In developing their marketing materials, executives at security firm ScanAlert implemented a simple test, and got some surprising results. The ScanAlert product sweeps a client’s Web site for potential security flaws, and then posts a “Hacker Safe” security logo if the site comes up clean.
To test user response to the logo, ScanAlert temporarily modified its image-serving software to serve the Hacker Safe rating image only to every second visitor at certain sites. Then it followed the shopping patterns of those who did see the image, and those who did not.
“I couldn’t believe it. I double checked the whole thing to make sure there was nothing out of whack. I was blown away,” said David Karon, president of PlanetMiniDisc.com. The survey observed the behavior of 12,000 shoppers at the site, half of whom saw the logo ensuring the site’s security. The results showed 30 percent more shoppers went on to make purchases after seeing the Hacker Safe rating as compared to those who did not see it.
And this was not an isolated case. A similar test at the Web site of Infinity Micro Computer showed a 15 percent boost in sales, and CDconnection.com showed a 13 percent sales boost among those shown the security logo.
“I have had experiences with customers who don’t want to give out their credit card information, their personal information,” said Karon, who pays about $150 a month to have ScanAlert perform periodic security checks on his system. “I knew this was an issue for my customers, but this made me aware of just how big an issue it was.”
In launching ScanAlert in 2001, Ken Leonard sought to bring a new concept to the security market. Rather than simply putting up a firewall or installing anti-virus software, he would offer an ongoing service; one that would continually monitor and report on a client’s system security.
With 10 new vulnerabilities popping up every day, he said, it is likely that a client’s system will require some sort of security update at least once a month. Leonard’s team therefore launches daily assaults against client sites, in an effort to exploit known vulnerabilities. Sometimes they get through, and when that happens, “we give the client complete patch information, and we give them telephone tech support to show them exactly how to patch the system,” Leonard explained. “We give them a lot of support, but it is their technical staff that has to respond to our alerts.”
The client will have 72 hours in which to plug the hole. If the vulnerability still exists after that time has elapsed, the Hacker Safe logo will be taken down from the client’s site.
Of course, there are other security logos out there on the Web, including most notably the Trust-E symbol. Leonard says Hacker Safe is different, though, in that the symbol’s validity on the site is verified and updated constantly.
Analysts have expressed interest in this combination of constant monitoring and certification.
“They have some really neat concepts,” said Eric Ogren, senior analyst at research firm The Yankee Group. “I like the idea of providing a managed assessment service, I like the idea that every day ScanAlert launches a bunch of known vulnerabilities against your web site. A lot of small companies might put a firewall or something static in place, but the thing is, there are new vulnerabilities every day.”
Ogren said he also is intrigued by Leonard’s decision to target the small- to mid-sized business market.
Leonard explained that these smaller businesses are those most likely to benefit from such a service.
Most advice for staying safe on the web includes a caveat telling users to shop only at well-known and trusted sites, he noted. But this advice works against small businesses trying to make web-based sales. By definition, these businesses are likely to be less well known, and potential customers will typically be a little more wary of divulging credit card data or other information.
Consequently, these businesses need an extra edge. Perhaps in the form of a security certificate? Ken Leonard thinks so, and initial results of ScanAlert’s client-site surveys seem to indicate the strength of his case.