RedShield protects your critical online applications

How we do it is important too

The RedShield engagement model

Immediate requirements

If you have identified new threats or indeed have experienced a recent attack, we can respond rapidly – often the same day – to provide total remediation.

We’re able to deploy a Shield for your application often in a matter of minutes rather than the weeks, months, or even multi-year timelines typical with software remediation. And that’s if your dev team can solve it at all given they may not even have access to the problematic code if it sits with a third party or is otherwise obfuscated or inaccessible. 


Security uplift

Strategic engagement

RedShield certainly helps in urgent situations and responds with a custom Shield to get you protected rapidly. Ideally, like most protections, Shielding is done strategically rather than as a tactical reaction. This is where RedShield is not a project, but a program where our service is aligned to your business and we manage the outcomes for your application security and share the risks and responsibilities.

Our managed service then deals with the dynamic nature of newly identified issues, focused on both security effectiveness and maintaining applicational compatibility.

Project level requirements

Urgent requirement

Responding to immediate threat

Rapid, tactical turn-around

Simple requirement specifications

Quick deployment

Program level engagement

Long-term strategic goals and objectives

Actions mapped against business cases

Methodical, measured response

Understanding of Inter-dependent requirements

Shared risk & responsibility

Talk to us

The RedShield process

Every RedShield plan has our fundamentals solution at its foundation. This baseline provides the minimum protections for your applications. It’s the foundation upon which we build the ideal program of work for your organisation.

1. Discovery & defining

We uncover all applicable known vulnerabilities and deploy the appropriate remediation steps

3. Testing

We test our remediation to ensure the effectiveness of the solution and ensure that functionality is retained

2. Developing

We create custom Shields to protect your application from any feasible compromise.

4. Vigilance

We proactively monitor, learn, and adjust – ready to tune or implement any changes rapidly in the face of new CVEs

The RedShield tiers


Harden server responses and get alerts on malicious traffic and app vulnerabilities

Managed elimination of exploit indicators  

– Encryption hygiene
– Web server information leakage limitation
– Web server response hardening

Managed threat defense hygiene  

– Volumetric D/DoS, mileage may vary
– Bot access alert
– Darkweb access alert
– HTTP compliance enforcement
– WAF basic hacker technique detection
– WAF based signature attack detection
– Generic whitelist for search bots
– Custom whitelist/blacklist IPs
Managed weekly defense & vulnerability audit  

– Application and infrastructure vulnerability scanning
– Defense verification

Application delivery  

– Support for Custom SSL Certificates
– Support for cloud caching and acceleration
– Support for load balancing

24/7 expert resourced helpdesk  

– Response to any detected or reported service anomalies

Compliance support  

– ISO 27001:2013 Information Security Management System


Block bots and malicious traffic without disrupting transactions


Standard shields to block malicious traffic   

– Generic attack detection and defense
– Blocking masks tuned for extremely low false positives* even with rapid application release cycles
– Blocking masks tuned to stop known evasion and bypass
– Blocking masks tuned to stop known customer application specific exploits
– Mapping of generic attack detection

24/7 expert resourced help desk  

– For direct to end customer response to resolve any false positives without reducing defensive posture
– For response to any newly detected vulnerability or reported relevant exploit
– Response to any newly detected attack

Vulnerability workflow management portal  

– Analyst verified vulnerability presentation
– Status reporting across CVSS and exploitability audits
– Remediation and mitigation recommendations

Attack reporting  

– Overview Portal reporting of attacks
– Drill through to full details of blocked and alerted attacks
– Advanced correlation of events for threat actor hunting

Monthly management level reporting  

Role based managed service definition  

– Incident Management
– Change Management

Additional compliance  

– PCI DSS 3.1 compliant WAF infrastructure & processes
– CSA Cloud Security Alliance STAR Level 1
– EU-US Privacy Shield and Swiss-US Privacy Shield
– EU General Data Protection Regulation (GDPR)
– US Health Insurance Portability & Accountability Act (HIPAA)
– California Consumer Privacy Act (CCPA)


Fix application vulnerabilities without touching a single line of code


Transformational shields to adapt app behavior  

– Custom transformational shields (nano code objects) deployed on a Function as a Service (FaaS) platform

Integration with customer’s change feed  

– 24×7 change support

Addon options

Additional measures and customisations

Dedicated traffic process equipment  

– RedShield hosted
– Customer hosted

Authenticated scanning & manual pentesting 

Dedicated WAF blocking mask 

A la carte AppSec Shielding  

Custom Bot and DDoS defenses 

AppSec Workers

– Accertify Fraud Protection
– Password Protection
– Session Hijacking Protection
– File upload virus scanning
– Custom transformation of request and/or response with application state, or bespoke component rewrite
– Creation of new security control

Onboarding management 

24×7 change support 

Test drive RedShield

During a test drive, you can see the value of RedShield on one of your websites.
We'll help you make your vulnerabilities vanish, removing the ability to exploit completely.

Discovery call

If you’d prefer one of our consultants to reach out to you as a first step, please leave your contact details.

Test drive RedShield

If you wish to take RedShield for a test drive automatically, you can get started in just a few minutes.