Don’t Overlook Qualys Malware Detection
Last updated on: September 7, 2020
Cyber criminals are constantly looking for opportunities to infect legitimate websites with malware. They can use infected websites to cryptomine, steal data, hijack systems, deface pages, and do other damage to harm a company’s reputation and impact their users. This can result in lost revenue, and regulatory fines, and potentially drive customers away.
SiteLock researchers recently reported that a website is attacked on average almost 60 times per day, and that 1% of all websites — about 19 million globally — carry malware at any point in time. Those often include websites from large, well-known companies. For example, Newegg, British Airways and Ticketmaster all recently fell prey to the Magecart credit card skimming malware.
It’s clear that anti-virus software, firewalls, and other prevention tools are not enough to defend against the steady stream of ever-evolving malware. Even if a company’s website is secure from external attackers, this does not mean the website is safe from infection from third-party content providers or advertising used on the website.
Firewalls aren’t infallible, and neither are AV products. Perhaps most frustrating of all is that despite years of awareness training, employees still inadvertently click on malicious links and attachments, John Delaroderie, a Qualys Security Solutions Architect, said recently at Microsoft Ignite 2018.
“That’s why you need a superhero sidekick on your team — to find this malware, root it out at the source, and keep your website safe,” he said.
For this reason, Qualys’ web application security services do not stop at vulnerability scanning, configuration assessment and firewall functionality. A sophisticated malware detector is also part of the package.
Qualys Malware Detection, included at no extra charge with Qualys Web Application Scanning (WAS), is designed for scanning pages of external-facing web applications for malware. It runs separate and apart from our traditional web application scanning, and can be configured to notify you directly if malware is found, he said.
Intuitive and easy to set up, it uses multiple detection methods:
- Behavioral analysis, via an instrumented browser that analyzes web application traffic for for suspicious activities in real time, such as security control disablement and anti-forensic operations.
- Reputation checks, by looking at links to external web pages and checking them against reputation services to see if they point to untrusted sites or known malware servers.
- Anti-virus, via traditional signature-based detection, including examining documents and files for malware.
- Heuristics, where instead of matching signatures for the presence of malware, files are analyzed for commands that may potentially be used for malicious purposes.
Please watch the video of John Delaroderie’s presentation, which includes more details about Qualys Malware Detection, along with a step-by-step demo of the product.