60555
KraLos GmbH
Germany
Market: Internet and IT, Artificial Intelligence
Stage of the project: Prototype or product is ready
Date of last change: 03.09.2023
Market: Internet and IT, Artificial Intelligence
Stage of the project: Prototype or product is ready
Date of last change: 03.09.2023
Idea
We want to offer a protection system that covers every vector of a web application and keeps the costs transparent for the customer following 2 simple Rules:
1. Less is more
2. No access to the web application via the Internet
Less is more
Simplicity is the key. Instead of relying on increasingly complex systems to safeguard web applications, we embrace the 'less is more' approach.
No access to the web application via the Internet
An application that is unreachable from the Internet is inherently safeguarded against Internet-based attacks.
Further text under Solution
1. Less is more
2. No access to the web application via the Internet
Less is more
Simplicity is the key. Instead of relying on increasingly complex systems to safeguard web applications, we embrace the 'less is more' approach.
No access to the web application via the Internet
An application that is unreachable from the Internet is inherently safeguarded against Internet-based attacks.
Further text under Solution
Current Status
The market size has a Volume of $150 billion.
Webouncer's four-tier security levels have already attracted customers within just three months of launch.
Webouncer's four-tier security levels have already attracted customers within just three months of launch.
Market
Hosting Provider, Cloud Provider, B2B, Partner Network
Problem or Opportunity
There are 203 million aktiv web-based applications online today, each susceptible to relentless cyber threats. Global cybercrime costs have soared to nearly $945 billion annually.
Hacker Attacks, data theft, manipulation, Fake news, data encryption and more on web-based applications.
Hacker Attacks, data theft, manipulation, Fake news, data encryption and more on web-based applications.
Solution (product or service)
WEBOUNCER – THE DIFFERENCE
Patent No.: LU103080
The Internet serves as a vital platform for showcasing businesses or organizations and providing services, including product sales, across different geographical boundaries.
However, it's concerning that malicious individuals are increasingly exploiting this avenue to disrupt website functioning or cause harm to both the website owner and its users. Regrettably, these actions lead to significant financial losses, amounting to 203 billion euros annually in Germany alone (source: https://www.bitkom.org/Presse/Presseinformation/Wirtschaftsschutz-2022).
Numerous attack methods exist, each requiring its own specific solution.
Typically, each solution addresses a single attack vector. To achieve comprehensive protection, it's necessary to blend corresponding solutions. However, the process can become perplexing as the diverse solutions require distinct configurations and monitoring approaches.
This raises the complexity and cost of the defense system due to potential mishaps in integration or misconfigurations, which may increase the potential points of attack. As a result, a false sense of security is quickly created, which can reult a critical vulnerability in the very web application that's meant to be protected.
For example:
"Protects an upstream firewall against unauthorized access. This firewall analyzes incoming traffic and screens out risky requests based on rules. However, if a DDoS attack occurs, the firewall can become overwhelmed and fail, leaving the system behind it vulnerable to subsequent attacks without proper protection."
Meanwhile, artificial intelligence is also employed to counter threats. These systems need to learn fr om past attacks, which unfortunately leads to some targeted web applications experiencing harm until the AI can effectively address the attack. On the other hand, these systems have demonstrated a tendency to fail frequently, and they often deter visitors from accessing a website.
We have all visited websites that ask if we are human.
The security of protection systems varies, sometimes offering greater security, and other times less. However, it's worth noting that these systems are accessible to attackers as well. For example, an attacker could set up a seemingly legitimate website and apply a protection solution to it. This way, they could test the system's defenses under controlled conditions, potentially uncovering vulnerabilities and weak points.
These separate solutions can be combined affordably for a "basic level" of functionality, yet expenses escalate when aiming for comprehensive web application security. Several solutions are tiered across various pricing plans, and even within the highest-cost category, supplementary "addons" are often necessary for complete protection. This can put the initial "great price" into perspective. It's essential to acknowledge that protection systems, being products of human creation, also carry inherent flaws that attackers can potentially exploit.
