StopTheHacker, which was funded in its early phase by the National Science Foundation (NSF), provides a SaaS that basically performs regular scanning of websites for malicious code. It so far has partnered with five Web hosting providers that, in turn, offer the service to small to midsize businesses (SMBs). Brian NeSmith, former CEO of Blue Coat, is among the firm's angel investors, and Andre Bliznyuk, partner for investor Runa Capital, is a member of StopTheHacker's board of directors.
StopTheHacker says it competes with Dasient, which was recently acquired by Twitter, Armorize, and other similar Website security service providers. StopTheHacker is focusing on SMBs, which traditionally lack security expertise and resources.
StopTheHacker's services, which are currently in beta, will roll out into production later this month. Its flagship service grabs the site's Web pages and examines them for malicious code. "We can open the file, take line 20 out if it's malicious, put it back together, and you won't be infected anymore," says Peter Jensen, CEO of the firm. "We pick the relevant lines of bad code out of there."
Jensen says his company's artificial intelligence-based engine is different from other offerings. "A lot of people are using different shades of AI," Jensen says. "We believe we're the only ones using it for inspecting objects on a website."
StopTheHacker uses machine learning, where the software engine is continuously updated with new intelligence about new forms of malware. "As long as you fine-tune the AI engine, it keeps learning," Jensen says. "There's no way you can keep up with all of this new dynamic [malware] ... it requires a new approach to catching it."
Anirban Banerjee, vice president of R&D and a StopTheHacker co-founder, says heuristics is part of what the site's technology uses, but it's more than that. "Machine learning is constantly updating the kernel .. when catching new pieces of malware," he says. "It retains that in the system so next time you scan, it automatically" is able to detect it, Banerjee says.
But machine learning is no magic bullet, says Chenxi Wang, vice president and principal analyst for security and risk at Forrester Research. "Machine learning is actually very difficult to get accurate -- if you can get 70 percent accuracy, that’s really really good already," Wang says.
Meanwhile, SMBs often don't discover they are infected until they get blacklisted by Google. That's what happened to Christopher Imaging: "Over a year ago a couple of my business websites were surprisingly shut down by Google for some unknown reason to me. Not having any experience with websites, or in-house staff, I was totally unaware of what to do. In a panic, I found StopTheHacker online," says D. Todd Christopher of Christopher Imaging, a customer of the service. He used it to scan his sites and get his business back online, he says.
StopTheHacker's so-called Health Monitoring service is priced between $5 and $500 per month; the firm also has added a vulnerability assessment service for $100 per year, as well as a reputation-monitoring service that lets website owners know whether their site has been blacklisted. That service is free for a single scan and $10 per month for a regular plan.
The startup later this month at the RSA Conference will roll out a new release of its service that includes automatic malware removal, as well as scanning corporate Facebook account walls for malicious content.
StopBadware.org today announced that StopTheHacker is now a sponsoring partner of the anti-malware effort. "In addition to financial support, StopTheHacker will offer StopBadware access to their proprietary web malware scanning technology; this will help us detect malware more quickly and accurately during our independent review process," the nonprofit said in its announcement.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.