Some deeper insights into the Cyberwall technology
Web applications contain a fundamental, to date not causally solved security problem
Major risk factors for Web Applications
Targeted, professional attacks
Professional attackers with wide know-how and massive resources pose a major risk today. Such attackers are often financed by foreign governments, organized data brokers or competitors. Their possibilities are thus far-reaching. They buy and collect specific information about the systems and users of their targets. Based on that, tailor-made tools and approaches are design for the respective attack. Common Web Application Firewalls, isolation through sand-boxing or malware detection constitute no insuperable hurdle for them. Tailor-made attacks often use vulnerabilities unknown to the respective security architecture and therefore remain undetected.
Outdated, legacy web applications
Especially in larger organisations, great numbers of web applications are in service. Customers, employees, suppliers and other third parties are provided with access to web portals via the browser and thus to critical data. Third party software as well as own applications often contain significant vulnerabilities, originating from the front end. In particular, older and less frequented applications are often targeted because they can in many cases be compromised by simple, automated means. This is a common first step for attackers, enabling them to infiltrate further parts of the application or the organizational network subsequently.
Faulty server configuration
Websites can‘t be protected easily, because there is a virtually infinite number of ways to attack them
Modern Web Applications consist of many attackable resources
There are very many ways to attack each resource or server
Attackers can easily analyze website code and other page resources
Cyberwall solves the fundamental problem of website security, users interact with a virtual stream of an application
The Cyberwall approach represents
a completely new class of web security
New protection for web applications through Application Streaming
Cyberwall separates user and web application through application streaming
Logic separation of execution and displaying
High-performance Application Streaming
Cyberwall selected security features
- IT operations minimally impacted
Cyberwall produces no False Positives, thus no analysis thereof is required. Also, Cyberwall supports even complex applications without adjustments to the application itself. Therefore, the protected applications can as well be changed over time without the need of adjustments to Cyberwall. Cyberwall works fully transparent to users, and mainly silent for system administrators.
- Immediate protection without patching
Want to secure applications as soon as possible? Lacking the resources to fix critical vulnerabilities in productive applications? Or does the provider of legacy software simply not support your needs fast enough? Cyberwall can help. It simply puts most vulnerabilities out of the reach of potential attackers - and silently supports even complex and or older applications.
- Fast deployment for faster time to value
Cyberwall can be deployed fast, whether it is on premise, via our SaaS offering or as hybrid model. You chose the speed. The roll-out can be undertaken step-by-step, ramping up traffic secured via the cyberwall gateway over time. Additional web applications used throughout your network can be added to the Cyberwall-protection over time and seemlessly. Depending on the requirements, we are supported by local partners to deliver larger deployments.
- Full SSL encryption integrated
Encrypts all communication between users and all applications behind Cyberwall without any changes to the protected applications. Also, if numerous third party data source which not all support SSL are integrated in an application - Cyberwall will SSL-encrypt the communication between user browsers and all integrated third parties and end-points.
- VPN tunneling can be replaced
If certain user groups need to connect to web applications securely, Cyberwall can replace VPN tunneling. Whether users have to connect from home offices, other external locations, or from internal to isolated networks - Cyberwall can be the intermediare ensuring a secured connection without the need to install, configure and maintain software on the connecting client devices.
- Full end-to-end traffic encryption
Cyberwall supports local encryption of data before it is stored in online services such as SaaS offerings, e.g. a web-based sales tool. Form-fields inputs such as credentials, e.g. name and contact details of customers can be encrypted before they leave the users' devices. Within the databases of the online service provider, they are not decrypted. When the user retrieves data, it will be decrypted at the user device. Cyberwall can support this feature with limited adjustments for a wide variety of SaaS services.
- Data Leackage Prevention (DLP)
Cyberwall identifiies sensitive data directly right before passing it on to the enduser devices for display, i.e. Cyberwall can block the display of sensitive data. Also, forbidden export of data, (e.g. xls, csv, pdf) will controlled by Cyberwall. Role based adjustments are possible.
- Support of all common browsers, mobile & desktop
The technology supports all common, modern web browsers (e.g. Chrome 24+ , Firefox 28+, IE 10+, Safari 6+) on desktops as well as mobile user devices. Cyberwall supports even complex, dynamic web applications and will be fully transparent to users - unless they are trying to analyse the applications source code.
- No adjustment of WAF rules required
Cyberwall provides protection which doesn't depend on rules. Thus the adjustment of complex security rules, as needed by widely used security solutions is not necessary. Even if you are operating WAF-like services, Cyberwall can complement these making constant updating of security-rules less critical. Cyberwall greatly reduces the complexity of security contexts.
- Significant cost benefits and minimal upfront investment
In comparison to complex detection engines, loaded with rules, requiring constant maintenance to be reasonably secure, Cyberwall is a leightweight solution. It takes out the complexity of threat landscapes, saving security teams valuable time and resources.
- Implementing Cyberwall can be done fast and without much effort in most cases and setups.
- Handling during operations requires hardly any human attention over extended periods.
- There are no specific appliances and related upfront investments required.
Cyberwall can easily be implemented and activated for lab testing and demo environments of a specific application. It is not necessary to set up complex rules, systems or adjustments to the application. Development and security teams, as well as business management can test Cyberwall and convince themselves of the correct, perfectly normal functionality of the respective application behind Cyberwall - before transition to productivity. The step from testing environments to productivity is simple as well: mere DNS configurations are necessary to route live traffic via Cyberwall.
- Seamless transition from test to production environments
- Reduced consumed bandwidth & traffic compression
Depending on web application and content, Cyberwall reduces the consumed bandwith by about 40%. Also, Cyberwall delivers web applications as single source to the enduser. This can result in an acceleration of the web app.
- Backdoor-free, made in Switzerland/Germany
Protected by the mighty peaks of the Swiss Alps as well as the traditionally rather strong privacy regulations of Switzerland, we developed Cyberwall with love and passion for high security, personal freedom and privacy. We keep our software strictly backdoor-free and strive to select only backdoor-free third party products and services throughout all operations of our firm.
- Data handling and hosting in compliance with EU regulations
All data handled at your own datacenters or in high-quality datacenters of our Swiss/German hosting partners (as required). All data handeled in accordance with European laws regulating data storage and handling.