Vision
With Webouncer, we want to offer a protection system that covers every vector of a web application and keeps the costs transparent for the customer following 2 simple Rules:
1. Less is more
2. No access to the web application via the Internet
Less is more
Simplicity is the key. Instead of relying on increasingly complex systems to safeguard web applications, we embrace the 'less is more' approach. By minimizing installations, we reduce potential points of attack. Fewer access points also mean fewer protection systems required. This leads us to a straightforward conclusion: any applications not essential for the web application's operation are either eliminated or deactivated. This action naturally eliminates all unnecessary redundant access points.
No access to the web application via the Internet
An application that is unreachable from the Internet is inherently safeguarded against Internet-based attacks. Naturally, a web page must remain accessible via the Internet.
Webouncer has solved these contradictory requirements: The website remains fully accessible on the Internet without impediments, while the web application and its data remain inaccessible from Internet access.
1. Ensuring Security through Web Application Isolation from the Internet.
2. Defending against Attacks through Attack Surface Minimization.
3. Protection against Injections and Manipulation of the Web Application.
4. Shielding Web Application against Malicious Code.
5. Mitigating Risks Arising from Human Error.
6. Immediate Response to File Modifications.
7. Analysis of Accesses with Respect to Attacks.
1. Ensuring Security through Web Application Isolation from the Internet
Hackers are often privy to IP addresses and domains, necessitating a clear separation. This is wh ere WEBOUNCER comes into play, fully showcasing its capabilities. To allow user access to the website while maintaining security, Webouncer generates a replica or ‘clone’ of the front end on the origin server.
Ports
Another aspect to consider is the closure of all 65535 ports on a server. A port is essentially a numerical address for accessing an application. Typically, firewalls "close" these ports, ensuring that applications assigned to these ports remain protected. However, if the firewall malfunctions or is wrongly configured, the application behind the port could still be accessed. The optimal approach is to eliminate all unnecessary applications, thereby negating the need for port-specific firewalls. In this manner, the server's primary function – hosting a web application – can be fulfilled with just one open port. Encryption ensures that only the web server application responds to this port and can be accessed securely.
The target server on the Internet is aware of the specific port and the encryption used for the web application. Importantly, the encryption remains constant throughout the process. This consistency is maintained as the web server application decrypts requests and subsequently relays them to the application in their decrypted state.
2. Defending against Attacks through Attack Surface Minimization
For the target server, we apply the same port settings as those on the source server, but with two distinctions:
• The web server's port remains accessible in the regular manner, utilizing the standard SSL certificate for encryption.
• The SSH application needs to be temporarily accessible to facilitate updates. However, it's not intended to run continuously; instead, it's activated during a maintenance window.
Webouncer presents a solution that allows for the creation of such maintenance windows.
3. Protection against Injections and Manipulation of the Web Application
To facilitate user actions like making contact requests or product orders, a connection between the target server and the source server is essential. However, only the port designated for the web application remains open, and it's fortified with a security system to ward off threats. Through this pathway, an attacker might try to exploit the source system and even inject harmful code. To prevent this, user requests are examined for injection before being dispatched to the source server. If necessary, any potential threats are neutralized, ensuring that only sanitized requests reach the source server. This approach effectively bars the introduction of malicious code fr om external sources.
4. Shielding Web Application against Malicious Code
Website attacks are evolving into increasingly professional endeavors. Both web servers and web applications are susceptible to potential vulnerabilities. Given the complexity of the tens of thousands of lines of code involved, bugs can naturally creep in. Securing an IT system becomes an ongoing battle between attackers and defenders. Attackers are growing more sophisticated and are even leveraging AI to identify vulnerabilities.
Even we cannot assure the detection of every injection attempt, particularly those arising from potential software bugs in future updates.
This is wh ere Webouncer demonstrates its strengths. Unlike existing solutions that solely analyze user requests, Webouncer goes a step further by scrutinizing responses from the source system. This capability allows interception of successful injection attempts and also provides defense against inadequately programmed plugins for the web application.
