Dura

Dura Solution

Every web application, API, and portal you expose to the internet is an attack surface. Dura sits in front of your web-facing services as a hardened reverse proxy and Web Application Firewall, inspecting every request before it reaches your application blocking common exploits, filtering malicious traffic, and enforcing a secure-by-default posture without requiring your team to become security experts. Dura is designed for SMEs and SOHOs that need enterprise-grade web protection without enterprise-grade complexity or cost. It integrates with your existing environment and can be managed by your team or fully operated as a service by IOTA’s security operations team.

Dura Solution

Dura: Comprehensive, scalable, web security solution
Dura is a comprehensive, reliable, next-generation web application firewall. It provides a rich array of features designed to enhance web application security and management. These features include OWASP Top 10 protection with tunable anomaly scoring, allowing for seamless enforcement and addressing of compliance issues. It offers automated TLS/HTTPS termination and certificate management, streamlining secure delivery and ensuring consistent encryption across all web traffic.
Dura supports the OWASP Core Rule Set, which is crucial for detecting and blocking common web attacks such as SQL injection, cross-site scripting (XSS), and local file inclusion. This ensures that only clean, legitimate requests reach your backend applications.

Overview

Build a stronger web defense with Dura! Just like a hardened gateway, it protects your applications with WAF rules, threat detection, and traffic control. Manage bots and abusive traffic seamlessly. Dura: the easy-to-use, comprehensive web security solution that keeps your business running smoothly.

WAF & OWASP Protection

Dura provides robust request inspection to secure your web applications. It ensures that only legitimate traffic reaches your backend, enhancing security and compliance.

Bot & Anomaly Detection

The system monitors for unusual traffic patterns, alerting you to potential threats. This proactive approach helps maintain the integrity of your web applications.

Rate Limiting & Abuse Prevention

Dura actively limits and filters abusive traffic within your network, allowing you to address threats before they can be exploited.

Reverse Proxy & TLS Termination

If traffic is identified as malicious, Dura can block it at the gateway, preventing it from reaching the rest of your infrastructure.

Extensible & Managed Deployment

With a plugin-based architecture, Dura offers comprehensive tools to integrate custom rules and third-party services, ensuring they adhere to your organization's security policies.

Dura Significance

Fort Knox for your web apps! Dura safeguards your services with enterprise-grade WAF protection, identifies malicious traffic like a hawk, and blocks abusive bots before they cause chaos. It’s your ultimate shield for impenetrable web security.

Web threats? Begone! Dura keeps things running like clockwork with ironclad request inspection, eagle-eyed bot detection, and seamless certificate management. It’s the magic bullet for a secure web presence.

Say goodbye to security nightmares! Dura is your guardian angel. It enforces strict WAF rules, detects suspicious activity like a bloodhound, and blocks malicious traffic to keep your applications healthy. With Dura, your data is always protected.

Industry Difference

Dura Key Features

WAF Enforcement | OWASP Top 10 Protection

Dura inspects every request headers, cookies, URL parameters, and body content against a comprehensive, community maintained rule set covering the OWASP Top 10. Detected violations contribute to an anomaly score, and requests exceeding the configured threshold are blocked. Security levels are tunable to match your risk tolerance.

TLS Gateway | Reverse Proxy Deployment

A single, secure entry point for all your web traffic. Dura acts as a reverse proxy with automated HTTPS, plus support for custom and self-signed certificates. Every connection is encrypted by default and certificates renew automatically.

Bot Mitigation | Rate Limiting & Filtering

Dura identifies and blocks malicious bots and automated abuse through challenge mechanisms, bad-behaviour detection, rate limiting, and IP and country based filtering keeping your services available for legitimate users.

Administration | Web-based Management

Dura is built on an extensible architecture with a web-based management interface and a plugin system for custom integrations. It can be deployed and operated for you by IOTA, so protection is delivered without adding operational burden to your team.

Security by Default, In Front of Everything

Terminate & Encrypt

Traffic arrives at Dura, which handles TLS/HTTPS and certificate management automatically.

Inspect & Score

Each request is evaluated against the OWASP rule set; violations accumulate an anomaly score.

Enforce & Protect

Requests over the threshold are blocked; bots, bad behaviour, and abusive traffic are filtered and rate-limited. Clean traffic is proxied to your application.

Monitor & Report

Activity and blocked threats are logged and can be surfaced into the wider iSSC monitoring stack.

Use Cases

Public-Facing Protection

Protecting public-facing web applications from exploitation and data breaches.

API Security

Securing APIs against abuse, injection, and unauthorised access.

Legacy App Shielding

Shielding legacy or unpatched applications that can’t easily be updated, by filtering threats upstream.

Compliance

Meeting regulatory and compliance requirements for web-facing security controls.

Reduced Exposure

Reducing infrastructure exposure by consolidating all inbound web traffic through a single hardened gateway.

Protect Your Web Apps and APIs with Dura

Get enterprise-grade web application protection sized for your business. Talk to our team about a Dura deployment tailored to your environment.

Create your account