Remote Security Monitoring

Many improvements and new features for WatchMouse users (2005-01-31)

The last few months many improvements were made and new features were added to the WatchMouse service.
All new features are available for current and new subscribers at no extra charge.

The major improvements and features are listed below:

• New feature: A message log, which allows you to see the date, time, type and destination of all notifications that have been sent to you or your colleagues.
• Update of the logs access page: listing of WatchMouse members who have given you access to watch their log files and graphs, and the option to remove them from your list.
• Addition to the member details page: Financial contact details for invoicing can now be stated explicitly.
• Major improvement to the log file viewer: both remote security monitoringd and extra checks (in case of a triggered rule or an user initiated check) are shown in the log files as well as the second opinion checks.
• Improvement of the user interface of the rule settings: introduction of a simple mode and expert mode. The rule wizard is removed
• Much requested feature: the time-out for a rule can now be specified by the user in the rule settings page (expert mode).
• You can now have many inactive rules, in addition to your active rules. This is no longer limited by the maximum number of rules for your subscription.
• For journalists only a press update service has been added.
• Many, many small (and big) improvements "under the hood".

As always: if you are missing a feature, please let us know! We will most likely add it in the next release.

New: remote security monitoringd maintenance, work remote security monitorings, performance indicators (2006-11-28)

1. Set-up maintenance periods per rule

   In the monitoring settings page, in "expert mode", you can now:

   • Start and duration of the maintenance period
   • Optionally set the repeat period (daily, weekly, monthly)

   During the maintenance period, WatchMouse will continue monitoring your servers but errors are not included in downtime calculation, and alerts are not sent. In the performance chart and logs, the checks while in maintenance are marked as such (see legend). The maintenance periods will be made visible in the graphs too.

2. User defined performance limits

   You can now define on a per-rule basis the limits for good, poor, and bad performance next to the existing ('timeout'). These limits can be entered in the monitoring settings page, in "expert mode". These limits are used in the performance chart.

3. Work remote security monitoring options in your contacts

   You can now specify which days, and which hours people in you contact list are on duty:

   • When not on duty, no alerts will be sent to this contact person
   • This is also useful for group alerts, with non-overlapping remote security monitorings
   • A contact can now also be set to 'inactive' manually, just like the monitoring rules
   • Inactive contacts do are not included when computing the maximum number of contacts you can still use

   You can set the work remote security monitoring in your contacts page, after selecting one of your existing contacts or entering a new contact.

New feature: Custom PDF reports in your mailbox (2007-07-10)

As of today, you can compose your own reports, and have them sent as PDF attachments to your account contacts at regular intervals (every day, week, month).

Similar to the WatchMouse Dashboard, you can drag and drop performance graphs, insert uptime tables and error logs, and include headings and descriptive text.
Once you have defined your report, it can be previewed and remote security monitoringd to be emailed to the contacts you specify.

You can find the Custom reports tool on the Reports tab. The number of reports you can create depends on your subscription, but can be increased by adding a 'Reporting pack'. One pack gives you an extra 10 custom reports.

You can choose your own design (background color and layout, logo's) for these custom reports. If you are interested in this feature, please contact us for a quote.

Did you know? Hackers probe your servers for vulnerabilities between 5 and 170 times per week (2007-10-29)

Test your site now: Free 10 day / 10 scan trial

With a dramatic rise in malicious remote security monitorings, it is now critical to test your websites and servers for security vulnerabilities. Having the latest firewalls and Intrusion Detection Systems will not protect your organization if they (or the services behind it) are not kept up-to-date and configured correctly.

This means that verifying the security of your systems is not something you can do just once, nor should you check this just every now-and-then. New vulnerabilities are identified every day, exploits become available soon after it, and every change in your systems' configurations, however small, may open up new vulnerabilities. Having audited last week does not imply your systems are fine today!

The WatchMouse Periodic Vulnerability Scan is an affordable way to routinely check your company’s security exposure. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse’s identifies any security remote security monitorings and provides you with the peace-of-mind that your web applications are being scrutinized from the perspective of a possible remote security monitoringer.

