Hopbox SDWAN solution is integrated with security features like L7 Firewall, DNS Firewall, IP Blocklists, IPS, Websecurity and Anti-Malware.

L7 Firewall

 It acts as a watchguard between your networks and the Internet to create an additional line of defence in addition to host based AV and agents toprovide protection against outside attackers. Hopbox also stops malicious and unnecessary traffic and prevents malicious software from accessing the network. It also lets you securely expose internally hosted servers to the Internet, if the need be.

DNS Firewall

The first line of effective defence against Malware, Trojans, CnC bots and Ransomware. It can also be used effectively to block Phishing and Advertisements.

The blocklists are curated from various reputed sources like abuse.ch, dshield etc and are always up-to-date.

It runs locally on the Hopbox to transparently capture all the DNS requests for faster response to DNS queries and prevent DNS leaks. It is also possible to host it on the cloud just like Cisco Umbrella.

IP Blocklists

IP Blocklists from various sources like dshield, Spamhaus, Firehol, abuse.ch, Emerging Threats etc. to block DoH, ransomware, malware, CnC, TOR exit nodes, Malvertisers, current attackers etc. Country and ASN based blocklists are also available.

Intrusion Prevention (IPS)

A powerful intrusion detection system (IDS) and intrusion prevention system (IPS) that provides real-time network traffic analysis and data packet logging. It uses a rule-based language that combines anomaly, protocol, and signature inspection methods to detect potentially malicious activity. 

It can spot denial-of-service (DoS) attacks and distributed DoS (DDoS) attacks, Common Gateway Interface (CGI) attacks, buffer overflows, and stealth port scans. It also creates a series of rules that define malicious network activity, identify malicious packets, and send alerts.

It continuously monitors the traffic that goes in and out of a network. It will monitor traffic in real time and issue alerts to users when it discovers potentially malicious packets or threats on Internet Protocol (IP) networks.

IPS blocks the offending hosts automatically to prevent malicious traffic from flowing.

Web Security

Traffic allowed by Charcoal web access control is scanned by ClamAV which has signatures provided by Talos and URLhaus (abuse.ch).

For customers who want additional security, on premise AV servers can also be daisy chained using ICAP protocol.