IS YOUR WEBSITE VULNERABLE TO HACKS?

Over 80% are. Protect your website from hacking and malware attacks. Gain pace of mind by being proactive.
View price plan

In a noisy industry with high price tags, many businesses have not secured their website – although websites are the preferred target for web attacks. 

We bring a high quality and affordable solution for all businesses to the table.

Situation Board

%

More than 75% of all hacker attacks are targeted against web applications.

“Websites have proven to be the preferred target for web attacks. It’s just a matter of time when an unprotected website will be compromised.”

%

More than 90% of hacker attacks are automated bots searching for vulnerabilities.

“Many small companies mistakenly believes that they are not at risk of being hacked. But automated bots don´t care if the site belongs to a small local business owner or a large enterprise.”

Websites hacked daily

“Bots are deadly effective in reaching out to every corner of the world. An analyse found that it takes about only 30 – 45 days for a new website, with no content or audience, to be identified and added to a bot crawler.”

%

Of all webtraffic is malware

“Europol have stated that cybercrime have become more profitable than the entire world of drug trafficking. They have also stated that ransomware has become a global epidemic and urge businesses to make a greater effort to protect themselves.”

If your website is hacked then the consequences can be devestating:

 

  • You run the risk to distribute malicious code to its visitors.
  • You run the risk to get sensitive data stolen or loose your whole site.
  • You run the risk to loose your Google search ranking.
  • You run the risk to be fined according to the GDPR regulations.
  • You run the risk to be blackmailed for money.

 

How To Avoid This

 

Your #1 protection against website hacking is a WAF and IDS solution, that filter all the web traffic before it reaches your site and continuously monitor your site for malware. 

The problem for small and medium sizes businesses has been that effective protection solutions has only been suitable for Enterprises because of the cost.

The consequence has been that been that businesses often stay unprotected hoping their site will not be hit. In some cases they hope that their hosting provider is responsible for their website security. That is not the case. The web host is responsible to protect the server infrastructure the website is hosted on, not the website itself. The website owner is responsible to secure their own website. In other cases their host or themself have bought a 20 dollar security solution that only gives a false protection.

Our goal is to help all businesses, no matter the size, to get their websites safely protected by making quality enterprise website security solutions accessible to everybody.

With NorseImpact you get access to a global leading WAF/IDS platform supported by our team.  In addition we help you to be aware of vulnerabilities and make the right precautions to minimize the risk of having your website compromised.

No Hidden Fees, Only One Simple Price

We are tired of seeing businesses with websites that remain unprotected because they are faced with an industry of security companies with sky-high price tags and hidden costs, such as extra expenses for traffic amounts, bandwidth usage, load balancing and phone support.

That is why we have created a simple price model  for small and medium sizes businesses with no extra fees. For enterprise our price plan is more complex and need to be quoted on individual basis.

Our goal has been to provide a service that enables businesses of all sized to effectively protect their websites against threats.

How Does It Work ?

You will be protected behind a solution that combines human expertise with machine learning capabilities. First of all we perform a penetration test of your website searching for vulnerabilities. Then your website will be placed behind a global leading combined WAF/IDS solution, where all traffic to your website will be filtered. Bad bots will be blocked and your site will continuously be scanned for malware. You will be protected against hacking, DDoS attack and malware.

In addition, on average, websites get up to 70% faster speed. Website speed does not only improve user experience and give higher conversion rates, but it is also an important ranking factor in Google’s search.

You do not need to move your website or web hosting to be protected. You can lie behind the protection and optimization solution by only updating DNS on your domain. We can help you with this and it is done in just a few minutes.

 

What You Get With Us

N

Protection from DDoS attacks, password hacking, and exploition of vulnerabilities.

N

Secures that you website shows as "safe" in Google's search results.

N

A modern firewall that does not block Google's crawlers.

N

Continuous scanning of the site to detect malware as early as possible.

N

Continuous backup in case of content on the site is deleted by one attacker attack.

