FireHost Security View Reveals Attacks on Customer Sites

Customers can see all malicious attacks attempted on their sites on the FireHost platform through the Security View graphical interface on the customer dashboard.

Firehost added a Security View feature to its customer portal to give IT managers a detailed overview of the types of attacks hitting their systems, the secure hosting provider said Feb. 1.

FireHost uses a variety of virtualization technologies to protect customers from hacking attempts, malware and other attacks, the company said. The attacks were being blocked so effectively that customers asked, "Am I still getting attacked?" Chris Drake, CEO and founder of FireHost, told eWEEK. "We are opening the curtain and inviting our customers to see how well we protect their websites," he said.

The Security View is a new tab on the dashboard, which provides real-time server metrics, such as storage usage, backups, processor performance, memory usage and bandwidth consumption. The new tab lists all attempts made on the customer's Web sites and applications by type of attack, date, and originating region, Drake said. The attacks can be seen on a per IP address level, giving customers with several systems on the FireHost platform a clear picture of what the attackers are targeting, according to Drake.

Site owners and administrators can see the top eight attack types that hit the site, and apply filters to get more information, Drake said. The types include SQL injection, botnets, forged cross-site requests, illegal requests, directory traversal, cross-site scripting, e-mail hoarding, untrusted robots and others. There are two broader buckets called "malicious attacks" and "illegal requests," as well.

Through the dashboard, the administrator can see how many attacks of a specific type were attempted in an hour, day, week, month, or year. While the information is available in hourly increments, the information rolls up for larger blocks of time, Drake said. When looking at the daily graph, the attempts will be broken out by the hour, but a monthly report would aggregate the counts into the number of attempts per week, he said.

FireHost was automatically saving the attack data. But now it retrieves the data to provide customers with up to a full year of historic data in Security View, according to Drake.

The information is currently available only through the dashboard, but the company will be rolling out the ability to schedule e-mail reports within the next week or two, Drake said. Once the report scheduler is in place, administrators won't even need to log onto the portal to see the detailed information about the type of attacks that had been blocked.

Security View will build "awareness" among customers so that they don't "get lazy about security," Drake said. Many companies don't realize how many hackers attempt to breach their Web sites and applications on a daily basis, he said. He mentioned one customer, a small e-commerce site, who'd been part of the beta test and was surprised at the amount of SQL injection attacks attempted on the site. "We told him, -You have credit card numbers in your database. Of course you are a target.' They need to understand why they are a threat," he said.

FireHost will also be rolling out the ability to define trusted and not trusted regions in "60 to 90 days," Drake said. Security View can currently display the originating region of the attack. The new capability would allow administrators to preemptively block traffic from certain regions. "If you aren't doing business in Russia, then you don't need any traffic coming from Russia," Drake said. Anyone in the region that has been flagged as untrusted by the customer will not be able to access the site at all, and be unable to send any attacks, he said.

Security View gives customers the information they need to understand and appreciate what is going on in the environment, Drake said.