Banff Cyber / WebOrion™ Defacement Monitor


Why WebOrion™ Defacement Monitor?


Proactive 24×7 remote monitoring

Web attacks can happen anytime – in the daytime or at night.

Our WM will proactively poll your webpage round the clock to give you greater assurance that you website’s integrity and reputation is intact in front of your customers and partners.


Early detection of any defacement or unauthorized changes

In the event of any web defacement or unauthorized changes (eg. malicious injection), our WM will alert you early via email and sms.

This allows you to activate your webpage recovery mechanism to preserve the reputation of your website.


Protection against Brand Damage

In this internet era, your webpage is an important online representation of your brand and reputation.

Using our WM system, you will help to protect your organization against brand damage and reputation loss through early detection of any web defacements.


Our WM service has many advanced and patent pending features to provide the most powerful and granular options for dynamic websites. There is no software or hardware installation and all that is required is the URL of your website and the contact personnel.

Content Analytics Engine

The webpage is analyzed and base-lined for its contents including the HTML title, number of links, images, scripts, style sheets, etc. Subsequent checks will be compared with the baseline and the results fed into an advanced decision making algorithm to determine if the webpage has been modified.

Advanced Integrity Engine

After the content analysis, the various components of the webpage are then automatically put through a hashing and verification process. The results of the verification process are then fed into an advanced decision making algorithm to determine if the webpage has been modified.

Image Analytics Engine

Webpage is rendered into an image and base-lined. Subsequent rendering of the same webpage is then compared with the baseline for deviation. Our patent pending technology allows users to choose only selected regions instead of the entire webpage for detailed image analysis.

Agentless Solution

There is no need for installation of any software agent in your web server or hardware appliance in your network. Thus, our WM service can support websites that are hosted anywhere. All that is needed is for the website’s URL to be publicly accessible.

Intelligent Baselining

Our WM service will capture the initial baseline of your website. We use an intelligent baselining module that will automatically poll your URL multiple times to analyze the HTML content and to identify the static and dynamic parts of the URL.

Proactive alerts and notifications

Once a change has been detected, our WM will automatically and immediately send an email and/or SMS alerts to the required website contacts. The email will also contain information on the changes detected for easy troubleshooting and investigation.

WebOrion™ Defacement Monitor

In our Saas edition, the subscriber first needs to login to the Self Service Portal to configure your URLs to be monitored. This includes going through an intelligent baselining process to determine the right parameters and thresholds to be set for href links, javascripts, cascading style sheets, iFrames, etc. Alternatively, you can also choose to use our patent pending image analytics engine to graphically select sub-regions of your website to be monitored. Once the baseline is confirmed, the information will be stored in our database for future reference.Our WebOrion Defacement Monitor(WM) system will then remotely poll the monitored URL at a regular polling interval. Our system simulates a client browser accessing your company’s webpage via HTTP or HTTPS. We will download the HTML contents of your public URL into our WM system for detailed content analysis. Upon detection of any unauthorized changes to the URL, our WM system will automatically send an email or SMS alert to your specified contact personnel.

Download PDF

WebOrion™ Defacement Monitor Deployment Models

Our WebOrion Defacement Monitor is available in multiple deployment options to meet Enterprise customer needs. This includes Enterprise SaaS, On-Premise physical and virtual appliances.

Enterprise SaaS

For Enterprise SaaS, our advanced technology provides Per URL(webpage) or Per Domain monitoring. Per URL monitoring provides high fidelity monitoring of each webpage based on 2 or 3 of our analytic engines. Per Domain monitoring uses our own in-house heuristics to crawl through the website and to identify the relevant webpages to be monitored. The most important webpages(about 2%) are committed to high fidelity monitoring while the rest of the webpages are placed in the variable monitoring mode.

WebOrion™ Defacement Monitor (Per URL)

Enterprise SaaS Advanced Enterprise SaaS Lite
Content Analytic Engines Yes Yes
Integrity Analytic Engines Yes Yes
Image Analytic Engine Yes No
Polling Interval 5 mins (Gold)
15 mins (Silver)
60 mins (Bronze)
5 mins (Gold)
15 mins (Silver)
60 mins (Bronze)
Best For… Enterprise customers who want the full
featured monitoring with all three analytic engines.
Budget conscious enterprise
customers with less dynamic websites


WebOrion™ Defacement Monitor (Per Domain Based on Enterprise SaaS Lite)

Small Medium Large
Domain Size For websites
up to 500 URLs
For websites
up to 1000 URLs
For websites
up to 2000 URLS
Committed Monitoring First 10 URLs
monitored every 5 mins
First 20 URLs
monitored every 5 mins
First 40 URLs
monitored every 5 mins
Variable Monitoring Remaining URLs monitored in
batches of 50 URLs every 5 mins
Remaining URLs monitored in
batches of 100 URLs every 5 mins
Remaining URLs monitored in
batches of 200 URLs every 5 mins
Enterprise On-Premise Appliance

Physical Appliance

WM-ASV-100 WM-ASV-500 WM-ASV-1000
Max No. of URLs 500 1000 2000
Form Factor 1RU 1RU 2RU
Enclosure Fits 19-inch rack Fits 19-inch rack Fits 19-inch rack
Power Supplies 495W (1+1 hot swap) 750W (1+1 hot swap) 1100W (1+1 hot swap)
Max Weight (kg) 19.8 kg 19.8 kg 32.5 kg
Size (WxDxH) 48.2cm x 78.5cm x 4.28cm 48.2cm x 78.5cm x 4.28cm 48.2cm x 75.5cm x 8.73cm
Network Ports 4 x 10/100/1000BT 6 x 10/100/1000BT 8 x 10/100/1000BT
Notification Support Syslog, SNMP Traps, Email, SMS(gateway needed) Syslog, SNMP Traps, Email, SMS(gateway needed) Syslog, SNMP Traps, Email, SMS(gateway needed)

Virtual Appliance

WM-VX-100 WM-VX-500 WM-VX-1000
Max No. of URLs 500 1000 2000
Hypervisor &
Cloud Support
VMWare, Microsoft HyperV,
Amazon AMI and Azure
VMWare, Microsoft HyperV,
Amazon AMI and Azure
VMWare, Microsoft HyperV,
Amazon AMI and Azure
vCPU support
2/4 4/8 6/16
4GB/16GB 6GB/32GB 8GB/64GB
50GB/2TB 100GB/2TB 200GB/4TB
Network Interface
2/10 2/10 2/10

Frequently Asked Questions

1. What is the WebOrion™ Defacement Monitor (WM)?

WM is a solution specially developed by Banff Cyber to help website owners proactively monitor their websites and detect any defacement or unauthorized changes.

2. Why do we need WebOrion™ Defacement Monitor (WM)?

Websites today represent the reputation and branding of many companies. Unfortunately, cyber attacks on websites are on the rise. Full defacements or even partial defacement using malicious javascripts, iframes, style sheets, can affect the reputation of companies. Some of these partial defacements cannot be detected by the human eyes. As such, proactive website monitoring using our WM is highly recommended for all reputable websites.

3. Do I need to install anything on my website/servers or network?

No. There is no need for any software or hardware installation for our SaaS model. All we need is to configure the URL to be monitored into our system and our WM will then automatically poll your website at a regular polling interval.

4. My website is hosted with an Internet Service Provider. Does WM work with virtually hosted or shared hosted websites?

Yes. Since there is no need for any software or hardware installation for our SaaS model, our WM can poll any website as long as the URL is accessible to our system.

5. How does it work?

WM uses a combination of three advance analytic engines to ensure the highest level of proactive detection namely
i. Content analytics
ii. Advanced integrity analytics
iii. One-of-a-kind image analytics

6. How frequent is the polling of the website?

The polling frequency is depending on the subscription package and can be set in the self-service portal. For eg. the polling frequency for silver is 15mins and the URLs can be configured to be polled at 15mins interval, 30mins interval or 60mins interval depending on requirements.

7. My website has a lot of dynamic content and is frequently changing. Can WM monitor this kind of website?

Yes, our solution is designed to minimize false alarms from dynamically changing websites using our industry leading Content Analytics, Advanced Integrity and Image Analytics engines.

8. Does this mean that my website would not be hacked?

The WM does not guarantee that your website would not be hacked. It serves as an alert system to notify you that they have been compromised so that you could take swift incident handling actions.

9. Does WM protect my website from being hacked?

WM is primarily a monitoring system. Banff Cyber provides professional services to secure and scan your websites for vulnerabilities. Please contact for more information

10. What happens after an abnormality is detected?

When the WM detects abnormality during its routine polling of your website, you will receive an email and SMS* of the incident after which you can take steps to correct the problem.

There is also a self-service portal which you can login to view detailed information of the incident.
*Subjected to packages choice and SMS credit availability.

11. Do you help to restore my website after it is being compromised?

Banff Cyber provides professional services to help you design a workflow to efficiently restore your website after any compromise has been detected. Please contact

12. How long does it take to detect and inform of any abnormality?

The WM runs regular polling of your website based on the subscribed package. Upon detection of any abnormality, our system will immediately send an email and SMS* to your designated contacts.
*Subjected to package subscription.

13. How do I know that my website is monitored?

You can login the self-service portal to check on the status of your webpage(s).

14. Can I deploy the WM inside my company network?

Yes, we offer both the appliance and service provider models to cater to companies with specific needs.

15. I run a small personal website, can you monitor my site?

Yes, our solutions are open to all website owners.

16. What kind of support are available?

We offer both email and phone* support depending on your subscription package. You can email for all customer related issues.

17. How much does it cost?

Please refer to the pricing tab for full pricing details.

18. Do we have to pay tax?

We are a Singapore GST registered company; thus all services provided are subjected to prevailing government tax.

19. What forms of payment do you accept?

Currently, we only accept orders through Purchase Order(PO) via quotation. However, we are looking into more payment methods in the future.

20. Discounts for bulk purchase/lump sum payment?

We have bulk discounts for >50 URLs. Please send an email request to

21. Could we have a trial account for the WM service?

For trial account, please send an email request to

22. What is the recommended system requirements to use the WM self-service portal?

To ensure proper functionality in our self service portal, we recommend the usage of the following systems:

Operating System: Windows XP with Service Pack 3 and above
Browser: Most modern updated browsers (eg. internet explorer, firefox, google chrome and safari)

23. Can I stop monitoring my website during my website scheduled maintenance?

You can proceed to the self-service portal and use the blackout period option to pause the monitoring process. Do remember to re-baseline the site once you are done.

24. Does WM support content management systems (CMS) such as wordpress?

Yes, the WM works with dynamic CMS systems as well.

25. What if I want to terminate my WM subscription service?

You may terminate your subscription by giving us at least 14 days’ prior notice in writing.

If you terminate your subscription, we will refund to you any subscription fees which you may have paid in advance, pro-rated according to any remaining period of the subscription term rounded down to the nearest number of months.

An administrative fee of $150 is applicable, and shall be deducted from the amounts refundable to you under this clause.