Mykonos Web Security
How it works | Features | Tech Specs | How to Deploy | Case Study | Datasheet | Request Demo
Technical Specifications
Recent Updates
- What's New in Mykonos Web Security (Ambler: April 2012)
- What's New in Mykonos Web Security (Shinkendo: August 2011)
- What's New in Mykonos Web Security (Jujitsu: February 2011)
Intelligence Technology
- Abuse detection
- Abuse tracking
- Abuse profiling
- Abuse response
- Real-time incident management
Abuse Detection Processors
A library of HTTP processors that implement specific abuse detection points in application code. Detection points identify abusive users who are trying to establish attack vectors such as cross-site request forgery. Some examples of processors include:
- Abuse Detection
- Authentication Abuse Detection
-
Detects abuses against application authentication, including:
- Requests for directory configurations, passwords, and protected resources.
- Login attempts with invalid credentials
- Attempts to crack authentication
- Cookie Abuse Detection
- Detects attempts to manipulate the application by changing cookie values.
- Error Code Detection
- Detects suspicious application errors that indicate abuse, including illegal and unexpected response codes.
- Suspicious File Request Detection
- Detects when an attacker is attempting to request files with known suspicious extensions, prefixes, and tokens.
- Header Enforcement
- Enables the policing of HTTP headers from the application to ensure critical infrastructure information is not exposed. Response and request headers can be stripped, mixed, or filtered.
- Input Parameter Manipulation Detection
- Detects attempts to abuse form inputs and establish vectors for injection and cross-site scripting attacks.
- Link Traversal Detection
- Detects attempts to spider the application for links to hidden and confidential resources.
- Directory Traversal Protection
- Prevents attackers from finding hidden directories.
- Illegal Request Method Detection
- Detects attempts to abuse non-standard HTTP methods such as TRACE.
- Query Parameter Manipulation Detection
- Detects attempts to manipulate application behavior through query parameter abuse.
- Malicious Spider Detection
- Detects attempts to spider and index protected directories and resources.
- Cross Site Request Forgery
- Detects and prevents cross site request forgery attacks.
- Custom Authentication
- Allows companies to protect a page or portion of a site if a vulnerability is found.
- 3rd party Vulnerability Protection
- Detects Known Attacks
- IP List Export
- For Layer 3 Firewall Integration
- Abuse Recording
- Full HTTP Capture
- Captures and displays all HTTP traffic for security incidents.
- Abusive Behavior Analysis
- Abuse Profiles
- Maintains a profile of known application abusers and all of their malicious activity against the application.
- Tracking and Re-identification
- Enables application administrators to re-identify abusive users and apply persistent responses, over time and across sessions.
- Abuse Response
- Abuse Responses
-
Enables administrators to respond to application abuse with session-specific warnings, blocks, and additional checks. One-click automation of responses during configuration.
- Warn user: send a custom message
- Block connection and return arbitrary HTTP error
- CAPTCHA
- Connection throttling
- Logout and forced re-authentication
- Simulated broken application (Strip inputs)
- Policy Expressions
- Simple expression syntax for writing automated, application-wide responses.
Deployment
- Reverse Proxy with Load Balancing
- Available as software ISO, VMWare or AMI Image.
- Support for alternate ports (other than 80 & 443)
Updates
Automatically downloaded and available within the management console.
Platform Security
Hardened kernel, locked-down ports, separate management interfaces, encrypted back-ups.
Management
- Simplified configuration with set-up wizards
- Web-based configuration — Browser-based interface for all deployment options
- Monitoring Console — Web-based monitoring and analysis interface
- Drill into application sessions, security incidents, and abuse profiles
- Manage and monitor manual and automated responses
- Deep search and filtering capabilities
- Realtime and historical system monitoring
- Multiple administrators
- Multiple applications/domains
- Remote Syslog integration
SSL Inspection
Passive decryption or termination
Alerts, Reporting, Logging
- Email Alerts - Sends alert emails when specific incidents or incident patterns occur
- Command line interface for custom reporting
- Reporting Management System with user interface
- SNMP system logging
- Auditing - Tracks changes to the system made by the administrators in the configuration interface, security monitor, TUI and report generation.
- Security incidents via syslog
Performance
- Higher throughput using master/slave clustering
- Link aggregation
- Throughput: Up to 5Gbps on a 1U box.
- Latency: 5-70ms depending on network configuration.
Stay Connected: