ThreatFactor NSIA is a website scanner that monitors websites in real-time in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any latency and will not interrupt business operations. At it’s core, ThreatFactor uses an advanced analysis engine that is capable of detecting a wide variety of issues and can be modified with custom signatures.
NSIA can be configured perform almost any action once an issue is identified, such as sending a text message (IM, email, SMS) or executing a script.
Type of Issues Detected
The ThreatFactor solution was designed specifically to help organizations quickly identify issues on your websites that may tarnish your organization’s image or adversely affect your customers, partners and employees such as:
- Website Defacements
Malicious users are trolling the Internet specifically for websites to deface. Oftentimes, these websites contain offensive language or images and likely result in tarnished image.
- Compliance and Privacy Issues
- Web Exploits
Oftentimes, attackers compromise a website and install exploits to attack the website visitors. These are often classified as silent defacements since the site does not look like it was visually changed. Sophos noted that the vast majority of websites hosting malware (around 80%) are legitimate sites that have been compromised . Furthermore, ThreatFactor can detect websites that have been modified in such a way to send private customer information (such as login information) to a third party.
- Sensitive Information Leaks
Websites can leak sensitive information through detailed error messages, misinformed blogger employees, and files that were not intended to be provided to the public.
- System Failures
ThreatFactor can detect many types of website system problems such as:
- Broken Links
- Error and warning messages
- Poorly configured servers or servers with default configuration
- Expired SSL certificates
- Server errors
- Automatic Content Baselining and Self-Tuning
ThreatFactor automatically creates analyzes monitored sites and establishes a baseline; the baseline is used to self-tune the system in order to reduce the rate of false alerts and to increase the sensitivity to potentially unauthorized changes.
- Automatic Web-Content Discovery
ThreatFactor automatically discovers the content associated with monitored websites; oftentimes finding hidden or unexpected content.
- Built-In Web Interface
ThreatFactor features an built-in web-server that makes administration easy using a web-browser.
- Comprehensive Signature Set
Includes over 2000 signatures for issues ranging from exploits and privacy problems to offensive language.
- Full Access Controls
The ThreatFactor servers supports rights, object-level access controls that can be applied to users and groups.
- Integrated Custom Signature Editor
A syntax highlighting signature editor is provided for writing custom ThreatPattern and ThreatScript signatures.
- SIEM Integration
ThreatFactor can log to a an external device such as a Security Information Event Management (SIEM) tool or log management solution.
- Integrated Database
ThreatFactor features an integrated database and eliminates the need for a DBA.