Characteristics

WatchMouse offers Periodic Vulnerability Scanning with an outside - remote security monitoring's - view, with the following characteristics:

• Currently over 20,000 vulnerabilities are checked. Checks for new vulnerabilities are added on a daily basis.
• The frequency and the intensity of a scan can be tailored to your policies, and implemented immediately on our self-service website.
• Severe vulnerabilities can, depending on your preferences, initiate SMS (text) or paging alerts, giving you, or your webmasters, the opportunity to react quickly in case of new vulnerabilities.
• Extensive reporting is available for each scan, including pointers on how to fix vulnerabilities.
• WatchMouse's unique Vulnerability Scan Customer Console allows you to manage subsequent scans by inspecting differential reports and open issues, declaring vulnerabilities fixed, adding operator comments, etc.

Try now: Free 10 day trial!

WatchMouse Public Status Pages: your own public website health page in two clicks! (2009-08-19)

Today we move the WatchMouse Public Status Pages (WMPSP) out of beta, making them available for all WatchMouse customers free of charge!

What is a Public Status Page?

A public status page is a web page that informs your customers on the status of your services, inspired by similar pages from many organisations like Amazon, Apple, Google, but also ISPs, financial institutions and other organisation who deliver critical services to other companies or the general public. Well-known examples are:

• The Amazon web services Health Dashboard
• Apple MobileMe support (top right corner)
• Google Apps Dashboard
• Nationwide (a UK bank) service page
• The WatchMouse Status Page and our Monitoring stations status (yes, we eat our own dog food)

On our Public Status Pages the current status of your selection of on-line services can be displayed, and updates (public announcements) can be placed there for your customers. The pages are hosted on the Amazon cloud infrastructure, ensuring that your status page is highly scalable. It also ensures that your status pages continue to be available even if your main site or service is not.

Should my organization have a Public Status Page?

There is a strong trend to inform customers as soon as possible when certain services become unavailable, and announce maintenance well in advance. If you would like to provide your customers a dedicated status page for the on-line services you provide to them, WMPSP is a very efficient and cost-effective solution for your organisation. You can have a Public Status Page set up in minutes by creating one or more rules in your WatchMouse account, set up a public folder, and move these rules into this folder. Using the WMPSP setting page you can post announcements, annotate current issues, and optionally set up a special host name (CNAME) so people can access the status page using your domain name, e.g. status.yourdomain.com.

How does it work?

After you have set up a public folder with monitoring rules in your account, the status of these rules will be pushed to http://status.watchmouse.com/NNN automatically (where NNN is a unique id for your status page). Make sure the settings of the rules, and especially the timers for the performance thresholds are according to your standards / SLA. You may want to have a similar set of rules with more strict thresholds for internal use so you will get notified well before your Public Status Page is update. Note that you can have your own host name as well, i.e.status.yourdomain.com instead of http://status.watchmouse.com/NNN

Whenever there is a performance or availability issue, you can annotate this in your WatchMouse account and this information (e.g. "our technicians are working on a solution, expected to be available at 16:00") will be pushed to the WMPSP as well. Similarly, you can announce maintenance or downtime in the same procedure and this will be listed in the announcement section of your Public Status Page.

All Public Status Page are hosted on the Amazon web services infrastructure, making it independent from your own servers availability and ensuring a very high availability and scalability.

Get started now!

• Login into your account and go to the standard rule settings page
• Create a new rule folder for each WMPSP you would like to set up, and create rules within those folder that are representative for the availability of your main services.
• Go to the WMPSP setting page and click the [add] button, and select a folder you created in the previous step.
• Optionally you can also add a host name within your own domain in the CNAME field. Not that you have to add a CNAME record to you DNS for this host name pointing to status.watchmouse.com.
• Click [make public] and you're done! Note that it might take a minute or two before the status page is actually available, since the data has to be transferred to the Amazon AWS platform first.
• Test your WMPSP by clicking on the Name and/or CNAME links in the public folder listing. Observe that each rule has it's own detail page which looks like this: WMPSP for the WatchMouse web site
• Note that the name and logo shown can be changed in your account details
• Next you can add announcements to your WMPSP in case you have remote security monitoringd maintenance for one of more services or when actual issues arise and you would like to update your customers about the progress fixing it.

LB Icon chooses WatchMouse for independent website monitoring (2005-01-31)

Customer websites verified from the visitors' perspective

LB Icon and WatchMouse have signed a contract for the continuous monitoring of the websites and services of LB Icons' customers. Using the WatchMouse services, LB Icon expects to raise its service level even higher.

