Loading...
Content: all pages

The Cyberwall approach represents
a completely new class of web security

With Cyberwall, websites can't be attacked directly - end-users can only interact with an HTML5 stream.
The Cyberwall between web application and end-user renders the entire website in a dedicated browsing engine. JavaScript code, REST endpoints, back-end and application servers remain completely invisible to the end-user in this setup.

 

Cyberwall, the innovative solution for application virtualization, consists of two main elements: (1) a browsing engine and (2) a virtual HTML5-client implemented with JavaScript. The protection provided by Cyberwall evolves from the fact, that the actual code of the web application is not executed at the end-user browser. Instead of a complete website only a virtual HTML5-client of the Cyberwall is executed. The virtual client processes an HTML5-stream, which the end-user browser receives, and displays the web application securely to the end-user - including all dynamic elements and functionalities. Due to this architecture, the user browser can’t interact directly with the web application any longer.

 

In contrast to a potentially malicious user browser, the virtual Cyberwall client’s communication capabilities are highly restricted. It can process mouse movements and keyboard entries only and doesn’t allow inspection of HTML5 code and or direct communication with the application. The browsing engine executes these user actions on behalf of the user and is the sole element which is allowed to communicate with the application server.
 
Consequently, the web application becomes «untouchable» for virtually all web-based attacks. The Cyberwall approach represents a completely new class of web security. Unlike other approaches, Cyberwall doesn’t depend on White-/ Blacklisting or the identification of known attack patterns. Cyberwall simply prevents potential hackers from analysing and interacting with critical web applications.

Websites can‘t be protected easily, because there is a virtually infinite number of ways to attack them

 

Alt

Problem 1: Websites consist of many attackable resources

In addition, attackers and normal users alike can easily analyse website code and other page resources

Problem 2: Very many ways to attack each resource or server

Web servers and browsers have to communicate in an open language (protocol) which leads to a very large attack surface (HTTP/S)

Cyberwall fixes this fundamental problem of website security

 

Alt

Fix 1: Client-code executed in a trusted container incl. Scripts

The complete application incl. all Scripts and even third party resources are securely rendered in a container on the Cyberwall server

Fix 2: No connection between attacker and website possible

Cyberwall forwards only basic keyboard and mouse events from users to the original application. Virtually no hacking attempts can reach actual website or application servers

New protection for web applications through Application Streaming

Cyberwall separates user and web application through application streaming.

User and potential attackers likewise can only interact with a stream of the website (right-hand side). The result is highly secure protection for web applications (left) against known and unknown attack vectors.
Alt

Logic separation of execution and displaying

The Cyberwall architecture separates the execution of HTML5 code and the displaying of the protected web application. The complete web application is executed in a secure environment - the Cyberwall browsing engine - including all dynamic elements (JavaScript). For displaying, the pre-rendered code is then streamed in real-time to the Cyberwall-HTML5-client - which is executed at the user browser. The virtual Cyberwall client is the only HTML5 code which is sent to the user browser and executed.

High-performance Application Streaming

The major security advantages of a completely remote execution architecture are significant (isolation by design). However, until now such solutions were not possible without declines in performance and usability. Thanks to a new, proprietary streaming protocol, for the first time, client-side code can be executed remotely, i.e. logically isolated from the user browser, without any noticeable reduction of performance and usability. Our innovative protocol is not based on image or video streaming. It allows for simple and fast application streaming. Pre-rendered code, which is only relevant for displaying, is streamed to the end-user to be displayed securely within the Cyberwall client. All content is delivered by a secured appliance, the Cyberwall server. The user can't see the actual web application and its source code. Thus, there is no way for attackers to analyse the source code or the servers addressed by the web application for vulnerabilities.

Cyberwall selected security features

IT operations minimally impacted

Cyberwall produces no False Positives, thus no analysis thereof is required. Also, Cyberwall supports even complex applications without adjustments to the application itself. Therefore, the protected applications can as well be changed over time without the need of adjustments to Cyberwall. Cyberwall works fully transparent to users, and mainly silent for system administrators.

