Site Protector Appliance (SPA)

A Layer-2 Dynamic Firewall based on Artificial Intelligence and Machine Learning technologies

 

 View Demo Video

Unified network security for every enterprise environment.

SPA (Site Protector Appliance) is a Layer 2 Anomaly Detection System and Dynamic Firewall with advanced security features and built-in defense against all new classes of sophisticated attacks. SPA engine analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

 

 SYN Attacks    DDoS Attacks    Brute Force attacks  DNS Flooding   Port Scanning  Null packets 
Protocol Anomalies   Application Attacks  and much more..

 

How it works / Connection Diagram

A SPA system consists of two main componets that can be installed on same or different machines,  the SPA Engine and the SPA Management/ Collector .

The SPA Engine (Layer 2 appliance) can connect to any network segment and does not require any network changes. It needs at minimum 3 network cards, 2 in bridge mode (layer 2 ) and 1 for communication with the SPA Management server. For better protection is recommended to install SPA Engine (appliance) in front of your router as shown in the diagram.

The SPA Engine supports ANY data packets to pass through, has no IP address hence is invisible from internet and hackers. Our unique, state of the art engine, is fully functioning in layer 2 (bridge mode) for packet analysis and dynamic blocking.

The SPA engine operates by analyzing the data streams and in line with the configuration parameters provided by the administrator it creates a ‘dynamic policy’ based on the network traffic and network behavior. That results to dynamic ‘memory resident’ rules saved in the kernel space.
This results in policies that will not block any normal activity, but provide the ability to detect anomalies in protocols and hence detect hacker activity trying to penetrate a network . All blocking mechanisms are applied in real time and expiration flags can be defined.

The initial state of a SPA engine does NOT contain any blocking rules. By default all traffic is allowed to pass through. A minimum of 2 hours is required in order for the engine to analyze enough traffic and start creating a dynamic policy.

The SPA Management/Collector  acts as an ‘analyzer’ and a ‘correlation engine’. Its main purpose is to analyze information and provide input to the SPA Engine to improve its policy and operation by processing the raw data provided by the engine and apply analysis techniques to define a proper short and long term reaction / action to the specific attack. It also functions as a monitoring and administration service for the operation of the SPA Engine via a web interface.

In addition to the SPA Engine, the SPA Collector can be integrated with various external security systems (i.e firewalls, ids etc) and receive security related logs in standard syslog format. Incoming logs are saved in a database, get analyzed using various parsers (Checkpoint, Snort,mod_security waf etc),correlated using 'spro' correlation engine and provide additional input to the SPA Engine.

On enterprise enviroments with multiple Internet gateways you can use one SPA Management to configure and monitor more than one SPA Engines.

 

 

 

Want to know more ?  
F.A.Q
Request a quotation
See some screenshots
SPA Product Line
Build an effective DDoS protection
Cloud server and data sharing
Install on my own hardware
Deep Analyzer and the built in DNS server
Howto write my own log parsers
Enable beta or alpha releases
Ransomware and malware protection
Configure Blackhole settings
Configure system alerts and notifications
Adjusting port scanning detection plugin
Learn more about Whitelist and Exception settings

 

 

Site Protector Appliance (SPA)

A Layer-2 Dynamic Firewall based on Artificial Intelligence and Machine Learning technologies

   

 View Demo Video

Unified network security for every enterprise environment.

SPA (Site Protector Appliance) is a Layer 2 Anomaly Detection System and Dynamic Firewall with advanced security features and built-in defense against all new classes of sophisticated attacks. SPA engine analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

 

 SYN Attacks   
DDoS Attacks   
Brute Force attacks 
DNS Flooding  
Port Scanning 
Null packets 
Protocol Anomalies  
Application Attacks  and much more..

How it works / Connection Diagram

A SPA system consists of two main componets that can be installed on same or different machines,  the SPA Engine and the SPA Management/ Collector .

The SPA Engine (Layer 2 appliance) can connect to any network segment and does not require any network changes. It needs at minimum 3 network cards, 2 in bridge mode (layer 2 ) and 1 for communication with the SPA Management server. For better protection is recommended to install SPA Engine (appliance) in front of your router as shown in the diagram.

