Cloud-DMZ™ Web Security and DDoS Protection
Intelligently Simple Web Security
Trusted Knight’s Cloud-DMZ provides enterprise-grade web application security and DDoS protection by actively scanning the application, understanding its functionality and serving a secure, cloud-based replica.
Cloud-DMZ eliminates website and application vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, Remote File Inclusion and the OWASP Top-10. It prevents attackers from gaining unauthorized access to web systems, compromising sensitive data and defacing websites while minimizing the organizations dependency on secure development and 3rd party patches.
The Cloud-DMZ Approach
Cloud-DMZ is an advanced alternative to a conventional WAF, which addresses the critical WAF deficiencies by using active learning, active content serving and cloud replication. As a result, it dramatically reduces false positives and false negatives, shortens deployment time to hours and eliminates operational complexity.
How it works
Eliminating DDOS and Vulnerabilities
Cloud-DMZ actively scans your application, learns its functionality and protects by understanding the context of each incoming request. As a result, it can accurately tell apart legitimate traffic from malicious traffic and will not block legitimate users. By replicating web application components to the cloud, Cloud-DMZ removes up to 99% of the attack surface and dramatically simplifies maintenance. It continuously synchronizes with the application to enable agile and secure application releases and integrate security with DevOps processes.
Active Learning Engine
An active learning engine rapidly scans the protected web application and learns its functionality. The scan, completed in hours eliminates the conventional learning mode required by WAFs and by application-layer DDoS protection solutions, which can take months to complete. The outcome of the scan process is the mapping of predictable response components and dynamic components of the web application.
Replication & Security Policy Creation
The cloud-based replica of the predictable response components manages up to 99% of the traffic to the application which significantly reduces the attack surface and eliminates vulnerabilities (including CMS, 3rd party plugin and web service vulnerabilities). The remaining dynamic content, typically search and login fields, is protected by a greatly simplified security policy.
Context Aware Defense
Requests to the web application are served by Cloud-DMZ, extending your organizations secure perimeter to the cloud. Cloud-DMZ handles each request according to its context:
- Legitimate request to predictable response components are served statically by the cloud replica and do not require backend processing or any interaction with the original web servers, CMS or database.
- Malicious requests to predictable response components are not served at all, because the cloud replica only serves request that have been mapped and generated during the Active Learning phase.
- Requests to dynamic components are validated by the security policy and additional security measures. Illegal requests are blocked and only clean traffic is allowed to reach the original application.
Continuous Security Synchronization
The Active Learning Engine continuously and automatically scans the protected application and updates security policies to reflect changes to the application. The Active Learning approach enables agile development and continuous integration and release. Deployments are dramatically accelerated and teams are free to rapidly innovate.
The Cloud-DMZ benefits
Experience the Simplicity First Hand
Cloud-dmz™ proof of concept
Try the Cloud-DMZ security architecture for one month with no integration or changes to code or infrastructure.
Provide us with a url
Whitelist the Trusted Knight IP address
Approve your cloud-based replica and Trusted Knight will deploy within hours