Monitoring the security of your website is one of the most critical things that you need to perform to keep your website safe. However, finding the right solution that matches your needs is the hardest part of this journey.
Working in the penetration test industry has given me the privilege of testing many security solutions. So here is a list of the best web application security monitoring solutions per website size:
If you have just started your website and you do not have much traffic, then the best solution for you to start monitoring your website security is the Sucuri Professional plan with a cost of 299.99$/yr.
In general, most companies would not invest much money in their website security solutions at this level, as this is not actually the main problem. Therefore, the basic plan of the Sucuri is a very good option for you to start with.
Here is the some of the most important monitoring features offered by this solution:
As I have mentioned in the article about website security KPIs, to be able to calculate the level of preparedness you will need to perform periodic penetration tests. Of course, an automated tool could not do this (and anyone that tells you this is a liar), but for some public source code-based websites, an automated approach can give some very good results. For example, if you are using WordPress or any other CMS, then an automated scan with this feature will give you many good results to calculate your KPI.
In most cases when someone or some company wants to make a website, they use a mutual hosting server. Unfortunately, not all web hosting services offer or perform malware scanning for their clients. Therefore, Sucuri offers this feature that will help you find, remove and recover from a malware attack. In addition, this scan is performed every 12 hours, which is a pretty good period of time for a small website.
I think one of the biggest problems that a website could encounter in its life cycle, is getting blacklisted. If that happens, 90% of the web traffic will disappear instantly. In general, blacklisting happens when your website is infected by malware or that malware is using your website as a command and control server.
You may say yeah but the malware scanner is already here and he will remove the malware. Unfortunately, even if you remove and cleans up your website, it will remain blacklisted, and more steps need to be performed to solve the problem.
Here comes the power of sucuri solution, the sucuri solution will clean up your website from malware and stuff, and then it will perform the needed steps regarding the biggest companies like google and other antivirus companies to remove the blacklisting for you.
For me, this is the best feature of this solution. I have tested this feature with some of my clients and the results were really awesome.
One of the key things that you should monitor in your website is the File changes. Why? Simply because if a hacker took control over your website, the first thing he would attempt to do is maintaining this control. Therefore, to perform this, he will try to inject what we call backdoors in your legitimate source code.
A backdoor is a malicious source code, that is used by the attacker to easily access your computer any time he wants without the need to re-exploit the old vulnerability. Now, the backdoor could be created in a spare file (which makes them easy to find), or they can be hidden in the legitimate source code. If this last technique has been used, then the signature-based malware detection technique will not work, and the only way to find the malware would be to identify the changes in the files.
Sometimes, when hackers try to compromise a wide number of websites, they try to hack their DNS server. Then they redirect all the traffic to their malicious website. Of course, this will not be directly your problem, as the security of the DNS records is the service provider’s responsibility. However, you need to know when this happens, and Sucuri solution will definitely help with this.
The most important thing in the whole monitoring process is to be notified as soon as possible, and the sucuri solution offers multiple ways to be notified with (SMS, email, Slack …)
For the medium size websites, the sucuri Business plan is the best solution with a cost of 499.99$/yr. Actually, a company with a medium-sized website does not really need a very big website security monitoring system. In addition, I recommend investing the budget in more security solutions to protect the app and make its source code security mature rather than a big and complex monitoring system.
Therefore, what you need at this level is more power and more sensitivity in the solution. This means that you need a shorter period between the scans and more flexibility regarding your SSL certification and that’s exactly what the Business plan offer.
All the monitoring scans listed in the past bullet points will be performed every 30 min, and that is more than enough at this level.