5. Mitigating Risks Arising from Human Error
Human errors are a significant driver of IT-related damage. Whether due to oversight, lack of expertise, or even malicious intent (e.g., from a former employee), these errors are a prevalent issue. Prior attempts to mitigate these errors have centered on defined IT interaction protocols, yielding only moderate success.
Especially in the realm of cybersecurity, the focus should be on minimizing human involvement as much as possible.
For example:
"Instead of a complex firewall setup, we adopt a port closure strategy. This straightforward directive for the IT department can be automatically verified anytime."
With Webouncer, we have streamlined the configuration process. The system automatically configures the setup based on specific needs. The servers function autonomously, eliminating the need for personnel assignment or Webouncer-specific training. Importantly, no Webouncer client employee can directly access the source system, thereby preventing any mishaps due to malicious intentions. Modifications to the website made by authors occur on a backend target server. This approach ensures the security of the target server and precludes the introduction of malicious code.
File operations, including updates to the web application, take place on a virtual server and are subject to inspection by Webouncer before being transferred to the source server.
6. Immediate Response to File Modifications
File modifications are closely monitored across all systems. While the operational measures implemented with Webouncer seemingly create a robust defense against unauthorized access, we recognize the importance of avoiding complacency. Therefore, we maintain constant vigilance by tracking the file system. In the event of any anomalous activity that lacks Webouncer's confirmation, the system takes immediate action. This involves removing new files or reinstating modified files to their original state, all without any delay.
Following this action, the affected files are moved to quarantine, allowing for further examination of potential attack methods. Moreover, Webouncer promptly sends out an alert notification along with a comprehensive report detailing the incident.
7. Analysis of Accesses with Respect to Attacks
From our perspective, an attack isn't only defined by a significant and measurable impact; it encompasses any unusual activity that deviates from normal user behavior. With the architecture of Webouncer, the process of detecting an attack has become considerably more streamlined.
For example:
"By segregating the backend access of the web application from the frontend, every instance of backend access on the target server is treated as a potential attack."
To illustrate:
"Think of it like a bakery: Employees don't wait until someone walks behind the counter, takes money from the cash register, and then leaves. Even attempting to get behind the counter constitutes an attack."
Patent No.: LU103080
The Internet serves as a vital platform for showcasing businesses or organizations and providing services, including product sales, across different geographical boundaries.
However, it's concerning that malicious individuals are increasingly exploiting this avenue to disrupt website functioning or cause harm to both the website owner and its users. Regrettably, these actions lead to significant financial losses, amounting to 203 billion euros annually in Germany alone (source: https://www.bitkom.org/Presse/Presseinformation/Wirtschaftsschutz-2022).
Numerous attack methods exist, each requiring its own specific solution.
Typically, each solution addresses a single attack vector. To achieve comprehensive protection, it's necessary to blend corresponding solutions. However, the process can become perplexing as the diverse solutions require distinct configurations and monitoring approaches.
This raises the complexity and cost of the defense system due to potential mishaps in integration or misconfigurations, which may increase the potential points of attack. As a result, a false sense of security is quickly created, which can reult a critical vulnerability in the very web application that's meant to be protected.
For example:
"Protects an upstream firewall against unauthorized access. This firewall analyzes incoming traffic and screens out risky requests based on rules. However, if a DDoS attack occurs, the firewall can become overwhelmed and fail, leaving the system behind it vulnerable to subsequent attacks without proper protection."
Meanwhile, artificial intelligence is also employed to counter threats. These systems need to learn fr om past attacks, which unfortunately leads to some targeted web applications experiencing harm until the AI can effectively address the attack. On the other hand, these systems have demonstrated a tendency to fail frequently, and they often deter visitors from accessing a website.
We have all visited websites that ask if we are human.
The security of protection systems varies, sometimes offering greater security, and other times less. However, it's worth noting that these systems are accessible to attackers as well. For example, an attacker could set up a seemingly legitimate website and apply a protection solution to it. This way, they could test the system's defenses under controlled conditions, potentially uncovering vulnerabilities and weak points.
