions for the site. The rules also can find more serious SQL injections or cross site scripting (XSS) code that create security vulnerabilities. Based on the options the client selects when signing up for the service, Feather said, any automated or manual review and intervention is included in the monthly fee.
Unlike some competitive offerings, Infinity is able to scan both from inside the website out, looking at incoming traffic, and from the outside in, looking at code already on the site. This effectively permits the software to work as a quasi penetration testing application, he noted, that can create repeatable tests on the web site.
Although the application is not the same as hiring an ethical hacker to try and break into a web site, it can provide a client with valuable intelligence concerning whether their web site can be compromised easily, he said. SiteLock does not require any special hardware or software to be installed at or on the client’s network.
The service is mainly targeted at small to mid-size companies, he added, but large enterprises automatically get the service with their corporate contracts. Pricing for the service starts at $99 per month, but it can reach several thousand dollars per month based on the additional feature the client requires.
Although the Infinity service currently does not integrate with any Security Information or Event Management (SIEM) applications, it is possible to download alerts into a text file and then feed that into most SIEM systems, Feather said. SiteLock does recognize the need to integrate and automate its offerings with third-party tools, but it’s currently not offered. However, Feather added, such integration is being considered for the product, perhaps as soon as later this year or next.
Because SiteLock Infinity is able to operate at the application level of the OSI stack, it is able to work with cloud providers such as Amazon and Rackspace that use open stacks. The offering cannot work directly with providers with closed stacks unless they become business partners with SiteLock, Feather said.
SiteLock Infinity is available immediately.