ZEVENET is a smart company focused on the Application Delivery Controller market and really obsessed with the security in the delivery, for that reason we really know that today the security is a real concern for the business and what a better way to solve it is by adding this task to the controlling application management. With this, we will be able to ensure that only safe traffic will reach our backend system.
A secure and online protection strategy is required, so ZEVENET engineers have designed an innovative protection and detection system in different layers just to protect against the different kinds of attacks; this innovative module is called IPDS or Intrusion Prevention and Detection System, designed with the following premises:
The Edge is the key: edge computing is a modern concept, just power computing near the final service location with the main idea of reducing latency in the communication and with the goal of doing a dedicated task to offload resources and tasks in the end. Then let us the edge to do additional tasks for protecting and discard malicious traffic, in a way that only clean traffic will pass to the customer services.
Protecting in early stages will save resources: Once the edge is justified to be used to protect the customer services, how to be more efficient from a computational point of view? The attacker will pass the Edge device used for protection, this is the ZEVENET IPDS module, as soon as the packet is detected as malicious in the data path as many resources we will be able to save. With these premises, ZEVENET IPDS has been developed to be able to protect the system in an ingress stage inside the ZEVENET Operating system being able to drop more than 45 million packets per second per CPU core with linear scalability adding CPU cores.
Different types of attacks require different types of protection: Let’s be clear about cybersecurity protection, there is no divine security solution that will protect you from any attack, but your system can be ready to be protected from most already known exploits or zero-day attacks, for example, giving you the option of securitizing the traffic and inspecting it to find patterns from attackers or suspicious origin, that is the goal of a security solution developed in multilayers.
Let’s know better how an efficient and effective multi-layered security solution works in the Edge.
Client Reputation.
let checks in the Edge the client’s IP and stops traffic from malicious origins before they attack based on the origin IP addresses. IPs’ reputation is very well known as 3rd party reports because they have already been identified as attackers, ZEVENET uses this information to protect you against them.
Protects your servers by rejecting traffic using ZEVENET prebuilt reputation sets based in countries, or IP addresses detected as attackers to services like SMTP, IMAP, Databases, PBX or SIP Servers, Web or API services, public Proxies, TOR network, Bots network, among others. ZEVENET IPDS is able to protect you against more than 250 different IP client reputation databases updated daily or create your own for your own sets.
DoS Protection
Let the Edge checks the packet behavior against different kinds of Denial of Services (DoS) attacks, with this module, a try of flooding the customer service will be stopped applying different packet inspection rules, defends your system against flood attacks based on high concurrency per second per source IP / per destination IP, Reset Packet flooding or Bogus attack among others.
RBL Protection
Let ZEVENET protect in the Edge with Real-time blocklists, ensure your data path against different sources based on source IP DNS Resolution. Connect any kind of flow to one Real-time blocklist system not just your SMTP traffic and use the same database for different application services, use our private RBL system or use 3rd party high reputation services like SpamHaus, Spamcop, or other public services.
Reverse Proxy
Once an HTTP flow is captured by ZEVENET IPDS passes the traffic through a reverse proxy which is located in the Edge, front of your web backend server, the security benefits that ZEVENET IPDS offers to your service is described below:
Transport Layer
ZEVENET IPDS as Edge device offers security in TCP layer defending against SYN flood attacks offering protection with SYN proxy, this feature protects creating 2 independent connections, a TCP connection between the client and ZEVENET IPDS in the Edge and another between ZEVENET and the backend servers defending against TCP attacks.
Application layer
ZEVENET IPDS as Edge device only opens used ports (commonly 80 and 443 for Reverse Proxies usage) allowing traffic through them defending against port scanning or improving scoring about any Cybersecurity Audits. IPDS module in a reverse proxy layer only allows HTTP(S) protocol defending against malformed request and waiting to receive all the HTTP headers from clients before to analyze and forward to the server to protect of origin against Slowloris attacks or analyzing the web content with a Web Application Firewall feature.
WAF or Web Application Firewall
The HTTP(S) traffic is growing up daily and day after day the increase is really appreciated, services are evolving changing to HTTPS like the case of Exchange Server that in the later version is totally managing its own services through HTTP(S) protocols, for that reason, a security layer for this HTTP(S) protocol inspections in the Edge, and analysis is a must, ZEVENET IPDS includes a security layer which is able to work with prebuilt rules (OWASP) updated regularly to address emerging threats, or create your owns, those pre-built rules protect your system in the Edge against HTTP(S) methods enforcements, DoS, Scanner detection, protocol enforcement, protocol attack, LFI/RFI/RCE attacks, XSS or Cross-site scripting, SQLi or SQL Injection, Application session-fixation attack, Web application projects for WordPress, Drupal, NextCloud, Dokuwiki, Cpanel, Xenforo, or programing data leaks among others.
IPDS multi-layered security module
ZEVENET IPDS module offers an early stage for preventing and protecting against attackers rejecting malicious traffic and ensuring that only useful traffic will bypass your cloud-based system or servers allowing connections to your system only from ZEVENET IP services. Additionally, ZEVENET IPDS offers a REST API in order to be used from outside of the ADC itself which allows external devices like the backend servers to update the rules remotely in case that some mitigation is not done properly and pass to the cloud customer service.
Final overview
Services security starts at the Edge with ZEVENET IPDS module system, we explained how ZEVENET IPDS can help with an effective multi layered solution with more than 5000 protecting rulesets updated daily just to ensure that your system is totally ready for protecting against new attackers and new methods that compromise your cloud services. If you want us to extend this information and know better how ZEVENET IPDS can help you please contact us and we will help you in creating a security platform that fixes your required use cases.