The Combell Shield: a collection of defence systems
Anyone who has ever read a newspaper is well aware that more and more criminals are prowling the Internet in an attempt to exploit vulnerable websites. That is why it is essential that your website is properly secured. Our Combell Shield protects our customers by combining several defence mechanisms into one big digital shield.
Our Combell Shield protects everyone who has a shared hosting package with Combell. We are incredibly proud of this – as revealed in an interview that one of our chief technology officers, Wesley Hof, gave to ITDaily. Wesley is very clear about this: "Combell Shield comprises a multitude of security solutions that enable us to block attacks and malware before they reach our customers."
Powerful digital shield
Any child who has ever played 'knights' knows this: the best way to defend yourself against vicious attackers is with a shield, and a metal shield works better than one made of cardboard. And Combell believes the exact same principle applies when it comes to digital attacks. That is why we make sure that the Combell Shield is made of the best 'materials': from logical interventions to advanced technologies.
Blocking IP addresses
Every visitor who wants to connect to a website that is hosted by Combell has to go through the Combell Shield platform. This allows us to detect and block simple threats. These are usually malicious bots that send a large number of requests to a website from a specific IP address, in order to take that website down.
As soon as we identify such a bot, we can block the IP address of the bot to deny its access to our platform. That way, it will no longer be able to get in. If necessary, we can even deny all connections from IP addresses from a certain region.
"If a web store has customers mainly in the Benelux and is hit by a DDoS attack, we can block all connections from outside the Benelux." – Combell CTO Wesley
The Combell Shield handles this very meticulously, and can even intervene on the level of individual customers and websites. Wesley: "If, for example, a web store has customers mainly in the Benelux and is hit by a DDoS attack, we can block all connections from outside the Benelux."
All connections and streams that go through the Combell Shield platform are logged and checked using smart algorithms. This way, we can quickly notice when one IP address suddenly sends suspicious requests to several devices or applications.
When the algorithms detect malicious activity from a particular IP address, we block that abusive address to ensure that all of our customers remain safe.
"In the past 24 hours, we have blocked nearly 360,000 connection attacks." Combell CTO Wesley
By logging the connections via our Combell Shield, we can also get a good idea of what the threat landscape looks like. "In a single day, if we look at the past 24 hours, we have blocked 359,927 connection attacks", Wesley mentions. "Last month, we prevented 1,186 malware attacks."
Someone who has had the same lock on his or her front door for 40 years is more susceptible to burglary than someone with a brand new front door. And the same goes for a website (although you will obviously have to search high and low for websites that are 40 years old – let us know if you ever come across one 😉).
What we mean, of course, is that regular updates to all systems are an important security mechanism in the Combell Shield. When Content Management Systems (CMSs) such as WordPress or Drupal are not updated, they become extremely vulnerable to zero-day attacks. Zero-day attacks are attacks in which a hacker immediately exploits a software vulnerability, even before an update can be implemented to fix it.
Scanning for holes
Wesley: "The Combell Shield scans the source code of all the applications behind the shield for 'holes' that could lead to zero-day attacks. When our customers do not choose managed hosting, it is their responsibility to keep their CMS up to date, but it sometimes happens that systems have not been updated for months. This makes them vulnerable to such attacks."
Within Combell Shield, Combell collaborates with Patchman in order to optimally and, most importantly, quickly protect customers thanks to automatic patching. Our protection service detects vulnerabilities before the customer's environment is affected. "Often, we even provide virtual patches faster than software manufacturers can provide official updates", says Wesley.
Of course, the Combell Shield also runs traditional malware scans. Each virus has its own 'signature' and, based on signature detection, Combell Shield searches for those signatures in the public files of hosting customers.
If we detect malware in these files, we automatically remove it, but we also inform our customer about the fact that his or her files are infected.
Due to the fact that we keep the system environments of all our customers strictly separated (this is what we call 'jailing': like in a prison, no one can be in the same cell as another prisoner), other customers will not be inconvenienced if one customer is infected with malware, but we obviously do not want to host a single customer infected with malware.
Wesley: "With our security services, we also aim to reduce the burden on our customers. As for us, we like everything to be clean and tidy. The security measures we take ensure that a hacked environment is not a disaster, but it goes without saying that it is not a good thing for us, or for our reputation."
In order to fully protect our customers, we must of course ensure that we ourselves maintain good hygiene in our systems. Our shield must remain clean!
"We install updates twice a week, unless we need to do it faster." – Combell CTO Wesley
Wesley: "Our lifecycle management is part of the Combell Shield. This means that we keep everything up to date, because protecting customers with outdated software is simply not done. We install updates twice a week, unless we need to do it faster because of security breaches in certain systems."
As we mentioned earlier, our customers are generally responsible for updating their systems themselves. However, they sometimes hold on to outdated software, which can cause some serious problems.
Wesley: "We try to identify customers who are using outdated software (PHP versions) and to find out whether their code is ready for a new version. If it is, we contact the customer three times. If the customer does not reply, we perform the update ourselves. That is in everyone's best interest, so the customers are happy with that."
Web Application Firewall
Of course, our firewall is also a very important part of the Combell Shield. When a hacker enters certain data in a web form, he can corrupt a database with it. This is called an SQL injection. The Web Application Firewall helps us quickly detect such attacks, and immediately block the hacker.
Our Firewall also helps prevent brute-force attacks. That is an attack in which the hacker repeatedly attempts to log in to a website or web store by trying different combinations of username and passwords in order to gain access to the system.
Wesley: "Our brute-force detection feature helps us deal with hyperactive visitors. If someone repeatedly enters the wrong login details when trying to log in to a website or web store, we temporarily block that user as a preventative measure. And we block the connection for a longer period of time each time this happens."
Our firewalls keep digital intruders at bay, but the Combell Shield is also there when someone tries to tamper with our servers in real life. Because our shield also consists of people. Security personnel, to be precise, who keep a close eye on our data centre. This way, nobody can connect a USB stick to our servers without us noticing 😉.
Proud of our unique investment
We can definitely brag about it: the Combell Shield is quite unique, and it also meant an investment for Combell. Ten colleagues built the Combell Shield platform almost all by themselves, and today most of our customers are protected by the Combell Shield. By the way, this shield is not an option or part of a package: every customer that uses our shared hosting automatically benefits from it.
What the future holds remains to be seen, but the Combell Shield will continuously adapt to new threats. In this context, it is of course very useful that our logged data allow us to closely monitor the daily threats – knowledge is power, especially if we can use this knowledge to improve the Shield and keep our customers safe. This way, no one at Combell needs to lose any sleep over the dangerous people who are roaming the Internet.
The Combell Shield is activated by default with all our web hosting packages. This means that, with us, you can always rest easy!