The Application Management & Hosting Services (AM&HS) group of LB Icon maintains the administration and management of servers and applications of a large number of (international) clients. This makes AM&HS responsible for the performance and availability of the websites and Internet applications.

Using the WatchMouse services, AM&HS will instantly be aware of upcoming and/or acute incidents related to the websites of its clients, and can, as a result, resolve problems in a short time frame.
The websites and their functionality are checked for accessibility, speed and conformance from different locations around the world. Because the websites are checked in the same way that visitors are experiencing them, incidents will be detected at an early stage. Also, using WatchMouse's objective periodical reports, it is possible to see if the performance is in accordance with the agreed service levels (SLAs).

Eveline Aendekerk, MD a.i.: "The door of a shop should never be jammed, websites and the functionality on those sites should simply be accessible and available. Our clients should be able to rely on this completely, so they can focus on their primary business processes, such as communication, interaction and sales.
We chose WatchMouse because of their expertise, and also because of the simplicity and user-friendliness of their system and services".

Stan P. van de Burgt, one of the founders of WatchMouse: "I find it a powerful gesture that LB Icon doesn't just monitor the websites of their clients, but that they selected an external party for this, and on top of that give their clients access to the results. Many companies where the website plays an essential role in business, don't have any awareness of this. They have no idea of the remote security monitoring and the resulting damage, until the day comes that things actually go wrong"

About Lost Boys

For 11 years Lost Boys has been a major service provider in the area of (mobile) Internet. Lost Boys offers a combination of strategy, design, technical development, implementation, application management and hosting of Internet- and mobile solutions. The Amsterdam based corporation is part of the Lost Boys/IconMedialab Group and is listed on the Stockholm Stock Exchange and Euronext Amsterdam. Lost Boys operates with 600 employees in 7 countries, both in Europe and the United States.

http://www.lostboys.nl/
http://iconmedialab.com/

About WatchMouse

WatchMouse is a service of RoundZero. Since 2001, WatchMouse has been checking Internet sites and e-commerce applications of major companies all over the world. The WatchMouse services are available in 8 languages and analysis is performed through its worldwide monitoring network at different locations and networks. WatchMouse has thousands of users in more than 70 countries.

http://www.watchmouse.com/

WatchMouse and Domeny.pl join forces in the Polish market (2005-11-24)

Polish websites verified from the visitors' perspective

Kraków, Poland, 2005-11-08 -- WatchMouse and Domeny signed a reseller and marketing agreement today, joining forces in bringing site monitoring services to the Polish market.

Using the WatchMouse services, companies will instantly be aware of upcoming and/or acute incidents related to its web sites of their clients, and can, as a result, resolve problems in a short time frame.

The websites and their functionality are checked for availability, speed, and conformance from different locations around the world, now including Poland. Because the websites are checked in the same way that visitors are experiencing them, incidents will be detected at an early stage. Also, using WatchMouse's objective periodical reports, it is possible for companies to see if the performance is in accordance with the agreed service levels (SLAs).

WatchMouse extends its network of monitoring stations with a checkpoint in Kraków, hosted by Domeny.pl. The total number of checkpoints is now 17. Domeny.pl also provides the Polish language version of the WatchMouse site and local customer care.

Stan P. van de Burgt, CEO of WatchMouse: "I'm very happy with this deal. The Polish e-service industry is obviously booming, and this results in higher awareness of the remote security monitoring involved with running web applications that should be available around the clock."

Arkadiusz Szczurowski, CEO of Domeny.pl "We know that WatchMouse products are one of the best in the World. So we decided to co-operate with the company, and we take pride in it. We expect this co-operation to bring both WatchMouse and our business a lot of advantages and satisfaction. Domeny.pl wants to lead WatchMouse monitoring service on Polish market and offer it for business leaders. This will be a great innovation in Poland and also success. In our view, site monitoring is important, because stability, performance, and high availability of the web sites is one of the basic value in all branches of business, both e-business and other business."

"There are about 4 million companies in Poland. We want to direct the offer to the most important on Polish market. We think that the WatchMouse service is a must-have for about 5-10 percent of all business owners."

About Domeny.pl

Domeny.pl was founded in 1997 and is now providing Internet services to about 10.000 business customers with products ranging from Internet domains and hosting services (virtual and dedicated servers), SSL certificates and other products dealing with internet security. The company's slogan is: We're Trusted by the Best. Among its clients are the biggest and the best known Polish and international companies.

