Analytics
1/6/2014
09:18 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NexQloud To Bolster Cloud Privacy and DDoS Protection With Perfect Forward Secrecy And SSL Modes

NexQloud offers three SSL modes for advanced security protection and performance acceleration

CAMPBELL, Calif., Jan. 6, 2014 /PRNewswire/ -- NexQloud

(http://www.nexqloud.com) announced today upcoming features for its DDoS Mitigation and Uptime Management platform, designed to increase cloud data privacy. Powered by the industry's first Human ID engine, NexQloud simplifies SSL and grants perfect forward secrecy to its users.

SSL is the de-facto solution for encrypting traffic that contains confidential information. However, the implementation of this solution often exhausts at least tenfold the processing power required by normal server requests. As a result, DDoS attacks against SSL traffic are extremely effective due to the asymmetric resource consumption on servers. NexQloud resolves this vulnerability by integrating its Human ID engine to effectively mitigate DDoS attacks and bolster cloud privacy.

NexQloud's Human Identification engine transforms SSL Renegotiation protection, dramatically simplifying the complex setup. SSL handshake requests are identified by the Human ID engine, which allows only human requests to process.

Humans flooding the system with SSL handshake requests within a short time frame are flagged as troublemakers, and automatically ejected from the system.

Security is a top priority in an ever-increasingly scrutinized world. NexQloud stores encryption keys at a secured server, detached from the mainframe. All data is protected by NexQloud's advanced infrastructure. Advanced technologies such as Perfect Forward Secrecy and multiple SSL modes grant users flexibility in addressing their concern for data privacy.

Perfect Forward Secrecy Implementation

Amidst NSA and data privacy controversies, NexQloud ensures data remains safe from prying eyes with its Perfect Forward Secrecy (PFS) feature. During each SSL session, a new ephemeral key will be generated, so even under worst-case scenarios, a compromised key will not break the confidentiality of SSL traffic.

This advanced encryption ensures data going through NexQloud is protected and encrypted, even if traffic data and the private key has been collected by an adversary. With Perfect Forward Secrecy, NexQloud users will experience unparalleled security for their data privacy needs.

Multiple HTTPS/SSL Modes

NexQloud offers three SSL modes for advanced security protection and performance acceleration.

1. SSL Offloading

SSL traffic will be decrypted at the NexQloud-end, and traffic returned to web servers will be sent in clear-text format. SSL offloading relieves web servers of the processing burden of encrypting and/or decrypting traffic sent via SSL, improving server performance dramatically.

2. SSL Bridging

SSL traffic will be decrypted at the NexQloud-end and is re-encrypted when sent back to web servers. If there are security concerns about unencrypted traffic traversing the Internet, SSL Bridging will be the top choice for advanced protection.

3. SSL Forwarding

SSL traffic will be forwarded to web servers directly. Provision of an SSL key is not necessary and no traffic will be decrypted. Some advanced features will not be available.

NexQloud's revolutionary service is completely free of charge for the duration of the Prerelease Program. The service will be available to the general public in early 2014, offering both subscription and token-based pricing models. Sign up now and be amongst the first to experience the future of uptime management!

About NexQloud

NexQloud is the world's newest and most innovative DDoS mitigation and uptime management platform. Powered by the world's first Human Identification engine, NexQloud offers fully automated protection with no software or hardware changes required. In addition to comprehensive volumetric DDoS mitigation, NexQloud champions the "Identifying the Human" approach, effectively addressing critical flaws in traditional mitigation systems. Botnets requests are automatically denied, ensuring only humans through. Human users with malicious intent are automatically rejected upon detection, while other users are queued before a flash crowd forms and slows down the website.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8015
Published: 2014-12-22
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

CVE-2014-8017
Published: 2014-12-22
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

CVE-2014-8018
Published: 2014-12-22
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur1...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.