Maestro Active Defense

A Layer-2 Dynamic Firewall based on Artificial Intelligence and Machine Learning technologies

Buy Now

 View Demo Video

Unified network security for every enterprise environment.

Maestro Active Defense is a Layer 2 Anomaly Detection System and Dynamic Firewall with advanced security features and built-in defense against all new classes of sophisticated attacks. Maestro engine analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

 

 SYN Attacks    DDoS Attacks    Brute Force attacks  DNS Flooding   Port Scanning  Null packets 
Protocol Anomalies   Application Attacks  and much more..

 

How it works / Connection Diagram

A Maestro system consists of two main componets that can be installed on same or different machines,  the Maestro Engine and the Maestro Management/ Collector .

The Maestro Engine (Layer 2 appliance) can connect to any network segment and does not require any network changes. It needs at minimum 3 network cards, 2 in bridge mode (layer 2 ) and 1 for communication with the Maestro Management server. For better protection is recommended to install Maestro Engine (appliance) in front of your router as shown in the diagram.

The Maestro Engine supports ANY data packets to pass through, has no IP address hence is invisible from internet and hackers. Our unique, state of the art engine, is fully functioning in layer 2 (bridge mode) for packet analysis and dynamic blocking.

The Maestro engine operates by analyzing the data streams and in line with the configuration parameters provided by the administrator it creates a ‘dynamic policy’ based on the network traffic and network behavior. That results to dynamic ‘memory resident’ rules saved in the kernel space.
This results in policies that will not block any normal activity, but provide the ability to detect anomalies in protocols and hence detect hacker activity trying to penetrate a network . All blocking mechanisms are applied in real time and expiration flags can be defined.

The initial state of a Maestro engine does NOT contain any blocking rules. By default all traffic is allowed to pass through. A minimum of 2 hours is required in order for the engine to analyze enough traffic and start creating a dynamic policy.

The Maestro Management/Collector  acts as an ‘analyzer’ and a ‘correlation engine’. Its main purpose is to analyze information and provide input to the Maestro Engine to improve its policy and operation by processing the raw data provided by the engine and apply analysis techniques to define a proper short and long term reaction / action to the specific attack. It also functions as a monitoring and administration service for the operation of the Maestro Engine via a web interface.

In addition to the Maestro Engine, the Maestro Collector can be integrated with various external security systems (i.e firewalls, ids etc) and receive security related logs in standard syslog format. Incoming logs are saved in a database, get analyzed using various parsers (Checkpoint, Snort,mod_security waf etc),correlated using 's-pro' correlation engine and provide additional input to the Maestro Engine.

On enterprise enviroments with multiple Internet gateways you can use one Maestro Management to configure and monitor more than one Maestro Engines.

 

 

 

Want to know more ?  
F.A.Q
Request a quotation
See some screenshots
Maestro Product Line
Build an effective DDoS protection
Cloud server and data sharing
Maestro API Connector
Install on my own hardware
Deep Analyzer and the built in DNS server
Howto write my own log parsers
Enable beta or alpha releases
Ransomware and malware protection
Configure Blackhole settings
Configure system alerts and notifications
Adjusting port scanning detection plugin
Learn more about Whitelist and Exception settings

 

 

Maestro Active Defense

A Layer-2 Dynamic Firewall based on Artificial Intelligence and Machine Learning technologies

   

 View Demo Video

Unified network security for every enterprise environment.

Maestro is a Layer 2 Anomaly Detection System and Dynamic Firewall with advanced security features and built-in defense against all new classes of sophisticated attacks. Maestro engine analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

 

 SYN Attacks   
DDoS Attacks   
Brute Force attacks 
DNS Flooding  
Port Scanning 
Null packets 
Protocol Anomalies  
Application Attacks  and much more..

How it works / Connection Diagram

A Maestro system consists of two main componets that can be installed on same or different machines,  the Maestro Engine and the Maestro Management/ Collector .

The Maestro Engine (Layer 2 appliance) can connect to any network segment and does not require any network changes. It needs at minimum 3 network cards, 2 in bridge mode (layer 2 ) and 1 for communication with the Maestro Management server. For better protection is recommended to install Maestro Engine (appliance) in front of your router as shown in the diagram.

