Great! So do we. And nonetheless, websites get hacked, manipulated and messed up. Even if you protect yourself, you can very quickly become a victim of an attack. You probably know that almost three quarters1 of all corporate websites around the world have been hacked at least once in the past two years – and many companies don‘t even notice it at first. Data theft and mal-ware distribution often take place in secret.
It‘s precisely here where nimbusec steps in and helps you detect adverse events immediately and with astounding precision so that you can respond appropriately before things get worse. nimbusec reliably helps you prevent potential losses to your reputation and image through negative media re-ports as well as what turn out to be high material damages (an average of €187,0001)!
DO YOU USE
FIREWALLS?
« 73%1 of all corporate websites
around the world have been ha-cked at least once within the past two years. »
1 State of Web Application Security, US, Ponemon Institute, Feb. 2011 2 depending on posted scan interval
is an Austrian-based cloud service headquartered in Linz that monitors external webspaces and domains for malware, defacement and blacklisting. In addition, nimbusec works with a highly specialized server agent that can detect webshells and malware on your system. If potential tampering is detected, our alarm response center will notify you within three minutes2 via email or SMS.
nimbusec helps your company detect any tampering to your website before your customers notice it.
No loss of reputation
If a successful tampering with your website is detected, the alarm bells will start ringing. We will immediately inform you via SMS and email.
First on the scene
Web application firewalls and virus scanners are designed to prevent attacks. If an attack is nevertheless successful, nimbusec will detect it.
Missing Link
AT A GLANCE
nimbusec offers internal and external security. Checks are run for webshells, for malware that has been distributed and for files that have been changed.
Server-side
nimbusec checks your website regu-larly against blacklists, e.g. Google Safe Browsing, the Malware Domain List, Web of Trust, and many others.
Blacklisting
Advanced algorithms disassemble the design and content of websites. Unwanted changes and defacements are detected.
Content checks
We take your privacy seriously. nimbusec receives at no time access to internal data on your servers.
Privacy
Thanks to our cooperation with universities and research institutions nimbusec is always one step ahead.
On the cutting edge
nimbusec lets you specify which contact receives notifications for which domain.
An unsuspecting visitor to your website is infected with malware (such as the Ransom trojan1). Even companies that use web filtering techniques in their networks can fall victim to such an attack. Often, a redirect will infiltrate your site and the actual malware is then loaded by a third server to the visitor‘s system (this is the standard procedure for the Blackhole.KIT malware). Your firewall and your web filters don‘t suspect a thing, because it‘s not you who‘s distributing the malware. Even if you‘re not the source of the trojan, your site‘s reputation suffers permanent damage.
INFECTED?
What can nimbusec do?
against server-side tampering
✓ detect malware with proven technologies and specialized in-house solutions
✓ simulate requests from different operating systems and browser versions to discover a wide variety of malware ✓ recognize redirects
✓ recognize JavaScript code that has infiltrated your site
Malware usually hides from automated crawlers. nimbusec therefore repli-cates the actions of human visitors to your website to detect viruses and trojans that remain hidden from the other crawlers. To be completely secure, nimbusec always simulates different browser and operating system versions, resulting in modeling of up to 95% of your website visitors‘ configurations.
1 The Ransom (FBI) trojan announces itself to the infected user after a computer restart
with a warning stating that an amount of money should be paid because of allegedly illegal activities. Some variants of this trojan irreversibly encrypt hard drives, thus causing major damage to those infected.
Has the look of your website been changed without your permission? Is it suddenly sporting a new logo with text (such as „You have been PWND by ...“) instead of your usual homepage? In addition to potential loss of image and reputation, a lot of data can also be destroyed if your backups haven‘t been done 100% correctly. Virus scanners and firewalls are largely powerless against content tampering and often you don‘t learn about it until it‘s too late.
DEFACED?
What can nimbusec do?
against content manipulation
✓ detect any changes to the content or design of your website ✓ detect defacing by hackers
✓ statistical and industry-dependent analysis of content changes
The constantly evolving algorithms we develop in collaboration with universi-ties and research institutions disassemble your website design and content. They reliably recognize changes both large and small to the design and notify you accordingly. Machine learning increases the recognition rate on a cont-inuous basis and nimbusec reliably distinguishes the content that has been maliciously manipulated and that which you yourself have altered.
Are visitors being warned by their browsers when trying to access your website? Such blacklisting makes your site more difficult to reach and the warnings make your customers feel less secure. In addition, your page ranking will drop in search engines or you will be completely deleted from their index.
What can nimbusec do?
When you‘re blacklisted!
✓ check if your site has been blacklisted ✓ help getting your site taken off the blacklist(s) ✓ reputation checks
✓ display reasons for blocking
We monitor whether your domain or website is listed on a relevant blacklist (such as Google Safe Browsing or Web of Trust). If it is blacklisted, we will no-tify you immediately and assist in getting your site removed from the blacklist.
BLACKLISTED?
SERVER AGENT
API
APPLICATION PROGRAMMING INTERFACE
nimbusec‘s server agent runs directly on your web server or your provider‘s webspace. It detects code that infiltrated your website as well as so-called webshells that can be used to take over your server. The data transmitted by the server agent to our servers is encrypted and anonymized to protect the content of your data. Because protecting your data is important to us!
What can nimbusec do?
with its server agent
✓ detect webshells by machine learning algorithms with up to 98% detection rate (compared to about 40%1 detection by signature-based AV engines).
✓ identify and analyze changes in the file system ✓ advanced tracking of infected or modified files
nimbusec provides all the results of its analyses in the form of an API interfa-ce. You can then automatically block or redirect infected domains. The results can automatically fix some problems and infections. Corresponding reference configurations and scripts2 will be provided by the nimbusec team.
1 Test result from the nimbusec laboratory 2 available in nimbusec‘s knowledge base
See for yourself what nimbusec can do for you.
WHEN IT‘S BURNING
nimbusec only sends alarm notifications when things are really on fire – in other words, when you‘ve asked us to send you alarms. It‘s up to you to decide who will be notified in each case and how. The system can handle multiple clients and set up role-based access rights. You can configure escalation chains according to your internal business processes.nimbusec supports any number of contacts for each client. In the nimbusec alarm center, you can specify which contact receives notifications for which domain, category and security level. If that contact fails to respond within a defined timeframe, the alarm can be automatically escalated.
Notification channels include email and SMS. In addition, you will have access to the nimbusec portal, where you can view all the alarms and take action immediately.
nimbusec
✓ only informs if something
has happened
✓ is multi-client capable ✓ offers individual
escalation plans
Do you have five domains, three of which are serviced by an external webmaster or another department? No problem! nimbusec can be confi- gured so that alarms for these three domains go to exactly the right web- master. If a certain domain is particularly important to you, even more people can be notified. Everyone sees only what they‘re supposed to see.
nimbusec offers you the opportunity to be informed immediately for each alarm. Additionally, you can receive daily and weekly summaries of your affected domains. That way, you can remain well-informed about the health of your website even on the go.
The nimbusec portal provides maximum transparency, from the big picture down to in-depth technical information. Both general and personalized settings can also be made.
Keep your eye on the big picture
Cumulo Information System Security GmbH Humboldtstraße 40 | 4020 Linz | Austria [email protected] | +43 699 11 093 985
FN 394170m | FBG Linz | UID ATU67830957 Regulatory authority per the Austrian E-Com-merce Act (ECG): Magistrate of the City of Linz/Donau
Member of the Upper Austria Chamber of Com-merce (professional association of management consultancy and IT services)