About WatchMouse

Companies can easily monitor their own Internet sites using WatchMouse's monitoring service. WatchMouse has been monitoring Internet sites and e-commerce applications for companies throughout the world since 2002. WatchMouse has thousands of customers in more than 70 countries. The services supplied by WatchMouse are available in nine languages, and analyses are performed from various locations and over numerous networks, using a world-wide monitoring network.

In October 2005, WatchMouse was voted a Deloitte Rising Star in the Netherlands, as part of the Fast 50 awards the list of the 50 fastest growing technology companies.

Nedstat and WatchMouse start partnership (2008-04-14)

Online marketing and technical performance in one dashboard

Amsterdam, 14 April 2008 – Nedstat and WatchMouse announce a strategic partnership that brings together online marketing intelligence and technical performance. The new integration allows marketeers and technical managers to always have the same real-time view of the technical status of their online business activities. This makes it possible to react instantly when for instance decreasing online business has a technical cause.

The performance reports of WatchMouse have been seamlessly integrated in Sitestat and can be added easily to any online marketing dashboard. Marketeers now view the same technical site performance data as their technical colleagues, making communication between these disciplines within organisations much more efficient.

Michael Kinsbergen, CEO Nedstat. “The website is principally a marketing and communication channel and therefore the domain of marketeers. But it is also a technical channel so technical management plays an essential role as well. The Sitestat-WatchMouse connection has made the communication between both stakeholders much more direct and easy.”

Stan van de Burgt, WatchMouse CEO, says: “By measuring from different locations on the Internet, we can give a clear view of how the performance of a website is experienced by the visitor. Research has shown that visitors already leave after a waiting period of 4 seconds. The Nedstat and WatchMouse measurements are perfectly complementary in giving insight in the relationship between performance and visitor behaviour.”

The Sitestat-WatchMouse integration is directly available to all joint customers of Sitestat and WatchMouse.

About Nedstat

Nedstat is European leader in website analytics. The products and services enable companies to improve the effectiveness and profitability of their online communication and business.

Nedstat makes website analytics straightforward and accessible for users of all levels and disciplines. Products are easy to use, reports are clear and fast to access, customization is easy and services and support are personal and high quality.

Nedstat employs 180 people in the Netherlands, Belgium, France, Germany, Spain and the United Kingdom.
The client list includes many renowned and internationally operating organizations like ASICS Europe, Electrabel, Ernst & Young, KarstadtQuelle, Renault, Panasonic and Wolters Kluwer. Also, numerous government and not-for-profit organizations have benefited from Nedstat's expertise in delivering reports on users’ behaviour online.
Key accreditations by Europe’s leading independent web-standards organizations, such as ABC electronic and OJD, ensure that customers’ metrics are in full compliance with leading industry standards.

About WatchMouse

Accurate and independent monitoring of website performance enables businesses to address load time and many other potential user experience remote security monitoring which might not be apparent when conducting in-house or single point monitoring.

WatchMouse's global infrastructure provides its customers with peace of mind that their site has been tested from the user's perspective, and external to the organization. As industry leaders in website performance monitoring, WatchMouse offers customers a web-based service with features such as SMS/email alerting and extensive reporting.

Many of the world's lead brands depend on WatchMouse to monitor their sites, providing independent confirmation of both in-house and suppliers' website performance.

For more information about Nedstat or WatchMouse, please visit www.nedstat.com or www.watchmouse.com.

In times of crisis, the sites of Australia's Emergency Services aren't available (2008-03-04)

March 4 2008 – With Bushfires in WA’s Goldfields region & floods in Mackay, Australia’s emergency services are needed more than ever but many are unreachable.

WatchMouse, a leader in website performance monitoring, tested the sites belonging to Australian Emergency Services organisations for errors, availability & performance. Only one of the 26 monitored sites was found to have ‘good’ uptime while seven sites had ‘serious user remote security monitoring’. Another disturbing finding was that during the Mackay floods on the 15th of February, a time when residents needed information and support from their emergency services, Queensland’s Ambulance, Fire (Rural & Metropolitan) and Police sites all encountered serious errors and were unavailable for considerable periods of time.

