Content: all pages

The first complete solution against threats from the web

Detection-based approaches are problematic, especially in the case of browser security. That is no secret. The varieties of known and unknown attack patterns are simple too many. Constant patching is not possible. And even if it was, there are no patches for unknown attacks. Immunization is a much more powerful concept.

Cyberwall offers the first complete solution against threats from the web. By transparently shielding web sessions, Cyberwall effectively protects enterprise networks against various attacks through web browsers. The solution also secures organizations online privacy.

Instead of filtering and blocking potentially harmful websites Cyberwall secures endpoints by isolating complete browser sessions in secure, virtual sandboxes at isolated servers. Don't let your browser connect the web directly, surf indirectly via this platform.


Problems eliminated by the Cyberwall isolation service


Hackers use compromised websites as a means to distribute Malware. When visiting a website, unintended downloads may happen automatically without the person's knowledge. Just by loading a single infected webpage of an (often otherwise legitimate) website, viruses can be downloaded without any other user interaction. Such downloads often go undetected, since the malicious code is hidden between complex client-side source code of the web page. There are numerous methods, often used in combination, to place malicious code at legitimate websites. Please refer to our "OWASP Top-10 Coverage" for further information. With Cyberwall, users are protected from drive-by downloads. No matter if the visited website contains malicious code or nor - it will not reach the client, since any client-side code is only executed at our remote servers, which in turn deliver only safe, simple code to endpoints. 


The term "Water Hole Attack" refers to targeted attacks against organizations or businesses. Step 1: Attackers will gather information about websites frequently used by organization members of employees. This can be for example specific websites about technologies which the target is working with or scientific journals. To identify such websites, attackers may use web tracking techniques or other sources of information such as social networks, where employees might share websites they recently visited. Step 2: Once potentially interesting websites are identified, malicious code will be placed at these websites. Step 3: When targeted victims visit the compromised site, the exploit takes advantage of software vulnerabilities, either known or unknown, to drop Malware at the endpoint. The Malware may be in different forms. An example are Remote Access Trojans (RAT), which allow hackers to access sensitive data and take control of the vulnerable system. Known targets of such attacks include businesses (SMEs as well as corporations), Human Rights Groups and Government Bodies.


Ransomware refers to a type of Virus or Malware, which has appeared rather frequently in the headlines over the past years: e.g. "Hospital held for ransom". The virus will encrypt files at the endpoints it has infected. These files will be lost for the victim, unless ransom is paid to the attackers, often in the form of bitcoins so no traces can be found. If ransom is paid, victims receive a key to decrypt the files and thus safe them. Ransomware comes in various forms and uses ever new techniques. Most often, the file encryption by Ransomware can't be cracked, although various firms have put significant efforts into the development of decryption tools. The distribution of Ransomware generally utilizes the same paths like other viruses: drive-by-downloads via compromised websites (actual ransomware usually loaded onto the victim device in a second step), manipulated download files at websites and malicious email attachments.


When visiting legitimate websites, such as well-known news portals, one doesn't think about Malware. Most of us know, that clicking on suspicious links might lead to a Malware infection. But not only suspicious websites are used by hackers to place Malware at visiting devices. Hackers also distribute Malware via legitimate websites. A more and more common means to do so are advertising networks. Websites have basically no way to check, what kind of ads the ad networks implemented in their web page deliver. Ads are realized with complex scripts, including lots of active components - plenty of space for hackers to hide malicious code. The result? The New York Times, 20min.ch, the London Stock Exchange, AOL, Yahoo, Spotify, The Onion, the BBC and the Weather Network have all spread Malware, to name just a few. Often, it takes hours or even days, before somebody realizes that there is malicious code in some ads - enough time to infect millions of users.


Defence mechanisms traditionally rely heavily on detection. If a virus is known, it can be identified. Also, potentially malicious elements in software can be detected. The piece of Malware as a whole might be unknown, but it can still be stopped if certain elements of it are known. Hackers increasingly use encryption to hide their code and leave defence in the dark. Since the malicious code is encrypted it can't be searched for with normal methods. In inactive mode it can hardly be detected. It has to be detected with combining methods catching it in action. Recently, security researchers identified an encrypted Malware, which has been around and active for over five years. 


