It is difficult to argue that legitimate websites serving out malware has become a serious issue for security professionals. The profitability of scanning websites specifically for malware infections on the other hand,?is arguable. Yet, whether you are on the side of website malware scanning as an emerging business or on the side of website malware scanning as a marketing gimmick, the fact that there are services pushing the capability is undeniable. The recent announcement of free website malware scanning by Qualys, a leader in vulnerability management, further exemplifies the importance of the capability while raising questions of where the capability fits within the market place.
Despite being much needed, website malware scanning capabilities have not found a niche within the market place. The move by Qualys may further ensure that website malware scanning capabilities may never find a lucrative arena within the market. This will not negatively affect Qualys revenue, which is more closely tied to compliance and vulnerability management offerings but could be an early signal for difficult waters for other vendors such as Dasient whose revenue models are more directly tied to malware scanning capabilities. On the other hand this may be the break that companies such as Dasient may have been waiting for.
Although Qualys offers website malware scanning as a free utility, the capability is meant to be integrated within a more comprehensive service known as Qualys GO SECURE which includes network perimeter vulnerability scanning, SSL certificate validation, and web application vulnerability scanning alongside of malware detection. Although these capabilities are great for identifying website malware related issues, they do little fix the problem. This is where models such those held by Dasient are more applicable. While Dasient holds website malware scanning capabilities, those capabilities are utilized to leverage products and services to do something if malware is found. Additionally companies such as Aromorize who, like Qualys, leverage website malware scanning capabilities to move other products will also stand to benefit with technologies that compliment Qualys’ offering.
Qualys’ marketing efforts may shed some much needed light on the issues surrounding websites affected by malware and drive-by infections. The increased market recognition should in turn drive new business for growing companies, or at least those who are hoping that the constant bombardment with infected websites may someday subside would like to think. Eventually time will tell, but for the industries sake and for the unknowing users sake, let’s hope that Qualys entrance into the website malware scanning arena will be a large step towards safer browsing.