HOW WE CLEAN AND PROTECT YOUR WEBSITE
1 – Identify Security Issues
When your site is compromised, our team immediately assesses the damage. Our automated scripts and professional security analysts work quickly to understand your environment and locate infections and their impacts. Our research-driven tools keep us on top of emerging threats and security issues so we can clean them faster than the competition.
- CMS & extensions used on your site
- Known issues and anomalies in source code
- Current versions of your website software
- Integrity issues against a known good baseline
- Malware infections and indicators of compromise
This step involves finding information about your website and the infection. To make this step as quick as possible, our skilled security analysts use automated scripts and tools maintained by our industry-leading research team. These tools allow us to quickly flag known infections and suspicious code. This step also collects details about your server environment and any warnings from blacklist authorities.
Security issues come in many forms and can cause issues with availability including site suspension and blacklist warnings. It is important to thoroughly identify the infection and any malware warnings that need to be cleared. Your site can be reinfected easily if you do not identify all backdoors, vulnerable software and server configuration issues. All indicators of compromise are dealt shortly after this discovery phase.
Immediately after you submit your malware request, our website security scan runs through your server collecting and analyzing data. Details about your environment and any warnings are passed to our global network of highly skilled security analysts. From there, the analyst assigned to your case takes a fine-tooth comb through your server and database to ensure all possible indicators of compromise are discovered.
2 – Remediate Security Issues
Our Security Analysts are available 24/7/365 to clean your website when it’s hacked. We offer plans based on guaranteed response time, though our team typically responds much faster than advertised. This allows you to get back to the things you most care about. All plans offer unlimited malware removal requests during the lifetime of your subscription.
- Remove & repair malware infections
- Check the integrity of your website
- Remove blacklist warnings from your website
- Repair brand reputation issues in search engine results
- Advise you on available updates and post-hack steps
Your security analyst will keep you informed as they work to address all indicators of compromise on your site and server. This includes a combination of automatic and manual removal of malicious code from your website files and database. When complete, your analyst will take care of any malware warnings and respond with a list of recommended post-hack actions to keep your site secure.
Website malware harms your visitors, brand reputation, SEO, and traffic. Hosts and blacklist authorities are quick to suspend infected sites. If malware is not cleared from your website, the lasting impacts can be disastrous. Typically, websites that have been blacklisted by Google see a 95% loss in traffic. Hackers that have access to your server will continue to abuse your resources if not addressed quickly.
Before we perform website malware removal, our system automatically creates a backup of files and keeps a change log. The security analyst performs all cleanup steps by accessing your site using FTP and database administration tools. When all malware has been removed from your site, your analyst will confirm site functionality and submit all blacklist removal requests on your behalf.
3 – Configure for Continuous Monitoring
Website security is a constantly changing landscape. New methods of attack are always emerging. Our first step is to establish a known good baseline of your website so that we can create a security plan to clean and protect your unique sites. We generate audit reports in your dashboard and alerts so you can stay informed about the health of your site.
- Server-side scanner PHP file on your server
- Monitoring for changes to DNS records
- Uptime alerts
- Monitoring for SSL certificate changes
We monitor the website and continuously scan it for indicators of compromise (IoC). You will be alerted if your website is has been hacked, so you can take immediate action. Our monitoring engines flag any suspicious content in your website files, database, DNS records, and SSL certificates. We also monitor uptime to ensure your website is always available.
Our detection methods thwart hackers who attempt to hide infections on your site. Using bots, hackers can find and infect websites automatically. If compromised, immediate action is required to avoid lasting impacts to your traffic, reputation, and SEO. We alert you if your website is being used to distribute malware, spam, or phishing lures. We also check for software updates, backdoors, and suspicious changes to your website.
We scan your site for security issues with remote and server-side scans to gain a complete picture of the integrity and behavior of your site. Using our vast research database, we can instantly flag thousands of security issues and any indicator of compromise. The remote scanning browses your site from multiple perspectives. The server-side scanner involves a PHP file on your server that will monitor your website file structure and databases from the inside.
4 – Deploy Protection Platform
New malware infections, bots, and scanners are emerging every day. You can combat these by using our protection platform to surround your website using military-grade defensive technology. Never fear a hack again when you have our robust firewall safeguarding your traffic, visitors, and reputation from the constantly evolving world of cyber threats.
- Blocks DDoS attacks (Including Layer 7 HTTP-Flood attacks)
- Protects against brute force attacks
- Stops website attacks & hacks
- Prevents malware infections
- Zero Day immediate response patching
Our website defense system processes all traffic coming to your website before it can do any damage. Good traffic is allowed through, but any malicious requests for unauthorized access will blocked and shown a warning page. You can use the protection platform as-is or configure additional security options for power users. The dashboard provides detailed reporting so you can see exactly what is being blocked.
DDoS and brute force attacks are always on the rise. Website availability issues can cause significant impacts to your revenue and brand reputation. Software vulnerabilities can also be exploited by attackers who use your website to distribute malware and spam. The Sucuri solution includes our protection platform Which hardens and patchs your virtual environment ensuring your website has the best proactive security posture.
Our website protection platform consists of a virtual patching and hardening engine to prevent unauthorized access and cover security updates. The application profiling engine allows traffic that matches expected patterns using a whitelist methodology. From there, our research labs maintain extensive blacklist signatures to stop hack attempts. Across our network, our correlation engine uses machine learning to protect everyone behind our firewall.
5 – Configure Performance Optimization (CDN)
A big concern with any website security implementation is the impact on website performance. Rest assured that the Sucuri Firewall offers dramatically improved page speed and performance. This not only includes optimizing how your website loads for visitors, it also significantly decreases the load placed on your web server and its available resources.
- Set content delivery network for optimal site performance
- Preferred compression settings to enhance site speed
- Globally-distributed Anycast network (GDAN)
- 6 global points of presence (PoP)
- URL query string and caching location rules
Our content delivery network speeds up access to your website, giving your visitors a notably improved experience. This also means that your server doesn’t have to work as hard, because our servers compress resources and provide them instantly to all legitimate visitors. Our enhanced network performance and your unique caching configuration is optimized to provide the best possible performance enhancements.
Slow website response times are responsible for high bounce rates and poor user experience. Because of this, Google and other search engines use pagespeed as part of their ranking criteria. Our performance optimization takes care of this concern. This can also reduce costs when it comes to server management. Our servers serve the majority of your website content to reduce the load on your server.
We make your site faster by storing your website resources in 6 highly available points of presence (PoP) around the world. These locations are configured to provide maximum uptime and availability. Our proprietary, globally-distributed Anycast network is built using the highest-grade network ports. The network capacity and response time is dramatically improved for your website, with four levels of caching available to choose from.
Thought Leaders in Website Security
Sucuri has been involved specifically in the website security space over 6 years, analyzing what attackers do and how they do it. This knowledge is at the core of how the technology is built.
There is no installation required, the technology is quickly enabled via the Sucuri dashboard and at the DNS level. Changes can be made via an A record switch, or full DNS management.
Active Vulnerability Research
Sucuri’s research is second to none when it comes to vulnerability exploit attempts. Our research is widely distributed and syndicated across all major media and security outlets.
Budgets are tight, demand is high. Sucuri has the luxury of size and youth, we bring the right level of enthusiasm, adaptability, and technology to the enterprise website security game.