Quttera Announces Automatic Malware Removal Capability in Enhanced Server-Side Malware Scanner
July 2019 by Marc Jacob
The global cybersecurity company Quttera has just launched its new server-side malware scanner. Its distinctive features are real-time monitoring of website internals and autonomous remediation of attacks. The self-adapting website protection system enables the immediate removal of malware without human intervention.
A pervasive problem in website security is that malware does damage at computer speeds while removing it often requires action by administrators. By the time they can remove the infection, the system may have suffered information loss or been defaced. Quttera’s solution is to bring the removal of malware up to computer speeds.
The need for rapid malware removal
A website’s reputation depends heavily on consistent uptime and proper functioning. Studies have shown that downtime has a significant negative impact on people’s perception of a site’s brand. The impact of encountering malware or losing privacy is even greater. Avoiding infections is a top priority of every owner of a business site.
A large and growing proportion of websites support user interactions such as e-commerce and comment boards. They increase customer engagement, but at the same time they open up new paths of attack.
Infections and downtime affect a site’s search engine ranking. If a site is inconsistently available, Google and other search engines won’t give it a prominent place in their results. If they detect malware on a site, they’ll remove it from the results until it’s cleaned up.
Real-time monitoring and automated removal greatly decrease the time between the start of an infection and its removal. Downtime may be reduced to zero, and the malware will have less time to do damage and be noticed.
The challenges of blocking attacks
Making continuous monitoring and quick recovery a reality is a difficult technical challenge. It requires a self-adjusting backend that can recover from an attack and quarantine or restore the affected components. The majority of websites are built on a small number of popular content management systems, and they are especially likely to be attacked. Sites that are kept up to date are reasonably safe, but many sites are not regularly updated and have known vulnerabilities.
Zero-day attacks are particularly challenging. Web application firewalls (WAFs) by themselves are ineffective at stopping these attacks. Anti-malware software can remove the resulting infections, but sites get re-infected repeatedly. By definition, a zero-day attack doesn’t follow a known pattern, so blocking it is difficult. Incident response teams need to devise a way to stop the attack, which may take days.
Many anti-malware measures rely on "signatures," known byte patterns in files that indicate an infection. Protective software that depends on signatures cannot stop previously unknown kinds of malware. Quttera uses other techniques, including behavior-based analysis and artificial intelligence, to identify threats whether or not they follow previously known patterns.
Automated remediation can quickly mitigate malware-induced outages. The issue can be resolved without completely rebuilding the website. The addition of real-time, self-adapting website protection to an existing portfolio of website protection measures creates stronger protection against hacking attempts.
Cleanup of malware in real-time
Michael Novofastovsky, the co-founder and CTO of Quttera, has discussed the significance of these new features in the company’s ThreatSign platform. "Everyone is talking about ’automated threat removal and real-time scanning.’ With this new tool, it’s finally possible. After years of development and in-house usage and testing, we are ready for prime time. This is a big step towards real scalability when websites are up and running in seconds using Kubernetes and cloud providers. The new engine allows real-time handling of attacks and malware cleanup to keep business operational and profitable. Reducing the need for manual work and improving the efficiency of any cybersecurity setup, the new engine is a must and is now available in all our ThreatSign plans."
The new features complement standard protection tools such as port blocking, WAFs, SSL certificates, and account security management. This new addition to the security instruments developed by Quttera allows:
Monitoring of website core files. The software which powers a website should not change except through administrator action or automatic updates. Any changes to these files, except as part of a software upgrade, will be treated as a security incident.
Instant curing of infections and re-infections of website files. The longer an infection remains in place, the more it costs the victim. The malware will have almost zero time to cause harmful effects before it is removed. Real-time tracking of previously contaminated files. Files which have recently been compromised are likely to be attacked again. Quttera’s software pays close attention to these files and initiates automated remediation if a new infection is detected.
Continuous file system integrity testing. Attacks on websites commonly introduce extra files with malicious functionality. If files unexpectedly appear in directories that don’t hold dynamic data, something is wrong. These files will be removed or quarantined.
Costs of website malware
A study by Accenture and the Ponemon Institute found that malware cost businesses in the United States over $2.6 million per company in 2018, an increase of 11 percent over the previous year. Costs in other countries have followed a similar trend. Ransomware attacks have rendered sites unusable and extorted payments in the hundreds of thousands of dollars.
The growing threat levels have made it a necessity for businesses to adopt the strongest available measures for protection. The cost of prevention is always lower than the costs associated with a successful online attack. Some costs, such as long-term effects on a company’s reputation, are difficult to measure. A reliable set of protective measures against intrusion and malware is considered the most effective way to keep the costs of attacks low