These separate solutions can be combined affordably for a "basic level" of functionality, yet expenses escalate when aiming for comprehensive web application security. Several solutions are tiered across various pricing plans, and even within the highest-cost category, supplementary "addons" are often necessary for complete protection. This can put the initial "great price" into perspective. It's essential to acknowledge that protection systems, being products of human creation, also carry inherent flaws that attackers can potentially exploit.
Vision
With Webouncer, we want to offer a protection system that covers every vector of a web application and keeps the costs transparent for the customer following 2 simple Rules:
1. Less is more
2. No access to the web application via the Internet
Less is more
Simplicity is the key. Instead of relying on increasingly complex systems to safeguard web applications, we embrace the 'less is more' approach. By minimizing installations, we reduce potential points of attack. Fewer access points also mean fewer protection systems required. This leads us to a straightforward conclusion: any applications not essential for the web application's operation are either eliminated or deactivated. This action naturally eliminates all unnecessary redundant access points.
No access to the web application via the Internet
An application that is unreachable from the Internet is inherently safeguarded against Internet-based attacks. Naturally, a web page must remain accessible via the Internet.
Webouncer has solved these contradictory requirements: The website remains fully accessible on the Internet without impediments, while the web application and its data remain inaccessible from Internet access.
1. Ensuring Security through Web Application Isolation from the Internet.
2. Defending against Attacks through Attack Surface Minimization.
3. Protection against Injections and Manipulation of the Web Application.
4. Shielding Web Application against Malicious Code.
5. Mitigating Risks Arising from Human Error.
6. Immediate Response to File Modifications.
7. Analysis of Accesses with Respect to Attacks.
1. Ensuring Security through Web Application Isolation from the Internet
Hackers are often privy to IP addresses and domains, necessitating a clear separation. This is wh ere WEBOUNCER comes into play, fully showcasing its capabilities. To allow user access to the website while maintaining security, Webouncer generates a replica or ‘clone’ of the front end on the origin server.
Ports
Another aspect to consider is the closure of all 65535 ports on a server. A port is essentially a numerical address for accessing an application. Typically, firewalls "close" these ports, ensuring that applications assigned to these ports remain protected. However, if the firewall malfunctions or is wrongly configured, the application behind the port could still be accessed. The optimal approach is to eliminate all unnecessary applications, thereby negating the need for port-specific firewalls. In this manner, the server's primary function – hosting a web application – can be fulfilled with just one open port. Encryption ensures that only the web server application responds to this port and can be accessed securely.
The target server on the Internet is aware of the specific port and the encryption used for the web application. Importantly, the encryption remains constant throughout the process. This consistency is maintained as the web server application decrypts requests and subsequently relays them to the application in their decrypted state.
2. Defending against Attacks through Attack Surface Minimization
For the target server, we apply the same port settings as those on the source server, but with two distinctions:
• The web server's port remains accessible in the regular manner, utilizing the standard SSL certificate for encryption.
• The SSH application needs to be temporarily accessible to facilitate updates. However, it's not intended to run continuously; instead, it's activated during a maintenance window.
Webouncer presents a solution that allows for the creation of such maintenance windows.
3. Protection against Injections and Manipulation of the Web Application
To facilitate user actions like making contact requests or product orders, a connection between the target server and the source server is essential. However, only the port designated for the web application remains open, and it's fortified with a security system to ward off threats. Through this pathway, an attacker might try to exploit the source system and even inject harmful code. To prevent this, user requests are examined for injection before being dispatched to the source server. If necessary, any potential threats are neutralized, ensuring that only sanitized requests reach the source server. This approach effectively bars the introduction of malicious code fr om external sources.
4. Shielding Web Application against Malicious Code
Website attacks are evolving into increasingly professional endeavors. Both web servers and web applications are susceptible to potential vulnerabilities. Given the complexity of the tens of thousands of lines of code involved, bugs can naturally creep in. Securing an IT system becomes an ongoing battle between attackers and defenders. Attackers are growing more sophisticated and are even leveraging AI to identify vulnerabilities.
