Idea behind One Threat One Dollar
When I started WidEva Systems, I had only one goal in mind to provide proactive and affordable security, for SMBs. Someone said that it is the journey and not the destination. So, we had laid down the path, and set to go. When talking about security, the most common attack vectors are web, mail, portable drives etc. I focused on the web, as I have worked in Hosting companies, and there was a significant increase in web attacks. Our first solution was SECaaS(SECurity as a Service) for hosting. We were very clear right from day one, that we will not compete with anyone. Being a startup, we wanted to offer something unique and focus on solving the problem.
The SECaaS idea
If I have to put down the concept in few lines:-
- Intrusive and automated one time scanning with manual reporting
- Pay per bug model with a maximum cap
- Proactive security
- Testing done within a VPN in isolated environment. Hence, live environment never touched
- Professional reporting with Proof of Concept, Screenshots and Remediation steps
- Online Portal to manage vulnerabilities with summary
- Transparent process with Hosting provider in full control
Running several sites on a server itself is quite challenging for Hosting providers, to maintain uptime. So, scanning on live environment simply did not make sense to me.
For shared hosting, we wanted to offer on a server(or bunch of domains) basis, focusing on providing this service for Hosting Providers.
But setting up a environment for testing was not quite the "point and click" kind of service. The concept made absolute sense for VPS/Cloud/Dedicated servers, considering the value add. But for Shared Hosting, there had to be a better way. Do note that, SECaaS concept has the ability to find suspicious outbound traffic and lot more, making it effective in its own way.
We were not in for live scans. If we can find the vulnerabilities in the first place, we wouldn't need scans to detect malwares. Having said that, there are reasons why regular scans are needed and there are enough vendors offering this service.
We wanted to stick with pay per bug model, as we are working on only one aspect of site security. There are several other reasons a site could get hacked, like weak credentials.
We needed a solution that works from the root. Never depend on sitemaps or page links. Not providing details on the methodology does help to certain level. Attackers will always find ways to circumvent scanning techniques. The idea is to stay ahead of the game.
The solution had to be affordable and for everyone.
We offered Remedy services separately on a pay per hour basis, for users who are not tech savvy.
Attackers are only looking for commonly exploited vulnerabilities. Why not rewrite the signatures for these vulnerabilities, in a different way?
A proactive solution means a happy site owner(customer), who is notified about the vulnerability, before it is too late. And not to mention, the hassles the site owner has to go through fixing a hacked website.
A solution was needed that can complement with existing vendor.
One Threat One Dollar idea
Why not run the scans on files directly, than on the web server?
If the signatures for vulnerabilities can be checked on the file server directly, it would be as good as running an anti virus. Except, that each report has to be verified manually.
Dumping file hashes into database, allows us to track history of file creation/modification. As new signatures run on all files, old signatures only run on new or modified files. Call it the green way of scanning, if you like. This opens up a lot more ways to dig and innovate.
Live environment is only touched when files need extensive scanning. In this case, the URL of the file is sent to Wid cloud. The file is downloaded for further analysis.
It is an easy to implement solution and works from root. It is affordable and proactive solution.
The game is to keep writing signatures.