N

Up to 70% faster load speed.

Frequently Asked Questions

Why have websites proven to be the preferred target for web attacks?

The website is the typical face of a business and compared to other hacker goals, no special links or resources are required to reach a website. Anyone with a computer connected to the internet can reach out and try to hack a website.

What is the #1 defence against website attacks?

Endpoint, network and server security solutions like antivirus, IPS, and network firewalls are made to protect your computers, network and servers – they do not protect your website. You need a WAF, “Web application Firewall”, to protect your website.

Most companies are not aware of the importance of a WAF. Even many enterprises believe that their existing network security solutions and IPS solutions provide adequate protection for web pages that are open to the public. But without a WAF, unfiltered web traffic is able to reach your website.

Why should anyone hack us?

More than 90% of hacker attacks today are automated scripts and bots searching for websites that has vulnerabilities. Bots don´t care about the size of your business. An analyse found that it takes about only 30 – 45 days for a new website, with no content or audience, to be identified and added to a bot crawler. Once the bot identify a website with a specific vulnerability the site will be added to the next phase of the attack, exploitation. The challenge with automated scrips and bots is that it will just continue trying and with an infinite number of attempts they are bound to succeed eventually. It´s a fact that an unprotected site without a WAF eventually will be hacked. 

The final goal with an attack is normally one of those six:

1. Steal sensitive data: Extract sensitive data from your site to either exploit the data themselves or sell the data on the dark web. With the new GDPR regulation the the consequences can be a financial disaster.

2. Drive-by-download: Inject your website with a malware hoping to infect as many of your website visitors. Probably you will be unaware of this before a visitor calls you because their bank accounts where drained after they installed a fake piece of software you recommended on your website. Google blacklists 10,000 web pages every day that get infected with malware.

3. Blackhat SEO spam campaigns: Inject your site with links that sometimes you see and sometimes you won´t. Your audicence are redirected to pages that generate revenue to the hacker.

4. System resources: Steal resources. Hackers behind automated attacks need resources. If your website resources are compromised, then one day they it suddenly can be used in an attack without you realizing it. Suddenly your usage bills is through the roof, the host shuts you down or you receive a notice from the authorities about your hacking attempts.

5. Ransomware: The same criminals who previously broke into the corporate office or warehouse can now instead buy a hacker attack that puts your website out of service, then claim ransom. Your website will then be shutdown until the ransom is paid.

6. Shutdown – DDoS attack: If your website becomes a victim of a distributed denial-of-service (DDoS) attack, then it will receive a flood of traffic with the goal to shut it down.

I already have a CDN solution with a WAF

There is a jungle of CDN providers that is build to optimize speed and have security as an extra service. We believe in a security first approach. That´s why we have partnered with the top global website security providers to deliver the best specialized WAF solutions that protect websites like Siemens, eToro, Zillow and Brock University. They also have CDN functionality that can improve the speed of your website up to 70%, but it’s built with security as the top priority – as it should be.

Why isn´t my hosting provider responsible for the website security?

It’s a common misconception that hosting providers is responsible for the security for each website they host. Your web host protects the server infrastructure your website is hosted on, not the website itself. Think of it like securing an apartment building. Property management takes responsibility for securing the building, but each tenant must lock the door to their own apartment. Of course you can ask your hosting provider if they also can take care of this.  But cyber security is a demanding field with new threats everyday. This requires specialized skills and tools that is outside the scope of the hosting provider.

When I have an anti-virus solution, why do I need this?

To our frustration, the cyber security industry have never ben so noisy as it is today.

Most of the security companies focus on selling threat intelligence, network and endpoint security with high price tags, neglecting to inform businesses that this does not protect their website, although the industry knows that web applications are the preferred target for hacker attacks.

The reason to this neglect is  probably profit, because the overall price tag is higher on solutions that are priced according to the number of employees than a solution that only secures a website.

Our goal is to help businesses to avoid having their websites compromised by bringing a high quality and affordable service to the table, that actually protects your website from a breach.

