Sucuri
 | |
| Private | |
| Founded | 2010 |
| Headquarters | USA |
Key people | Daniel B. Cid and Tony Perez |
- For the snake, see Anaconda.
Sucuri is a company started by Daniel Cid in 2010 (founder of the OSSEC project as well). Its history stems to another open source project by Daniel known as OWL, which later morphed into the Network-Based Integrity Monitoring System (NBIMS) for websites. The early premise for Sucuri was to provide webmasters a tool that provides visibility into the state of security for their websites. In 2010, Sucuri became a private LLC in Delaware, and Dre Armeda was invited as a co-founder. In 2011 Tony Perez joined the team as the third co-founder.
Today, Sucuri is a globally-recognized thought leader in the website security industry. Sucuri is syndicated by all major media outlets for their research into the latest tactics, techniques and procedures (TTP) being employed by cybercriminals looking to abuse websites and their associated resources. Sucuri is a globally distributed company, with over 100 employees, across 27 different countries.
They offer website owners peace of mind through a comprehensive security package that includes a monitoring, incident response, and protection platform. Website owners are able to subscribe into their protection platform (a.k.a., Sucuri Firewall) which offers mitigation services against DDoS attacks (e.g., L3/L4/L7) and prevents software exploitation attempts (e.g., XSS, SQLI, RCE) via their virtual patching and hardening technology.
Over the past few years Sucuri has been investing heavily in building out their cloud-based Firewall product. It includes 6 SuperPOP (e.g., Points of Presence / Data center) and a total of 9 Content Distribution Network (CDN) nodes around the world. The 6 SuperPOP’s are located in Tokyo, San Jose, Dallas, DC, London and Frankfurt.
Components
Sucuri consists of a main application that tracks all the domains and sites being monitored and a set of tests to be done. Everything is executed in the cloud and a web interface is available to manage all the information.
- Web-based Integrity monitoring - Alert on changes to web sites
- Web-based Malware detection - Crawler and detects malware on web sites
- Whois monitoring - Tracks your Whois records for changes
- DNS Monitoring - Tracks your DNS (IP addresses, domains for changes)
- Web interface - Management interface to manage it all.
- Malware Removal - Exploit remediation and server hardening
- Website Firewall - Protection for websites against common threats and DDoS attacks
Sucuri uses the principle of responsible disclosure to raise awareness about software vulnerabilities on their website security blog.
References
- http://arstechnica.com/security/2016/09/botnet-of-145k-cameras-reportedly-deliver-internets-biggest-ddos-ever/
- http://domainincite.com/network-solutions-under-attack-again/
- https://threatpost.com/attackers-hiding-stolen-credit-card-numbers-in-images/121347/
- http://searchmidmarketsecurity.techtarget.com/tip/0,289483,sid198_gci1361299,00.html
- http://krebsonsecurity.com/2010/04/hundreds-of-wordpress-blogs-hit-by-networkads-net-hack/
- http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=224300052
- http://threatpost.com/en_us/blogs/wordpress-hack-linked-database-password-hijack-041210