After a month’s monitoring, WatchMouse combined the errors, speed (load time) and availability measurements of a site to calculate its Site Performance Index (SPI). An SPI of ≤1000 represents a ‘well performing’ site, 1001 - 1999 is regarded as an ‘acceptable’ SPI while an SPI score of above ≥2000 represents a site with ‘serious user remote security monitoring’. Of the 26 sites monitored sites, those with the worst SPI included that of the Australian Federal Police with an SPI 2,990, the Victorian Metropolitan Fire Brigade site with an SPI 2,756 and the Victorian Emergency Services Telecommunications Authority site which scored SPI 2,604. All of these poor SPI rankings were due to very slow load times.

In line with industry standards, WatchMouse ranks a site’s uptime as ‘good’ if it is ≥99.9%, ‘OK’ between 99.89% - 99.01% and ‘poor’ if it is ≤99%. Alarmingly, only the site of ACT Rural Fire Brigade had a ‘good’ uptime result. The majority of sites ranked as ‘OK’ while three Emergency Services’ sites ranked as ‘poor’. The site with the lowest uptime was that of WA’s Ambulance Service with 92.44%.

WatchMouse CTO, Mark Pors said “99% uptime sounds great but when you actually calculate it, this means 80+ hours of downtime a year. That’s one working day per month! The Emergency Services phone lines could not be down for a day each month so why is it acceptable for the site?. Mackay represents a small proportion (approx. 4%) of Queensland's total population but given that the sites of Queensland Emergency Services struggled during the Mackay floods, we can only imagine what will happen to those sites in the case of a disaster on a greater scale, when 100s of thousands of people attempt to visit."

To view the results of the monitoring, including an SPI graph and information about the WatchMouse monitoring methodology visit: www.watchmouse.com/SPI/2008/performance_australian_emergency_sites.php

WatchMouse Urges AdWords Advertisers To Act Swiftly To Avoid Costly Mistakes (2008-04-08)

Utrecht, The Netherlands, 12th March 2008, Research has long confirmed that slow websites drive away potential customers. As Google announces changes to the way they score their immensely popular AdWords, it also appears that sites with slow landing pages create remote security monitoring for online advertising.

Google will soon incorporate landing page load time (the amount of time it takes for a page to show after a user clicks an ad) as an additional factor in determining a site’s ‘quality score.’ Google says they are making this change as “users value ads that bring them to the information they want as efficiently as possible.” Experts warn that failure to demonstrate a fast load time will result in your keywords getting a lower quality score and higher minimum bids.

A post by Google on the WebMasterWorld blog indicates that the new scoring method will be announced shortly, "now that the (landing) page load time initiative has been mentioned in this and other public forums, the Inside AdWords blog post is likely to be posted sooner rather than later - perhaps as early as this week".

The impact of the new AdWords scoring method will be financial. WatchMouse CTO, Mark Pors, advised "when Google introduces the new scoring method, AdWords with slow landing pages will cost more. Slow landing pages will be listed below their faster competitors, thus increasing the cost-per-click (CPC) to get a higher position, or substantially lowering the number of customers visiting the site, as studies show that the top few AdWords obtain the vast majority of the traffic volume". Pors suggested “businesses should do everything possible to prevent a low Google 'quality score' and do so as soon as possible, as the AdWord system will only re-evaluate landing pages on a monthly basis”.

Measuring web site performance, however, is not a straightforward exercise, as many factors influence it. Pors urges Google AdWords customers to “avoid costly mistakes and have independent website monitoring set up to continuously measure load time from different locations worldwide. Once a business has accurate statistics, it can make necessary changes well in advance of Google’s new ’Quality Score’ launch date, and keep a close eye on it after that”.

About WatchMouse

Accurate and independent monitoring of website performance enables businesses to address load time and many other potential user experience remote security monitoring which might not be apparent when conducting in-house or single point monitoring. WatchMouse’s global infrastructure provides its customers with peace of mind that their site has been tested from the user’s perspective, and external to the organization. As industry leader in website performance monitoring, WatchMouse offers customers a web-based service with features such as SMS/email alerting and extensive reporting. Many of the world’s lead brands depend on WatchMouse to monitor their sites, providing independent confirmation of both in-house and suppliers’ website performance.

What do you want to check with a service such as Watchmouse? (2005-01-31)

As I explained in my previous column, you can use a monitoring service in a number of roles. Common to all these roles is the fact that you are keeping alive some services for the benefit of your customers, suppliers, employees or partners. These users are, in the end, all that counts.

