iNSIGHT for Web Server (IWS)

Outbound security appliance for web services to protect against information leakage and defacement

IWS completes your security suite by providing full defence against compromised outbound sensitive data with source agnostic coverage.
Outbound data breaches can result from both internal and external sources created by malicious or trusted agents.

IWS: The Last Line of Outbound Defense
IWS Fits and Completes Existing Security Suite

IWS is uniquely designed to fit into and complete your existing security suite as a reverse proxy.
Monitoring and protections on sensitive outbound data begins immediately out of the box.

IWS Protection is Agnostic to Threat Sources

External and internal cyber threats sources are constantly evolving and emerging.
If the results of these threats are compromised outbound data, IWS will detect and prevent their propagation.

Outbound Security Does Not Exist in Traditional Security Framework

Traditional security framework primarily monitors and protect inbound data.
It does not address outbound data and threats from internal sources such as human errors or malicious insider.

The Risks of Ignoring Outbound Security Gaps
Dangerous Gap in Traditional Security Framework

Traditional security framework such as firewalls or WAFs only monitors and protect inbound data.
It is highly susceptible to threats that are disguised as normal data or are from trusted origins.

Dangers of Compromised Webserver

Your webserver is constantly susceptible to risks and damages from failed inbound security.
A compromised server can leak sensitive data and spread misinformation with dangerous consequences.

Risks Leads to Business Damages

Without outbound protection sensitive data, misinformation or defaced content can spread in business web applications.
This can result from human errors or malicious insiders that inbound security can never detect the damages are often costly or maybe impossible to rectify.

IWS Protection Case studies
Reconnaissance Mitigation

Hackers and malicious external agents often first have to identify your systems through reconnaissance to begin their attacks.
IWS identifies and intercepts Indicators of Reconnaissance (IoR) significantly reducing success of recon attempts by malicious agents.

Data & Defaced Content Leakage

Sensitive data and defaced content can originate from both internal and external sources such as human errors and malware.
IWS monitors and intercepts compromised data leak in outbound responses with Content Type and Hash Protection.

Configuration Information Leaks

Configurations of private systems and applications such as Cloud API keys can be leaked to the public through your web application from various internal threats.
IWS monitors and intercepts outbound configuration information in your web application with Content Type and Hash Protection.

IWS in Brief
Request a Trial / Quote

Feature Focus:
IWS GenAI Data Leakage Prevention (DLP)

IWS provides a crucial last line of defence against compromised outbound sensitive data from GenAI countermeasures failure.
GenAI firewalls and countermeasures alone are currently not fully able to prevent outbound data breaches should malicious compromises occur.


Read More

GenAI DLP protection by IWS:


Aspect Threats Impact Countermeasures IWS Protection
People
  • Intentional or unintentional data leaks by employees to public GenAI models
  • Loss of customer data/ PII and FI secrets
  • Regulatory consequences and reputational damage
  • Conduct awareness campaigns
  • Implement data classification for data which can be entered into GenAI models
  • Prevents failed countermeasures' compromised sensitive information, found in the web servers' outbound HTTP traffic, from reaching the public through deep detection of sensitive information
  • Once compromised information is detected, IWS will send a HTTP redirect response to the browser, redirecting the visitor to a pre-configured sanitized error page
Process
  • Vulnerabilities or security weaknesses in in-house developed GenAI models
  • Risks of supply chain attack arising from the use of third party or open-source GenAI models
  • Data Leakage leading to loss of sensitive information
  • Backdoors and in-built vulnerabilities
  • Adopt security best practices while developing GenAI models
  • Conduct third-party provided or open-source GenAI model risk assessment
Technology
  • Inability to detect unusual user inputs
  • Bypass of GenAI model guardrails
  • Loss of sensitive information
  • Data Leak of PII
  • Reputational damage
  • Implement DLP tools and firewalls for GenAI models to mitigate loss of confidential data to GenAI models
  • Introduce controls while developing and using the GenAI models
  • Conduct vulnerability assessments and security testing on GenAI models

Patented Technologies

High accuracy using patented technologies to prevent false positives

Better Compliance

Better compliance with regulations such as PDPA Section 24 (Protection of personal data)

High Performance and Availability

Providing maximum security with high performance and availability by integrating with load balancer and CDNs

Key Business Benefits

Support Business

Build customer and public confidence in web-based services

Protect Business Value

Avoid regulatory penalties and reputation restoration costs

Support Information Security

Compliment other security systems to lower the overall risk of information leakage

Support Application Development

Identify potential information leakage during application development

Support Operations

Compliment existing QA tools to identify potential information leakage

Standalone Machine

IWS is not a SAAS product it is a standalone machine.