The Maestro Engine supports ANY data packets to pass through, has no IP address hence is invisible from internet and hackers. Our unique, state of the art engine, is fully functioning in layer 2 (bridge mode) for packet analysis and dynamic blocking.

The Maestro engine operates by analyzing the data streams and in line with the configuration parameters provided by the administrator it creates a ‘dynamic policy’ based on the network traffic and network behavior. That results to dynamic ‘memory resident’ rules saved in the kernel space.
This results in policies that will not block any normal activity, but provide the ability to detect anomalies in protocols and hence detect hacker activity trying to penetrate a network . All blocking mechanisms are applied in real time and expiration flags can be defined.

The initial state of a Maestro engine does NOT contain any blocking rules. By default all traffic is allowed to pass through. A minimum of 2 hours is required in order for the engine to analyze enough traffic and start creating a dynamic policy.

The Maestro Management/Collector  acts as an ‘analyzer’ and a ‘correlation engine’. Its main purpose is to analyze information and provide input to the Maestro Engine to improve its policy and operation by processing the raw data provided by the engine and apply analysis techniques to define a proper short and long term reaction / action to the specific attack. It also functions as a monitoring and administration service for the operation of the Maestro Engine via a web interface.

In addition to the Maestro Engine, the Maestro Collector can be integrated with various external security systems (i.e firewalls, ids etc) and receive security related logs in standard syslog format. Incoming logs are saved in a database, get analyzed using various parsers (Checkpoint, Snort,mod_security waf etc),correlated using 's-pro' correlation engine and provide additional input to the Maestro Engine.

On enterprise enviroments with multiple Internet gateways you can use one Maestro Management to configure and monitor more than one Maestro Engines.

 

 
Want to know more ?  
F.A.Q
Request a quotation
See some screenshots
Maestro Product Line
Build an effective DDoS protection
Cloud server and data sharing
Maestro API Connector
Install on my own hardware
Deep Analyzer and the built in DNS server
Howto write my own log parsers
Enable beta or alpha releases
Ransomware and malware protection
Configure Blackhole settings
Configure system alerts and notifications
Adjusting port scanning detection plugin
Learn more about Whitelist and Exception settings

ESG Firewall

Next generation firewall with advanced security features built-in

Buy Now


[   Free Edition ] [ Compare Versions ]

E.S.G : Enterprise Security Gateway


ESG is a professional and hardened Linux firewall that is secure, easy to operate and coming with advanced security features built-in. It runs on top of Centos Linux and is based on 'netfilter' (the linux kernel base firewall module).

Overview
ESG software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with other firewalls catch on to the web interface quickly.

Hardware Selection
ESG is just the software portion of the firewall and run on Centos 6 & 7 64-bits. This means you can use your own hardware to meet your environment's specific needs.

Major Features

  • Standard Rules support (src -> dst)
  • Rules based on 'Traffic Direction'
  • Rules based on hardware Interfaces
  • Stateful Inspection firewall
  • PPTP Vpn and OpenVPN built-in
  • Advanced anti-spoofing built in
  • DNAT /  SNAT and port forwarding
  • Advanced traffic inspection (low level)
  • Easy to use Web Interface for administration
  • Build-in filtering for Malwares and Ransomwares
  • IDS/IPS and IPS with A.I
  • DDoS Protection
  • URL Filtering

Howto set up site-to-site VPN

Quick Setup Guide

Remote Access via VPN

Quick Setup Guide

ESG Web Interface

Screenshots

For Business Remote Offices & SOHO On the go
Protect your business network and secure your connections. Use the integrated site to site VPN  to create a secure network connection to and from your remote offices. Even on the road ESG is a great asset to your business as it offers OpenVPN VPN solution with road warrior support.

 

FW Schemas

Following the industry standards we have added pre-build profiles for high security setups in order to help our customers get the maximum security for their businesses out of the box. The profiles are based on best security practices and offer maximum security, advanced routing and traffic management in combination with speed and performance.

Profile : FW-LAN-DMZ-LAN2 or FW-LAN or FW-LAN-DMZ

This is the most common scenarios following the standard isolation concept of the LAN , public services (DMZ) and guest (LAN2). By choosing one of the above profiles the firewall engine will apply advanced security rules, NAT and traffic rules in order to isolate the communication between LANs . Also, advanced traffic forwarding rules will be applied for better traffic management and maximum throughput.