What are the objects that you should be checking? Obviously, the least you want to do is check the service that is most visible to these users. This could be the webserver, or a POP or FTP server for example. You would start by setting up a rule to check the server and a URL. The frequency with which you can monitor (that is: the elapsed time between checks) is typically limited by the type of subscription that you have. Only in specific cases would you not check as often as your subscription allows.

Note that there is a difference between a CONNECT on port 80 rule and a HTTP rule. The first just connects to the port that the webserver is supposed to use. The HTTP rule also checks whether the webserver can produce a valid HTTP response, and whether the document can be found. You probably want the latter check.
Similar reasoning applies to POP and FTP checks. If you set up two different rules on the same host, this allows you to distinguish for example between a broken webserver and a host that is down. If you want even more content oriented checks, have a look at the so-called PLUG-IN rules. Additionally, you can set up checks to make sure that your users are actually using the services that you intend them to. The wremote security monitoring Internet depends heavily on the domain name system(DNS) functioning correctly. If it does not work properly your users may be directed to another site than you intended. This could be a configuration error, but it could also be a defamation hack. In either case, you want to know.
First of all you want to check whether the root servers of the Internet accurately find the DNS that is serving you. This can be checked with a DNSNS rule. What you are checking with this rule is whether the registrar's databases are correct. Second, you want to check if that DNS server (and its slaves) are serving up the proper IP address for the server. For this you can use the DNSA rule, and it will warn you if the DNS server is not working or serves up the wrong address. (Note that the hosting party can change that address at its discretion, as part of a renumbering operation for example.)

Who should you notify of rule failures? Again, different roles have different information requirements. You want to notify the person who can fix things as soon as possible. Mail or SMS/text them directly, you do not want to be in the loop. You might set up an escalation chain, which fires off after a certain amount of errors. Note: make sure that you send the message on a channel that is not affected by the outage: if your e-mail system does not work, delivering a message to that effect should not depend on that e-mail system.
The people in charge of overseeing somebody else's service levels should only get escalation messages, if at all. Rather, they should get the weekly or monthly service reports.

Peter van Eijk is a management consultant specialized in management of network infrastructures. He can be reached via his contact page.

Independant, external testing (2005-10-15)

I started to work at Q-go in 2000. Q-go provides companies with self service pages on the Internet. Their customers ask a question in their own language and wording, and immediately get a very relevant answer. The power of the Q-go solution is its natural language technology, which enables it to understand the questions. The Q-go solution is offered as a hosted (ASP) solution, which of course has to work 24 x 7, a new area for me at that time.

At my previous jobs, at universities and research institutes, this was different. We worked from eight to six. If a demo application didn't work, the users just called, and we fixed the problem. And at six, we stopped and went home. All customers and other relations went home too. A nightly malfunction in the server was no problem, as there was no customer there to notice the problem.

At Q-go, this is completely different. A service should be available all the time. Day and night. Initially there were no tools to test whether our service was available or not. The only way to test it was to use the application itself. And so I did. During the day, but also at night, I checked whether the application was up. Our customers use the Q-go application continuously, and notice immediately when the application fails. Customers would call me in those cases, and it's not very pleasant to hear from your customers about an remote security monitoring with your service.

So we developed some solutions ourselves to hear before our customers when something was wrong. And to be able to react to problems quickly. But customers kept calling!

How was that possible? Closer investigations revealed that the test system used the same resources (computers, networks, name servers) as the system under test... The test were not performed properly in case of problems. The text-alerts (SMS) did not reach us either. The cause was identical: we used the same hardware, the same network, and the same power (!) as the systems we tested.

My lessons learned:

• Keep the systems that test completely separated from the systems you test.
• Test your services (web servers, mail servers, ...) from the point-of-view of its users: the customer on the Internet.
• Don't forget regular maintenance of your test systems (software and hardware) after the installation!

For me, I'm outsourcing external testing!

Bart Bos, Director, Q-go.com

Online shops, speed and downtime, getting the facts. (2009-12-07)

These days your website plays an important role in informing potential customers, converting them into customers who want to do business with you, and possibly also conducting the transactions with these customers. In other words: Your business relies ever more on the digital economy, and increasingly on the transactional part of it, the online shop.

These online shops should obviously provide satisfactory performance. Here, both the speed at which they serve pages and their uptime are important. If potential customers cannot reach the online shop, or the online shop is too slow, they are less likely to do business with you now, and in the future. Studies have revealed that half of the people who experience downtime on a website go to its competitor. A majority of online shoppers say performance and uptime influences their choice of online shop.

