What You Need to Know about free website monitoring services
Free website monitoring might sound too good to be true. Well, if you’re a business, it’s probably fair to say that free website monitoring is not a good option as your main solution. It can, however, be a great option for testing website monitoring services you might want to use on a paid-for basis. Here’s what you need to know.
How to make the most of a free website monitoring service
A free website monitoring service will generally allow you to enter the details of your website for an anti-malware scan. In other words, it’s essentially a service you use manually on an ad hoc basis. This may be fine for hobby websites but it’s highly unlikely to be sufficient for a business website, which needs round-the-clock protection.
It can, however, give you a useful insight into what sort of quality of service you can expect from the paid-for products. After all, if a company puts a decent level of effort into its free service, then you can expect it to put even more into the services for which customers are actually paying.
How to choose a paid website monitoring service
Paid website monitoring services are often known as website vulnerability scanners. Each vendor will have their own idea about how they wish to implement them. All reputable vendors will, however, include an anti-malware scanner and a web applications firewall. These are the two core components of any website monitoring system.
Assessing the quality of an anti-malware scanner
When looking at the quality of an anti-malware scanner, what you’re looking for is evidence of breadth and depth of scanning, plus general ease of use. In particular, you want to see what software and web technologies it can scan and whether it can scan mobile-optimized websites.
You also need to know what threats it can detect and remedy and how much information it can give you on each of them. Ideally, you want to know its scanning methodology. In particular, does it conduct each scan in a silo or use the results of each scan to inform the results of other scans? This is very much preferable as it goes a long way towards reducing the number of false-positive alerts you receive and thus makes life easier on your IT team (or your managed IT services vendor).
Last but definitely not least you want it to be generally easy to use. At the end of the day, security software is there to be used by humans and it helps to make life easy for them.
Assessing the quality of a web applications firewall
The quality of a web applications firewall really comes down to a combination of robustness, flexibility, and customizability and, again, user-friendliness. Basically, you want the ability to fine-tune the settings to reflect your website’s traffic. You want to be able to do this quickly and easily and you want to know that when you’ve done this, the firewall will stand up to whatever is thrown at it (within reason).
Boosting your website monitoring service
Website monitoring services tend to be focussed on the prevention of malware. This makes perfect sense, but it does mean that you need to make separate arrangements to protect yourself against DDoS attacks. Your firewall will play a role in this, but the power of modern DDoS attacks is such that it will quickly be overwhelmed if it’s left to work on its own.
This means that it’s a very good idea to partner it with a DDoS mitigation service. These are very similar to firewalls, but they are optimized for DDoS and only activate when DDoS attacks are detected.
You will also need to protect your local computers and mobile devices. Hopefully, you will not be storing sensitive login credentials on these, but you will still be using them to log into the back-end of your website (and other important accounts like your domain account and your host account) so they are still a target for cyberattackers. You, therefore, need to protect them with a robust anti-malware solution with an integrated firewall. If you have remote and/or mobile users then you also need a VPN.
Prerequisites for using a website monitoring service
Any website monitoring service is intended to enhance your basic security defenses, not act as a replacement for them. In particular, you need to keep all of your software updated, no matter how niche it is. You also need to vet, monitor, and manage your users, especially your admin users. Finally, you always need to work on the assumption that your defenses will be breached at some point and make sure that all your sensitive data is always stored encrypted.