Airlock Gateway 7.6
Airlock Gateway 7.6 breaks new ground in anomaly detection. The Airlock Anomaly Shield is based on machine learning and is trained directly with the data of the application to be protected.
No less important are secure connections to the backend: an absolute must in times of zero trust. Maintaining these is now even easier thanks to a separate section in the configuration of Airlock Gateway.
For the perfect implementation of barrier-free websites, the remaining time until the session expires can now also be sent to the browser. Reliable protection of REST resources makes it necessary to distinguish precisely whether a resource is addressed with or without a slash. A small but subtle difference that Airlock Gateway now knows exactly.
Anomaly Detection using Machine Learning
The latest gateway release marks a new era in the defense against unwanted access. The Airlock Anomaly Shield uses machine learning technologies to detect anomalies in sessions and react to them with appropriate actions. The Anomaly Shield is trained directly on the data of the protected application and is therefore optimally adapted to the protection of these applications.
Monitoring of the Anomaly Shield is integrated in logging and reporting, new dashboards show the protection effect.
Simplified SSL/TLS Settings for Back-ends
The assumption that back-end hosts reside in a secure internal zone and therefore do not need an encrypted connection is outdated. Zero-trust considerations require that traffic between two systems be encrypted. There is now a separate tab for SSL/TLS settings on the back-end groups, making it easy to configure secure connections between Airlock Gateway and the back-end hosts. Client certificates, CAs, ciphers and protocol versions for mutual SSL in the back-end can thus be easily administered. It is now also possible to configure the SSL/TLS version and the cipher suite directly on virtual hosts.
The heart of the Airlock Gateway also drives the Airlock Microgateway. This brings the protection of microservice architectures into focus. Various small improvements ensure a well-rounded solution. This includes, e.g., the distinction between REST resources with and without trailing slashes, the use of role-based access control in a distributed scenario with multiple gateways, and the logging of tracing headers.
Accessibility and session lifetime
Accessible applications face the challenge of showing users the remaining lifetime of the current session. Since Airlock Gateway manages these sessions, this is not an easy task for applications. With the new rewrite variables containing this timing information, it is now possible to make this data available to the application, for example by writing it to a header.