Quttera offers SaaS-based malware detection solutions to identify and alert users about unknown and ‘zero-day’ threats on websites. Their technology combines artificial intelligence, multi-layered identification engines, scoring layers, and other non-signature based approaches that make web malware detection quicker and easier. In this interview, Quttera co-founder & CTO Michael Novofastovsky explores current threats and challenges to web security and offers an elegant solution for SMBs.
Please describe the story behind the company: What sparked the idea, and how has it evolved so far?
Quttera was created as a hub for innovative solutions to fight web malware. Three co-founders, including myself, set a goal to improve the existing anti-malware software tools and overcome the limitations in the industry, such as signature-based only solutions, malware labs heavily dependent on manual research, zero-day attacks, and so on.
The first patent that we registered back in 2009 aimed at vulnerability exploit detection in a given piece of code or information. The algorithms and mathematical models in the patented approach set a foundation of heuristic and artificial-intelligence-based technology that is called Quttera.
Since then, we have been developing new tools and services to detect, remove, and protect web assets from known and unknown cyber threats. Our technology has evolved into a multi-layered, feature-rich, heuristic technology that can work without signatures. Most importantly, it was built with the designed-in flexibility to adjust to any application’s needs and specifics. Any client system can easily integrate it and start leveraging its power to uncover hidden threats, adapt and protect data, and connect to the centralized threat intelligence database.
For example, small and medium business owners consume our technology via the SaaS website protection platform – ThreatSign. Threat labs, email clients, telecom, hosting, security providers, cloud storage, ad inventory, IoT devices, and practically any web-connected asset can use our technology via the REST API.
Quttera products and services contain a web application firewall, external malware scanning, server-side malware scanning, SSL management, an automated malware cleanup framework, open port scanning, DNS attack monitoring, blacklisting checkups, uptime monitoring, and other security features.
Here’s a quick introduction to what Quttera’s ThreatSign platform:
What are the current threats that online businesses should be aware of?
Malvertising, spamming, form data theft, DoS, ransomware, and traffic theft are just a few items in a long list of threats. You can find a detailed breakdown of real-life examples of each threat on our blog, but it would be too overwhelming to list all of them here.
I would say that the biggest threat, or the main reason a business is attacked, is a lack of education on security. According to our polls, it appears that many SMB owners think that their small website or landing page is not a target because they don’t have huge revenues or have no revenue at all.
This results in a poor choice of web hosting and website platform and complete neglect of cybersecurity, leading very quickly to infection. Although ThreatSign statistics show a growth in the number of websites that come to us proactively to establish protection while they are still clean, the vast majority of new clients are still heavily infected and blacklisted by Google, Norton, and others. Malware and hacking have become more sophisticated and automated. Another interesting statistic is that a typical business website is attacked more than 40 times per day.
Who are the threat actors and what are their motives?
Most of the threat actors that we have seen from the customers who are affected and signed to our SaaS platform ThreatSign for remediation are cybercriminals, hacktivists, and thrill-seekers. Their motivations are:
- Profit – whether to distribute SEO spam, phishing spam, mailers, credit card information theft (skimmers), clickjacking, traffic stealing, ransomware, or DDoS. These criminals often operate internationally and have vast resources.
- Ideological – website defacement and DDoS attacks. They aim to prevent the site owner’s message from getting through or replace it with a different message.
- Hacking for fun. They are usually the least sophisticated attackers, working from home equipment. However, they can do serious harm to a vulnerable site.
What are the authorities doing to stop Cybercriminals?
Law enforcement agencies around the world are cooperating to track and shut down cybercriminals. The process is difficult because professional threat actors know how to hide their tracks. Many of them operate in countries whose governments are not very cooperative. In spite of the difficulties, law enforcement has made some impressive takedowns. But the investigation can take years, and meanwhile, websites all over the world are falling victims. New gangs replace the ones that are shut down. Law enforcement can’t eliminate the need for strong website cybersecurity.
How do you expect CCPA to impact the eCommerce industry?
The CCPA requires companies doing business in California to use reasonable procedures to secure their consumer data. It’s a wake-up call to the ones that have been careless. They will need to demonstrate that they have taken cybersecurity measures to protect their customers’ data against breaches. Many startup companies are offering compliance services, but not all of them do a good job of it. Businesses that engage a cheap, low-quality service and believe they are protected could be in for a costly disappointment.
The smallest businesses are exempt, and they are often the ones with the poorest security practices. They shouldn’t take a lack of legal obligation as an excuse to neglect security. CCPA is just one more reason to do what they always should have done: implement thorough, robust security protection for their websites and sensitive data.
Other regulations, such as GDPR, are pushing online businesses in the same direction. Security has always been crucial, but these laws serve as a reminder of the need to prevent data theft. Businesses need the help of companies with proven expertise to achieve the legally required level of cybersecurity.
In light of the huge shift towards work from home, what should businesses be doing to secure their operations?
Businesses face many challenges to secure their operations when they do everything remotely. Whether they enable working from home for everyone or shift all their operations online, the five key features are:
- Availability: The solution should be highly resilient and highly available because any downtime will affect employees as well as customers and impose heavy costs on the business.
- Scalability: The solution should handle thousands/millions of connections.
- Flexibility: The solution should support scaling within a few minutes or hours while minimizing requirements for ongoing maintenance and costs.
- Simplicity: The solution should offer a choice between an agent-based or agentless service.
- Security: The solution must be inherently secure and provide a way to set tighter controls, whether on the global or local level.
Which trends and technologies do you find to be particularly intriguing these days?
It’s easy – the cloud and IoT. The physical and digital worlds will inevitably become closer and closer and change the way we live, work, study, and perform our daily activities. Smart connected devices and their digital twins will communicate continuously and in real-time. IoT will eventually get into every industry, taking more aspects of our lives into “virtual reality.” I enjoy watching demos of new AR/VR experiences, industry 4.0, smart homes, smart medical devices, and other fascinating experiences that will be common pretty soon.
How do you envision the future of your industry?
Any possible way for the bad actor to interfere and gain control of any points in the IoT chain would result in physical damage. Hence, I can foresee more and more vendors targeting the scanning, management, and protection of IoT assets. When SMB/SMEs adopt IoT, the market will become huge, be it servers that receive the traffic, controller devices, or the digital twin that exists in any digital model. All those vectors will be targeted by hackers and will have to be protected by cybersecurity solutions.
Today, our ThreatSign Website Security network processes about 52 million requests per quarter and blocks 1.2 million malware attacks, on average. When IoT gets in, you can imagine the network of scanned and protected IoT assets and other useful statistics to manage and assess the safety and security of the company’s IoT business. We still don’t know exactly what this will look like, but it will come for sure. I’m confident that every cybersecurity vendor is working on preparing their technology and infrastructure, spotting the roadblocks and challenges to make sure they are ready for whatever the IoT brings.
Creating and going live with a new website will become faster and easier with new technologies. Hence, it also drives the need for rapid deployment of cybersecurity defenses. One of our directions is to create a cloud-native, serverless protection, remediation, and monitoring 360-degree security solution that will let us scale and provide flexibility, simplicity, and of course – security. All of our protection modules, such as WAF, are already cloud-native, and we are using Kubernetes to support customers and mitigate DDoS attacks.