As malware has evolved, both technologically and strategically, small business websites have emerged as one of the key targets for attack, both as specific targets, and as a platform to launch further attacks. For the hosting providers that serve those small business websites, defending against the threat of attack is a challenge, a responsibility and a bit of an opportunity.
The consequences of a malware infection – loss of customer confidence, even blacklisting by Google – can be devastating for a small business. But small businesses, with very few exceptions, lack the time, resources and wherewithal to keep up with the evolving malware threat, let alone to protect themselves against it effectively. In many cases, those small businesses are looking to their web hosts to deliver the tools to protect their sites.
Into this growing, albeit already-served, market, website vulnerability scanner 6Scan launched its new product this week, building on the company’s popular WordPress plugin for website vulnerability scanning, to provide a tool that works on any site running on the Apache web server.
6Scan is understandably targeting web hosting providers as the channel for getting this tool in the hands of end users (the company was an exhibitor at the cPanel conference in October, and has a plugin for the control panel). Hosting providers will likely be familiar with similar services, such as SiteLock and StopTheHacker, which also provide small business website security scanning through web hosting providers, with similar control panel integration.
According to 6Scan co-founder and president NItzan Miron, where 6scan distinguishes itself from similar tools is after the website vulnerability scan, when it delivers, first, a report on the nature of the vulnerability, and instructions for the user to fix it manually, and second, an automatic repair agent that sits installed on the customer’s system, and automatically fixes any vulnerabilities found.
UPDATE: As noted (and linked) in the comments section, StopTheHacker also offers a free vulnerability scan.
Here, 6Scan says it can provide both immediate value to a hosting customer, and an effective upgrade path into a paid service. Both the initial scan and the instructions for manually repairing vulnerabilities are provided for free. The automatic repair agent (along with a set of additional security and monitoring services) are provided via a range of monthly plans that increase in price based on feature set, frequency of scan and volume of pages scanned.
For partners, that means they can add value to their services without adding any cost to customers, at the same time adding a pretty significant opportunity to upgrade.
“What we’ve seen so far with the WordPress plugin,” says Miron, in an interview with the WHIR, “and I’m sure what we’ll see with what we’re releasing this week, is that most users really don’t know what they’re doing. They don’t know how to edit the code themselves. They take one look at this and say, forget the manual fix, I want to do the automatic fix.”
The model for partnering with hosting providers is a pretty straightforward revenue share, with the hosting provider receiving 40 percent of the monthly fee. The company also operates a site license model, in which it charges a bulk rate to provide access to all a host’s customers, a more cost-effective option at larger scale.
But for some hosts the company has spoken to, the revenue opportunity isn’t necessarily the biggest selling point.
“We spoke to some that said, we’re familiar with this type of offers, but we’re not really interested in driving incremental revenue if it means having to be aggressive with our customers,” 6Scan CEO Chris Weltzien tells the WHIR. “They really like the idea of offering the free scan and the instructions to manually fix the vulnerability, because they feel that’s the perfect customer experience, where, if you’re actually the webmaster, then you can go in and fix it. If you’re not comfortable, but you don’t want this vulnerability there, it’s a relatively small investment to solve that problem immediately.”
And, while there are existing players in the market, Weltzien says 6Scan is seeing a few trends in its dealings with prospective hosting partners that bode well for the company’s opportunity in the hosting market.
“A lot of hosting providers don’t have a solution in play right now,” he says. “And also, some that do but they see the value in multiple offers. As an analogy, when I was in the antivirus space, the good channel partners would sell all the solutions – multiple antivirus tools. And whatever was best for the customer was what they’d install, so we’re seeing that from a few resellers.“
Because 6Scan’s tool offers a free version to the end user, with no up-front cost to the hosting provider, it’s a viable offering for just about any hosting provider, making the market of customers it is addressing a very large one.
The free-tool-with-paid-upgrade model is one that has been employed to considerable success by a few website service providers addressing the hosting channel in the last year or two, such as Attracta, or CloudFlare. It’s worth noting how similar the “plans” and “pricing” pages of all these vendors’ websites look (along with those of StopTheHacker and SiteLock). It wouldn’t be all that surprising to see either or both of those two security vendors launch a free version in the near future.
The free version certainly could be the means by which 6Scan acquires some market share in the website vulnerability scanner space. Just a few days after launch, 6Scan has web hosting proivders Arvixe, IDA Group and Ceritified Hosting listed on its partners page.
Talk back: Are you interested in evaluating the 6Scan website vulnerability scanner? Do you already offer a scanning tool to your customers? Would you consider offering two products to customers side-by-side? Let us know in the comments.