Sucuri Review
Allows us to scan our domain names for malware or if it is reported as phishing.

Valuable Features:

Domain name scanning since it allows us to scan all our domain names and determine whether it has malware or if is reported as phishing. Sucuri also gives us details on content that may have triggered the malware/phishing report.

Improvements to My Organization:

The product has sped up our ability to detect suspicious domains and alert the registrants or relevant parties. It has also allowed us to share more details on such detections to the relevant parties since the report is comprehensive enough.

Room for Improvement:

  • Confident score: Currently it does not have one and there are cases that most websites flagged are false-positives. Since they don’t have it, then we end up manually reassessing the website. It would be good if they had it so we could tweak our system to only accept certain detections based on some confident score/level.
  • They constantly release blogs on a certain vulnerability. This is useful to keep us updated on the latest threats. However, it would be more useful if they would be able to map/tag detections from their Network API with those threats/vulnerabilities that they have blogged.  For example, they blogged about a Joomla! core exploit and they have identified the suspicious codes i.e., $var=xyz. It would be great if their network API scanner could tag/map domains with similar code, such as“joomla-exploit-1”. In that way, network API users who keep the scan results in the database can simply search for those with “joomla-exploit-1” and then they could determine, straightaway, the affected domains.

Use of Solution:

We have been using this solution since 2011.

Stability Issues:

I did not encounter any issues with stability.

Scalability Issues:

I did not encounter any issues with scalability.

Previous Solutions:

We did not use a previous solution.

Initial Setup:

The setup was straightforward since it was API based and they provided ways to interface with their API i.e., XML, JSON. They also provided a trial API key to try the API.

Cost and Licensing Advice:

I’d simply say it’s really worth it.

Other Solutions Considered:

There was no other similar product at that time. If there was, their reporting was not so comprehensive.

Other Advice:

For people who own a personal website, this solution is worth trying out since their security solution is somewhat full-fledged. It will help you sleep at night. For corporations, if you have some business process that requires automated scanning of a lot of domain names and alerting the relevant parties (like us), then it’s worth considering.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment

Why do you like it?

Sign Up with Email