Written by: Gábor Marosvári, Product marketing lead, Balasys
In the past period, intensive development and background work have shifted our focus inward, resulting in poor communication when it comes to Zorp news. We’re sorry about that! I would like to emphasize that the development of Zorp Gateway is nevertheless ongoing! Thanks to these efforts, Balasys’ highly flexible, proxy-based network security suite now boasts an updated architecture, a renewed GUI and several new features. In this post, I’d like to summarize the key new features that have been added to the product since the 6.0. release.
Zorp Gateway is one of the first IT security products to support the latest TLS 1.3 cryptographic protocol. You can encrypt non-encrypted or legacy internet protocols with the most advanced encryption standard currently available on the market. The security of the communication can be further improved by requiring strong authentication from the user. Based on this feature set, you can implement highly secure web browsing, mailing or even e-banking/e-commerce services over your less-secure internet infrastructure. Another potential use is the strong encryption of data stored in cloud services.
Based on the integration with Apache ModSecurity WAF, Zorp Gateway can now inspect and analyze the content of encrypted and non-encrypted internet traffic to verify that it conforms to the standards of the HTTP(S) in use. Beyond detecting advanced attack vectors, it can also hide the vulnerabilities or development errors of the web servers. This is a reliable tool for protecting your organization's public internet services.
The Zorp Gateway can now support the Internet Content Adaptation Protocol (ICAP). Thanks to ICAP support, Zorp Gateway can integrate with several third-party security solutions such as DLPs, IDS/IPS and anti-malware tools, including multi-scan engines and sandbox-technologies. The above integrations can also be implemented via encrypted channels. This feature empowers you to build a custom and comprehensive threat management environment to protect your enterprise network.
Many websites (e.g. facebook.com) don’t have a fixed IP address, yet you still need to control access to them. In addition, sometimes you are not allowed to inspect certain types of encrypted traffic (from privacy or other reasons), but you may still want to gain some control over this traffic tool. In such cases, hostname-based decisions can help you: you can control the access to these sites based purely on their hostnames. Essentially, this is a special URL-filtering capability helping you set up rules solely based on the domain name information, without knowing the IP address or the outgoing traffic content. For example, you can leverage this function in the following cases:
Zorp Gateway offers a rule for limiting network connection rates. This feature comes in especially handy when your site is under (D)DOS attack or there are enormous peaks in the everyday traffic. You can configure the product to prioritize the requests in such cases by serving more important transactions first, while limiting the bandwidth for others.
Zorp Gateway can automatically recognize certain protocols and services and can selectively handle these based on preconfigured connection rules. Currently, the supported protocols and services are as follows: HTTP, SSH, server certificate and Sever Name Indication (SNI).
The Zorp Gateway 7.0.5 supports form-based authentication in HTTP protocol. It can be presented to the user with an editable ‘form’ to fill in and submit in order to log into a given web application or service. You can even integrate it with your existing AD/LDAP database. Form-based authentication is a platform-independent and customizable solution to unify the web-based authentication process across your company, customers and partners.
We are continuing the development of Zorp Gateway to make it the most customizable, reliable and resource-efficient network security suite available on the market today. From now on, we are going to post some important news about Balasys and the Zorp product family on a regular basis. Stay tuned!
A digitális átalakulás korában kiemelt szerepet kap az ügyfelek, a cégek és a partnerek közötti gyors kapcsolattartás és adatcsere.
A Proxedo API Security use case
The benefits of Zorp GPL when used as an ingress controller in Kubernetes