Time to seize control.
Solutions for decision-makers

Data is the new gold, online shops are the new sales channel, social media are the new communication tool – and IT is the new, central interface with your customers and markets. That's why secure solutions are essential – solutions that also deliver superlative usability, simple processes and cost-efficient implementation. Solutions like Airlock Suite from Ergon – because we understand IT, but we also understand management.

Compliance standards

In road traffic and virtual traffic alike, uniform standards define clear rules that are essential for safety and security. This is why Airlock Suite meets all the main international compliance standards – from PCI DSS and OWASP to MAS.

General Data Protection Regulation (GDPR): More than just consent management!

Most people currently associate the GDPR (the EU's General Data Protection Regulation, which is scheduled to enter fully into force on 25 May 2018) with rules governing consent for the use of personal data and rights for data subjects, such as the ‘right to be forgotten’. Yet the GDPR also introduces obligations in respect of appropriate and state-of-the-art protection for personal data and implementation of the principle of data protection by design and by default. The necessary steps must therefore be taken to ensure compliance in this regard. Read our Whitepaper written by Martin Kuppinger to learn more.

Meeting PSD2 Challenges!

PSD2 will require two major technology thrusts: exposing and securing APIs for banking functions, and presenting strong authentication options for financial customers. Banks have to open up many of their core banking functions to enable the PSD2 ecosystem where Third Party Providers (TPPs) can directly initiate payment transfers and aggregate account information. Banks, TPPs, or even other FinTechs much present strong, risk-adaptive authentication methods for financial customers to use. Moreover, PSD2 even mandates the use of transactional and session-level runtime risk assessments. Few banks and FinTechs are in a position today to meet these technical requirements. Read our Whitepaper "Meeting PSD2 Challenges!" written by John Tolbert, Senior analyst KuppingerCole or watch the recorded webinar.

Payment Card Industry Data Security Standard (PCI DSS)

Companies that process credit card transactions are obliged to comply with the credit card industry's data protection guidelines. Large eCommerce companies should also have the security of their networks verified by an external body every three months. The most efficient way of meeting these requirements is to implement the upstream Airlock web application firewall (WAF). It ensures that protection is always fully up to date, with no need for constant changes to all your web applications or adaptations to counter new threats. Read our whitepaper about PCI DSS compliance.

EBA Guideleines to strengthen requirements for the security of internet payments across the EU

The European Banking Authority issued guidelines to strengthen requirements for the security of internet payments across the EU. Concerned about the increase in frauds related to internet payments, the EBA decided that the implementation of a more secure framework for internet payments across the EU was needed. These Guidelines are based on the technical work carried out by the European Forum on the Security of Retail Payments (SecuRe Pay). With the Airlock Suite you get the needed central policy enforcement tool to fullfill the policy reuirements.


The Open Web Application Security Project (OWASP) regularly draws up a list of the major international security challenges.
The focus here is on tools and concepts for secure development, and on protecting web applications. The Airlock team constantly monitors this information and incorporates it into Airlock Suite by issuing software updates. Read more in our whitepaper about the OWASP Top 10

Monetary Authority of Singapore (MAS)

The data protection guidelines of the Monetary Authority of Singapore (MAS) are highly important in the world of international finance. For this reason, Airlock WAF and IAM are entirely compliant with the MAS guidelines, and they protect sensitive data with the help of HSM and end-to-end-encryption.


The Airlock Suite is the first security vendor outside the antivirus industry receiving the EICAR certificate proofing to have no backdoors.

The EICAR Trustworthiness Strategy is to enhance transparency in the contemporary IT Security environment and its ever evolving threats and vulnerabilities scenario and to enable trust into IT Security products that help creating a safer environment.

The Airlock Suite is fullfilling all those requirements.


  • OWASP Top Ten
  • Two-factor authentication
  • Auditing
  • MAS

Maximum security for sensitive data

For the last 17 years, our company has been a respected partner for banks and insurance companies throughout Europe. You too will benefit from this in-depth expertise when you opt for Airlock WAF. This product offers you a unique combination of filtering methods that will meet the most demanding security requirements. And Airlock WAF gives you the added benefit of well thought-out processes that will substantially reduce your administrative outlay.

Short release cycles for web applications pose a major challenge for WAF engineers because they often cause changes to configurations, new rules and application tests. Dynamic whitelisting methods such as URL encryption, intelligent form protection and a central cookie store reduce manual configurations to the bare minimum – and they also slash maintenance costs.

Airlock offers far more than straightforward filtering. When combined with Airlock IAM, Airlock WAF becomes your secure hub for complex web access management and sophisticated single sign-on implementations.


