Graphic Airlock Secure Acces Hub

Filtering and blocking

Attackers and other invalid requests are prevented from reaching the back-end

Strict filtering of all data traffic prevents current and future attacks as described in the OWASP Top 10 security risks, for example. Attacks such as XSS, XSRF, injection attacks or session stealing attempts have topped the list for years. All requests are verified for their conformity with well-established standards. Since many attacks fail to comply to the standards, many attackers are already blocked.

The Secure Access Hub terminates incoming TLS connections, making it possible to detect attacks in encrypted connections as well. The filtering itself is carried out on the application layer. This sets Airlock apart from conventional firewalls, which work on the network layer.

Filter functions

Blacklist filtering

  • Signatures for known attack patterns
  • Lexical analysis in the case of suspected SQL or Javascript injection
  • To Threat intelligence feeds: IP addresses are blocked based on reputation information
  • Geolocation: IP addresses are blocked based on their geographical origins

Dynamic whitelists

generated on the fly from back-end analysis

  • URL encryption
  • Smart form protection
  • Cookie store
  • Dynamic Value Endorsement (DyVE)

Filtering of structured data

  • JSON (JavaScript Object Notation)
  • OpenAPI (validation of REST calls against a formal specification)
  • XML (Extensible Markup Language)
  • SOAP (Simple Object Access Protocol)

Further filter functions

  • Filtering of unauthorised access
  • Learned whitelists: generated using integrated policy learning
  • Malware filtering (ICAP): incoming requests can be forwarded via ICAP
  • Client fingerprinting
  • Static whitelists
  • Use-specific filtering

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Your Feedback

Your feedback concerns*


If you like, please leave us your contact details so that we can come back to you if necessary.