The SPA Engine supports ANY data packets to pass through, has no IP address hence is invisible from internet and hackers. Our unique, state of the art engine, is fully functioning in layer 2 (bridge mode) for packet analysis and dynamic blocking.

The SPA engine operates by analyzing the data streams and in line with the configuration parameters provided by the administrator it creates a ‘dynamic policy’ based on the network traffic and network behavior. That results to dynamic ‘memory resident’ rules saved in the kernel space.
This results in policies that will not block any normal activity, but provide the ability to detect anomalies in protocols and hence detect hacker activity trying to penetrate a network . All blocking mechanisms are applied in real time and expiration flags can be defined.

The initial state of a SPA engine does NOT contain any blocking rules. By default all traffic is allowed to pass through. A minimum of 2 hours is required in order for the engine to analyze enough traffic and start creating a dynamic policy.

The SPA Management/Collector  acts as an ‘analyzer’ and a ‘correlation engine’. Its main purpose is to analyze information and provide input to the SPA Engine to improve its policy and operation by processing the raw data provided by the engine and apply analysis techniques to define a proper short and long term reaction / action to the specific attack. It also functions as a monitoring and administration service for the operation of the SPA Engine via a web interface.

In addition to the SPA Engine, the SPA Collector can be integrated with various external security systems (i.e firewalls, ids etc) and receive security related logs in standard syslog format. Incoming logs are saved in a database, get analyzed using various parsers (Checkpoint, Snort,mod_security waf etc),correlated using 'spro' correlation engine and provide additional input to the SPA Engine.

On enterprise enviroments with multiple Internet gateways you can use one SPA Management to configure and monitor more than one SPA Engines.

 

 
Want to know more ?  
F.A.Q
Request a quotation
See some screenshots
SPA Product Line
Build an effective DDoS protection
Cloud server and data sharing
Install on my own hardware
Deep Analyzer and the built in DNS server
Howto write my own log parsers
Enable beta or alpha releases
Ransomware and malware protection
Configure Blackhole settings
Configure system alerts and notifications
Adjusting port scanning detection plugin
Learn more about Whitelist and Exception settings

ESG Firewall

Next generation firewall with advanced security features built-in

Buy Now

E.S.G : Enterprise Security Gateway


ESG is a professional and hardened Linux firewall that is secure, easy to operate and coming with advanced security features built-in. It runs on top of Centos Linux and is based on 'netfilter' (the linux kernel base firewall module).

Overview
ESG software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with other firewalls catch on to the web interface quickly.

Hardware Selection
ESG is just the software portion of the firewall and run on Centos 6 & 7 64-bits. This means you can use your own hardware to meet your environment's specific needs.

Major Features

  • Standard Rules support (src -> dst)
  • Rules based on 'Traffic Direction'
  • Rules based on hardware Interfaces
  • Stateful Inspection firewall
  • PPTP Vpn and OpenVPN built-in
  • Advanced anti-spoofing built in
  • DNAT /  SNAT and port forwarding
  • Advanced traffic inspection (low level)
  • Easy to use Web Interface for administration
  • Build-in filtering for Malwares and Ransomwares
  • IDS/IPS and IPS with A.I
  • DDoS Protection
  • URL Filtering

Howto set up site-to-site VPN

Quick Setup Guide

Remote Access via VPN

Quick Setup Guide

ESG Web Interface

Screenshots

For Business Remote Offices & SOHO On the go
Protect your business network and secure your connections. Use the integrated site to site VPN  to create a secure network connection to and from your remote offices. Even on the road ESG is a great asset to your business as it offers OpenVPN VPN solution with road warrior support.

 

FW Schemas

Following the industry standards we have added pre-build profiles for high security setups in order to help our customers get the maximum security for their businesses out of the box. The profiles are based on best security practices and offer maximum security, advanced routing and traffic management in combination with speed and performance.

Profile : FW-LAN-DMZ-LAN2 or FW-LAN or FW-LAN-DMZ

This is the most common scenarios following the standard isolation concept of the LAN , public services (DMZ) and guest (LAN2). By choosing one of the above profiles the firewall engine will apply advanced security rules, NAT and traffic rules in order to isolate the communication between LANs . Also, advanced traffic forwarding rules will be applied for better traffic management and maximum throughput.

