Verity: Effectively Protecting Websites from Malicious Malware Date:   Thursday , August 04, 2011 The increased dependency and usage of Internet for business has given way to new kinds of threats that a hacker/phisher posses for a business or an individual, one such being infecting business websites with malware. Today, enterprises have large websites and portals hosted on the Internet to conduct business and share information with customers. Attackers target these websites for its large customer base to embed malware and thereby compromise end user’s computers and data. Most of these websites are not monitored for malware infection, such attacks go unnoticed until a large number of users are infected and compromised. Since there are several independent bodies that monitor and blacklist malware infected websites, for a business organization, its brand image and trust of customers comes at stake. Paladion Networks’ malware detection solution Verity is designed to effectively thwart these malware threats. An advanced malware detection system, Verity monitors websites for embedded malware content and application level changes that can potentially harm end-user’s computers. Apart from these it offers manual verification of alerts that are generated helping businesses take corrective measures to contain impact. Traditionally, most businesses use some kind of malware detection solutions but these are limited when it comes to effectiveness of detecting web malware. Traditional applications like firewalls and IDS/IPS are ineffective in detecting malware and malicious application level changes. Continuous monitoring of large number of websites is cumbersome and not cost effective. Also many traditional monitoring tools generate large number of false positives that make it difficult to differentiate it from real attacks preventing prompt actions. Furthermore, malware techniques are evolving continuously and old age detection mechanisms are unable to cope up with it. “To cut a long story short, what one need is an advanced website malware detection and integrity monitoring solution that continuously monitors your website for malware, website blacklisting and unauthorized changes. And Verity delivers just that,” says Amirthamurugaraj, Head – Products, Paladion Networks. One of the users of Verity is a large private bank which has more than 35 websites that are being used for customer communication and to conduct business operations. To meet various business requirements, these sites undergo frequent changes and it’s important that these changes do not introduce any security weaknesses, malware or malicious code. As a part of website security management, the bank periodically assesses the websites for vulnerabilities and fixes them as well. However, there are obvious limitations with vulnerability scanners in detecting malware and malicious code in websites. Herein, they needed help. The vulnerability scanners have limitations with respect to finding malware, malicious code, website blacklisting and so on. They would check only missing patches, open ports and so on. A daily check on the website to ensure website does not have any malware and malicious code was challenging to them. They evaluated multiple solutions for advanced website malware monitoring which can detect malware, malicious code and blacklisted website URLs in bank's website. Verity performed a detailed study for all of their websites and recommended daily scan for all 35 websites, based on number of pages and content size. Then Verity team enrolled all their websites for daily monitoring in Verity. Customer's webmasters were provided access to Verity portal and restricted access only to their respective websites. Based on the daily scan, alerts are being sent through SMS and email. Based on daily monitoring of websites, summary of findings are being sent to users subscribed for email alerts. All alerts and complete reports have been also available to be accessed through Verity portal. In case of critical alert (if malware found, malicious code found, are blacklisted URL found in their website). Critical alerts were notified through SMS for immediate corrective action on the finding. There were several incidents wherein the customer was notified with presence of suspicious code in their website and presence of blacklisted URL references in their websites. The webmasters were notified through email and also complete alert details about findings in portal, to take necessary corrective action. The webmasters did necessary corrective action and verity confirmed it in subsequent schedule of monitoring and suppressed the alerts. Thus Verity provides an assurance to the customer that the bank's customers can have safe browsing experience in the websites. “Most of the times, a business does not realize that its website has been malware infected and blacklisted by independent monitoring agencies. During this time if a business user/customer visits the website user receives an alert from computer’s browser or the search engine stating the website may harm user’s computer, prompting user to leave the site immediately. If businesses do not realize the threat, in the long run it affects the company’s user trust and brand image before being finally affecting the business,” explains Amirthamurugaraj. Verity, being a comprehensive website malware detection tool helps businesses undo/prevent these damages. One just has to register their website with Verity portal and it will scan website periodically as desired and in case of any malware related activity or change the alerts will sent via email or sms, depending on criticality. An on demand service, the solution automatically conducts frequent check of your website(s) for any Malware compromise, includes detection of obfuscated malicious javascript code, flash files and even external files linked to website, detects non-malicious changes that could result in possible website defacement and shows the status of your website(s) and alerts through an easy to use Verity web portal. “Verity’s proprietary application integrity checking technology to detect malicious changes in a website, advanced website spidering technology with configurable options, user friendliness, exhaustive online reporting feature for scans and alert history, makes it is one of its kind solution in the market today,” asserts Amirthamurugaraj. Within two years of its launch, Verity has over 30 customers across different business verticals and is effectively securing 200 websites today. In the near future, the company also plans to offer protection against website defacing. Till then it is quietly but effectively safeguarding a number of business from being a victim of malicious malware.