Even we cannot assure the detection of every injection attempt, particularly those arising from potential software bugs in future updates.
This is wh ere Webouncer demonstrates its strengths. Unlike existing solutions that solely analyze user requests, Webouncer goes a step further by scrutinizing responses from the source system. This capability allows interception of successful injection attempts and also provides defense against inadequately programmed plugins for the web application.
5. Mitigating Risks Arising from Human Error
Human errors are a significant driver of IT-related damage. Whether due to oversight, lack of expertise, or even malicious intent (e.g., from a former employee), these errors are a prevalent issue. Prior attempts to mitigate these errors have centered on defined IT interaction protocols, yielding only moderate success.
Especially in the realm of cybersecurity, the focus should be on minimizing human involvement as much as possible.
For example:
"Instead of a complex firewall setup, we adopt a port closure strategy. This straightforward directive for the IT department can be automatically verified anytime."
With Webouncer, we have streamlined the configuration process. The system automatically configures the setup based on specific needs. The servers function autonomously, eliminating the need for personnel assignment or Webouncer-specific training. Importantly, no Webouncer client employee can directly access the source system, thereby preventing any mishaps due to malicious intentions. Modifications to the website made by authors occur on a backend target server. This approach ensures the security of the target server and precludes the introduction of malicious code.
File operations, including updates to the web application, take place on a virtual server and are subject to inspection by Webouncer before being transferred to the source server.
6. Immediate Response to File Modifications
File modifications are closely monitored across all systems. While the operational measures implemented with Webouncer seemingly create a robust defense against unauthorized access, we recognize the importance of avoiding complacency. Therefore, we maintain constant vigilance by tracking the file system. In the event of any anomalous activity that lacks Webouncer's confirmation, the system takes immediate action. This involves removing new files or reinstating modified files to their original state, all without any delay.
Following this action, the affected files are moved to quarantine, allowing for further examination of potential attack methods. Moreover, Webouncer promptly sends out an alert notification along with a comprehensive report detailing the incident.
7. Analysis of Accesses with Respect to Attacks
From our perspective, an attack isn't only defined by a significant and measurable impact; it encompasses any unusual activity that deviates from normal user behavior. With the architecture of Webouncer, the process of detecting an attack has become considerably more streamlined.
For example:
"By segregating the backend access of the web application from the frontend, every instance of backend access on the target server is treated as a potential attack."
To illustrate:
"Think of it like a bakery: Employees don't wait until someone walks behind the counter, takes money from the cash register, and then leaves. Even attempting to get behind the counter constitutes an attack."
Competitors
Cloudflare
Akamai
Imperva
Azure
SiteLock
AWS
SIEM
Akamai
Imperva
Azure
SiteLock
AWS
SIEM
Advantages or differentiators
What makes us different is that there’s no other security solution as easy, effective and affordable to use as ours and can't be bypass like other solutions.
Finance
Level 1 - $20
Level 2 - $79
Level 3 - $199
Level 4 - $499
monthly fee
Level 2 - $79
Level 3 - $199
Level 4 - $499
monthly fee
Business model
We have 3 business models:
1st = dirctly B2B (SaaS)
2nd = Licensing with Hosting Providers / Web Agencies
3rd = Licensing with Partners in different Countries
1st = dirctly B2B (SaaS)
2nd = Licensing with Hosting Providers / Web Agencies
3rd = Licensing with Partners in different Countries
Money will be spent on
Marketing
Infrastructure / Resources
agile Sales Team
Infrastructure / Resources
agile Sales Team
Offer for investor
This can be explained in a personal conversation. Depending on the strategy and opportunities.
Team or Management
Risks
Trust
Resources
Resources
Incubation/Acceleration programs accomplishment
Step USA
Won the competition and other awards
Cybersecurity Excellence Award 2023
European Buissnes Award 2022
European Buissnes Award 2022
Invention/Patent
Patented in Europe Patent No.: LU103080
Patent pending in US and other Countries
Patent pending in US and other Countries
Photos
Presentation
Sign in/Sign up