Immediate protection without patching

Want to secure applications as soon as possible? Lacking the resources to fix critical vulnerabilities in productive applications? Or does the provider of legacy software simply not support your needs fast enough? Cyberwall can help. It simply puts most vulnerabilities out of the reach of potential attackers - and silently supports even complex and or older applications.

Fast deployment for faster time to value

Cyberwall can be deployed fast, whether it is on premise, via our SaaS offering or as hybrid model. You chose the speed. The roll-out can be undertaken step-by-step, ramping up traffic secured via the cyberwall gateway over time. Additional web applications used throughout your network can be added to the Cyberwall-protection over time and seemlessly. Depending on the requirements, we are supported by local partners to deliver larger deployments.

 

Full SSL encryption integrated

Encrypts all communication between users and all applications behind Cyberwall without any changes to the protected applications. Also, if numerous third party data source which not all support SSL are integrated in an application - Cyberwall will SSL-encrypt the communication between user browsers and all integrated third parties and end-points.

VPN tunneling can be replaced

If certain user groups need to connect to web applications securely, Cyberwall can replace VPN tunneling. Whether users have to connect from home offices, other external locations, or from internal to isolated networks - Cyberwall can be the intermediare ensuring a secured connection without the need to install, configure and maintain software on the connecting client devices. 

Full end-to-end traffic encryption

Cyberwall supports local encryption of data before it is stored in online services such as SaaS offerings, e.g. a web-based sales tool. Form-fields inputs such as credentials, e.g. name and contact details of customers can be encrypted before they leave the users' devices. Within the databases of the online service provider, they are not decrypted. When the user retrieves data, it will be decrypted at the user device. Cyberwall can support this feature with limited adjustments for a wide variety of SaaS services.

Data Leackage Prevention (DLP)

Cyberwall identifiies sensitive data directly right before passing it on to the enduser devices for display, i.e. Cyberwall can block the display of sensitive data. Also, forbidden export of data, (e.g. xls, csv, pdf) will controlled by Cyberwall. Role based adjustments are possible.

Support of all common browsers, mobile & desktop

The technology supports all common, modern web browsers (e.g. Chrome 24+ , Firefox 28+, IE 10+, Safari 6+) on desktops as well as mobile user devices. Cyberwall supports even complex, dynamic web applications and will be fully transparent to users - unless they are trying to analyse the applications source code, that is.

No adjustment of WAF rules required

Cyberwall provides protection which doesn't depend on rules. Thus the adjustment of complex security rules, as needed by widely used security solutions is not necessary. Even if you are operating WAF-like services, Cyberwall can complement these making constant updating of security-rules less critical. Cyberwall greatly reduces the complexity of security contexts.

Significant cost benefits and minimal upfront investment

In comparison to complex detection engines, loaded with rules, requiring constant maintenance to be reasonably secure, Cyberwall is a leightweight solution. It takes out the complexity of threat landscapes, saving security teams valuable time and resources.

  1. Implementing Cyberwall can be done fast and without much effort in most cases and setups.
  2. Handling during operations requires hardly any human attention over extended periods.
  3. There are no specific appliances and related upfront investments required.
Seamless transition from test to production environments

Cyberwall can easily be implemented and activated for lab testing and demo environments of a specific application. It is not necessary to set up complex rules, systems or adjustments to the application. Development and security teams, as well as business management can test Cyberwall and convince themselves of the correct, perfectly normal functionality of the respective application behind Cyberwall - before transition to productivity. The step from testing environments to productivity is simple as well: mere DNS configurations are necessary to route live traffic via Cyberwall.

Reduced consumed bandwidth & traffic compression

Depending on web application and content, Cyberwall reduces the consumed bandwith by about 40%. Also, Cyberwall delivers web applications as single source to the enduser. This can result in an acceleration of the web app.

Backdoor-free, made in Switzerland/Germany

Protected by the mighty peaks of the Swiss Alps as well as the traditionally rather strong privacy regulations of Switzerland, we developed Cyberwall with love and passion for high security, personal freedom and privacy. We keep our software strictly backdoor-free and strive to select only backdoor-free third party products and services throughout all operations of our firm.

Data handling and hosting in compliance with EU regulations

All data handled at your own datacenters or in high-quality datacenters of our Swiss/German hosting partners (as required). All data handeled in accordance with European laws regulating data storage and handling.