Dasient: Ex-Googlers Launch Website Security as a Service
Ever come across a Google search result that has the words 'this site can harm your computer' below a link? What about the Firefox red screen of death? If you're a Web surfer, chances are you've likely avoided clicking on this type of link. If you're the owner of the flagged site, chances are that those six simple words will set off a mental tailspin.
Launching today, Dasient, a San Jose Palo Alto start-up founded by a couple of ex-Googlers, hopes to change all that with its new Web anti-malware service. By monitoring Web sites for infected pages, providing instant diagnostics and giving site owners a two-click quarantining option within moments of a compromise, Dasient's subscription based security service (free and paid, from $50/month) aims to help businesses retain control of their Web site and remain clear of the dreaded blacklist.
Malware and the Social Web
There has never been a shortage of security problems on the Internet, but one of the most significant threats has come from the fundamental changes in the way malware is being distributed across the social Web. No longer are the majority of viruses spread by email attachments; cybercriminals are turning to the Web, planting malicious code on innocent Web sites, and then sitting back and waiting until the code silently infects visitors.
According to the 2009 Sophos Security Threat Report (PDF), this global criminal operation has reached such proportions that one new infected Web page is discovered every 4.5 seconds - 24 hours a day, 365 days a year. And according to Dasient, there are three underlying and converging trends that are behind these ridiculously high numbers.
- The Web itself is becoming more complex and sophisticated, and Web sites now come with rich functionality ( Ajax, dynamic HTML, JavaScript), along with content and ads from various sources.
- Non-expert developers with little or no computer science background and little or no security training are building user facing applications.
- Attackers are automating and building attack scripts and launching them against thousands of Web sites in attack waves.
This expansion of the Web, while great for users, increases the attack surface and allows for an entirely new class of attacks that didn't exist even a few years ago. And a new class of attacks, according to Dasient, requires a new way of thinking, and a new class of solutions.
Dasient: Web Anti-Malware at Web Scale and at Web Speed
Founded by Neil Daswani, a former Google security engineer and product manager, Shariq Rizvi, a former member of Google's Webserver and App Engine teams, and Ameet Ranadive, a former McKinsey strategy consultant, Dasient hopes to confront today's Web malware problems by using automated mechanisms in an attempt to stay ahead of the bad guys and their automated and systematic attacks against Web sites.
The company, which raised its seed round of funding (just over $2 million) in December 2008 from investors Stratton Sclavos (former VeriSign CEO), Mike Maples (one of the key investors in Twitter) and Eric Benhamou, (former 3Com/Palm chairman), has been running its services in alpha and is advancing its monitoring and diagnostic service to public beta.
Launching today:
- A free monitoring service which will alert webmasters when their site gets blacklisted (public beta).
- A premium monitoring service ($50/month for a site with less than 1000 pages) that continuously scans a site for malware infections and alerts webmasters when their site has been compromised (public beta).
- A quarantining service through a web server module (private beta).
How Dasient Works
When the service determines that a site has been compromised, it sends an e-mail to the webmaster that details the number of infected pages, their URLs, and the malicious code that caused the infection. From there, the webmaster, with only two clicks, can authorize Dasient to execute quarantine instructions on the infected site.
Although it may take up to a few minutes for the quarantining instructions to propagate across all of the Web servers on the site and/or all of the processes running on the server, once executed, the malicious code will be quarantined off the page and will not be served to visitors - including the Googlebot - resulting in less likelihood of the site being flagged and fewer headaches for the webmaster.
Is Your Site Blacklisted by Google?
Determining whether your site is blacklisted by Google is fairly simple; type this into your browser http://www.google.com/safebrowsing/diagnostic?site= and add your URL at the end (e.g. this is the link to view Google's listing status for ReadWriteWeb http://www.google.com/safebrowsing/diagnostic?site=http://www.readwriteweb.com/), however, determining which part of your site has been compromised is a lot more difficult.
But, it shouldn't be that hard.
"Instead of expecting every business to have security engineers of their own, what we need to do is take security services and make them available as a utility to companies just like electricity is a utility these days, and no one needs to keep an electrical engineer on staff like they did back in the nineteen twenties," Daswani noted.
Good point. And that's exactly where Dasient comes in.
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
This is a great service, but I think the target buyer of this service, which is individuals and small business (Large business already has security engineers in place) are already "Monthly Fee'd" to death in a tight economy.
Furthermore, this is like watchng a dog eat poisoned dog food, the offering a service to cleanse the dog of the poisons.
It seems to make more sense to focus on prevention of the leaks, that allow the code to be planted on a site to begin with, than offering a service telling you are infected.
If the issue is with bad code, than maybe a service to the CODERS, offering them a "certified clean and hack free" codebase would be more successful.
Just my .02 cents.
Very useful service, but they should also have a free and a cheaper plan for the less popular sites.
The plural of "Googler" is "Googlers", not "Googler's". Apostrophes indicate possession.
Old news!
Oh I see the "news", they got some actual funding.
Of all the rotten luck...
Regards,
Chris.
Hmm no images allowed, here's the link:
http://covac-software.com/graphics/ServScan.png
Seems very useful,but i think $50 is more expensive .
At 50 USD a month you're looking at half a million dollars for just 10k subscribers and they're going to have a lot more than that. 100k USD a month salary for each of the 3 and 200k a month for the investors, doesn't add up, I'm sorry.
Firstly I think the price is far too high for the service being offered and secondly I don't think many SME's can afford that.
"Firstly I think the price is far too high for the service being offered and secondly I don't think many SME's can afford that. "
And thirdly, there are completely free solutions.
Seems very useful,but i think
I agree with Mark. It would make more sense to undertake preventive steps like using website scanners vs putting a band-aid on something that is already broken. Try Powerfuzzer Online to find most common web vulnerabilities.