SaaS security firm Qualys has unveiled two new malware detection products that can scan websites to determine if they are hosting malicious code.
The first product, called QualysGuard Malware Detection, is a free offering that provides daily scans of websites to look for malware infections and threats. It can deliver automated alerts when a threat is found to help the customer fix issues.
Qualys CEO, Philippe Courtot, told CBR that threats are not removed automatically, “because they got there due to vulnerabilities in the code of the website so that has to be fixed first.”
QualysGuard Malware Detection uses both static and behavioural analysis and Qualys says this can reduce false positives to nearly zero. Static analysis uses a signature-based approach, identifying source code that is typically used in malicious attacks. Behavioural analysis uses a vulnerable browser and operating system to test a site for any abnormal behaviour. Anything that is not considered to be normal is a sign of malware, Qualys says.
Courtot told CBR the company is not charging for QualysGuard Malware Detection in the hope that wider use will benefit the security industry in the long run. “Malware is the new front in online attacks,” he said. “Wider adoption of the product will help us collect more data about malware – where, when, what and so on. Through partnerships we can share that information out. Attacks are becoming more sophisticated and it needs many minds to beat it.”
The second new product from Qualys is Go Secure, which enables companies to test their web sites for the presence of malware, network and web application vulnerabilities and SSL certificate validation. The paid for service means companies that pass the security tests can display a certificate on their site, indicating to visitors that the site is free from malware.
If any vulnerability is found the service will notify the web site owner and the security certificate is removed if the issues are not fixed within 72 hours. Once any problems have been fixed the customer can rescan to reactivate the security seal.
Go Secure subscriptions are sold annually, starting at $995 per website. Both products are available now in beta.