Airlock Gateway 8.1
Airlock Anomaly Shield
A normal browser sends the received cookies back to the web server, so every request can easily be associated with the same session or user. But bots are not normal users: many bots simply ignore the session cookies sent by Airlock Gateway. Airlock Gateway 8.1 can also link a session to an IP address instead of a cookie. As a result, the anomaly detection can also identify and block attackers that do not return cookies. This significantly extends the scope of the Anomaly Shield and makes it even harder for bots and other automated attackers to attack a protected website or API.
With the query parameter model, Airlock Anomaly Shield also gets a new sensor that is particularly well suited to prevent credential stuffing or password spraying attacks. In addition, we have further optimized the performance of the anomaly detection, which significantly reduces the system load on very long sessions in particular.
GraphQL
GraphQL is a modern query language for APIs. Airlock Gateway now understands GraphQL and applies various security checks to the queries. For example, to prevent APIs from being exposed to denial-of-service attacks, Airlock Gateway checks the length and recursion depth of GraphQL queries. In addition, all GraphQL attributes are protected by Airlock Deny Rules. Regardless of whether they continue to rely on REST APIs or use GraphQL: Airlock Gateway protects your APIs!
HSM
Airlock Gateway supports the two largest NetHSM vendors, Entrust nShield and Thales Luna HSMs. HSMs are useful for additional protection of private keys for HTTPS, among other things. The higher protection is achieved by the fact that the keys generated in the HSM cannot be read via software interfaces. Examples of why this additional security measure is useful are vulnerabilities such as Heartbleed or Shellshock.
Hardened filter rules thanks to Bug Bounties
The Airlock Bug Bounty program is running successfully since 2020, and it has once again produced numerous security improvements.
Updating is easy
Airlock Gateway 8.1 was released mid of August on Airlock Techzone.
A complete overview of all new features and fixes can be found in the release notes.
Release Webinar Gateway 8.1
Recording Englisch
Release Webinar Microgateway 4.1
Recording Englisch