Welcome Guest. | Log In | Register | Membership Benefits

StopTheHacker Launches

New Web security-as-a-service firm comes out of stealth mode with new funding and new services

Feb 13, 2012 | 04:25 PM | 

By Kelly Jackson Higgins
Dark Reading
A Web security-as-a service (SaaS) company officially launched today, announcing an initial round of $1.1 million in funding from a venture capital firm and the former CEO of Blue Coat.

StopTheHacker, which was funded in its early phase by the National Science Foundation (NSF), provides a SaaS that basically performs regular scanning of websites for malicious code. It so far has partnered with five Web hosting providers that, in turn, offer the service to small to midsize businesses (SMBs). Brian NeSmith, former CEO of Blue Coat, is among the firm's angel investors, and Andre Bliznyuk, partner for investor Runa Capital, is a member of StopTheHacker's board of directors.

StopTheHacker says it competes with Dasient, which was recently acquired by Twitter, Armorize, and other similar Website security service providers. StopTheHacker is focusing on SMBs, which traditionally lack security expertise and resources.

StopTheHacker's services, which are currently in beta, will roll out into production later this month. Its flagship service grabs the site's Web pages and examines them for malicious code. "We can open the file, take line 20 out if it's malicious, put it back together, and you won't be infected anymore," says Peter Jensen, CEO of the firm. "We pick the relevant lines of bad code out of there."

Jensen says his company's artificial intelligence-based engine is different from other offerings. "A lot of people are using different shades of AI," Jensen says. "We believe we're the only ones using it for inspecting objects on a website."

StopTheHacker uses machine learning, where the software engine is continuously updated with new intelligence about new forms of malware. "As long as you fine-tune the AI engine, it keeps learning," Jensen says. "There's no way you can keep up with all of this new dynamic [malware] ... it requires a new approach to catching it."

Anirban Banerjee, vice president of R&D and a StopTheHacker co-founder, says heuristics is part of what the site's technology uses, but it's more than that. "Machine learning is constantly updating the kernel .. when catching new pieces of malware," he says. "It retains that in the system so next time you scan, it automatically" is able to detect it, Banerjee says.

But machine learning is no magic bullet, says Chenxi Wang, vice president and principal analyst for security and risk at Forrester Research. "Machine learning is actually very difficult to get accurate -- if you can get 70 percent accuracy, that’s really really good already," Wang says.

Meanwhile, SMBs often don't discover they are infected until they get blacklisted by Google. That's what happened to Christopher Imaging: "Over a year ago a couple of my business websites were surprisingly shut down by Google for some unknown reason to me. Not having any experience with websites, or in-house staff, I was totally unaware of what to do. In a panic, I found StopTheHacker online," says D. Todd Christopher of Christopher Imaging, a customer of the service. He used it to scan his sites and get his business back online, he says.

StopTheHacker's so-called Health Monitoring service is priced between $5 and $500 per month; the firm also has added a vulnerability assessment service for $100 per year, as well as a reputation-monitoring service that lets website owners know whether their site has been blacklisted. That service is free for a single scan and $10 per month for a regular plan.

The startup later this month at the RSA Conference will roll out a new release of its service that includes automatic malware removal, as well as scanning corporate Facebook account walls for malicious content.

StopBadware.org today announced that StopTheHacker is now a sponsoring partner of the anti-malware effort. "In addition to financial support, StopTheHacker will offer StopBadware access to their proprietary web malware scanning technology; this will help us detect malware more quickly and accurately during our independent review process," the nonprofit said in its announcement.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Security Services Reports

report Using Service Providers To Manage DDoS Threats
When it comes to the battle against distributed denial-of-service attacks, you are not alone. With the increasing use of third-party service providers, your organization likely has a huge arsenal of bandwidth, technology and know-how at its disposal. The challenge is to effectively marshal those resources among your providers and integrate them with your own security measures into a strategic and comprehensive DDoS protection plan.

report Hosted Web Security Services: Block Malware Before Your Border
Security service providers are now delivering a wide range of packaged offerings, including Web content filtering, anti-malware, data leak prevention, and many other capabilities. How can your organization take advantage of these Web security services, and how can you choose the right provider? This Dark Reading Tech Center report offers a look at these services and some recommendations on how best to implement them.

report You've Got (Secure) Mail: Using Service Providers to Boost Protection
The SaaS market is still in its infancy, but hosted e-mail security firms are leading the way, thanks to ease of implementation and many obvious benefits. Still, these services are not without risks. In this Dark Reading Tech Center report, we'll discuss how to determine what mix of in-house and hosted email security makes sense for your organization.

Other reports from the Security Services Tech Center:

Related Content

Establishing a Formal Cyber Intelligence Capability
Organizations are realizing that advanced intelligence capabilities consistently deliver substantial cost savings - with proactive insights on true threats, the intelligence to avoid false alarms, and the system and application availability required to preserve revenues and customer loyalty. But achieving these benefits requires organizations to establish a formal cyber intelligence capability. Read this whitepaper to learn about a proven, repeatable process with clearly established steps for setting up an in-house cyber security intelligence operation.

DDoS Mitigation: Best Practices for a Rapidly Changing Threat Landscape
Although DDoS attacks have become a mainstay of hackers' arsenals, their profile has changed considerably in the past year, making them an even greater threat to companies that conduct business online. DDoS attacks are larger, stealthier, more targeted, and more sophisticated than ever. Get best practices to enable your organization to keep pace with DDoS attacks while minimizing impact on business operations.

2012 Cyber Crime Threats and Trends
Get the highlights of 2011 cyber security trends and how those trends and others might unfold in 2012. This report is a strategic complement to daily tactical intelligence reports and provides IT security and business operations with actionable and relevant decision support.

Using Hybrid Routing to Optimize DNS Resolution Performance and Reliability
To create a satisfactory end user experience, enterprises must ensure that DNS resolution is fast and reliable. Learn more about how using a hybrid routing solution can greatly maximize performance while minimizing latency-and address your business' specific needs along the way.

A Cost Analysis of Approaches To DDoS Protection.
All organizations with an online presence or dependence on Internet-based systems need to fortify their defenses against DDoS attacks. DDoS can cost an organization in tangible losses and in more subtle ways. Read this whitepaper for a deeper perspective on the cost benefits of a dedicated, cloud-based DDoS service over an in-house hardware solution or over-provisioning through your ISP.




Featured Webcasts
Featured Whitepapers
Featured Reports