Features

Detect and Block Compromised Web Pages

Contain Vulnerabilities In Web Applications

Block Server Errors

Prevent Leakage of Sensitive Information

Detect and Block Defacement

Detect Web Reconnaissance Attempts

Data Loss Prevention "DLP" For GenAI Models

Compatibility

On Premise (Hardware)

3 major series to choose from depending on your performance requirements with no functional loss between series

Download Datasheet

VM Image

Reduced capital cost compared to hardware

Download Datasheet

AWS

Compatible with Elastic Load Balancing (ELB) and CloudFront

Learn More

Azure

Compatible with Content Delivery Network, Load Balancer and VNet Peering

Learn More

Comparison Matrix

Protection against: Protection Options
Static Code Analyzer Common Data Loss Prevention Products iNSIGHT for Web Server
Information leakage due to compromised web servers via internal sources
Infection / Transmission of malicious code to visitors
Data leakage due to application vulnerabilities
Information leakage due to server errors or misconfiguration
Information leakage due to malicious or accidental uploads
Public disclosure of defaced web server
Type of Defacement Protection Options
File Integrity Solution Defacement Scanners Human Monitoring Services iNSIGHT for Web Server
Defacement content is stored in files on web site, such as HTML, JSP, ASPX, PHP and etc. *
Defacement content is stored in database used by content management systems, such as Sharepoint, Sitecore, Joomla, Wordpress and etc
Defacement content is shown conditionally, such as shown to search engines only, referrals from search engines, mobile users and etc. *
Defaced content in newly added files, without links from any existing pages, which constitutes the No. 1 type of defacement on Zone-H. *
Transient cross-site techniques using scripts, layers, frames to display defaced content from external sites, for e.g. SG PMO and Istana defacement in 2013.
Transient reflected defacement where defacement input is reflected in the response page from the vulnerable website.
Real-time protection to block defaced content from being shown or display the last known good copy even after the web page is defaced in less than 5 seconds.
Restore the display of non-defaced, non-malicious or non-leaky content and preserve forensics evidence on the affected web, app or database servers without restoring content automatically, hence preserving admissible court evidence for legal proceedings. * * *
Protect post-authenticated pages, such as dashboards. *
Protect non-HTML content, such as Restful API, SOAP XML and others, which are commonly used to support mobile applications.

F.A.Q

Frequently Asked Questions

General

Existing security systems provide good protection against incoming attacks from external sources. IWS complements such systems by extending the protection profile to include protection against outgoing information leakages.

Although some WAFs are able to scan outgoing traffic, their ability in this area is very limited. This is understandable as WAFs are primarily focused on incoming threats. For instance, though some WAFs claim they can detect sensitive information such as credit card and Social Security numbers, they are not able to detect presence of such information if the information is contained in common document formats such as Microsoft Office or PDF files. In addition, WAFs are usually not able to detect presence of leakages of source codes as they are not equipped to distinguish between source codes and normal English text. For these areas, IWS has made use of patented technologies to achieve what WAFs cannot do.

For IPS, again as their name implies, their focus is in protecting against intrusions, not leakages.

Likewise, existing WAF or IPS solutions cannot prevent defaced or maliciously compromised web pages from being shown to the public, while IWS can.

Hence, IWS complements WAFs and IPS to provide a more comprehensive protection to your organisation.

Please access the Comparison Matrix for a more detailed comparison.

Out of the box, IWS protects against:

a. Leakage of source code
b. Leakage of software debug messages
c. Leakage of system configuration
d. Leakage of personal information
e. Leakage of financial information
f. Leakage of healthcare information
g. Display of defaced/hacked web pages
h. Display of maliciously compromised web pages

IWS also allows users to detect other types of sensitive information, without the need to learn a new scripting or programming language. Customised detection logic can be added via web-based custom editor.

Good quality control processes and procedures are important and should still be implemented and followed even when security systems are present.
On the other hand, just as no one will say that good development processes and procedures can remove the need for web application firewalls, tightening of quality control does not remove the need for a information leakage system for web servers.
From our research, there are 4 main causes of information leakage from web servers:

a. compromised web servers
b. web application errors
c. server errors
d. sensitive documents left on web servers


At best, we expect good quality control can reduce the risks from server errors and sensitive documents left on web servers. Leakages due to compromised web servers or web application errors may not be that easily detected by quality control processes.

IWS only provides information leakage protection for web servers. Depending on the market conditions, iNFOTECT will decide whether to develop a similar product for email servers and instant messaging servers.

Deployment

IWS is usually deployed “in front” of the web servers it is protecting, hence it is situated between any existing network firewall/web application firewalls/intrusion prevention systems and the web servers.

As IWS can be used to protect Internet-facing and Intranet-facing web servers, it can be located in the same network segments where these servers are located.

IWS products are designed to sustain high throughput. With IWS running in interception mode, user experience can even be better due to the high performance proxy cache and load balancing features within IWS. With IWS in monitoring mode, there is no impact as IWS will be situated in an out-of-band segment.

Yes, IWS products can be integrated with existing high availability and load balancing solutions to provide theses features.

As a best practice, it is recommended to deploy IWS nearer to where the web servers are located. Hence, in a distributed web server architecture with different access gateways to the Internet, multiple nodes of IWS should be deployed to the distributed sites while still remain centrally-managed via a secure web-based management console.

If all the distributed web servers shared a common gateway to the Internet, one can choose to deploy more advanced models of IWS, which are built to support very high throughput, near the common Internet gateway.