Technical specifications

Where Does the Mykonos Appliance Sit?

Where Does the Mykonos Appliance Sit?

H3 Intelligence Technology

  • Abuse detection
  • Abuse recording
  • Abuse behavior analysis
  • Abuse response
  • Real-time incident management

Abuse Detection Processors

A library of HTTP processors that implement specific abuse detection points in application code. Detection points identify abusive users who are trying to establish attack vectors such as SQL injection, cross-site scripting, and cross-site request forgery. These include the following:

Authentication Abuse Detection

Detects abuses against application authentication, including:

  • Requests for directory configurations, passwords, and protected resources.
  • Login attempts with invalid credentials
  • Attempts to crack authentication

Cookie Abuse Detection

Detects attempts to manipulate the application by changing cookie values

Error Code Detection

Detects suspicious application errors that indicate abuse, including illegal and unexpected response codes.

Suspicious File Request Detection

Detects when an attacker is attempting to request files with known suspicious extensions, prefixes, and tokens.

Header Stripping

Enables the policing of HTTP headers from the application to ensure critical infrastructure information is not exposed. Response and request headers can be stripped, mixed, or filtered.

Input Parameter Manipulation Detection

Detects attempts to abuse form inputs and establish vectors for injection and cross-site scripting attacks.

Link Traversal Detection

Detects attempts to spider the application for links to hidden and confidential resources.

Illegal Request Method Detection

Detects attempts to abuse non-standard HTTP methods such as TRACE and OPTIONS.

Query Parameter Manipulation Detection

Detects attempts to manipulate application behavior through query parameter abuse.

Malicious Spider Detection

Detects attempts to spider and index protected directories and resources.

Abuse Recording

Full HTTP Capture

Captures, logs, and displays all HTTP traffic for security incidents

Abusive Behavior Analysis

Abuse Profiles

Maintains a historical profile of known application abusers and all of their malicious activity against the application, for analysis and sharing.

Tagging and Re-identification

Enables application administrators to re-identify abusive users and apply persistent responses, over time and across sessions.

Abuse Response

Abuse Responses

Enables administrators to respond to application abuse with session-specific warnings, blocks, and additional checks.

Policy Expressions

Simple expression syntax for writing automated, application-wide countermeasures for the Appliance policy engine.

Responses

The responses include:

  • Warn user: send a custom message
  • Block connection and return arbitrary HTTP error

Deployment

  • Reverse Proxy
  • Database backup/restore
  • High availability - Supports multi-appliance deployment in a master-slave configuration for performance and high availability

Platform Security

  • Hardened Ubuntu distribution with automated security patches

Management Console

Web-based Configuration

Browser-based configuration interface for all appliance configuration and deployment options.

Monitoring Console

Web-based monitoring and analysis interface.

  • Drill into application sessions, security incidents, and abuse profiles
  • Manage and monitor manual and automated responses

Multiple administrators
Multiple applications/domains

Alerts, Reporting, Logging

  • Email Alerts - Sends alert emails when specific incidents or incident patterns occur.

Software and Hardware Delivery Support

Distributed as ISO image, or drop-shipped as a pre-built hardware appliance on HP hardware. For more information about server specifications, contact the Mykonos Sales Team.

High Throughput, Low Latency

SSL Inspection

  • Passive decryption or termination

Multi-application Protection

  • Single appliance processes and secures traffic for multiple application domains.