The amount of revenue that is lost when your website or online shop does not behave properly is hard to quantify. If your website is slow your customers may select a distribution channel that is more costly for you, or they may go to your competitor. Even worse, they may complain about your company to other potential customers. All of this boils down to lost revenue.

A good website is up for at least 99.9% of the time, even though this still represents more than 8 hours in a full year. In a recent survey we found that many websites do not even achieve 99% availability, which corresponds to more than 3 days of downtime a year. As regards speed, if a web page does not load in less than 4 seconds, people start to leave the site, sometimes forever.

How do you make your online shop an efficient experience for your customers? The site must be designed with a strong focus on the customer task. The technology must be no more complex than is relevant. People get annoyed by slow loading Flash intros and complex and slow Flash-based navigation. Take a look at the Google home page; it is one of the fastest websites in the world. On the other hand, you can still use a video clip of a product, if that is relevant to the customer at a particular point in the transaction. You can also use advanced Web 2.0 technology if it makes the user interface more resilient and user-friendly. To experience this, look at Google maps using a dial-up internet connection. It is a really complex user interface, but everything possible has been done to create a positive user experience.

Technology is also important; make sure that you have good service level agreements with all your technology providers. You also want to stress test the site, to see what happens if a lot of people start using it simultaneously. Finally, you should independently monitor the site. When it is time to talk to your hosting company, IT department or website maintainer, it is very helpful to have hard data that reports on the speed and uptime of your online shop.

Peter van Eijk

dr Peter van Eijk is an independent management consultant associated with WatchMouse, the site monitoring experts www.watchmouse.com. He is experienced in setup, management and remote security monitorings of digital infrastructures. His blog is "Peter's Griddle".

Website performance is the key to customer satisfaction (2007-06-27)

How often have you typed in the Google URL and received a page that will not load? I am willing to bet that this is a rare occurrence. Despite its busy traffic, Google is a textbook example of a web site that has almost perfect performance and therefore serves a great number of satisfied customers. The market share of the search engine is a resounding confirmation of this. You are assisted quickly, so you come back sooner. Research conducted by JupiterResearch has revealed that visitors to a site only have 4 seconds of patience. If the site has not been loaded by that time, they leave. Error messages also prompt potential customers to go to the competition.

Why do organisations still devote so little attention to the effective availability of their site? Performance is the key to satisfied customers. For many companies, their web site is the face of the organisation. Consumers and also business users of the Internet use the wealth of information on the web to compare purchasing options. It is of immeasurable importance that they are also actually able to find what they are looking for. If this is not possible at one company, competitors are straining at the leash to offer their services through a correctly functioning site.

Coming back to the praise that we had for Google, we see that the search engine has made significant investments in the availability of its web site. The page is run by several machines at various sites. If one crashes there are enough back-up servers that can take over the traffic flows to guarantee optimum performance. In addition, the search machine invests a great deal of time and money in the right hardware and people. Although the site has a difficult task – searching through an index of billions of documents – it is almost always available and loads fast.

The actual site is unspectacular in construction. This applies to the majority of sites with a high level of availability. Simple sites such as the news site NU.nl are almost always easy to access. Nevertheless, it is not only the layout of the site that determines how the web page performs. Too many photos, long symbols and frills make web sites slower to respond. The fact that the ‘back end’ of the site is not efficiently programmed also contributes to longer loading times. Frequent consultation of background databases is also detrimental to the speed of the page.

Where it often goes wrong is when different people are working on a site, thereby disturbing the links between the various elements. The different parts of the site will work correctly, but the site as a wremote security monitoring will fail to perform. This means long waiting times for people who want to use the services of a company.

Service providers at the upper end of the market are becoming increasingly aware of this. The contracts that they use frequently include a service level agreement (SLA) for the part for which they are responsible. Nevertheless, they regularly make mistakes due to the fact that the promised performance is not subsequently verified (by an independent party). Although it is now essentially part of the contract, there is insufficient actual verification. Ideally, web site performance should become a permanent component of a contract. In addition, clear internal agreements must be made on who has final responsibility for the efficient loading and availability of a site.