Profile : FW-VLAN

Internal segmentention never be so easy

Designed to run in Internal Networks (internal FW), the FW-VLAN allows the creation of multiple VLANS for traffic control. Traffic is routed to the ESG V-LAN firewall through a switch (L3) trunk. All routing and traffic rules (firewall) can be built on the ESG V-LAN firewall.

Profile : FW-FLEX

The 'flexible' profile where no rules applied. Designed for the gurus that really know what they are doing. In this configuration ESG firewall policy is completely 'empty' and ready to accept any configuration you imagine. 

 Howto Configure a V-LAN firewall

 

Remote Access

From anywhere, anytime ... easy and secure.

CyberX Enterprise Security Gateway (ESG) includes a highly secure VPN server for remote connections based on latest encryption algorithms for maximum security and performance.

Main Characteristics

  • High encryption algorithms
  • Easy to setup and manage
  • Standard TCP or UDP connection
  • Supports standard tcp/udp proxy
  • Super fast, super secure
  • Certificate based (no need of password)

Supporting both client-to-server and server-to-server (site to site vpn)

Compatible with ALL of your devices:

 

 

 

ESG Firewall

Next generation firewall with advanced security features built-in

Buy Now

E.S.G : Enterprise Security Gateway


ESG is a professional and hardened Linux firewall that is secure, easy to operate and coming with advanced security features built-in. It runs on top of Centos Linux and is based on 'netfilter' (the linux kernel base firewall module).

Overview
ESG software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with other firewalls catch on to the web interface quickly.

Hardware Selection
ESG is just the software portion of the firewall and run on Centos 6 & 7 64-bits. This means you can use your own hardware to meet your environment's specific needs.

Major Features

  • Standard Rules support (src -> dst)
  • Rules based on 'Traffic Direction'
  • Rules based on hardware Interfaces
  • Stateful Inspection firewall
  • PPTP Vpn and OpenVPN built-in
  • Advanced anti-spoofing built in
  • DNAT /  SNAT and port forwarding
  • Advanced traffic inspection (low level)
  • Easy to use Web Interface for administration
  • Build-in filtering for Malwares and Ransomwares
  • IDS/IPS and IPS with A.I
  • DDoS Protection
  • URL Filtering

 

[ View Web Adminstration Screenshots ]


For Business
Protect your business network and secure your connections.

Remote Offices & SOHO
Use the integrated site to site VPN  to create a secure network connection to and from your remote offices.

On the go
Even on the road ESG is a great asset to your business as it offers OpenVPN VPN solution with road warrior support.

FW Schemas

Following the industry standards we have added pre-build profiles for high security setups in order to help our customers get the maximum security for their businesses out of the box. The profiles are based on best security practices and offer maximum security, advanced routing and traffic management in combination with speed and performance.

Profile : FW-LAN-DMZ-LAN2 or FW-LAN or FW-LAN-DMZ

This is the most common scenarios following the standard isolation concept of the LAN , public services (DMZ) and guest (LAN2). By choosing one of the above profiles the firewall engine will apply advanced security rules, NAT and traffic rules in order to isolate the communication between LANs . Also, advanced traffic forwarding rules will be applied for better traffic management and maximum throughput.

Profile : FW-VLAN

Internal segmentention never be so easy

Designed to run in Internal Networks (internal FW), the FW-VLAN allows the creation of multiple VLANS for traffic control. Traffic is routed to the ESG V-LAN firewall through a switch (L3) trunk. All routing and traffic rules (firewall) can be built on the ESG V-LAN firewall.

Profile : FW-FLEX

The 'flexible' profile where no rules applied. Designed for the gurus that really know what they are doing. In this configuration ESG firewall policy is completely 'empty' and ready to accept any configuration you imagine. 

 Howto Configure a V-LAN firewall

Remote Access

From anywhere, anytime ... easy and secure.

CyberX Enterprise Security Gateway (ESG) includes a highly secure VPN server for remote connections based on latest encryption algorithms for maximum security and performance.

