The German bank „Investitionsbank Berlin“ supports research into new security technologies for Internet users with funds from the European Regional Development Fund (ERDF). Sevenval is commissioned to develop a new protection solution to make the use of the Internet safer for all users. The research project is called „Web Security Optimizer“.
With the increasing digitalization of more and more areas of life, the need for security on the Internet is increasing among citizens and companies. Rapid technological development goes hand in hand with the broad spread of critical malware that endangers users and providers and leads to high financial losses. The German federal state of Berlin therefore supports the development of new security technologies by experts from Sevenval in Berlin and Cologne with funds from the European Regional Development Fund (ERDF). Financial support for the research project is provided by Investitionsbank Berlin (IBB).
This is already the second funded research project for Sevenval’s „Internet Laboratory“. We have been developing web and frontend technologies since 1999. Our security experts have now set themselves the goal of developing a „Web Security Optimizer“ that recognizes and eliminates potential risks for users and operators of websites without time-consuming setup. The research effort is high: Our team is competing with rapidly evolving web and browser technology and malware programmers.
„Our approach focuses on the safety of end users, i.e. normal Internet users,“ says Roland Guelle, Sevenval’s CTO and responsible for research and development. „New web technologies also open up new attack vectors for malware on users, for example directly from their own browser. Today, the well-secured website in the data center is therefore only one component for an overall secure web application. Increasingly critical is the safety of the user.“
Malware – a problem für providers and users
More than 600 million malware programs are currently known, most of them for Windows operating systems, but the number is also increasing significantly for mobile devices and Macs. So-called „ransomware“, blackmail software such as „WannaCry“, which caused a lot of damage in 2017 and became well known through media coverage, is playing a growing role. However, most malware has been widespread for years and is less perceived by the public because it does not directly harm users: browser extensions that promise added value but monitor surfing behavior in the background, free games that actually only distribute advertising – it’s a broad field and many users do not even notice that they have malware installed on their device.
A relevant example is the widespread but in part still unknown Client Side Ad Injection. A browser plug-in or malware, installed by the user without knowledge of the security risks, loads so-called „Injection Libraries“ into the browser, which happens non-visible in the background. These are used, for example, to deliver advertising via websites that the user navigates to. The website provider does not notice the issue because the entire process takes place at the „client“. The banners and libraries are provided by advertising networks, which are paid for each insertion or click by the company behind the advertisement. In extreme cases the user has to close a lot of banners and popups before he can see the page he has called up. Reputable providers of goods or services use their marketing budgets to unconsciously and unintentionally finance the distribution of malware to end customers.
Based on the approach of exchanging content directly in the user’s browser or via controlled websites, „real“ click actions of a user can also be triggered, for example actions by which personal data is transmitted or the laptops‘ camera is activated for third parties. As complexity grows, so do opportunities – for providers and users, but also for criminals.
Research for more – and more easy to implement – safety
Sevenval is therefore developing the „Web Security Optimizer“ to improve the situation for users and companies. Our central assumption is that the security of websites can no longer be improved solely by IT infrastructure and compliance with certain security standards on the part of providers – but only by looking at the entirety. And this also includes data transport, web technologies and the user’s browser. The web frontend in particular is relevant to the end user’s security. That’s why the „Web Security Optimizer“ should bundle all measures for detecting and securing the frontend infrastructure in a single security layer.
This security layer is to be connected between the provider (server) and the user (client) in the manner of a content delivery network (CDN). This enables measures to increase the security of users without having to intervene on servers or clients. Existing websites that no longer meet current standards can thus offer their users the necessary security.
The project „Web Security Optimizer“ (WSO) is co-financed by the European Union (ERDF).
Further information about ERDF: http://ec.europa.eu/regional_policy/en/funding/erdf/