Guardia™

Guardia™

Secure yourself against web malware and defacement

A growing concern for organizations is the injection of malware and defacement of corporate websites.  Guardia discovers the scope and source of malware infections with deep cloud based analysis of both static and dynamic content on pages.  Not only is this embarrassing for the company’s image but it can result in the loss of revenue  from blacklisting, phising, and loss of public goodwill. Additionally, there is now a more insidious form of hacktivism that is intended to do damage to anyone visiting the website infecting their computers with harmful malware . Often, the malware on a hacked website is hidden in iframes or scripts, and can include JavaScripts, Java applets, binaries or Flash that redirects users to a malicious website or executes a drive-by download.

Even if the internal corporate network is secure, the web site might be hosted by a company with less stringent security. There are several ways a website can be breached: The site credentials might be stolen from a site developer through a keylogger, a site might be compromised because the credentials of the hosting admin are stolen (multiple site compromise) or a site might be hacked through SQL injection, content injection, etc.

Guardia protects a company’s reputation, brand, and website visitors by providing early warning in case of defacement or the presence of malicious code. It continuously monitors a customer’s assets (websites, internal hosts, advertisement campaigns) and determines if it has been hijacked or breached. It provides early warning so that the proper mitigation steps can be initiated. This service is well suited for any company or organization with a website, as well as ISPs and hosting providers who offer infrastructure their clients.

Guardia monitors a web site and makes sure that no malicious changes are performed. These can be visible changes such as the addition of images, offensive text, etc. or invisible changes such as inclusion of iframes and redirecting JavaScript, etc. Guardia uses a unique machine learning approach to identify which parts of a web site change on a regular basis as well as the structure of the changing code and notifies the customer if a suspicious change is detected.

Guardia Semantics-based Approach

Guardia parses the structure of web pages and extract classification metadata that characterize each section of a web page such as structure/type of data, keywords and language. Changes are analyzed in both a whole-page context and an in-section context i.e. modifications to the structure of the page as well as modifications to the content of a section.

Guardia Static/Dynamic Analysis

Guardia uses a composition of static and dynamic analyses.  Static analysis allows for the characterization of the page structure and the identification of code/style inclusion graphs while dynamic analysis allows for the identification of malicious code behavior (e.g., redirections to outside hosts, dynamic inclusions). Each web page is visited with our proprietary emulated browser which executes JavaScript code, etc. and follows redirections.

Guardia as a SaaS

Since Guardia is offered as a Software as a Service, it can be set up and configured in minutes; no software installation or hardware required.

A web based user portal can be accessed from any browser to configure and initialize the monitoring. Among settings that can be customized are pages to be monitored, frequency and parameters of the analysis, initialization of credentials and sensitivity of the alerts. Alerts may include simple changes (notifications), substantial changes (alerts), and confirmed malicious modification (incidents)