WEB SECURITY blog

INFORMATION, TIPS AND NEWS ABOUT WEBSITE security

for developers

Digital agencies and web security – Interview with WebARX CEO

June 14, 2018 11:06 am

Agnes Talalaev
Digital Communications

digital agency webarx website security

WebARX is a cybersecurity company founded in 2016. Years ago we were running a digital agency focused on security-oriented web development. At some point, we realized that offering security only to our own customers isn’t really solving the worldwide problem. We decided to build a tool which other digital agencies and freelancers could use to secure their whole client portfolio.

In 2015 WebARX (idea-phase) participated in an ICT accelerator program in the Czech Republic where WebARX was awarded the 3rd place. After building the first version of the prototype, we were chosen to the European most known Cyber Security program, Cylon, where we managed to raise additional capital for final development and product launch. Today, WebARX is open for free sign-ups.

Since we have our private threat intelligence, we have begun building a Web Application Firewall (WAF) for the most popular content management systems (CMS) like WordPress. As we were building an all-in-one solution, we’ve enhanced the platform by adding important functionalities, such as; uptime monitoring, vulnerability monitoring, domain reputation monitoring, integrations (Slack), alerts and domain threat intelligence (alerts when a domain is mentioned in hacker forums or underground communities). The uniqueness of WebARX comes from its private threat intelligence, which the company is also providing to national CERT’s and is powering the CMS-based web application firewall. We analyze around 3,000 hacking incidents every single day. We know all the latest attack vectors being used, as well as the software that is mostly targeting with automated hacking tools.

Can you describe the profile of a typical website hacker? Who are they, what motivates them, and what are they aiming to achieve?

There is a popular misconception where people think that hackers never target their website because the site isn’t popular or doesn’t hold anything valuable.

This is wrong, for following reasons:

  • Most of the attacks are targeted against popular software not against a specific company.
  • Your website and web server (that you paid for) is already a valuable resource.
  • SEO, domain reputation damage and stolen traffic are often equal to losing money.

When it comes to motivation, first of all, there are those who are motivated by money. They usually redirect website traffic (also SEO spam – What is SEO spam?), infect sites with cryptocurrency miners, infect visitors with the use of exploit kits, or just use the compromised sites to send out email spam.

Secondly, there are defacers and hacktivists who are either motivated politically or religiously. Mostly opportunistic teenagers, who use pre-built scripts and software to attack as many websites with known vulnerable software as possible and leave their message (defacement) on the website. These are the easiest to detect and often use the same methods as the first group.

There are also more advanced threats which are more targeted against a specific company/organization, but the motivation still tends to be financial, political/religious, or sometimes personal.

How can a marketing department with multiple accounts lots of online presence protect itself against cyber threats?

Nowadays it’s essential to have a password management tools like KeePass. The core point is not to re-use the same password twice, because most incidents happen when attackers steal credentials and link them with different accounts. General cyber hygiene should be in place (Antivirus software, website firewall etc.). In most cases, the person behind the machine is the one clicking the buttons and getting the computer infected, so I would say cyber awareness and training is essential inside the company and it should be discussed with employees on a regular basis.

There’s is an interesting case study about an incident in Austria here.

If the marketing department is spinning up a lot of landing pages and public sites, they should have a complete overview about every single site they have, know what software is used and make sure everything stays up-to-date. Additionally, set up alerts if something goes wrong to react as fast as possible to protect the SEO rankings and domain reputation. It always feels good to have a peace of mind and have some extra time for updating the software on the critical moment by protecting the websites and landing pages with the web application firewall.

How do you foresee the future cybersecurity?

There are so many cybersecurity professionals missing in the IT sector which is also a sign that companies (especially SMEs) can’t afford internal cybersecurity teams. I think a lot of these companies are going to look for managed services.

I personally think that digital agencies who are building websites and are often the first touch for a new-born company that help them to “enter the online” – are going to be the ones introducing the risks that come with “being online”, eventually shifting into managed service providers in upcoming years.

This is exactly where we are positioning ourselves as helping the digital agencies and web development freelancers to transform their business into the new age.


The article is written by vpnMentor (Ditsa Keren) – you can read the original article here.

for developers

suggested articles

100% free to get started

Secure your websites in under 3 minutes - No credit card required.

Get started
WebARX is compatible with following platforms:
PHP
WordPress
Magento
Drupal
Joomla