Grafik Airlock WAF

Airlock WAF 7.2 Release

Targeted attacks against IT services are often global and coordinated. Many of the computers used for this purpose, such as botnet zombies, are not new to the game and have likely been causing trouble elsewhere before. Therefore, Airlock WAF 7.2 integrates Webroot's BrightCloud Threat Intelligence Service to identify malicious clients in real time and block them before they do harm. The new IP address management features complement the threat Intelligence feeds perfectly, enabling the implementation of comprehensive IP-based access rules. Airlock's API gateway functionality has also been enhanced with a powerful access control feature based on JSON web tokens.

Airlock WAF 7.2 was released on the 21st of May 2019.

Watch our Webinar

The latest Airlock WAF 7.2 features

Threat Intelligence Powered by Webroot

Webroot's BrightCloud Threat Intelligence Service delivers high-quality, global threat intelligence feeds in real-time. IP addresses that perform attacks, belong to botnets, are infected with malware, send spam, are involved in phishing, or access via TOR and other proxies, are immediately blacklisted. Airlock WAF 7.2 integrates Webroot's Threat Intelligence Service as a module and updates IP reputation data continuously. At the push of a button, malicious IP addresses can be blocked and prevented from accessing protected services.

Central management of IP address lists

Airlock WAF 7.2 provides simple and central management of IP address lists for access control. No matter whether you maintain own IP blacklists, want to integrate third-party lists or map internal network ranges: The new features allow easy creation of IP lists using CIDR notation. IP lists can be used for whitelist and blacklist rules, but also for exceptions, e.g. for DoS protection. Of course, IP lists can be updated automatically using the REST API.

Airlock API Gateway: Access Control using JSON web tokens

Strong filtering combined with intelligent access control: The power of Airlock is now specifically tailored for the protection of APIs. In addition to OpenAPI support introduced in the last release, the Airlock API Gateway now evaluates JSON web tokens (JWT) for access control decisions. These tokens (signed and/or encrypted) are checked for validity and for having a valid signature. In addition, restrictions on claims may be checked and access roles can be extracted from verified tokens. Moreover, access control policies may now consider HTTP verbs, e.g., for granting only read access to anonymous API clients.

There are lots of further improvements in the new release, such as TLS 1.3 support and the compatibility of the Airlock cloud image with the Google Compute Engine (GCE). For a complete overview and detailed change log, Please refer to the release notes on Techzone


Did we strike your chord?

Information for you

-Our whitepapers-

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge