Results 1 to 8 of 8
-
03-19-2014, 12:36 PM #1Newbie
- Join Date
- Jan 2014
- Posts
- 11
3rd party incident response - Abuse/phishing/malware
Hello Everybody,
I was wondering if anybody in the forum uses 3rd party companies to deal with abuse and incident response issues.
If you do, how well does it work?
If you don't, would you consider it? If not, why?
It seems that more and more the ISPs are having hundreds of notifications about such issues and not all of them are able to handle them in an effective way, so I was wondering what kind of options would be out there to minize the problem.
Thanks your your comments!
-
03-19-2014, 01:43 PM #2Newbie
- Join Date
- Feb 2014
- Posts
- 14
Hi faxur,
Having a 3rd party service that automatically monitors abuse mailboxes (or traffic) is very cost effective as it automates what can be a significant work load and can provide 24/7 monitoring. This then eliminates delays in taking care of bad content.
-
03-19-2014, 02:33 PM #3Disabled
- Join Date
- Oct 2013
- Posts
- 253
There are third party like Hackalert which you can use to get notified for
malware contents on websites
This would help you proactively resolve issues
-
03-19-2014, 02:37 PM #4Newbie
- Join Date
- Jan 2014
- Posts
- 11
Hi lenap,
Thanks for your reply. For sure I believe such service is valuable, but it relates more to pro-active/preventive resource.
What I meant was actually the treatment and response to incidents tat have already been detected and notified.
Something like having an external team working to respont to the abuse reports that ISPs receive.
-
03-19-2014, 02:53 PM #5Newbie
- Join Date
- Feb 2014
- Posts
- 14
faxur,
In my opinion, having an external team that handles reported incidents is essentially an endless story. Clients get hacked; malware/phishing content is placed on the server; incident handled by external team and the story repeats itself. Bear in mind that once something is reported, it usually means that the rest of the security community is already aware of that, i.e. high chance of hurting your business reputation and loosing money.
Taking a proactive approach will in the long run require less resources and can bring better results. For example, if phishing content is just placed on your server and you run a proactive solution, your team or service can be notified the moment the content is available and take care of the issue. The issue is never reported in the security community and you and your clients never suffer from reputation/blacklisting issues.Last edited by lenaPS; 03-19-2014 at 02:57 PM.
-
03-19-2014, 03:25 PM #6Newbie
- Join Date
- Jan 2014
- Posts
- 11
I understand that but that really is not the point I want to make here.
That tool can be very useful but, still, someone will need to verify and respond to the notifications made by the "whateverproactiveservice". I would basically do the same job some security providers do: Identtify the therat and reporto to the provider (even if it may do it in a more efficient way).
More than that, even if that service is cheap, it is an endless discussion about who should pay for it: The provider? The person/company whose domain is hosted o the provider?
Also, even if you implement such tool, you will still have to have (or at least should) an abuse team operating to deal with the notifications coming from such tool and th ones you receive from external teams, since for sure the tool would help preventing threats, but there will be always someone sending an abuse notification, which means you would have the cost of the team + the cost of the tool.
My question here is about the job after the notification. It seems to be "the boring part of the job" for most providers, so I was wondering if hiring a third party company/team/whatever could help taking this off the providers shoulders.
Again, don't take me wrong, I believe such tool can be really efficient as a tool, but my intention with this post is to discuss the other part of the job.
-
03-19-2014, 04:32 PM #7Newbie
- Join Date
- Feb 2014
- Posts
- 14
faxur,
You brought up some good points indeed. I would recommend what I call the 'mash-up strategy'.
In addition to using a 3rd party proactive tool/service, I would develop a small utility (in-house or outsource) that reads the notifications from the tool/service and automatically blocks access to the reported content. However, since we all know that there's no perfect security solution, I may want someone to look through the reports and also be in charge of removing the malicious content.
This approach gives you and your clients a "quick fix" and buys you time to handle the incidents. Also, this allows you to cut your abuse team as you no longer need prompt responses.
Regarding incidents that are reported from other sources, you can essentially feed them through the same tool/service and automate the process.
-
03-20-2014, 08:17 AM #8Newbie
- Join Date
- Jan 2014
- Posts
- 11
Similar Threads
-
Scanning for Malware and Phishing Sites
By Linearwebhost in forum Web HostingReplies: 4Last Post: 02-24-2014, 11:46 PM -
3rd Party SSL with 3rd Pary Domain- Where Do I Start?
By Stephen O in forum Reseller HostingReplies: 4Last Post: 01-28-2013, 07:20 PM -
What would you do? (Privacy/Phishing incident)
By ZKuJoe in forum Running a Web Hosting BusinessReplies: 4Last Post: 08-03-2012, 12:26 AM -
Pirate Party the 3rd strongest party in new German poll
By unity100 in forum Web Hosting LoungeReplies: 0Last Post: 04-11-2012, 11:40 PM -
ResellerZoom - Phishing/Malware Issues
By srprasad in forum Reseller HostingReplies: 13Last Post: 05-04-2010, 12:34 PM