Protection, detection (tamper detection + file scanner), quarantine and recovery in one plugin. (tampering detection + file scanner), quarantine, and recovery in one plugin for WordPress SAKIMORI" for WordPress is now available.

Cross&Crown Security Intelligence LLC (headquartered in Minato-ku, Tokyo; Takahito Masuko, CEO; hereinafter "CCSI") today released "SAKIMORI" (trademark registration pending), a domestic WordPress security plugin.

SAKIMORI" is an early WAF that stops intrusion, tampering, and stepping stones targeting WordPress sites at the initial stage of PHP execution, and also provides two types of detection ((1) tampering monitoring by internal difference, (2) file scanner), quarantine (isolation), and recovery (WebRepair integration) in one-stop service. This is a one-stop managed security service for small and medium-sized enterprises.

This service is supervised and provided by a registered Information Security Professional.

Service introduction URL: https://ccsi.co.jp/lp/security_sakimori

Bohjin

Background of Service Provision

The background is the harsh reality of cyber damage to small and medium-sized enterprises: the average amount of damage is 730,000 yen, the average recovery time is 5.8 days, and about 70% of the damage also affects business partners (Information-technology Promotion Agency, Japan (IPA) "FY2024 Survey of Small and Medium-sized Enterprises, etc.: Results (preliminary)"). (Information-technology Promotion Agency, Japan (IPA) "Preliminary Results of the 2024 Survey of Small and Medium Enterprises, etc.").

Damage is not a matter of scale

About half of the unauthorized accesses were caused by vulnerabilities (e.g., failure to apply patches), and 22.9% of the unauthorized accesses resulted in suspension or functional degradation of the company's website. The supply chain was affected by approximately 70% of the incidents. In this age of "one small company's damage" spreading to suppliers and local communities, SMEs are "unaware and unmotivated.

Small and medium-sized enterprises are "unable to proceed even if they know what they are doing.

Approximately 60% have not invested in security in the last three fiscal years, and 70% have not yet established an organizational structure, which is a bottleneck. CCSI will also take over the initial setup of the security system on behalf of the client.

CCSI's on-site knowledge

CCSI has been providing services for more than 11 years and has a track record of investigation and recovery (WebRepair) for more than 4,300 sites. We have pursued tailoring that small and medium-sized companies can actually use, such as tamper detection and WAF that work even in a rental server environment, and practical file scanners based on files and codes found in actual damage cases.

■ "Partial optimization" is not enough to protect

There are many security plug-ins for WordPress, but most of them cover only a part of the functions indicated in NIST Cybersecurity Framework 2.0 (Protect/Detect/Respond/Recover). Service), and it was rare for a design to be completed entirely within the same plugin (service). SASBOJIN" eliminates this division and provides Protect-Detect-Respond-Respond (Contain/Eradicate)-Recover as a single line of operation.

SAKIMORI": 4 steps in 1 plug-in

1｜Protection (WAF)

It blocks not only typical attack vectors but also WordPress specific attacks by rules. It can be used on shared rental servers, and supports granularity settings to suppress false positives and excessive blocking.

2｜Detection A: Tamper detection

Catching changes in the file itself from inside, not crawled from outside. SHA-256 baseline, quarantine directory, and Cron-independent.

3｜Detection B: File Scanner

Checks not only malicious code and known web shells, but also dangerous configuration files and typical "legitimate tools" often found on tamper-evident sites. For example, mail delivery tools are often used to deliver spam. Advanced obfuscation detection based on a scoring method is also included.

4｜Quarantine (quarantine)→Recovery (WebRepair linkage)

Automatic/semi-automatic quarantine (policy switching) of files that have been determined or are suspected to be in quarantine. Contain files before they spread. In the event of damage, the system is directly connected to CCSI's WebRepair recovery service (free of charge), and accompanies the user through the process of isolation, recovery, and prevention of recurrence.

CCSI has standardized procedures and knowledge based on more than 4,300 sites investigated and restored in over 11 years.

Bohin" is compatible with shared rental servers. It can be introduced on the premise that no server migration is required. While continuing the lineage of our existing plug-ins, we have enhanced the overall strength of our plug-ins.

Free Recovery Guarantee

HODOJIN" is built with reference to many actual cases of damage. Therefore, in the unlikely event of tampering damage while the specified functions are enabled, the WebRepair service will restore the site free of charge.

Price

Per site

Monthly payment: 14,000 yen/month (15,400 yen/month including tax)

For annual payment: 144,000 yen (158,400 yen including tax)

Annual payment is 12,000 yen (13,200 yen including tax) per month.

Service introduction URL:

https://ccsi.co.jp/lp/security_sakimori

■Security measures are also directly related to "transaction opportunities.

According to the IPA survey, 42.1% of the companies that received a request for information security measures from their business partners answered that "the response was a major factor that led to business transactions with the business partner.

In other words, investment in protection is also an investment in gaining the trust of business partners and expanding business.

SAKIMORI" achieves both "protection" and "trust" in this trend. SAKIMORI" was developed not as a mere security function, but as a domestically produced plug-in that creates a trust foundation for corporate value.

Company Profile

Company name: Cross&Crown Security Intelligence, LLC

Representative: Takahito Masuko

Location: AKASAKA8BLDG. B1F, 8-8-10 Akasaka, Minato-ku, Tokyo 107-0052, Japan

URL ： https://ccsi.co.jp/

Telecommunications carrier: A-27-14430

Public Relations Contact ： info@ccsi.co.jp

Reference (Source)

Information-technology Promotion Agency, Japan (IPA) "Results of the Survey of Small and Medium Enterprises in FY2024 (Preliminary Report)" (Japanese only)

https://www.ipa.go.jp/pressrelease/2024/press20250214.html