Secure Your Storefront with the Enhanced Adobe Commerce Security Scan Tool
The average cost of a data breach to a business is $4.24m, while the time to identify and contain a breach is an average of 287 days, according to a 2021 study by IBM. Malware and digital skimming are among the most common attack vectors for eCommerce sites. But the Adobe Commerce Magento Security Scan Tool can help repel these attacks.
In this guide to securing your store with the Enhanced Adobe Commerce Security Scan Tool, you will learn
- What is malware?
- The Adobe Commerce Security Scan Tool, powered by Magento
- Partnership with Sansec
- Setting up the Security Scan tool
- Benefits of the Security Scan tool enhancements
- Frequently asked questions about Adobe Commerce Security Scan
What is malware?
Malware is a contraction of “malicious software", an intrusive software designed to damage and destroy computers and computer systems. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware.
According to a recent malware scan run by Sansec:
- Credit card skimming malware was detected on 8,170 unique stores across all platforms.
- 82% of stores that had malware were running an unsupported version of the product.
- 24% of all affected stores suffered multiple malware incidents. This suggests that one in four merchants are unable to identify the root cause and, as such, unable to close unauthorized access.
- On average, skimming malware was present on compromised stores for 13.2 days.
At Adobe, we are committed to helping companies deliver secure shopping experiences to their customers. We are improving our threat detection tool to help our customers proactively identify potential threats to their web stores.
The Adobe Commerce Security Scan Tool, powered by Magento
This Security Scan tool from Adobe Commerce, powered by Magento, is an important part of Adobe’s strategy to help Magento Commerce and Magento Open Source merchants enhance security for their storefronts. The online malware scanner will help merchants identify:
- Potential malware and vulnerabilities on the web store
- Out-of-date security patches
- Potentially vulnerable extensions
- Digital skimming injections
- Security misconfigurations
- More streamlined guidance on Adobe Commerce security best practices
If potential threats are identified, Adobe Commerce Security Scan tool can alert the admin through an automated email notification.
Partnership with Sansec
Adobe has partnered with Sansec, a leading security company specializing in helping to prevent digital skimming. Through this partnership, Adobe will be adding about 9,000 malware and vulnerability signatures to the Adobe Commerce Security Scan tool. Each of these signatures has undergone a multistage testing and validation process before being added to the scan tool.
Every week Sanguine Security’s research team analyzes 200 to 300 known eCommerce attacks. This information produces a valuable stream of possible attack vectors and indicators of compromise (IOCs). This data is continuously fed as threat signatures into our enhanced Security Scan tool, leading to approximately 300 new signatures added monthly.
Setting up the Security Scan tool
The Security Scan tool is free to use for any version of Adobe Commerce, Magento Open Source customers, and partners in the Adobe Solution Partner Program and Adobe Exchange Partner Program. Merchants and their teams, including authorized developers, can access the enhanced scan tool directly by logging into their Magento Commerce by Adobe accounts and choosing Security Scan. It is very easy to register your site to the scan tool and monitor your site on a daily, weekly, or on-demand basis.
Benefits of the Security Scan tool enhancements
The enhanced scan tool will help customers:
- Get real-time insights into the security status of their Adobe Commerce store and suggests best practices that may assist in fixing the issue.
- Run over 17,000 security tests to help identify potential malware on their web store.
- Get access to historical security reports of their Adobe Commerce sites to track and monitor their progress over time.
- Get access to the scan report that shows the successful and failed checks and recommended further action, if any.
Adobe encourages merchants to enable the Adobe Commerce Security Scan tool on all production storefronts. Detailed documentation on setting up the Scan tool is available here.
You can sign up for the Security Scan Tool here.
Frequently asked questions about Adobe Commerce Security Scan
How do I know if my website has malware?
A tsunami of pop-up ads, strange redirections and disabled system tools are just a few clues that your computer has fallen foul of malware. Ecommerce entrepreneurs must-have scanner and detection tools that check for all types of malware and which confirm through reporting.
What is Adobe Commerce Security Scan?
Adobe Commerce Security Scan allows you to monitor each of your sites for known security risks, and to receive patch updates and security notifications.
- Gain insight into the real-time security status of your store.
- Schedule security scan to run weekly, daily, or on-demand.
- Receive reports with the results of over thirty security tests and the recommended corrective actions for each failed test.
- Maintain a history of security reports in your Magento account.
What is the latest version of Magento?
Magento Open Source 2.3.5 offers significant platform upgrades, substantial security changes, and performance improvements. This release includes over 180 functional fixes to the core product and over 25 security enhancements. It includes resolutions of over 46 GitHub issues by our community members. These community contributions range from minor clean-up of core code to significant enhancements to Inventory Management and GraphQL.