Business news

Interview with the President of SiteLock on solving Security Problems for Websites and Businesses of all sizes

Website Security

SiteLock was founded in 2008 on the principle that small and mid-size businesses (SMBs) should be able to protect their online presence with reliable, high-quality website security at a reasonable price. Historically, website security was an expensive and intimidating product that was only an option for large corporations who could handle the significant financial investment. With the growth of online small businesses, SiteLock recognized the need to deliver website security technology and tools to support them. Our products and services are leaders in their Internet-based, technology markets and our focus is on solving real problems for websites and businesses of all sizes. SiteLock products and services now protect more than twelve million websites globally, scan more than two-hundred million web pages, block more than four million threats and analyze more than three hundred million source code files daily.  We are honored to have recently been recognized by the following; Inc. 5000, fastest growing software company in Arizona two years in a row from Deloitte Technology Fast 500, Gartner AST Magic Quadrant, and more.

  1. What are the top three benefits of SiteLock? 

SiteLock is the global leader in website security protecting more than twelve million websites offering fast, affordable, worry-free solutions for website owners.  Benefits of SiteLock include:

  • SMART® (Secure Malware Alert and Removal Tool) and INFINITY™ scanning that continuously monitors websites for malware and hard to find security vulnerabilities, and are also recognized as the only products to offer automated website malware removal – find and clean malware from websites before damage is done.
  • TrueShield™ web application firewall protects websites from malicious traffic and harmful requests. Our firewall keeps your website safe and secure from bots as well as targeted attacks. You can differentiate human traffic from bot traffic, learn the source of blocked attacks and mitigate DDoS attacks. Also included is the TrueSpeed™ content delivery network helping websites load 50% faster on average via static and dynamic caching not offered by others.
  • Backed by a 24/7 U.S.-based support team, a full time in-house research team, and the largest threat database of more than ten million signatures, SiteLock finds, removes, and blocks more threats faster.

2) Why is it so important for people to protect their websites from hackers?

No website is too small to hack. Cybercriminals attack websites of all sizes to gain access to valuable data, visitors, and computing resources.  Many website owners are unaware of the risk to their business, and typically rely on search engines or their hosts, which notify them after something bad has occured.  In fact, websites experience an average of 22 attacks per day, which is more than 8,000 per year.  Website compromises can expose sensitive personal information, impact reputation, result in downtime and lost sales, blacklisting, suspension, or even having to shut the website down altogether. It is imperative for people to protect their websites.

3) Why do you think online shopping and its associated risks have hit an all-time-high?

Although all websites are attractive targets for cybercriminals, eCommerce websites are 1.5 times more likely to be compromised than the average website based on increased functionality and potential vulnerabilities.  eCommerce sites are also a focus for hackers due to the wealth of information these websites collect and often store, including personally identifiable information such as addresses and social security numbers and even credit card numbers.  In addition, the value of stolen records continues to rise, along with the cost to companies. The impact to companies is also significant in terms of reputation damage and negative sales impact.  A recent SiteLock study found that two-thirds of customers will not return to online stores where their data was compromised.

4) How would you explain the various ecommerce threats to someone who isn’t well-versed in cyber?

Any time financial and personal information is changing hands, it’s going to attract the attention of criminals. Online stores are most often a target for siphoning financial information like credit card details because of the high volume of transactions. Most hackers take advantage of the lack of security knowledge on both the customer and website owner sides.  More than half of hacks are a result of human error.  Some simple but important things for everyone to remember: 1) Anytime a customer visits a website where a transaction will be made, they must ensure the site leverages an SSL.  An SSL is a digital certificate that encrypts information sent between a web server and web browser. It is one of the most effective ways to achieve data security.  When an SSL Certificate is installed, the application protocol, also known as HTTP, will change to HTTPS, in which the ‘S’ stands for secure. In addition to the ‘S,’ the browser will show a padlock and/or green bar next to the URL. These signs indicate the website is using an SSL Certificate and provides the end-user with confidence when making purchases online; 2) Be careful which websites you provide with your sensitive information. Be particularly careful about websites you may visit based on online advertisements or e-mails. You may become a victim of malvertising or phishing. Phishing emails are sent from email addresses that look nearly identical to legitimate addresses, with minor alterations. Malvertising is another popular method used by cybercriminals to take advantage of the high traffic received by online stores, by placing malicious advertisements or redirecting traffic to a website posing as a competitor as another method for stealing information or infecting visitors’ computers. Be sure you know who is behind the site you are buying from.

5) What types of technology and tools do hackers use to gain access ecommerce website?

What may be surprising to some is that most adversaries start the process of identifying potential targets using techniques similar to those utilized by major search engines. Specifically, automated crawling of websites is used to create an index. Unlike search engines, instead of ranking websites using criteria like unique and dynamic content, adversaries will instead rank websites by potential exploitability. This automated crawling is used to establish what web applications are in use, and what versions. Websites using software versions known to have vulnerabilities are the low-hanging fruit of the internet.

6) How can people protect their ecommerce websites from hackers?