Main Characteristics

  • High encryption algorithms
  • Easy to setup and manage
  • Standard TCP or UDP connection
  • Supports standard tcp/udp proxy
  • Super fast, super secure
  • Certificate based (no need of password)

Supporting both client-to-server and server-to-server (site to site vpn)

Compatible with ALL of your devices:


Security Operation Center

Your more valuable resource for security incidents detection.

What is a SOC ?

A security operations center (SOC) is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. Security operations centers are typically staffed with security analysts and engineers as well as managers who oversee security operations. SOC staff work close with organizational incident response teams to ensure security issues are addressed quickly upon discovery.

We, at CyberX  built an innovating SOC with Artificial Intelligence and Machine Learning in order to minimize the needs of staff and other resources. Our autonomious SOC is able to detect, alert and take action in real time (hosted in premises)

X-Change Mail

Full Featured Secure Mail Server for any enviroment.

Buy Now

   

Bringing together: Email, Calendar, Contacts to any  of your devices and PCs


X-Change is an enterprise-class email, calendar, contacts synchronization solution built on top of Centos Linux. The system  consits of both client and server componets (open source) and fully supports all major email clients like Evolution , Microsoft Outlook and Apple Mail either through free connectors or using ActiveSync protocol.

The system has been configured to offer maximum security out of the box and has advanced AntiSpam, Antivirus and Content Filtering capabilities.

Users data sharing accross all devices stays secure in a central storage location (x-change server) .

Major Features

  • AntiSpam with more than 98% accurancy
  • AntiVirus with heuristic analysis on-the fly
  • Content Filtering based on email standards
  • SPF (Sender Policy Framework) and DNSBL (Blacklists) included
  • Server to server encryption using TLSv1.2 +
  • Ajax Modern webmail client
  • Multi Domain support
  • Unlimited users and mailboxes
  • Out of Office messages
  • Calendar Synchronization
  • Contact Synchronization
  • Email / Email Folder synchronization
  • Easy to use Web Interface for administration
  • Mobile Policies for Remote Users

Communication Protocols

  • IMAPs with full folders synchronization
  • POP3s (standard / old clients)
  • ActiveSync for Calendar and Contact synchronization
  • SMTP and SMTPs for relaying authentication

Authentication Method

  • Standard local authentication through Linux O/S
  • Remote authentication using Active Directory

Supported Clients

  • All Email Clients support IMAP/POP3 SMTP protocols like Evolution, Outlook , Apple Mail  etc
  • Fully support Microsoft Outlook and Apple Mail using ActiveSync
  • All Android phones and Android tabltes
  • All I-Devices (i-phones , tablets)

 

      Active Sync    

Free CardDav/CalDav synchronizer for Microsoft Outlook

Download Outlook Connector

X-Change and Active Directory Authentication

Quick Setup Guide

X-Change Web Interface

Screenshots

 

X-Change Mail

Full Featured Secure Mail Server for any enviroment.

Buy Now

Bringing together: Email, Calendar, Contacts to any  of your devices and PCs


X-Change is an enterprise-class email, calendar, contacts synchronization solution built on top of Centos Linux. The system  consits of both client and server componets (open source) and fully supports all major email clients like Evolution , Microsoft Outlook and Apple Mail either through free connectors or using ActiveSync protocol.

The system has been configured to offer maximum security out of the box and has advanced AntiSpam, Antivirus and Content Filtering capabilities.

Users data sharing accross all devices stays secure in a central storage location (x-change server) .

