DO YOU USE FIREWALLS? Great! So do we. And nonetheless, websites get hacked, manipulated and messed up. Even if you protect yourself, you can very quickly become a victim of an attack. You probably know that almost three quarters 1 of all corporate websites around the world have been hacked at least once in the past two years and many companies don t even notice it at first. Data theft and malware distribution often take place in secret. «73% 1 of all corporate websites around the world have been hacked at least once within the past two years.» It s precisely here where nimbusec steps in and helps you detect adverse events immediately and with astounding precision so that you can respond appropriately before things get worse. nimbusec reliably helps you prevent potential losses to your reputation and image through negative media reports as well as what turn out to be high material damages (an average of 187,000 1 )! is an Austrian-based cloud service headquartered in Linz that monitors external webspaces and domains for malware, defacement and blacklisting. In addition, nimbusec works with a highly specialized server agent that can detect webshells and malware on your system. If potential tampering is detected, our alarm response center will notify you within three minutes 2 via email or SMS. 1 State of Web Application Security, US, Ponemon Institute, Feb. 2011 2 depending on posted scan interval 2
AT A GLANCE No loss of reputation nimbusec helps your company detect any tampering to your website before your customers notice it. Missing Link Web application firewalls and virus scanners are designed to prevent attacks. If an attack is nevertheless successful, nimbusec will detect it. First on the scene If a successful tampering with your website is detected, the alarm bells will start ringing. We will immediately inform you via SMS and email. Server-side nimbusec offers internal and external security. Checks are run for webshells, for malware that has been distributed and for files that have been changed. Content checks Advanced algorithms disassemble the design and content of websites. Unwanted changes and defacements are detected. Blacklisting nimbusec checks your website regularly against blacklists, e.g. Google Safe Browsing, the Malware Domain List, Web of Trust, and many others. On the cutting edge Thanks to our cooperation with universities and research institutions nimbusec is always one step ahead. Multi-client capable nimbusec lets you specify which contact receives notifications for which domain. Privacy We take your privacy seriously. nimbusec receives at no time access to internal data on your servers. 3
INFECTED? An unsuspecting visitor to your website is infected with malware (such as the Ransom trojan 1 ). Even companies that use web filtering techniques in their networks can fall victim to such an attack. Often, a redirect will infiltrate your site and the actual malware is then loaded by a third server to the visitor s system (this is the standard procedure for the Blackhole.KIT malware). Your firewall and your web filters don t suspect a thing, because it s not you who s distributing the malware. Even if you re not the source of the trojan, your site s reputation suffers permanent damage. What can nimbusec do? against server-side tampering detect malware with proven technologies and specialized in-house solutions simulate requests from different operating systems and browser versions to discover a wide variety of malware recognize redirects recognize JavaScript code that has infiltrated your site Malware usually hides from automated crawlers. nimbusec therefore replicates the actions of human visitors to your website to detect viruses and trojans that remain hidden from the other crawlers. To be completely secure, nimbusec always simulates different browser and operating system versions, resulting in modeling of up to 95% of your website visitors configurations. 1 The Ransom (FBI) trojan announces itself to the infected user after a computer restart with a warning stating that an amount of money should be paid because of allegedly illegal activities. Some variants of this trojan irreversibly encrypt hard drives, thus causing major damage to those infected. 4
DEFACED? Has the look of your website been changed without your permission? Is it suddenly sporting a new logo with text (such as You have been PWND by... ) instead of your usual homepage? In addition to potential loss of image and reputation, a lot of data can also be destroyed if your backups haven t been done 100% correctly. Virus scanners and firewalls are largely powerless against content tampering and often you don t learn about it until it s too late. What can nimbusec do? against content manipulation detect any changes to the content or design of your website detect defacing by hackers statistical and industry-dependent analysis of content changes The constantly evolving algorithms we develop in collaboration with universities and research institutions disassemble your website design and content. They reliably recognize changes both large and small to the design and notify you accordingly. Machine learning increases the recognition rate on a continuous basis and nimbusec reliably distinguishes the content that has been maliciously manipulated and that which you yourself have altered. 5
BLACKLISTED? Are visitors being warned by their browsers when trying to access your website? Such blacklisting makes your site more difficult to reach and the warnings make your customers feel less secure. In addition, your page ranking will drop in search engines or you will be completely deleted from their index. What can nimbusec do? When you re blacklisted! check if your site has been blacklisted help getting your site taken off the blacklist(s) reputation checks display reasons for blocking We monitor whether your domain or website is listed on a relevant blacklist (such as Google Safe Browsing or Web of Trust). If it is blacklisted, we will notify you immediately and assist in getting your site removed from the blacklist. This is what a blacklisted website could look like. 6
SERVER AGENT nimbusec s server agent runs directly on your web server or your provider s webspace. It detects code that infiltrated your website as well as so-called webshells that can be used to take over your server. The data transmitted by the server agent to our servers is encrypted and anonymized to protect the content of your data. Because protecting your data is important to us! What can nimbusec do? with its server agent detect webshells by machine learning algorithms with up to 98% detection rate (compared to about 40% 1 detection by signature-based AV engines). identify and analyze changes in the file system advanced tracking of infected or modified files API APPLICATION PROGRAMMING INTERFACE nimbusec provides all the results of its analyses in the form of an API interface. You can then automatically block or redirect infected domains. The results can automatically fix some problems and infections. Corresponding reference configurations and scripts 2 will be provided by the nimbusec team. 1 Test result from the nimbusec laboratory 2 available in nimbusec s knowledge base 7
HOW NIMBUSEC HELPS See for yourself what nimbusec can do for you. 8
9
WHEN IT S BURNING nimbusec only sends alarm notifications when things are really on fire in other words, when you ve asked us to send you alarms. It s up to you to decide who will be notified in each case and how. The system can handle multiple clients and set up role-based access rights. You can configure escalation chains according to your internal business processes. nimbusec only informs if something nimbusec supports any number of contacts for each client. In the nimbusec alarm center, you can specify which contact receives notifications for which domain, category and security level. If that contact fails to respond within a defined timeframe, the alarm can be automatically escalated. has happened is multi-client capable offers individual escalation plans Notification channels include email and SMS. In addition, you will have access to the nimbusec portal, where you can view all the alarms and take action immediately. Custom Do you have five domains, three of which are serviced by an external webmaster or another department? No problem! nimbusec can be configured so that alarms for these three domains go to exactly the right webmaster. If a certain domain is particularly important to you, even more people can be notified. Everyone sees only what they re supposed to see. 10
Keep your eye on the big picture nimbusec offers you the opportunity to be informed immediately for each alarm. Additionally, you can receive daily and weekly summaries of your affected domains. That way, you can remain well-informed about the health of your website even on the go. The nimbusec portal provides maximum transparency, from the big picture down to in-depth technical information. Both general and personalized settings can also be made. Securely notified.
www.nimbusec.com Cumulo Information System Security GmbH Humboldtstraße 40 4020 Linz Austria office@cumulo.at +43 699 11 093 985 FN 394170m FBG Linz UID ATU67830957 Regulatory authority per the Austrian E-Commerce Act (ECG): Magistrate of the City of Linz/Donau Member of the Upper Austria Chamber of Commerce (professional association of management consultancy and IT services)