The most important approach is a proactive one. Web Application Firewalls (WAF) have proven to be an extremely effective defense against the most common types of attacks. Some modern cloud-based WAF services like SiteLock TrueShield come deployed on a content delivery network (CDN), which have the added benefit of not only protecting the website, but also making it faster. Daily external and internal scanning of the website for the presence of malware or vulnerabilities is another proven method for catching problems earlier and allowing you to take action. In the case of SiteLock SMART, malware is automatically removed without the need for manual intervention.  

In addition to proactive security, make sure there is a response plan in place in case something does happen.  Also, ensure the website is PCI compliant.  PCI compliance is a security requirement created for online merchants by five of the major credit card companies including, American Express, Discover Financial Services, JCB International, Mastercard and Visa, to protect customers and reduce fraud.

7) What makes Sitelock’s products better than those of competitors?

SiteLock is the global leader in website security with more than twelve million customers and five hundred partners.  Our massive scale allows us to find threats and fix them faster than anyone else.  We offer 360-degree security to help website owners find, fix, and prevent website threats, as well as accelerate their websites and comply with industry standards. Backed by the largest threat database of more than ten million signatures, a full-time in-house research team and a U.S.-based support team available 24/7/365, SiteLock scans more than two-hundred million web pages, blocks more than four million threats and analyzes more than three hundred million source code files daily.  We are the only security company to provide automatic malware detection and removal from websites with our SMART® and INFINITY™ products.  TRUECODE™ scans 100% of the website code, highlights the exact line or lines where vulnerabilities exist and ranks them based on ease of exploitation and potential damage to a business.  The TrueShield™ Web Application Firewall (WAF) helps protect websites from malicious traffic and harmful requests, allowing customers to differentiate human traffic from bot traffic, and learn the source of blocked attacks.  It also mitigates the largest DDoS attacks. TrueShield™ is PCI-certified and our network is PCI-compliant. Using SiteLock TrueShield will protect customers’ data while making it easier than ever to pass the PCI scan.  In addition, the TrueSpeed™ Content Delivery Network (CDN) provides static and dynamic caching other CDN’s do not, speeds up websites by 50% on average and uses 40-70% less bandwidth.

We are essentially a one-stop shop for website security. What that means to our customers, is that they don’t need to engage with four or five different vendors to make sure that their site is as fast and safe as possible. They can get everything they need under one umbrella, so they can get back to focusing on what they care about, which is their business.

8) How does your security team work to find new vulnerabilities?

The SiteLock research team works 24/7 to identify new threats and add them to our database to protect our customers. One of the beneficial parts of having such a large customer base of twelve million websites is the network effect of new discoveries. This is done by leveraging industry leading tools and human review to identify new malware strains and vulnerabilities.  We have the largest database of more than ten million threats and growing.  We are able to quickly identify if findings are a known threat and can automatically fix, review suspicious files, and determine if it is something new. We also use patent-pending bitmapped malware prediction utilizing common features in malware files to enhance behavioral detection and research capabilities. If we find a new vulnerability on one website, within minutes we can protect our entire customer base and notify relative parties so they can patch and remediate any problems as well. The SiteLock research team has been credited with discovering numerous zero-day vulnerabilities in popular web applications and new strains of malware. For every discovery that receives publicity, we find and mitigate dozens of other threats to quietly protect our customers so they can continue to focus on their businesses.

9) What do you think is the future of web security?

Web applications will continue their growth, replacing traditional and installed applications. These applications simplify operations across platforms and geographies and need strong security to enable web capabilities.  We will also see a continued move of security solutions to the cloud focused on scalability, network effect of data, enterprises leveraging the cloud for TCO reduction and scale. More SMB/SME’s will begin leveraging cloud solutions for ease of use and quick implementation. Enterprises want to reap the benefits of integrated solutions and API’s, and SMB/SME’s seek simplicity in vendor management with limited resources.

10) What is your main focus right now? What are your goals in the next year?

Our mission is to “Protect every website on the Internet.”  We will stay true to that mission by enhancing existing products, launching meaningful new products that solve real problems, and continue to educate customers on the importance of website security.  We have a very aggressive new product launch schedule for the next year.  Earlier this year, SiteLock acquired the security firm Patchman, which specializes in providing services that safely and seamlessly patch web application vulnerabilities on an automatic basis at the server level. The acquisition will provide even more data to help solve problems faster, and allow us to provide customers and partners with enhanced security products and programs, along with educational materials.

11) Is there any other important message you would like to pass across to readers?

In the ever-changing landscape of website security, it is important to stay educated on the latest security trends and threats. Taking a proactive approach to website security is imperative.  It is not a matter of if, but when another hack will occur. Hackers are constantly trying new avenues and also leveraging older tactics that continue to be successful. As security threats continue to evolve, partnering with third-party security experts to deploy the latest technology to help stay ahead of threats is critical.  No website is immune, so it’s important to have a response plan in place so you can minimize reputation damage, lost sales and maintain customer confidence if you should experience an attack.  

Comments
To Top

Pin It on Pinterest

Share This