BitNinja is a cloud-based security software system that helps digital agencies, website developers and hosting providers address their needs for secure servers. It also supports SaaS providers and digital agencies by keeping their internet access safe from malicious threats.
The software solution started in 2014 in London after the founders realized they needed to keep their customer sites secure. It analyzes web traffic and threats using artificial intelligence, without the need to perform manual configurations and has a technology called Defense Network, a system that proactively prevents malicious traffic from penetrating sites.
BitNinja is an all-in-one protection system that has 10 defense modules covering all aspects of cyberattacks. These modules, which have individual functions for detecting and preventing attacks, work together to protect sites from the six phases of cyberattacks: scans, exploitations, infections, register c & c, resource usage and expansions.
The defense module categories are Honeypots, Malware Detection and Removal, IP Reputation, Intrusion Detection and DDOS Protection.
The server security system runs on the users’ infrastructure and protects on all protocols including HTTP, FTP, POP3, SMTP, IMAP and SSH. Apart from agencies and developers, it is also suitable for startups, freelancers and enterprises.
The software application dashboard allows users to manage all their servers within a single login. It has an “Events” panel where users can view all updates on activities including impending attacks and log feed analysis. The features of BitNinja are grouped into categories.
Port and web honeypots
Port honeypots address malicious port scans and sweeps. They instantly block incoming attacks and automatically greylist IPs that can infect a server. They act as bait by disguising as a port containing services that can lure and expose malicious IPs. Web honeypot has the same functions as Port plus it is customizable for efficient ensnarement of hackers and prevention of possible cyber attacks.
Malware detection and removal
Unvalidated file uploads, remote code injection, CMS and script injection can be easily detected and scanned manually for threats.
Web application firewall
Incoming traffic is scanned and analyzed for possible malicious content. This module works with log analysis to prevent the applications that are running in a server from being attacked. It has the capability to switch to strict mode and is compatible with web servers such as Lite HTTP, GlassFish, NodeJS and NginX.
This feature guards a system or site against application layer attacks that include SQL injection, XSS, on-site and cross-site request forgery, code injection and remote file inclusion. Events that are logged before BitNinja was installed into the system are accessed as reference for the identification of previous attacks and to greylist hackers.
CAPTCHA and collective intelligence
CAPTCHA prevents automated botnet attacks by validating whether site activity is human-generated or bot-generated. This separates humans from botnets, removing the former from the greylist and blocking the latter from entering a site. Validation happens on HTTP, HTTPS and SMTP.
This particular module protects a system from repetitive automated exploitations and zero-day attacks granting security on three levels: black/whitelist management, basic IP reputation and advance IP reputation.
Black and whitelist management on the system are user-defined on the dashboard while basic IP reputation provides the system with the capability to identify IPs that are used by hackers. Then BitNinja places them on the malicious IP list once the number goes up to 5,000.
Advance IP reputation protects servers from over 6,000,000 attacker-IPs.
Denial of Service (DoS) attacks to and from a server are blocked and the connection between the server and the source of the attack are cut to prevent further penetration. The Distributed DoS mitigation feature protects a system from TCP- or UDP-based DDoS attacks by detecting the threats before they occur.
AntiFlood prevents hackers from bringing down the server’s defense shield.
BitNinja can be integrated with Cloudfare. This is done by clicking on + Add new on the user’s Cloudfare dashboard. With this arrangement, a site visitor will be automatically directed to the CDN then to the user’s site, if the visitor passes the Cloudfare security check.
This integration requires users to create a Slack application to receive notifications regarding security events in the user’s network. Once a webhook is generated from Slack, it can be saved on the BitNinja dashboard so options on the kind of notifications are provided for the users.
BitNinja provides an installation code that takes only five minutes to activate. It deals with security threats holistically through a 360⁰ defense system without the need for configuration so traffic is automatically redirected to the BitNinja servers. The other benefits of using this software security system are:
The system provides users with weekly reports that include information on the first three malicious events and a link to the page that contains a list of the last 100 incidents. Once a report is received, this is an implication that the system has already been infected by malware. The common types of threats are HTTP spam request, brute force and script injection, among others.
The BitNinja dashboard allows users to manage multi-servers at one time. This eliminates the need to open several accounts using different logins. In addition, the modules can be switched on or off from the dashboard’s Modules menu. Countries and IP ranges that bring threats can be blocked to eliminate attack attempts.
24/7 tech support
The BitNinja website provides comprehensive information from installation to the modules and even the software’s roadmap on features that are still being developed.
Tech support is available even for the Basic plan users. Assistance for incident, threat and configuration management are included. Also, the system website has a Knowledge Base page that houses FAQs including general information, protection, dashboard management and setup instructions.
Minimum hardware requirements for the system are 512 MB RAM, a dual-core CPU, 1024 MB storage space and internet access. The system is easy to install and only requires basic IT skills to get it running on a server. A one-line installation code will be sent to the user for quick installation. BitNinja automatically starts server protection once installed.
Each pricing plan starts with a seven-day free trial. The $5 per server per month is then charged to the user’s credit card for the Basic plan. This is ideal for startups and includes the Global defense network and honeypots as well as a comprehensive dashboard and IP reputation management. It also provides weekly security reports and protection on protocols such as IMAP, POP3, FTP and SSH.
The Pro plan offers complete protection for shared hosting providers and digital agencies. Pricing, which ranges from $10 to $40 per server per month, is customized according to the number of hosted users. This covers all features of the basic plan plus CAPTCHA and BIC security, white and blacklist management, DoS mitigation and malware detection among others.
The Managed Security plan is an unlimited security monitoring and management package that extends the benefits of the previous package to include on-demand security compliance, managed SIEM, deployment and configuration of BitNinja WAF and advanced threat detection and response. It is priced at $1,000 per server per year.
BitNinja is an all-in-one protection system that blocks cyberattacks even before they can hit the data and the servers. This application is user-friendly and benefits host providers, website developers and digital agencies that have about 150 or more servers by providing a multi-phase approach to cybersecurity and data protection.