Incapsula, a cloud-based website security and performance service, on Wednesday announced a new tool designed to detect and disable malicious backdoors on compromised Web servers.
Dubbed “Incapsula Backdoor Protect”, the company describes the solution as a nonintrusive service that can detect and mitigate backdoors that have worked their way onto a web server.
“A Web site backdoor is a malicious function that enables hackers to remotely operate the site or server for future exploitation, even after the exploit that enabled access has been patched,” Incapsula explained in a statement. “Backdoors are used to maintain Web site and server access to distribute malware and spam, perpetuate distributed denial of service (DDoS) attacks or to assist in the theft of valuable data such as credit card numbers.”
In January, the web security firm identified a malicious backdoor that they believe was used in distributed denial of service (DDoS) attacks against US-financial institutions last year.
Incapsula Backdoor Protect works by profiling a website's traffic and comparing it against a database of known backdoors, enabling the detection overcome file obfuscation and signature mutation, the company said.
"Searching for a website backdoor is like looking for a needle in a haystack," said Marc Gaffan, co-founder and vice president of marketing and business development, Incapsula. "Backdoors can be installed anywhere on the server under any name or alias and are therefore undetectable by external scanners. Searching every directory in an effort to find a file that should not be there is virtually impossible, but Incapsula can now neutralize the impact of a compromise."
Incapsula Backdoor Protect:
• Detects - Backdoor Protect monitors all website traffic and uses behavior heuristics to identify backdoor operations.
• Quarantines - Backdoor Protect automatically disables access to the backdoor, rendering it useless.
• Alerts - Backdoor Protect notifies the website administrator and pinpoints the backdoor for removal.
The new backdoor detection capability part of Incapsula's cloud-based Web Application Firewall (WAF), a service activated through a DNS change and routing traffic through Incapsula's global network of servers. Using the service does not require installation of any software or deployment of hardware.
More information on Incapsula’s Backdoor Protect is available here.