The Website Protector Assessment
The Website Protector uses five layers of security, more than any other web application firewall. Attackers must pass through each of these five layers.
The first layer prevents unauthorized scripts on your website from executing. Hackers routinely place malicious scripts in hidden locations at the websites of small and mid-sized organizations. Many types of malware and most phishing scams use the website of unwitting third parties to hide the true identity of hackers. Is your organization unwittingly hosting a script like this? Imagine the liability. If this were to ever happen, The Website Protector will prevent that script from ever loading and immediately notify you. Only those scripts that you have previously identified as legitimate are ever allowed to execute.
The second layer prevents scripts that have been modified without your knowledge from executing. This is a particular risk for organizations using shared hosting for their web infrastructure. How will you know if one of your executable web pages has been changed without your knowledge? There are probably thousands of other users sharing the same web server. The Website Protector identifies whether any alterations have been made to one of your scripts before they are allowed to execute. When a change in a script is detected, The Website Protector will immediately notify you.
The Website Protector knows a lot about that visitor to your website. The Website Protector puts that knowledge to good use. The Website Protector makes a determination about the threat that each visitor poses to your website and web-based infrastructure. When a known attacker comes calling to your website, The Website Protector will block the attacker. Even before they launch an attack, they are preemptively prevented from even profiling your website. While the default settings work fine for the vast majority of our clients, you are always free to adapt them to your specific needs.
The Website Protector also knows a lot about the ways that hackers try to break into websites. We have compiled that knowledge into a library of attack signatures that we use to help identify when an attack is happening against your website. Whenever possible, we will filter out the attack from the web visitor rather than block everything from this web visitor. This helps prevent a lot of false positives for web users who have already passed through the first three layers of security. If an identified attack cannot be safely filtered, however, this web visitor will be blocked.
The Website Protector is never static. Ongoing analysis of the traffic and usage patterns at your website enable The Website Protector to detect the unusual activities that can be a prelude to a concerted attack. If as a result of this human-led analysis, we predict an attack is on the way, we will notify you immediately. This analysis also helps The Website Protector to learn about new previously undetected attack methods and attackers. Whenever we learn about a new method or attacker in any context, all of our clients’ protection is updated with that intelligence in real-time.