A Verizon Business security expert recently noted that although businesses
spend about half of their security budget protecting employees’ PCs and half on servers, over 99 percent of data losses happen on the server, in the RISK team’s experience.
Dasient, a security company that has been in stealth mode until now, is now offering a public beta of its anti-malware service for Web servers.
The company’s three founders talked to InternetNews.com about the purpose of the startup. Neil Daswani is a former Google security engineer, Shariq Rizvi is a former Google developer, and Ameet Ranadive is a former McKinsey consultant.
“We started in October of last year when we raised our seed round of funding,” said Daswani.
The company is built to solve the problems of the modern Web site, according to Ranadive. “Three trends are converging,” he said. “The Web itself is more complex, Web pages deliver more rich functionality, and there is more mashup content. The result is a greater attack surface with more vulnerabilities to exploit.”
The rise of automated toolkits makes defending servers
even harder, he added.
When an infection is detected, the service is designed to quarantine only the infected portion of the site without taking it down. If a single ad feed or iFrame were bad, the service would stop the server from delivering that to customers, but the rest of the Web site would function normally. “We are the only provider able to do this,” claimed Daswani.
Fighting automation with automation
Dasient’s answer is to crawl the Web looking for vulnerabilities, analyze the vulnerabilities it finds, and deliver signatures of those vulnerabilities to servers it’s defending. A hosted portion of the service does the crawling and it delivers the data to a Web server module that customers have installed on their own servers.
Ranadive said that Dasient sees Web hosts as a key channel partner. “Hosts will become providers, offering our service as a part of their blogging package, for example,” he said.
“We have identified over 10,000 types of infections during our Alpha test and prevented thousands of infections on SMB Web sites,” said Daswani.
The beta is available today. The hosted portion of the product is located in North America and currently the documentation and alerts are available in English only, but the service’s coverage is global, a Dasient spokesperson told InternetNews.com. Anyone who wishes to participate in the public beta can sign up at the Dasient Web site.