If you run a big website, you have a range of good options for staying protected from malicious hacks: hardware from enterprise-oriented companies like Cisco or McAfee, your own in-house support, or hosted professional blog services like WordPress VIP (which is what TechCrunch uses). If you’re a smaller site out on the open web, you have weaker options — at least if you want to get auto-updated responses to a wide range of security problems.
Israeli startup 6Scan is out to change that, launching a WordPress plugin today that automatically scans and updates to protect against the latest issues coming up across the web. By “automatically,” I mean that the company’s security team monitors the web and does its own research to find problems, then pushes an update to all of its users. These go out about every hour, according to co-founder and chief executive Nitzan Miron, as they’re discovered and added to the company’s system.
Key problems it fixes include SQL injections, cross-site scripting, directory transversals, remote file inclusion and the other top security risks. The scanning software is offered for free, but it will fix remove risks and provide other features, like zero-day research and additional email and SMS support for $10 a month. Although the Israeli company has only been around since April of last year, Miron and his co-founder Yaron Tal worked in web security in their country’s military over the previous years — they’re not new to the space.
Other website guards that serve small to medium-sized sites include Dasient (now part of Twitter), Armorize, StopTheHacker (also recently funded) and CodeGuard. They each provide a range of competing services for cheaply and quickly identifying threats, and they all offer various methods for containing or removing problems. Miron says that the ability to fix existing vulnerabilities instead of requiring users to take additional actions helps separate 6Scan’s offering from web-based competitors. (Note: I haven’t tested every web site security system around, but so far I haven’t seen others that do this, exactly. Tell me if otherwise in the comments).
More generally, another type of competitor here are companies that offer hosted, supported sites for smaller businesses, that accomplish the marketing goals at stand-alone websites. This can include anything from Facebook pages to Tumblr accounts to hosted site creators like Weebly or Webs.com. On that front, Miron says that they’re also talking to hosting companies to get their software auto-installed, and they’ve been getting some interest — so, they’re not only going straight for consumer-style smaller businesses running their own sites.
While WordPress is the first live version, Miron says support for other content management systems are coming soon, with Joomla and Drupal in the next few days. In its private beta, 6Scan has already added up a few thousand customers, he adds, many of whom are already paying.
The company has so far raised an undisclosed round from YL Ventures, following on seed funding from Israeli incubator Venturegeeks last year. Miron is coming through town now, and planning to present at the SF New Tech cloud meetup at Might tomorrow.
6Scan is the world’s first website protection suite to offer automatic detection and fixing of security vulnerabilities. 6Scan’s technology combines both active and passive protection, providing levels of security previously unavailable to all but the most high-end (and high-budget) sites. The product is easy-to-use and designed for website owners with no technical or security knowledge, and its pricing is affordable even for small websites.