Profile : FW-VLAN

Internal segmentention never be so easy

Designed to run in Internal Networks (internal FW), the FW-VLAN allows the creation of multiple VLANS for traffic control. Traffic is routed to the ESG V-LAN firewall through a switch (L3) trunk. All routing and traffic rules (firewall) can be built on the ESG V-LAN firewall.

Profile : FW-FLEX

The 'flexible' profile where no rules applied. Designed for the gurus that really know what they are doing. In this configuration ESG firewall policy is completely 'empty' and ready to accept any configuration you imagine. 

 Howto Configure a V-LAN firewall

 

Remote Access

From anywhere, anytime ... easy and secure.

CyberX Enterprise Security Gateway (ESG) includes a highly secure VPN server for remote connections based on latest encryption algorithms for maximum security and performance.

Main Characteristics

  • High encryption algorithms
  • Easy to setup and manage
  • Standard TCP or UDP connection
  • Supports standard tcp/udp proxy
  • Super fast, super secure
  • Certificate based (no need of password)

Supporting both client-to-server and server-to-server (site to site vpn)

Compatible with ALL of your devices:

 

 

Secure WorkSpace

Connect securely to your corporate network from any location, from any PC.

The SecureWorkSpace is a bootable USB stick with Linux O/S that connects to your corporate networks using advanced A.I methods and high security standards.

Learn More

 

 

ESG Firewall

Next generation firewall with advanced security features built-in

Buy Now

E.S.G : Enterprise Security Gateway


ESG is a professional and hardened Linux firewall that is secure, easy to operate and coming with advanced security features built-in. It runs on top of Centos Linux and is based on 'netfilter' (the linux kernel base firewall module).

Overview
ESG software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with other firewalls catch on to the web interface quickly.

Hardware Selection
ESG is just the software portion of the firewall and run on Centos 6 & 7 64-bits. This means you can use your own hardware to meet your environment's specific needs.

Major Features

  • Standard Rules support (src -> dst)
  • Rules based on 'Traffic Direction'
  • Rules based on hardware Interfaces
  • Stateful Inspection firewall
  • PPTP Vpn and OpenVPN built-in
  • Advanced anti-spoofing built in
  • DNAT /  SNAT and port forwarding
  • Advanced traffic inspection (low level)
  • Easy to use Web Interface for administration
  • Build-in filtering for Malwares and Ransomwares
  • IDS/IPS and IPS with A.I
  • DDoS Protection
  • URL Filtering

 

[ View Web Adminstration Screenshots ]


For Business
Protect your business network and secure your connections.

Remote Offices & SOHO
Use the integrated site to site VPN  to create a secure network connection to and from your remote offices.

On the go
Even on the road ESG is a great asset to your business as it offers OpenVPN VPN solution with road warrior support.

FW Schemas

Following the industry standards we have added pre-build profiles for high security setups in order to help our customers get the maximum security for their businesses out of the box. The profiles are based on best security practices and offer maximum security, advanced routing and traffic management in combination with speed and performance.

Profile : FW-LAN-DMZ-LAN2 or FW-LAN or FW-LAN-DMZ

This is the most common scenarios following the standard isolation concept of the LAN , public services (DMZ) and guest (LAN2). By choosing one of the above profiles the firewall engine will apply advanced security rules, NAT and traffic rules in order to isolate the communication between LANs . Also, advanced traffic forwarding rules will be applied for better traffic management and maximum throughput.

Profile : FW-VLAN

Internal segmentention never be so easy

Designed to run in Internal Networks (internal FW), the FW-VLAN allows the creation of multiple VLANS for traffic control. Traffic is routed to the ESG V-LAN firewall through a switch (L3) trunk. All routing and traffic rules (firewall) can be built on the ESG V-LAN firewall.

Profile : FW-FLEX

The 'flexible' profile where no rules applied. Designed for the gurus that really know what they are doing. In this configuration ESG firewall policy is completely 'empty' and ready to accept any configuration you imagine. 

 Howto Configure a V-LAN firewall

Remote Access

From anywhere, anytime ... easy and secure.

