Any application exposed to the public internet is a potential attack target. Even if your app is not directly targeted, you can be risking downtime, because of a broader hacking attempt or a denial of service attack.
What is ActiveProtect™?
ActiveProtect™ is a feature of Cloud 66 that helps with protecting your applications and servers against these attacks.
How does it work?
At its core, ActiveProtect™ is a dynamically configured protection layer that wraps around your application’s public endpoints (HTTP, HTTPS) and your servers’ SSH ports. It analyzes the log files from Nginx and SSH daemon on all servers and looks for anomalies or repeated access attempts that look like a hacking or flooding attempts. Once detected, ActiveProtect™ will block the offending source by IP for a limited time. This method is very effective as many hacking attempts are opportunistic, probing known vulnerabilities on servers and services. By blocking the attack source, even temporarily, you ensure the hackers will move on to the next target.
ActiveProtect™ dynamically reconfigures itself to accommodate changes made to your application (like a new service being exposed publicly) and servers (new server started). ActiveProtect™ can even ignore traffic from trusted sources like Cloudflare when you use them without identifying them as potential threats.
Who is it for?
ActiveProtect™ is available across all Cloud 66 products.
More info:
Originally published at https://blog.cloud66.com on September 16, 2020.