Exploit kits are software kits developed to discover vulnerabilities in client devices and using them to upload Malware to the victim devices. Exploit kits usually run at servers. They are design for simple usage, allowing a wider group of malicious actors, such as less skilled wanna-be hackers to comparably carry out complex attacks. Some of the more well-known exploit kits are Angler, Neutrino or Magnitude. The authors and their contributors of such kits constantly extend the kit, allowing a wider group of attackers to easily exploitation the latest vulnerabilities in a highly effective way. Another particular strength of exploit kits is that they are able to choose from a wide variety of exploits and select the ideal exploit for a specific vulnerability identified in a victim's device. Also, they are typically able to upload and execute Malware silently via drive-by download. More sophisticated exploit kits are sold in cybercriminal circles, others are available for free. Highly sophisticated hacker groups, such as groups funded by nation states or intelligence services, develop and use their own exploit kits.


Zero-day Malware doesn't describe a specific type of Malware, but means Malware which exploits vulnerabilities in software (such as browsers) so far unknown to IT security. Every year, there are about 1.000 new exploitable vulnerabilities found in browsers alone. Of course, scientists focused on IT security are working on finding such vulnerabilities and companies reward people, who help them find weaknesses in their software. However, being the first to identify new ways to attack software can be very profitable for hackers, since unknown vulnerabilities can often be used to circumvent security mechanisms. Zero-day Malware is a key problem for IT security. It is very hard to detect even with the latest defence systems, since the defence doesn't know what to look for. The term "Zero-day" acknowledges the core problem: Because Zero-day vulnerabilities are not publicly reported or announced before becoming active, the software's authors or security specialists are left with zero days to create patches, update defence mechanisms or advise other ways to mitigate the threat.

Cyberwall offers numerous advantages




Cyberwall renders all web traffic outside of the corporate firewall. Potential malware contained in website content can't pass the Cyberwall and will not even get close to existing firewalls or other security infrastructure. Cyberwall is integrated as another part of existing proxy cascades and usually has no interference with other elements of the security infrastructure.



Cyberwall can be integrated with existing security architectures and combined with up- or downstream proxies. Traffic can be forwarded using HTTP-redirects, proxy configuration (PAC) or by URL-rewrites happening in existing web security gateways or web security services. It is the first complete installation-free web security solution which can be activated by just changing a link.



All you need to do is to change your default search provider to Cyberwall or set-up Cyberwall as an (additional) proxy server. After that, web sessions will be executed remotely on Cyberwall. The Cyberwall thin-client is executed automatically. Usability of websites and therefore productivity of web usage stays unaffected since users simply keep using the browser they are already used to.


The solution is virtually transparent to end users, meaning the user experience is unchanged. Depending on the configuration, parts of the platform can be made visible to provide a better feeling of security and privacy to the users. There is no training required, since users don't need to change the way they are using the browsers. Websites work as usual, browser functionalities are preserved.


In comparison to other security solutions, Cyberwall runs on any infrastrucutre or cloud and doesn't require special hardware. A key cost advantage: The platform is a stand-alone solution, i.e. it does not require additional systems as support or environment. It simply seals the browser. Also, Cyberwall does not need much ongoing maintenance, monitoring or chasing False Positives. It is designed to work quietly and reduce workload for IT departments.


Top-5 browsers supported on desktop and mobile devices.



Unlike Terminal Server based solutions, you won't be needing any additional software. Our technology allows to do this directly inside web browsers you are already used to. A JavaScript thin-clients is used to connect to the remote browsing engine.


Set Cyberwall as your homepage, proxy server or default search provider and protect your web sessions on the fly. You just use the browser you are most comfortable with. Due to our innovative caching algorithms, web sessions are actually accelerated.


No additional software is required on your client computers. Just set Cyberwall as your homepage or proxy server and get protected on the fly. No additional configuration is necessary, Cyberwall works on 100% of web technologies.