Cloud-DMZ™ Web Security and DDoS Protection

icon-edisonbulb

Intelligently Simple Web Security

Trusted Knight’s Cloud-DMZ provides enterprise-grade web application security and DDoS protection by actively scanning the application, understanding its functionality and serving a secure, cloud-based replica.

Cloud-DMZ eliminates website and application vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, Remote File Inclusion and the OWASP Top-10. It prevents attackers from gaining unauthorized access to web systems, compromising sensitive data and defacing websites while minimizing the organizations dependency on secure development and 3rd party patches.

The Cloud-DMZ Approach

Cloud-DMZ is an advanced alternative to a conventional WAF, which addresses the critical WAF deficiencies by using active learning, active content serving and cloud replication. As a result, it dramatically reduces false positives and false negatives, shortens deployment time to hours and eliminates operational complexity.

How it works 

Eliminating DDOS and Vulnerabilities

Cloud-DMZ actively scans your application, learns its functionality and protects by understanding the context of each incoming request. As a result, it can accurately tell apart legitimate traffic from malicious traffic and will not block legitimate users. By replicating web application components to the cloud, Cloud-DMZ removes up to 99% of the attack surface and dramatically simplifies maintenance. It continuously synchronizes with the application to enable agile and secure application releases and integrate security with DevOps processes.

Active Learning Engine Active Learning Engine

An active learning engine rapidly scans the protected web application and learns its functionality. The scan, completed in hours eliminates the conventional learning mode required by WAFs and by application-layer DDoS protection solutions, which can take months to complete. The outcome of the scan process is the mapping of predictable response components and dynamic components of the web application.

Replication & Security Policy Creation Replication & Security Policy Creation

The cloud-based replica of the predictable response components manages up to 99% of the traffic to the application which significantly reduces the attack surface and eliminates vulnerabilities (including CMS, 3rd party plugin and web service vulnerabilities). The remaining dynamic content, typically search and login fields, is protected by a greatly simplified security policy.

Context Aware Defense Context Aware Defense

Requests to the web application are served by Cloud-DMZ, extending your organizations secure perimeter to the cloud. Cloud-DMZ handles each request according to its context:

  • Legitimate request to predictable response components are served statically by the cloud replica and do not require backend processing or any interaction with the original web servers, CMS or database.
  • Malicious requests to predictable response components are not served at all, because the cloud replica only serves request that have been mapped and generated during the Active Learning phase.
  • Requests to dynamic components are validated by the security policy and additional security measures. Illegal requests are blocked and only clean traffic is allowed to reach the original application.

Continuous Security Synchronization Continuous Security Synchronization

The Active Learning Engine continuously and automatically scans the protected application and updates security policies to reflect changes to the application. The Active Learning approach enables agile development and continuous integration and release. Deployments are dramatically accelerated and teams are free to rapidly innovate.

The Cloud-DMZ benefits

Reduction in attack surface by up to 99%, all protection can focus on 1% of the web system
Continuous, automated protection for dynamic environments, disconnecting web deployment from security
Protection against the complete range of web application attacks across the complete stack
Never block legitimate users
Optimal for cloud-based applications
Protect complex, globally distributed web systems and keep maintenance under control
Achieve PCI DSS Compliance (requirements 6.5 and 6.6)
Instant cloud deployment
Inherent DDoS mitigation and website optimization

Experience the Simplicity First Hand

Cloud-dmz™ proof of concept

Try the Cloud-DMZ security architecture for one month with no integration or changes to code or infrastructure.

#1
Provide us with a url
#2
Whitelist the Trusted Knight IP address
#3
Approve your cloud-based replica and Trusted Knight will deploy within hours

Talk to a Trusted Knight Representative today to get started