Armorize Website Security Alert Service Detects Drive-by Downloads

 
 
By Brian Prince  |  Posted 2010-05-26
 
 
 

Armorize Technologies is pushing its way into the U.S. security market with a cloud-based scanning service that monitors Websites.

HackAlert 3.0 detects Website compromises and malware-laced ads in real-time and alerts site owners. The idea, CEO Caleb Sima said, is to provide protection against the type of drive-by downloads that have been a common attack vector in Asia for years.

"One of the things that really baffles me about security is the fact that I think we spend a lot of money identifying vulnerabilities...it's absolutely valuable that you look for potential vulnerabilities," he said. "But no one really scans you to identify if you have been exploited or hacked or not."

Previously based entirely in Taiwan, the company has moved its headquarters to Santa Clara, Calif. In addition to HackAlert, Armorize sells a Web application firewall and a source code analysis tool. The latter is what initially got Sima's attention. Co-founder of SPI Dynamics (acquired by Hewlett-Packard), Sima first came across Armorize at the RSA security conference a few years ago.

After developing a relationship with the company, they offered him the job of CEO, and he came aboard in February.

"I think the biggest challenge is, one, building awareness of who Armorize is," he said. "Armorize is not a startup company; it's not a brand-new company. It's a small to medium size business...It's just a matter of getting people to know who we are."

To that end, the company is making a big pitch around HackAlert 3.0. The service uses a mix of blacklists and behavioral and signature-based detection to fight malware and recognize evasion methods used by attackers.  Its cloud-based API allows channel partners, VARs and resellers to rebrand or integrate the service into their own offerings on the backend.

HackAlert 3.0's analysis engines are distributed globally and are located in data centers in Asia, Europe and North America.

The need for the service is underscored by a recent analysis of the top 100,000 sites on the Web. The company identified more than 1,000 sites that were actively serving malware, Sima said.

"Drive-by downloads are the No. 1 exploit method right now," he explained. "When I go and I exploit SQL injection vulnerabilities in your Website, or cross-site scripting (bugs) in your Website, I'm trying to figure out a way to embed a drive-by download in your Website."

Undetected malware on a high-traffic Website could cause millions of drive-by downloads, lead to brand damage, and destroy customer relationships, Burton Group analyst Dan Blum said in a statement.

"Organizations that want to protect their brands, bottom lines and customer relationships must find ways to defend their Web applications against malware injection and their customers from becoming drive-by download victims," he said.

"Do you want to wake up, 8 a.m. in the morning, or 6 a.m. in the morning, to your IT guy calling you and telling you that your customers are calling and telling you that your site's been hacked? That's not how you want to find out about a defacement," Sima said.  

Rocket Fuel