RedShield protects your critical online applications
How we do it is important too
The RedShield engagement model
Immediate requirements
If you have identified new threats or indeed have experienced a recent attack, we can respond rapidly – often the same day – to provide total remediation.
We’re able to deploy a Shield for your application often in a matter of minutes rather than the weeks, months, or even multi-year timelines typical with software remediation. And that’s if your dev team can solve it at all given they may not even have access to the problematic code if it sits with a third party or is otherwise obfuscated or inaccessible.
Security uplift
Strategic engagement
RedShield certainly helps in urgent situations and responds with a custom Shield to get you protected rapidly. Ideally, like most protections, Shielding is done strategically rather than as a tactical reaction. This is where RedShield is not a project, but a program where our service is aligned to your business and we manage the outcomes for your application security and share the risks and responsibilities.
Our managed service then deals with the dynamic nature of newly identified issues, focused on both security effectiveness and maintaining applicational compatibility.
Project level requirements
Urgent requirement
Responding to immediate threat
Rapid, tactical turn-around
Simple requirement specifications
Quick deployment
Program level engagement
Long-term strategic goals and objectives
Actions mapped against business cases
Methodical, measured response
Understanding of Inter-dependent requirements
Shared risk & responsibility
Talk to us
Schedule a discovery call
The RedShield process
Every RedShield plan has our fundamentals solution at its foundation. This baseline provides the minimum protections for your applications. It’s the foundation upon which we build the ideal program of work for your organisation.
1. Discovery & defining
We uncover all applicable known vulnerabilities and deploy the appropriate remediation steps
3. Testing
We test our remediation to ensure the effectiveness of the solution and ensure that functionality is retained
2. Developing
We create custom Shields to protect your application from any feasible compromise.
4. Vigilance
We proactively monitor, learn, and adjust – ready to tune or implement any changes rapidly in the face of new CVEs
The RedShield tiers
RedAlert
Harden server responses and get alerts on malicious traffic and app vulnerabilities
Managed elimination of exploit indicators
– Web server information leakage limitation
– Web server response hardening
Managed threat defense hygiene
– Bot access alert
– Darkweb access alert
– HTTP compliance enforcement
– WAF basic hacker technique detection
– WAF based signature attack detection
– Generic whitelist for search bots
– Custom whitelist/blacklist IPs
– Application and infrastructure vulnerability scanning
– Defense verification
Application delivery
– Support for Custom SSL Certificates
– Support for cloud caching and acceleration
– Support for load balancing
24/7 expert resourced helpdesk
– Response to any detected or reported service anomalies
Compliance support
– ISO 27001:2013 Information Security Management System
RedProtect
Block bots and malicious traffic without disrupting transactions
INCLUDES REDALERT PLUS:
Standard shields to block malicious traffic
– Generic attack detection and defense
– Blocking masks tuned for extremely low false positives* even with rapid application release cycles
– Blocking masks tuned to stop known evasion and bypass
– Blocking masks tuned to stop known customer application specific exploits
– Mapping of generic attack detection
24/7 expert resourced help desk
– For direct to end customer response to resolve any false positives without reducing defensive posture
– For response to any newly detected vulnerability or reported relevant exploit
– Response to any newly detected attack
– Analyst verified vulnerability presentation
– Status reporting across CVSS and exploitability audits
– Remediation and mitigation recommendations
– Overview Portal reporting of attacks
– Drill through to full details of blocked and alerted attacks
– Advanced correlation of events for threat actor hunting
Monthly management level reporting
– Incident Management
– Change Management
– PCI DSS 3.1 compliant WAF infrastructure & processes
– CSA Cloud Security Alliance STAR Level 1
– EU-US Privacy Shield and Swiss-US Privacy Shield
– EU General Data Protection Regulation (GDPR)
– US Health Insurance Portability & Accountability Act (HIPAA)
– California Consumer Privacy Act (CCPA)
RedSecure
Fix application vulnerabilities without touching a single line of code
INCLUDES REDPROTECT PLUS:
Transformational shields to adapt app behavior
– Custom transformational shields (nano code objects) deployed on a Function as a Service (FaaS) platform
Integration with customer’s change feed
– 24×7 change support
Addon options
Additional measures and customisations
Dedicated traffic process equipment
– RedShield hosted
or
– Customer hosted
Authenticated scanning & manual pentesting
Dedicated WAF blocking mask
A la carte AppSec Shielding
Custom Bot and DDoS defenses
AppSec Workers
– Accertify Fraud Protection
– Password Protection
– Session Hijacking Protection
– File upload virus scanning
– Custom transformation of request and/or response with application state, or bespoke component rewrite
– Creation of new security control
Onboarding management
24×7 change support
Test drive RedShield
During a test drive, you can see the value of RedShield on one of your websites.
We'll help you make your vulnerabilities vanish, removing the ability to exploit completely.
Discovery call
If you’d prefer one of our consultants to reach out to you as a first step, please leave your contact details.
Schedule a discovery call
Test drive RedShield
If you wish to take RedShield for a test drive automatically, you can get started in just a few minutes.