  • Protection against the OWASP Top Ten threats
  • Strong authentication
  • High availability
  • Support for HSM Devices

Cost efficiency

Central upstream authentication cuts maintenance costs and makes software architecture less complex − because it reduces the infrastructure elements by as much as 70%. The separation of authentication logic and business logic guarantees greater flexibility – a critical factor, especially when policy changes have to be implemented rapidly.

At the same time, user self-services mean substantially lower costs for your Helpdesk. Together with an attractive price per user, Airlock IAM self-services will permanently reduce your total cost of ownership – even for legacy applications.


  • Easy-to-understand user self-services
  • Security measures are consolidated
  • Authentication and business logic are separated
  • High RoI (Return on Investment)

Mobile security

Mobile business communication is becoming more important as time goes on: information has to be available quickly and easily. But at the same time, the company's internal security rules must not be breached. Airlock protects your business data by acting as a secure gateway for mobile data communication, with the added benefit of flexible access control.

Mobile security is a complex topic. Airlock Suite together with its technology partners provides extensive protection for your data, covering the mobile device, management of authentication tokens, as well as API protection on the server.

Mobile clients typically use RESTful webservices, which are protected by numerous features of the Airlock Suite. Read solution „API Security“ for more details on this topic. Airlock IAM enables central authentication and authorization for mobile apps by implementing standards such as OAuth and OpenID Connect. Moreover, Airlock IAM provides a REST API for user authentication, which can easily be integrated into custom mobile apps.

Our technology partners provide mobile apps for secure authentication and SDKs for protecting custom mobile apps. Airlock IAM integrates the corresponding authentication tokens and provides comprehensive token management functionality. In addition, Airlock IAM’s user self-services make onboarding of new mobile users quick and easy.

Secure mobile authentication without an app - that’s Mobile ID by Swisscom. The innovative solution is based on the international Mobile Signature Services (MSS) standard and leverages the SIM card as a secure environment for key material. Supporting Mobile ID in your applications is a breeze, because Mobile ID services are fully integrated in Airlock IAM.


  • Protection of REST APIs
  • Support for OAuth and OpenID Connect
  • REST interface for user authentication
  • Integration of leading partner solutions
  • Secure mobile apps for authentication
  •  SDKs for protecting custom apps
  • User Self-services for mobile tokens
  • Mobile ID support

Legally compliant data archiving

User behavior on the internet, in social media and via mobile channels, and knowledge about users' wishes, requirements and preferences add up to a wealth of useful information for companies. In many sectors, companies are obliged to safeguard this information faithfully for legal reasons.

Qumram offers a cutting-edge Big Data platform that records, archives and analyses all customer interactions in the online world with guaranteed legal certainty. This enables companies to meet their statutory duties of retention and substantiation – and it also helps then to optimize their processes, boost productivity, prevent media discontinuities, win more new customers and increase their customer loyalty and conversion rates.


  • Legally compliant data archiving
  • Legally compliant cross-channel recording
  • Fully integrated in Airlock WAF
  • Automatic coverage of all applications

API Security

Web services are typically accessed from mobile applications directly and provide critical interfaces between systems in federated architectures. Airlock WAF and IAM combine their forces to provide in-depth API security.

Airlock WAF
RESTful web services often use JSON for data transfer. Airlock WAF’s integrated JSON parser allows the consistent application of security policies both to standard HTML form posts and REST calls.
Moreover, Airlock WAF provides a patent-pending1) dynamic whitelisting technique called DyVE (Dynamic Value Endorsement). DyVE allows the dynamic endorsement of selected attribute values within a session's scope. Subsequent REST calls must comply by using endorsed values for the selected attributes. As a simple example, consider online banking transactions. Using DyVE, it is possible for Airlock WAF to enforce transactions to only debit accounts previously offered by the banking server.

Mobile clients typically ignore cookies, which are traditionally used for secure session handling in web applications. In order to protect mobile sessions, Airlock WAF supports session management based on access tokens (e.g., Bearer tokens).
Airlock WAF's SOAP/XML filters also interpret WSDL and schema files to ensure that a web service API is used in the specified form.

Airlock IAM
Airlock IAM enables central authentication and authorization for mobile apps and other web service clients by implementing standards such as OAuth and OpenID Connect. Depending on the capabilities of the back-end service, Airlock IAM may propagate identities in different formats, e.g. using JWT or SAML. Moreover, Airlock IAM provides a REST API for user authentication, which can easily be integrated into custom mobile apps.


  • Protection of REST and SOAP webservices
  • Built-in support for JSON
  • OAuth 2.0 and OpenID Connect
  • Dynamic Value Endorsement (DyVE)
  • Session Management based on Access Tokens
  • REST API for user authentication

1) Swiss patent application filed for DyVE