CyberX Enterprise Security Gateway (ESG) includes a highly secure VPN server for remote connections based on latest encryption algorithms for maximum security and performance.

Main Characteristics

  • High encryption algorithms
  • Easy to setup and manage
  • Standard TCP or UDP connection
  • Supports standard tcp/udp proxy
  • Super fast, super secure
  • Certificate based (no need of password)

Supporting both client-to-server and server-to-server (site to site vpn)

Compatible with ALL of your devices:

Secure WorkSpace

Connect securely to your corporate network from any location, from any PC.

The SecureWorkSpace is a bootable USB stick with Linux O/S that connects to your corporate networks using advanced A.I methods and high security standards.

Learn More

 

CyberX
Web App Firewall
Protect your website and Web Applications from cyber threats

[ MODELS & EDITIONS ]  [ SCREENSHOTS ]

Overview

CyberX's enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no or minimal changes to your existing infrastructure.

Our core engine fully follows the OWASP standards as for application security. The CyberX team tune,improve and add new signatures and features in order to increase the detection rate and protect you from recent or zero-day attacks.

Protection against:

  • SQL Injections
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  • GeoLocation Control
  • DDoS Protection
  • Protection from malicious sites and bots
  • Embeded virus scanner for file uploads

Network Diagram

Want to know more ?

Connect more than one CxWAF module to CxWAF Management
→  Connect CxWAF with SPA for maximum security
Howto configure the DDoS  Module
SSL Certificates Installation
Known Issues

 

 Profiling

A Web Application Firewall will trigger a lot of false positive if tuned to the maximum. This is due to the variety of web applications around, different languages used and different programming methods.

In order to avoid false positives but deliver maximum security, the CyberX engineers create various application profiles for a variate of known web applications and web services.

Among others, CyberX WAF has tuned profiles for :

  • Microsoft Exchange
  • Owncloud / NextCloud
  • Roundcube Webmail
  • DigiSpace Platform
  • Various language profiles

 Protection against DDoS attacks

The built-in DDoS protection filters out volumetric attacks before they ever reach your network and harm your apps. It also protects against sophisticated application DDoS attacks without the administrative and resource overhead of traditional solutions, to eliminate service outages.

 Automatic Updates

As of all CyberX products, the CxWAF firewall updates automatically through our own controlled repositories. System and application updates run on a daily basic.

 

 Geolocation Control

Your application under your control. Using CyberX WAF geolocation module you can control the access to your application based on geographical location of the incoming request.

 

CyberX WAF

Protect your website and Web Applications from cyber threats

 

[ MODELS & EDITIONS ]  [ SCREENSHOTS ]

Overview

CyberX's enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no or minimal changes to your existing infrastructure.

Our core engine fully follows the OWASP standards as for application security. The CyberX team tune,improve and add new signatures and features in order to increase the detection rate and protect you from recent or zero-day attacks.

Protection against:

  • SQL Injections
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  • GeoLocation Control
  • DDoS Protection
  • Protection from malicious sites and bots
  • Embeded virus scanner for file uploads

 Profiling

A Web Application Firewall will trigger a lot of false positive if tuned to the maximum. This is due to the variety of web applications around, different languages used and different programming methods.

In order to avoid false positives but deliver maximum security, the CyberX engineers create various application profiles for a variate of known web applications and web services.

Among others, CyberX WAF has tuned profiles for :

  • Microsoft Exchange
  • Owncloud / NextCloud
  • Roundcube Webmail
  • DigiSpace Platform
  • Various language profiles

 Protection against DDoS attacks

The built-in DDoS protection filters out volumetric attacks before they ever reach your network and harm your apps. It also protects against sophisticated application DDoS attacks without the administrative and resource overhead of traditional solutions, to eliminate service outages.

 Automatic Updates

As of all CyberX products, the CxWAF firewall updates automatically through our own controlled repositories. System and application updates run on a daily basic.

 

 Geolocation Control

Your application under your control. Using CyberX WAF geolocation module you can control the access to your application based on geographical location of the incoming request.

Want to know more ?

Connect more than one CxWAF module to CxWAF Management
→  Connect CxWAF with SPA for maximum security
Howto configure the DDoS  Module
SSL Certificates Installation
Known Issues