Skip to main content

About Cyber Shield

Abstract

Cyber Shield protects your network and users from cyber threats. Content filtering can block malicious content and cyber threats regardless of whether the traffic enters your WPC. When traffic enters your WPC, IDS/IPS functionality can block traffic that resembles DoS attacks and other threats.

Cyber Shield protects your network and users from cyber threats. Content filtering can block malicious content and cyber threats regardless of whether the traffic enters your WPC. When traffic enters your WPC, IDS/IPS functionality can block traffic that resembles DoS attacks and other threats.

Introduction to Domain Filtering

Cyber Shield provides Domain Name System (DNS) content filtering to protect your WPC Users from malicious and suspicious websites, even when internet traffic isn’t transported through the WPC. You can monitor the number of domain name resolutions that fall into various content categories or take security further and enable blocking.

DNS-based filtering lets you block domain name resolutions for those websites that fall into undesirable or unsafe categories. Specific domain names can be added to allow and block lists.

Cyber Shield provides data reporting on the number of observed and blocked domain name queries originating from your Users. You can drill down and investigate exactly which User or Device generated the DNS requests that were flagged with a particular content category. A CSV report with the details of the observed/blocked domain names can be received via email.

Domain Filtering can classify web content into 43 categories based on the domain name and block access to specific content categories based on configuration. The 43 content categories are organized into eight groups, allowing you to select the content categories to block easily. Domain Filtering Protection Levels preselect applicable content category groups to block based on the security and content access policy you desire. Refer to Domain Filtering Protection Levels and Content Categories.

Introduction to Traffic Filtering

Note

Traffic Filtering is a Beta feature.

Cyber Shield provides a built-in Intrusion Detection System (IDS) and an Intrusion Protection System (IPS). When set to monitor traffic, Cyber Shield will act as an IDS and will monitor the traffic flowing through CloudConnexa to provide you with detailed statistics on traffic it has identified as malware, intrusion activity, denial of service, and other types of threats. Once presented with statistics on the type of traffic detected and the number of times that type of traffic was detected, you can drill down and investigate exactly which user or device generated that traffic.

Traffic filtering matches the monitored traffic to traffic signatures of malicious traffic and other traffic of interest. Traffic matching specific patterns of interest are classified into three threat priority levels: Critical, High, and Medium. Traffic signatures of malicious traffic and other traffic of interest are also classified into nine categories based on the type of traffic or threat.

To nip threats in the bud, you can use Cyber Shield to protect your network by blocking certain types of traffic. When you configure specific threat categories or threat priorities of traffic types to block, Traffic Filtering will drop those packets and provide statistics on those blocked events.

IDS/IPS capability is handy when CloudConnexa provides an egress route for all internet traffic. We recommend blocking Priority Critical traffic, which identifies traffic generated by malware, trojans, worms, and specific intrusion activity. Refer to Traffic Filtering Priorities, Categories, and Protection Levels.