Major Features

  • AntiSpam with more than 98% accurancy
  • AntiVirus with heuristic analysis on-the fly
  • Content Filtering based on email standards
  • SPF (Sender Policy Framework) and DNSBL (Blacklists) included
  • Server to server encryption using TLSv1.2 +
  • Ajax Modern webmail client
  • Multi Domain support
  • Unlimited users and mailboxes
  • Out of Office messages
  • Calendar Synchronization
  • Contact Synchronization
  • Email / Email Folder synchronization
  • Easy to use Web Interface for administration

Communication Protocols

  • IMAPs with full folders synchronization
  • POP3s (standard / old clients)
  • ActiveSync for Calendar and Contact synchronization
  • SMTP and SMTPs for relaying authentication

Authentication Method

  • Standard local authentication through Linux O/S
  • Remote authentication using Active Directory

Supported Clients

  • All Email Clients support IMAP/POP3 SMTP protocols like Evolution, Outlook , Apple Mail  etc
  • Fully support Microsoft Outlook and Apple Mail using ActiveSync
  • All Android phones and Android tabltes
  • All I-Devices (i-phones , tablets)

[ View Web Adminstration Screenshots ]

 

CyberX
Web App Firewall
Protect your website and Web Applications from cyber threats

[ MODELS & EDITIONS ]  [ SCREENSHOTS ]

Overview

CyberX's enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no or minimal changes to your existing infrastructure.

Our core engine fully follows the OWASP standards as for application security. The CyberX team tune,improve and add new signatures and features in order to increase the detection rate and protect you from recent or zero-day attacks.

Protection against:

  • SQL Injections
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  • GeoLocation Control
  • DDoS Protection
  • Protection from malicious sites and bots
  • Embeded virus scanner for file uploads

Network Diagram

Want to know more ?

Connect more than one CxWAF module to CxWAF Management
→  Connect CxWAF with SPA for maximum security
Howto configure the DDoS  Module
SSL Certificates Installation
Known Issues

 

 Profiling

A Web Application Firewall will trigger a lot of false positive if tuned to the maximum. This is due to the variety of web applications around, different languages used and different programming methods.

In order to avoid false positives but deliver maximum security, the CyberX engineers create various application profiles for a variate of known web applications and web services.

Among others, CyberX WAF has tuned profiles for :

  • Microsoft Exchange
  • Owncloud / NextCloud
  • Roundcube Webmail
  • DigiSpace Platform
  • Various language profiles

 Protection against DDoS attacks

The built-in DDoS protection filters out volumetric attacks before they ever reach your network and harm your apps. It also protects against sophisticated application DDoS attacks without the administrative and resource overhead of traditional solutions, to eliminate service outages.

 Automatic Updates

As of all CyberX products, the CxWAF firewall updates automatically through our own controlled repositories. System and application updates run on a daily basic.

 

 Geolocation Control

Your application under your control. Using CyberX WAF geolocation module you can control the access to your application based on geographical location of the incoming request.

 

CyberX WAF

Protect your website and Web Applications from cyber threats

 

[ MODELS & EDITIONS ]  [ SCREENSHOTS ]

Overview

CyberX's enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no or minimal changes to your existing infrastructure.

Our core engine fully follows the OWASP standards as for application security. The CyberX team tune,improve and add new signatures and features in order to increase the detection rate and protect you from recent or zero-day attacks.

Protection against:

  • SQL Injections
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  • GeoLocation Control
  • DDoS Protection
  • Protection from malicious sites and bots
  • Embeded virus scanner for file uploads

 Profiling

A Web Application Firewall will trigger a lot of false positive if tuned to the maximum. This is due to the variety of web applications around, different languages used and different programming methods.

In order to avoid false positives but deliver maximum security, the CyberX engineers create various application profiles for a variate of known web applications and web services.

Among others, CyberX WAF has tuned profiles for :

  • Microsoft Exchange
  • Owncloud / NextCloud
  • Roundcube Webmail
  • DigiSpace Platform
  • Various language profiles

 Protection against DDoS attacks

The built-in DDoS protection filters out volumetric attacks before they ever reach your network and harm your apps. It also protects against sophisticated application DDoS attacks without the administrative and resource overhead of traditional solutions, to eliminate service outages.

 Automatic Updates

As of all CyberX products, the CxWAF firewall updates automatically through our own controlled repositories. System and application updates run on a daily basic.

 

 Geolocation Control

Your application under your control. Using CyberX WAF geolocation module you can control the access to your application based on geographical location of the incoming request.

Want to know more ?

Connect more than one CxWAF module to CxWAF Management
→  Connect CxWAF with SPA for maximum security
Howto configure the DDoS  Module
SSL Certificates Installation
Known Issues