What is the top advices if I want to secure my website properly myself?

If you have a website and haven’t thought about security then this list can help you to get started. If you use a third party to help you with website security then the below list contains a useful set of questions you can ask of your provider to see if they are well prepared.  This is far from an exhaustive list, but it is a good start.

1. Most importantly you need to install a WAF, so the traffic to your website is filtered. If not, then malicious traffic will have direct access to reach your site.

If you already have installed a WAF, then make sure that you have made the proper precautions to prevent bypassing. If a hacker or bot knows your hidden Hosting IP address, they can bypass the Firewall and try to access your site directly. The best way to prevent hackers from bypassing the Firewall is limiting their access to your web server. To do this by adding restrictions to your .htaccess file so that only the Firewall’s IP will be able to access your web server.

As a client of NorseImpact your website will be protected by a highly efficient WAF. We will make sure to take all needed precautions to protect against bypassing and other threats.

2. Check if your website have been build following good secure coding principles.

As a client of NorseImpact we will scan and check the status of your site.

3. Check that CMS, software and plugins  are up to date. If you use a third party make sure they have policies and processes to do this for you.

As a client of NorseImpact we will perform regular scanning of your website to detect this. 

4. Check that you encrypt the web traffic using SSL.

As a client of NorseImpact SSL certificated from your domain to the firewall will be included for free.

5. Perform a penetration test of your website to identify vulnerabilities before they are identifed by bad bots or hackers.

Make sure you have applied best practice first otherwise they will waste your money telling you things you should already have fixed.

As a client of NorseImpact regulary penetration test of your website is included for free.

6. Perform a regular scanning of your website to detect injected malware content.

As a client of NorseImpact we will perform regular scanning of your website to detect this.

7. Make sure your website have a frequent backup plan and make sure that the backups are not stored on the same server as the website.

As a client of NorseImpact website backups are included for free.

Website security questions you need to ask yourself

How is my site protected from DDoS attacks, password hacking and vulnerabilities?

How have I secured my website in case all the content of my website is deleted after a hacker attack?

Google blacklist websites that is infected with malware. Therefore, it is critical to discover early if the site is infected to avoid to be penalized in Google's search. How do I monitor my website today to reveal hacking as early as possible?

GDPR – A new regulation from 2018 that among other things demands higher focus on website security

GDPR requires the company to report data burglary within 72 hours after the break-in was revealed. Compared to GDPR, a data breach is loss or exposure of personal data. One challenge many companies face is the time from the burglary to the break-in is often over weeks or months. This gives a hacker the ability to spread the virus widely and get a deeper feast on the entire company’s computer system. With the new GDPR legislation, the consequence of a data-burglary criticism or a notch in reputation is now the big fines of up to 4% of revenue. This means that no company can afford to take this seriously and comply with the regulations.

With our firewall, which provides protection against DDoS, Brute force, SQL infections and other attacks, and continuous scanning of the website for malicious malware, the risk factor for data breaches will be significantly reduced.

Status

2018

"Europol mentions ransom viruses as an epidemic and thinks this type of attack has taken cybercrime to a new level. Europol director Rob Wainwright urges individuals and businesses to make greater efforts to protect themselves."

Europol

"The firewall of NorseImpact stops daily on average 20 intrusion attempts at Forsikringsportalen.no"

 

Forsikringsportalen.no

"With NorseImpact's speed optimization, Forsikringsportalen.no today has a loading time of 691 ms, compared to earlier 3.2 seconds."

 

Forsikringsportalen.no

"A typical hacking method is that a website is overtaken by hackers. The hackers require money to return control back to the website owner."

NORSE IMPACT

U

Uncover the security status of your website today

Get a free vulnerability check of your website. You will receive the results within 1 business day.

Free vulnerability check
Sending

“It ain´t what you don´t know that gets you into trouble.

It´s what you know for sure that just ain´t so.”

– Mark Twain