CerberHost: high security solution

Logo NBS System
CerberHost: high security solution
 

CerberHost is an all-in-one security solution for websites and web applications that protects your platforms against cyber threats and their consequences. This is the result of more than ten years of expertise in security and hosting, two years of initial R&D before the solution’s official release, and active continuous improvement since 2013 led by our dedicated R&D team.

This service is based on the know-how and skills of our highly experienced cloud system administrators and our security experts at the forefront of attack and defence innovations. With CerberHost, NBS System guarantees the best computer security and automated protection against 9 out of the OWASP TOP 10  attacks, as well as anti-DDoS protection.

Moreover, since 2013 CerberHost is PCI DSS compliant, and is part of a process of securing banking data.

Why use CerberHost?

Your company’s information is invaluable, and the loss of data or the unavailability of your site can lead to considerable loss of money and credibility with your customers and partners. Whether or not you are hackers’ preferred target, a security breach on your environment is a danger: attackers only need to succeed once.

NBS System offers a secure web hosting service that is really effective even against emerging attacks, without a loss of performance: CerberHost, the high-security cloud solution.

The idea started to sprout in the minds of our CISO and our founders in 2010. At that time, all the members of the computer security and R&D teams got to work building this online fortress. After many months of optimisation, setup and testing, the official release of CerberHost took place in the spring of 2013. CerberHost was audited by teams from IT security firm HSC, and no consultant was able to penetrate it. A challenge was also set up to reward the first developers who managed to penetrate the CerberHost architecture. Since then, we have sought to improve continuously, and CerberHost has also been audited by many other companies such as Kyos (a Swiss company) and SynActiv, (IT security evaluation center certified by ANSSI, the French national agency for IT security). To date, no breach has been detected or exploited within CerberHost.

Do you want to get a good night’s sleep and not worry about potential online attacks?

CerberHost is made for you!


 CerberHost in figures

French
Launched after 2 years of R&D
years of R&D and continuous improvement
Available on the public Cloud

Discover CerberHost in pictures !

Watch a video of how CerberHost protects you against the most widespread online attacks. Without going into complex technical details, you can understand easily the CerberHost’s key defensive security principles.

How does CerberHost work?

The CerberHost service stands out because it is made up of a multitude of solutions, tools, applications, human processes and technologies. With its many nested levels of protection, CerberHost provides a level of IT security that has yet to be equalled.

What is CerberHost’s recipe?

CerberHost is a set of defensive security tools that form a shield on your site, preventing hackers from accessing the code. This is how even sites with application vulnerabilities stay protected. This is due to the variety of layers and how the tools that comprise them work together. + diagram layer (without the tools’ names)

This entails:

  • Human processes
  • A redundant physical infrastructure
  • Third-party open source software (Netfilter, fail2ban, Pax/Grsec, inodemon, etc.) used as-is or refined or completed by our teams
  • Bespoke software to fill in the gaps that exist (NAXSI, PMF, etc.)

Orchestration and operations

Since NBS System has always adopted an open source philosophy, the tools and IT solutions that make up CerberHost are almost all available under a Free license, whether created by the NBS System teams or not. Therefore, CerberHost’s strength does not lie mainly in the tools used. CerberHost’s main advantage lies in how all these elements interweave and are orchestrated.

Imagine a car: to build it, you need at least a steering wheel, tyres, seats, an engine, and belts, among other things.  Anyone can gather these items, but not just anyone can build a car. How the various components are arranged in a certain way and in a certain order determines the product’s design and how it performs. The principle is the same for CerberHost.

Furthermore, the general ethos of the CerberHost solution is also somewhat unusual. Most security solutions use blacklists; in other words, all queries can pass through except for certain pre-listed elements. This way of working has proven itself and is generally effective but does not protect against undiscovered attacks and requires very regular updates to your configurations and filtering rules, and you must pay very close attention to IT security news so that you do not miss a new 0day flaw.

On the other hand, CerberHost can operate in whitelist mode. No query is presumed to be allowed except for those pre-identified as legitimate. You can see the benefits:

  • Flawless protection against all attacks, known or not
  • Few updates are needed
  • The system does not need to be restarted once in production
  • The protection is much more exhaustive and customised

The only risk with this method is an increase in false positives, i.e. legitimate queries that are blocked. To avoid this, CerberHost includes an initial test and learn stage that allows us to develop the whitelist of queries not to block so that your website or application can function correctly. This auto-learning stage can take up to a few days for the most complex sites.

Who is behind CerberHost?

CerberHost was created and is maintained by our security team dedicated to Research & Development. Its members share their expertise with the open source community by creating many tools, implemented or not within CerberHost, to better respond to cyber threats. For this purpose, they actively monitor security news to be aware of the latest offensive and defensive developments.

Temporarily and randomly, each of our IT security experts also takes on the role of SecOps. By serving our in-house teams and our clients and supporting them in various operational security missions, they stay familiar with the market reality and can understand your issues and needs in production environments.

The IT security unit is thus able to adjust CerberHost and continually bring effective improvements that are one step ahead of the hackers, so you always have optimal protection.

Where is CerberHost available?

In 2013, CerberHost began to take shape after two years of R&D. Between optimising open source tools and creating new scripts and applications, our technical teams were finally able to adjust the prototype and deploy it on NBS System’s private infrastructure. This how the high-security private cloud CerberHost was born!

In 2016, following NBS System’s integration into OT Group, we worked on deploying the CerberHost solution on Net4All’s Swiss infrastructures. Today, the system has proven itself, and several Swiss clients already enjoy secure private cloud hosting.

In 2017, NBS System took a new turn and expanded into public cloud outsourcing including with AWS (Amazon web services). After training and certifying many people within our technical teams, we were proud to announce that CerberHost was rolling out on AWS at the end of 2017. Today, our teams are certified “AWS Certified Solutions Architect – Associate” and “Professional”, meaning they master AWS’s infrastructure and its specificities. This rollout was also acknowledged by AWS teams themselves, and a strong partnership was put in place to cement our philosophy of making the digital world safer together.

In short, CerberHost is currently available on:

For more information about CerberHost Contact us!