Signatures are passé, you need AI to StopTheHacker
By Gabey Goh March 8, 2013
- Approximately 2,500 pieces of new web malware released every day; zero-day malware can't be detected by traditional signature-based approaches
- Start-up StopTheHacker seeks to address this gap via proprietary technology driven by AI that proactively scans websites for malware
ABOUT 15 years ago, PCs were a fertile playground for malicious software and the concept of installing anti-virus software as a security measure was met with much skepticism.
That is not the case today, with a plethora of anti-virus options in the marketplace and consumers now more aware of the need to have digital security layers in place to protect themselves online.
But technology changes, and so does the modus operandi of cybercriminals, with the majority of today's malware delivered silently, via the websites one visits online.
An aptly named company, StopTheHacker Inc, believes that the same situation which existed 15 years ago with PC users now persists with website owners.
In an interview with Digital News Asia (DNA), conducted during the Parallels Summit hosted in Las Vegas in February, StopTheHacker chief executive officer Peter Jensen (pic) said many business owners were not aware of the consequences that come with an infected website.
“They get infected, then get blacklisted by Google and taken off their results. Not only do they lose the investment they’ve made in search engine optimization, but they also have to deal with angry customers and possibly having the incident featured in the media,” he said.
Jensen notes that at any given time, 2.5% to 5%of all websites are infested with malware, and 75% are vulnerable to malware attack.
On average, a website is attacked at least three times a year. Google alone is blacklisting more than 9,500 infected websites every day.
The problem is growing with approximately 2,500 pieces of new web malware released every day, with a growing part being ZeroDay malware which can't be detected by traditional signature-based approaches.
Current signature-based software catches only 40% of harmful web malware. Because much of the harmful code is dynamic and new, traditional signature-based security solutions are not able to identify it.
StopTheHacker, which provides 'Security as a Service' focused on cyber warfare in the arenas of web malware, security and reputation, seeks to address this gap in the market via proprietary technology driven by artificial intelligence that proactively scans websites for malware.
Drilling down to the code
StopTheHacker is a four-year-old start-up based in Silicon Valley that got its start when co-founder Anirban Banerjee completed his PhD in Computer Science from the University of California and began to conduct research into the use of artificial intelligence in catching malware.
His work was interesting enough to catch the eye of the American National Science Foundation, which granted him US$1 million to get started on developing a market-ready product. Together with co-founder Professor Michalis Faloutsos, a faculty member of the Computer Science Department at the University of California, StopTheHacker was born in 2009.
According to Jensen, the company’s malware scanning software offers a robust and resource-effective method of ensuring a website is clean of malicious code.
“The traditional way of finding malware is reliant on definition files and known viruses which can be limiting. Our AI component runs machine-learning algorithms to identify the code, even though it looks legit, and checks whether it goes to another website or does anything weird,” he explained.
The software then runs a series of over 70 tests to churn out a probability ranking of infection in order to determine whether the code is malicious or not.
“Because it’s based on AI, it will get better and better over time and though it would never be at 100%, it’s a matter of getting as close as possible,” Jensen added.
He claimed that with the solution’s focus on a website’s backend, it is able to remove malware at the source and reduce the rate of infections by 95%. When asked how the solution deals with cases of false positives or negatives, Jensen said the company currently catches about 97-98% of samples.
“We can detect down to the line numbers. If hacker has injected a website with a single line of code, we can go in and remove only that one line. Other solutions don’t have that level of granularity and the customer has a choice to either deal with it manually or have it automatically removed,” he said.
He admitted that StopTheHacker is not the only company playing in this space, with four others also active.
“The reason we’re unique is because we catch more malware than everybody else and that’s because of our approach, which leverages on AI. The initial grant from the National Science Foundation is testament to its belief that this ‘is the right way to secure websites’,” he claimed.
“We’re proud of our product and the amount and complexity of the malware we catch is strong. (If) we can keep at this level, we would have helped solved a big problem that impacts not just businesses but people as well,” he added.
Jensen, who joined the team as CEO in 2011, said that the company’s offerings has been in the market for a couple of years now and it is looking to expand its footprint globally.
StopTheHackers has a channel partner-oriented business strategy, working directly with companies such as hosting service providers to offer its solution as a value-add to customers.
Jensen added that hosting companies in particular, looking to expanded their value add portfolio, “love” working with StopTheHacker because it allows them to reduce support costs associated with dealing with unhappy and infected customers, who tend to blame their provider for not ensuring they were adequately protected.
“One company I spoke to shared that they were adding two full-time employees just to handle security queries; it becomes an additional cost to the business,” he said.
Jensen said that in addition to saving on support costs, the company’s solutions were easy to integrate via its APIs (application programming interfaces) with branded or white label options.
“We offer customers flexibility to create customized feature sets and packages and offer four different pricing levels,” he said.
He added that the company was also looking at branching out into servicing the enterprise space, but most likely under a new brand.
It also recently launched an extensive upgraded version of its suite of website protection services, forming its platform into a holistic one-stop-shop for website security.
StopTheHacker's new release of the server side scanning capabilities include the ability to detect website defacement, detect hidden spam and PHP shells, and more.
"We designed this new release of our software based on the needs of our web-hosting partners. They saw an increase of infected websites of over 50% last year," said Jensen.
"By extending our offerings with server side malware detection and removal technologies, we aim to extend the capabilities of our partners to offer better protection to their customers and reach new customer groups," he added.
Last year, leveraging on the network offered by Parallels, the company signed deals with 30 partners with a target to sign 50 more this year. The connection with Parallels comes courtesy of Parallels founder Serguei Beloussov, who is a senior partner in Runa Capital, one of StopTheHacker’s investors.
The company has already established an on-ground presence in Europe where the general inclusion of security protection components in provider offerings is well underway, and is now looking to venture into the Asia Pacific region.
In Asia, the company already has a few companies signed up as partners including ReadySpace in Singapore, and with OzzieHosting and Tsukaeru.net in Australia. It is actively looking for more.
Jensen shared that this year the company will be be looking more aggressively at Asia, with partner Parallels helping expand the network via introductions into the region.
“As a start-up we tend to be more opportunistic, taking things one quarter at a time but now is the time, we're ready and the problem is only growing. If people need to scan their PC’s regularly, so should websites,” he said.
For more information, click here.