Learn More about HackAlert™
 |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
What is HackAlert™?
Armorize HackAlert™ is a 24x7 on-demand web application malware monitoring and detection service. It leverages pattern-free behavioral analysis technology to detect and analyze malicious code injected into web pages. HackAlert's real-time alerting capabilities provide immediate notification and details regarding malware activity. This facilitates immediate reaction and remediation in the event of website poisoning.
Click Image to Enlarge
)
Click Image to Enlarge
Why Monitor Web Applications?
Web 2.0 has changed the way individuals, organizations and communities share, transact and experience information. Feature-rich applications utilizing more agile and dynamic technologies deliver not only greater capabilities, but also fundamental vulnerabilities open to exploit.
The new attack paradigm dictates that the payoffs of distributing malicious software across large numbers of internet users are much greater than simple one-time attacks with high risk-return ratios. As a result, legitimate websites are increasingly being injected with malware and "weaponized" to attack the very clients they are intended to serve.
By subscribing to the HackAlert™ service, website administrators guarantee constant vigilance ensuring that, in the event of a security breach, they are the first to know and are in a position to react before their website is used to attack clients and partners.
With its 24x7 real-time web application malware monitoring, detection and alerting service, the HackAlert™ hosted software service is scalable enough to provide coverage for small-medium organizations as well as large corporate enterprises. It is a significant addition to the security portfolio of managed service providers responsible for protecting the web presence of multiple clients.
Click Image to Enlarge
The new attack paradigm dictates that the payoffs of distributing malicious software across large numbers of internet users are much greater than simple one-time attacks with high risk-return ratios. As a result, legitimate websites are increasingly being injected with malware and "weaponized" to attack the very clients they are intended to serve.
By subscribing to the HackAlert™ service, website administrators guarantee constant vigilance ensuring that, in the event of a security breach, they are the first to know and are in a position to react before their website is used to attack clients and partners.
With its 24x7 real-time web application malware monitoring, detection and alerting service, the HackAlert™ hosted software service is scalable enough to provide coverage for small-medium organizations as well as large corporate enterprises. It is a significant addition to the security portfolio of managed service providers responsible for protecting the web presence of multiple clients.
)
Click Image to Enlarge
24x7 real-time monitoring with Armorize HackAlert™
HackAlert™ is delivered as a web-based on-demand Software-as-a-Service (SaaS) solution. It offers real-time 24x7 web application security monitoring to identify malicious code or links injected into subscribers' websites. HackAlert™ uses behavior-based malware analysis to accurately detect "drive-by-downloads" of both known and unknown malware, viruses, Trojans, rootkits, and more.
Subscribers are provided with a personalized web-based interface to the HackAlert™ control center where they can manage the service, initiating on-demand or scheduled URL scans & site-wide analyses.
The customizable control-center interface allows users to specify single or multiple URLs, as well as parameters such as frequency and depth of scans, reporting format and notification / alerting options. Administrators can also use the whitelist capabilities to exempt trusted links from the alerting process.
Subscribers are provided with a personalized web-based interface to the HackAlert™ control center where they can manage the service, initiating on-demand or scheduled URL scans & site-wide analyses.
The customizable control-center interface allows users to specify single or multiple URLs, as well as parameters such as frequency and depth of scans, reporting format and notification / alerting options. Administrators can also use the whitelist capabilities to exempt trusted links from the alerting process.
Using HackAlert™
HTML Analysis and Spyware Behavior Extraction
The HackAlert™ service leverages multiple engines to detect and analyze malicious code.
- An HTML analysis engine identifies the existence of malicious links, typically embedded in mechanisms such as encoded JavaScript or hidden iFrames.
- A dynamic malware analysis engine makes use of an API hooking sandbox and Spyware Behavior Extractor (SBE) to identify what the malware is, where it is downloaded from, and where it is written to on the victims' client PCs.
- An HTML analysis engine identifies the existence of malicious links, typically embedded in mechanisms such as encoded JavaScript or hidden iFrames.
- A dynamic malware analysis engine makes use of an API hooking sandbox and Spyware Behavior Extractor (SBE) to identify what the malware is, where it is downloaded from, and where it is written to on the victims' client PCs.
Reporting and Notification
The HackAlert™ reporting interface provides detailed information regarding the malware's behavioral aspects, identifying the affected web site address and highlighting the injected malicious link or source of the malicious code. In the event of malware being successfully downloaded to the client-side, HackAlert™ provides details such as the source of the malware, its name and file type and the target directory on the affected computer.
Click Image to Enlarge
)
Click Image to Enlarge
Ongoing Analysis
The monitoring, detection and notification capabilities provided by HackAlert™ include trend graphs that provide insight into the ongoing web application security posture, allowing immediate remediation of malicious attacks.
Simple removal of the malware is no guarantee that it is gone forever as, unless the root cause is addressed, an attacker simply needs to return and re-deploy the malicious code. The HackAlert™ trend graphs allow monitoring to determine recurring instances of exploit injection indicating a fundamental vulnerability in the application source code.
Click Image to Enlarge
Simple removal of the malware is no guarantee that it is gone forever as, unless the root cause is addressed, an attacker simply needs to return and re-deploy the malicious code. The HackAlert™ trend graphs allow monitoring to determine recurring instances of exploit injection indicating a fundamental vulnerability in the application source code.
)
Click Image to Enlarge
HackAlert™ Applications
In addition to its merits as a monitoring and alerting security control for corporate web application infrastructures, HackAlert™ is an extremely valuable tool for any organization responsible for the security of multiple websites.
It also adds significant value to the services offered by organizations such as Internet Service Providers, Web application hosting providers, Security Operations Centers, Government Security Agencies and providers of managed network, security and application services. By integrating with the established security architecture, HackAlert™ facilitates simultaneous monitoring of the security status of all web applications in their portfolio from a single browser-accessible.
It also adds significant value to the services offered by organizations such as Internet Service Providers, Web application hosting providers, Security Operations Centers, Government Security Agencies and providers of managed network, security and application services. By integrating with the established security architecture, HackAlert™ facilitates simultaneous monitoring of the security status of all web applications in their portfolio from a single browser-accessible.
