TL; DR: Named after a fearsome Amazonian anaconda and tank destroyer, Sucuri strikes fear into emerging threats to web security. Boasting solutions for malware detection, removal, and prevention, along with a website firewall and DDoS protection, the company focuses on educating and protecting novice site owners from assailants. Co-Founder Dre Armeda told us how Sucuri presents a major opportunity to make the internet more secure.
Daniel Cid, who founded the free, open-source host-based intrusion detection system OSSEC, was describing his newest project to his grandfather one evening. Daniel envisioned a comprehensive platform for webmasters to monitor the security of their websites but didn’t know what to call the project. His grandfather, part of a long line of Brazilian military men, suggested the name of a 1980s tank destroyer: the EE-18 Sucuri.
Daniel jumped at the name, which is also a Portuguese word for an anaconda found in the Amazon. In addition to the dominant, relentless nature of both the tank destroyer and anaconda, Sucuri pays tribute to the history and heritage enabling the company to grow into an industry-leading provider of website security.
“We were never a company out to make a big impact with a big sales or marketing force. We were excited to help people secure their sites and help the Internet as a whole become more secure,” said Dre Armeda, who served as Co-Founder and CEO for five years before rejoining the company in 2016 as Director of Business Development. “When this is all said and done 40 years from now, and I’m retired and sitting in the mountains fishing, I can turn around and see how people changed the way they thought about website security.”
Tools Evolve as Sucuri Helps Customers During All Stages of Attack
Dre met Daniel and worked with him on OSSEC and integrating information security tools behind a user-friendly dashboard. The two kept in contact after Dre’s employer was acquired, and Daniel started exploring the concept of remotely monitoring website traffic and behaviors.
“We cut into a really big cake and didn’t realize it,” Dre said.
1. Starting With Security Monitoring and Malware Scanning
With input from Dre, Daniel introduced an early version of Sucuri that notified administrators when suspicious activity occurred on their website.
“We weren’t thinking about creating a business but rather if we could get the concept to work,” Dre said. The pair continued building the definitions and behavior analysis engine so it could detect spam SEO, redirects, outages, and DNS changes.
“When we could see those things happening, within milliseconds we could trigger an alert to send to an email address or direct message on Twitter,” Dre said. “The alerts became really valuable because we could minimize the amount of time these bad behaviors or issues could act.”
2. Adding Incident Response and Cleanup Services
As the platform gained traction, both the Co-Founders and users wished Sucuri were more actionable. The team launched an incident response process, but “it was terrible in the early days,” Dre said. “There was nothing automated. We were emailing back and forth with the folks who were helping.”
After less than a year of offering site cleanup services, Sucuri was fixing more than 100 websites each day. Daniel and Dre brought on Tony Perez as a third Co-Founder to spearhead and streamline the process of adding automation. By mid-2011, the three Co-Founders were each cleaning 100-200 sites per day.
3. Preventing Future Attacks With Web Application Firewall
Even though Sucuri’s processes were becoming more efficient, the Co-Founders wanted to become more proactive and prevent infections from occurring in the first place. The team started by creating a firewall for each of their customers’ sites to check incoming traffic.
“It minimized a lot of infection points, but we still had availability issues,” Dre said. “People were still coming in with some brute-force or DDoS attacks. They were already in the environment, so they were able to take out those layers because they were able to infiltrate the network.”
The Co-Founders brought the firewall into the Sucuri network and moved it to the edge, using DNS changes to manage the firewall and evaluate the traffic like a reverse proxy.
“If we can stop it on our end, it’ll never get to the host,” Dre said. “That was the product we took to market around 2012 as the first incarnation of the firewall we sell today.”
Educating End Users and Changing How People Think About Security
Dre credits a lot of the company’s success to the internal research network Sucuri employs to look for emerging threats. The company recently discovered a content injection vulnerability affecting the WordPress REST API in version 4.7.1. Sucuri alerted the WordPress Core team, which quietly included a fix in version 4.7.2.
“We even released it to our competitors because they had hundreds of thousands of customers who were about to become very vulnerable,” Dre said. “The end user is really where we’ve been focused and who we’ve been attached to from the inception of the company.”
Ultimately, Sucuri employees aim to block vulnerabilities without site owners knowing. Although the company wants small business owners to focus on their passion instead of the nitty-gritty technical details, Dre said educating users to be proactive about security has been a continuous challenge.
“At the end of the day, they are our weakest link,” Dre said. “They don’t have the understanding, technical acumen, or resources. 99% of the time, they don’t really care. They just don’t want to be hacked.”
Acquisition by GoDaddy Means an Opportunity to Help More Users
Sucuri grew to about 110 employees and more than 40,000 paying customers by early 2017, when the company was acquired by hosting giant GoDaddy.
“That’s fabulous, but that’s only a tiny microcosm of what we consider the internet,” he said. “When you think of the potential impact to go in and secure millions more websites in the next year, that to me is what’s really exciting.”
When Sucuri was acquired, the company included roughly 500,000 unique domains in its network, according to Dre. GoDaddy and its subsidiary properties, on the other hand, account for more than 16 million customers and 70 million domain names.
“It’s an interesting thing, to solve a problem at that scale,” Dre said. “That enables us to go off and say, ‘We can solve their problem, so we can solve these problems for just about any host out there.’ It’s an exciting place to be.”
Sucuri is also looking to expand its partnership base, according to Dre. Originally, the company went directly to consumers.
“Now that we have a product that gives us the opportunity to provide every single person out there with an entire end-to-end security platform, we want to think how we can partner with organizations to help their customer bases,” he said.
Head over to the Sucuri website to find out more about Sucuri’s partner opportunities.
Dispersed Team Bonds Over Jiu Jitsu and Remote Experience
Since the early days, Daniel and Dre insisted on keeping a predominantly remote work environment. Sucuri maintains its headquarters in Temecula, California, even though the team is spread among 26 countries.
“We focused on getting the folks that would take care of what needed to be done and didn’t want to worry about wasting time commuting,” Dre said. Employees meet regularly at WordCamps and other conferences and frequently communicate through Slack and video conferences.
Most of Sucuri’s close-knit team had worked with other colleagues previously, Dre said, promoting a fun and relaxed ecosystem where employees bond over shared interests.
For example, the three Co-Founders all train and compete in jiu jitsu — Dre and Tony have purple belts, while Daniel is a brown belt. Dre and Tony also are part of a large segment of veterans employed by Sucuri. At the end of the day, however, Dre said everyone in the company unites around a passion for promoting a safer internet and helping website owners in desperate need for assistance.
“It’s become part of the fabric or the glue of the company,” he said. “People will have changed the way they thought about security because of what we did.”