Grafik Airlock WAF

Airlock WAF 7.2 Release

Targeted attacks against IT services are often global and coordinated. Many of the computers used for this purpose, such as botnet zombies, are not new to the game and have likely been causing trouble elsewhere before. Therefore, Airlock WAF 7.2 integrates Webroot's BrightCloud Threat Intelligence Service to identify malicious clients in real time and block them before they do harm. The new IP address management features complement the threat Intelligence feeds perfectly, enabling the implementation of comprehensive IP-based access rules. Airlock's API gateway functionality has also been enhanced with a powerful access control feature based on JSON web tokens.

Airlock WAF 7.2 was released on the 21st of May 2019.

Watch our Webinar

The latest Airlock WAF 7.2 features

Threat Intelligence Powered by Webroot

Webroot's BrightCloud Threat Intelligence Service delivers high-quality, global threat intelligence feeds in real-time. IP addresses that perform attacks, belong to botnets, are infected with malware, send spam, are involved in phishing, or access via TOR and other proxies, are immediately blacklisted. Airlock WAF 7.2 integrates Webroot's Threat Intelligence Service as a module and updates IP reputation data continuously. At the push of a button, malicious IP addresses can be blocked and prevented from accessing protected services.

Benefit from our launch offer

Central management of IP address lists

Airlock WAF 7.2 provides simple and central management of IP address lists for access control. No matter whether you maintain own IP blacklists, want to integrate third-party lists or map internal network ranges: The new features allow easy creation of IP lists using CIDR notation. IP lists can be used for whitelist and blacklist rules, but also for exceptions, e.g. for DoS protection. Of course, IP lists can be updated automatically using the REST API.

Airlock API Gateway: Access Control using JSON web tokens

Strong filtering combined with intelligent access control: The power of Airlock is now specifically tailored for the protection of APIs. In addition to OpenAPI support introduced in the last release, the Airlock API Gateway now evaluates JSON web tokens (JWT) for access control decisions. These tokens (signed and/or encrypted) are checked for validity and for having a valid signature. In addition, restrictions on claims may be checked and access roles can be extracted from verified tokens. Moreover, access control policies may now consider HTTP verbs, e.g., for granting only read access to anonymous API clients.

There are lots of further improvements in the new release, such as TLS 1.3 support and the compatibility of the Airlock cloud image with the Google Compute Engine (GCE). For a complete overview and detailed change log, Please refer to the release notes on Techzone

 

Did we strike your chord?

Your Feedback

Your feedback concerns*


If you like, please leave us your contact details so that we can come back to you if necessary.