Impact of the Alexa ranking service shutdown on the cybersecurity industry
Amazon shut down Alexa.com. Although it may not be immediately obvious, the decision to remove the popular web traffic analysis and website ranking service has some impact on the cybersecurity industry.
When accessing alexa.com, users are now greeted with an end-of-service notice stating that the site was retired on May 1, 2022.
Alexa was founded in 1996 and was acquired by Amazon in 1999. Amazon announced its decision to retire the service in December 2021. The Alexa Top Sites and Web Information Service APIs will be retired on December 15, 2022. Amazon didn’t share any details about why it shut down Alexa, only saying it was a “tough decision.”
One of the most popular Alexa services was “Top Sites”, which provided free listings of websites ranked by Alexa traffic ranking.
The Alexa Top 1 Million list has been used by many in the cybersecurity industry, including to analyze the security practices and posture of the world’s most popular websites, and to create lists of trusted sites.
DomainTools, a company that provides insights based on domain and DNS data, provided a website’s Alexa rating to customers in an effort to help them determine whether a certain site should be blocked.
The logic is that if a domain ranks high on Alexa’s list, it’s probably popular, and blocking that domain for users within an organization could cause problems.
DomainTools said in late April that it would be generate your own listand the company concluded that the best approach would be to combine four types of data: domains requested by users in their browser, domains requested by a user’s system in DNS (this is tracked by Cisco Umbrella), requested domains across an organization’s DNS (this is tracked by Farsight Security, which DomainTools acquired), and tagged domains by their connections to each other.
This data will be collected from Cisco Umbrella, Farsight, Netcraft (top 100 data collected by its browser plugin), and majestic millionwhich provides a free list of the 1 million most popular websites based on the number of referring subnets.
The data will be combined into a single list using an average methodology named Trancothat a team of researchers from European universities KU Leuven, Delft University of Technology and Grenoble Alpes University described in 2019.
Victor Le Pochat of the imec-DistriNet research group at KU Leuven, one of the researchers involved in the Tranco project, said safety week that in the short term, security teams will need to identify all dependencies on the Alexa list. Some processes might crash due to their inability to retrieve the list.
“In the longer term,” Le Pochat explained, “these researchers should determine for what purposes they are using popularity rankings and whether they fully understand the implications. For example, we showed in our 2019 paper that such rankings contain known malicious domains. This is not surprising – if a malicious campaign is widespread, any domain name it misuses becomes technically “popular”.
“One way to cope is to demand popularity over a longer period of time and across views. We’ve incorporated this idea into our search-driven approach Tranco Rankingwhere we aggregate over 30 days and multiple source lists,” the researcher added.
Andrew Hay, COO at LARES Consulting and former director of research at OpenDNS, believes that the biggest impact of the Alexa shutdown will be “on the algorithms that security vendors leverage to provide analytics, blocklists, and basic heuristics to their respective clients”.
“Many vendors use Alexa rankings to benchmark traffic typical of certain types of websites (eg, online retailers, news sites, entertainment venues, etc.). This profiling data may then be associated with “similar” websites to determine its validity or effectiveness for the Providers’ customers. The loss of the Alexa repository will have security vendors scrambling to find a new external source of traffic data – a potential monetization opportunity for large ISPs,” Hay explained.
Examples of Alexa alternatives Hay mentioned include Semrush, Ahrefs, Moz and Serpstat, but he noted that the majority of them come with a monthly subscription.
John Bambenek, principal threat hunter at Netenrich, a California-based IT operations and digital security firm, described Alexa Top Million as an “imperfect whitelist for machine learning and other automated systems to prevent site blocking.” legitimate websites”.
“Cisco Umbrella, Majestic, and Tranco are alternatives, however, each of the above exposes one of the problems we have in cybersecurity machine learning in that we just don’t have good data The few sources we have, although imperfect approximations, are probably not long for this world,” Bambenek said. safety week.
Related: Does the “Great Resignation” Impact Cybersecurity?
Related: The impact of the pandemic on the current approach to cybersecurity