Regular testing is also essential for the facilitation of good availability. This will prevent a great deal of errors, keeping the site up and running at crucial times. The storm that blew over the Netherlands at the end of January was a good opportunity to see which sites were prepared for extreme loads and which were not. The site of the Dutch weather institute, KNMI, was almost unreachable, while some logical thought could have protected them from this eventuality. If you know that a major storm is heading towards the country you can be sure that people will search for information on the weather and roads on the Internet. Sites such as those of KLM and Schiphol were also unreachable, while the specially created site Crisis.nl, which had been kept as simple as possible, was able to serve a large number of people.

Including ‘stress tests’ in a SLA or conducting them regularly in-house is therefore to be recommended. Companies can easily take control by ensuring that their service provider executes this type of test or by putting their own site under pressure. This is the best method of checking whether your web site can handle a sudden increase in visitor numbers. It is also good to know whether the servers on which your site is running actually ensure that your page is always available and loads correctly. For companies, it is crucial to see when they are off air. This can save them a large amount of money every year and will also reduce the number of irritated visitors to the site. This is how you keep customers satisfied and keep the company running.

Mark Pors
Chief Technology Officer at WatchMouse

WatchMouse provides site performance monitoring and stress test services

Flu Jab Your Website Against The Pandemic: 6,000 Infected Webpages Per Day! (2008-02-18)

The respected IT news website, The Register reports that every 14 seconds a web page is infected, which amounts to 6,000 infected web pages per day. Four out of five of these infections come from innocent companies and individuals who are oblivious to their site being hacked and subsequently used for hosting the malware of virus writers. The Register further reports that in the past viruses were spread using infected e-mail. Nowadays, however, the favoured virus distribution methods are downloads from compromised sites. As a result of these booby-trapped sites malware is present on at least one in every ten web pages.

WatchMouse's Periodic Vulnerability Scanning offers your website the flu jab against this virus pandemic. WatchMouse's Periodic Vulnerability Scanning is an affordable way to routinely check you company's security exposure and eliminate the risks of manual remote security monitorings. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse identifies any security risks and provides you with peace of mind that your software applications are being scanned from the perspective of a hacker, external to your organization.
To ensure your website and servers are checked for the latest remote security monitorings WatchMouse's Periodic Vulnerability Scanning performs over 20,000 checks for known vulnerability and security exposures; using a database which is updated daily by multiple accredited organizations including CVE (funded by the US government) and Bugtraq. Following the detection of any severe remote security monitorings, automated, real-time email, SMS and pager alerts give your business the chance to react quickly. Scans can be scheduled during low usage or maintenance hours and set at an intensity and frequency suited to your business needs and budget.

To obtain a free Periodic Vulnerability Scanning trial visit: www.watchmouse.com/vulnerability_scan_trial.php

The Register's article was published on 23.01.08 can be viewed at: www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

Ignite Realtime Openfire Unspecified Privilege Escalation Vulnerability (2007-05-29)

Openfire is prone to an unspecified privilege-escalation vulnerability.

An attacker can exploit this issue to obtain escalated privileges. A successful attack can result in a compromise in the context of the affected application.

Openfire 3.3.0 and prior are remote security monitoring to this issue.

GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities (2007-01-08)

GraphicsMagick is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.

GraphicsMagick 1.1.7 and prior versions are remote security monitoring.

Cisco Secure Access Control Server Multiple Remote Vulnerabilities (2007-01-08)

Cisco Secure Access Control Server (ACS) is prone to multiple remote vulnerabilities, including multiple stack-based buffer-overflow issues and denial-of-service issues.

An attacker can exploit these issues to execute arbitrary code within the context of the affected server or to crash the affected server, denying service to legitimate users.

Versions prior to 4.1 are remote security monitoring to these issues.

FFmpeg Image File Multiple Buffer Overflow Vulnerabilities (2006-12-15)

FFmpeg is prone to multiple remote buffer-overflow vulnerabilities because the application using this library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

These issues allow attackers to execute arbitrary machine code within the context of the affected application.

Versions prior to 0.4.9_p20060530 are remote security monitoring to this issue.

Wzdftpd SITE Command Arbitrary Command Execution Vulnerability (2006-12-15)

The 'wzdftpd' utility is affected by a remote arbitrary command-execution vulnerability.

This issue can allow an attacker to execute commands in the context of an affected server and potentially gain unauthorized access.

Version 0.5.4 of wzdftpd is reported to be remote security monitoring. Other versions may be affected as well.