Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Incapsula Adds Web Server Backdoor Protection To Cloud-Security Service

Incapsula, a cloud-based website security and performance service, on Wednesday announced a new tool designed to detect and disable malicious backdoors on compromised Web servers.

Incapsula, a cloud-based website security and performance service, on Wednesday announced a new tool designed to detect and disable malicious backdoors on compromised Web servers.

Dubbed “Incapsula Backdoor Protect”, the company describes the solution as a nonintrusive service that can detect and mitigate backdoors that have worked their way onto a web server.

“A Web site backdoor is a malicious function that enables hackers to remotely operate the site or server for future exploitation, even after the exploit that enabled access has been patched,” Incapsula explained in a statement. “Backdoors are used to maintain Web site and server access to distribute malware and spam, perpetuate distributed denial of service (DDoS) attacks or to assist in the theft of valuable data such as credit card numbers.”

In January, the web security firm identified a malicious backdoor that they believe was used in distributed denial of service (DDoS) attacks against US-financial institutions last year. 

Incapsula Backdoor Protect works by profiling a website’s traffic and comparing it against a database of known backdoors, enabling the detection overcome file obfuscation and signature mutation, the company said.

“Searching for a website backdoor is like looking for a needle in a haystack,” said Marc Gaffan, co-founder and vice president of marketing and business development, Incapsula. “Backdoors can be installed anywhere on the server under any name or alias and are therefore undetectable by external scanners. Searching every directory in an effort to find a file that should not be there is virtually impossible, but Incapsula can now neutralize the impact of a compromise.”

Incapsula Backdoor Protect:

Detects – Backdoor Protect monitors all website traffic and uses behavior heuristics to identify backdoor operations.

Advertisement. Scroll to continue reading.

Quarantines – Backdoor Protect automatically disables access to the backdoor, rendering it useless.

Alerts – Backdoor Protect notifies the website administrator and pinpoints the backdoor for removal.

The new backdoor detection capability part of Incapsula’s cloud-based Web Application Firewall (WAF), a service activated through a DNS change and routing traffic through Incapsula’s global network of servers. Using the service does not require installation of any software or deployment of hardware.

More information on Incapsula’s Backdoor Protect is available here.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.