How to Subscribe and General FAQ

Verizon Data Breach Report, 2012


Ready to sign up for a
free trial?

Subscribing to xyberShield

xyberShield offers complete protection for your web applications. To see how xyberShield works with your website, sign up for a free trial today. Note that xyberShield currently supports the .NET, PHP, and Java environments. Should you need assistance, please contact us at 1.866.434.4257 or sales@xyberShield.com.

If you’re ready to subscribe, please contact us, call us at 1.866.434.4257, or email sales@xyberShield.com. Through our network of partners, we offer monthly, annual, and multi-year subscriptions.

Frequently Asked Questions

  • What does xyberShield do?

    xyberShield® protects web applications from malicious attacks better than any web application firewall (WAF). Combining sophisticated behavioral analysis, a powerful global network, and the simplicity of software as a service (SaaS), xyberShield provides enterprise-grade web application security to businesses of all sizes. Highly scalable, easy to implement and use, and affordable, xyberShield offers unparalleled protection for your company’s reputation, data, customer information, and privacy.

  • What does xyberShield protect against?

    xyberShield provides complete protection for your website against 12 web application threat categories, including SQL injection, cross-site scripting and request forgery, OWASP application vulnerabilities, and zero day attacks.

  • How does xyberShield work?

    xyberShield creates a defensive barrier around each of your web applications. By combining known threat signatures and patterns with the behavior of individual visitors on individual applications on your website, xyberShield can take action before malicious activity has a chance to reach vulnerable areas of your web applications — stopping attacks before they can be successful.

  • Do I need to install any hardware or software to implement xyberShield?

    Simply install a single script on your website and you’re fully protected.  Our Installation Team can do this for you or help you do it. No tuning or reconfiguration is required; xyberShield learns from and adjusts to your website, and the applications on it, automatically. xyberShield can also be manually configured to meet any special security or operational requirements.  The entire process takes mere hours, not days.

  • How does xyberShield respond to malicious behavior?

    Upon detecting suspicious user behavior, xyberShield can notify users that their behavior is being monitored, terminate user sessions, or redirect users to a different website – for instance, a honeypot, where attacks can be studied safely. In every case, the website is protected because the attack is stopped before it can be successful.

  • My website has never been attacked. Do I need xyberShield?

    Yes. Hackers probe most websites automatically and regularly, leaving little to no trace of their activity. According to U.S. Army Gen. Keith B. Alexander, Director of the U.S. National Security Agency, cyber attacks account for “the greatest transfer of wealth in history” – and for every company that knows its systems have been breached, 100 others have been hacked but don’t know it.

  • Isn’t my organization’s network firewall enough protection for my website?

    Definitely not. Network firewalls, even so-called “next generation firewalls,” are designed to prevent unauthorized access to your organization’s network, NOT protect attacks at the web application layer. Not surprisingly, despite the widespread use of network firewalls, over 70% of companies reported that their websites had been hacked. (Source: Ponemon Institute, Feb 2011, State of Web Application Security, 637 IT respondents)

  • How does xyberShield compare to a traditional web application firewall (WAF)?

    xyberShield is a SaaS solution supported by a robust, secure global infrastructure. Compared to a traditional WAF, xyberShield is far more effective at stopping attacks, less expensive, much faster to implement, and easier to scale. It requires no ongoing tuning or updates. xyberShield combines the traditional approach to web-application security – detecting known attack signatures – with our sophisticated Behavior Analysis Correlation Engine (BACE), which adapts to each individual web application and monitors and analyzes the actions of each individual website visitor.

  • How does xyberShield protect against zero day attacks?

    Zero day attacks are designed to take advantage of newly discovered security vulnerabilities and attack techniques before an application can be modified to fix them. xyberShield is highly effective against zero day attacks because it combines known threat signatures and patterns with analysis of all individual behavior on each individual application of a protected website. If a hacker develops an existing-attack variant or new type of attack, xyberShield recognizes the underlying behavior behind the attack and can block it before it’s successful. As a SaaS service, xyberShield can then share everything we’ve learned across our global network in real time, benefiting all our customers.

  • Can xyberShield help me determine and demonstrate whether my website is PCI compliant?

    Yes. xyberShield tracks and reports all the information you need to determine PCI 6.6 compliance, presenting it in a simple-to-understand report. xyberShield also provides the documentation and audit trails you need to show your company is maintaining compliance standards.

  • xyberShield installs a script on my website – what does this script do?

    The xyberShield script continually monitors the flow of traffic between your website and individual users’ browsers. It’s in constant communication with xyberShield’s Global Security Platform. Because xyberShield analyzes and profiles website traffic in real time, our product can distinguish between normal and suspicious traffic. Suspicious traffic is subjected to in-depth monitoring and inspection, and is blocked when it’s determined to be a threat. Normal traffic, which accounts for over 95% of a typical website’s volume, is inspected but flows through without restriction or delay.

  • Does xyberShield require a DNS change?

    No. DNS changes, which redirect website traffic to an outside data center, can introduce serious problems to website operation. A DNS change requires you to provide your website’s confidential SSL certificate to the data center, adds a single point of failure should the data center encounter problems, and can introduce substantial latency. Further, xyberShield does not use a proxy.

  • Does xyberShield store personally identifiable information outside my network?

    No. xyberShield does not store any personally identifiable information outside your network.

  • Does xyberShield work with SSL?

    Yes. Because xyberShield examines website traffic only after the SSL module has decrypted it, you don’t need to provide your SSL certificate to xyberShield – something required by virtually every other web application firewall.

  • Will xyberShield affect the performance of my website?

    xyberShield’s global infrastructure and unique architecture delivers the best possible protection for your website, with virtually no impact on your website's performance or latency for your website visitors.

  • Does xyberShield affect the operation or performance of web applications on my website, or of third-party tools like Google Analytics?

    No. xyberShield does not affect the operation or performance of applications on your website, or of Google Analytics or other third-party tools.

  • Can I use xyberShield if my website is hosted by a third party?

    Yes. As a SaaS solution, xyberShield works with your website wherever it may be hosted. It’s necessary to have administrator or root access to the web server to install the xyberShield script.

  • Can xyberShield handle websites with e-commerce, gaming, video, and streaming-audio applications?

    Yes. xyberShield works with applications of any kind, as long as they’re delivered via HTTP protocol.

  • Where are xyberShield's data centers located?

    xyberShield uses 20 Tier 3 and 4 data centers, all with Tier 1 network-peering ISP relationships, located in nine countries around the world. xyberShield's analysis of your website's traffic is performed in the nearest data center. This footprint allows xyberShield to scale easily as your website traffic grows.

  • How does xyberShield’s global security platform enhance my website’s security?

    xyberShield’s robust, global infrastructure ensures your website and applications are protected 24/7. Since each data center is part of a worldwide network, all data and prior analysis of your website is replicated and always available through any of the xyberShield data centers. In the event of an outage in your primary data center, your traffic immediately fails over to the nearest data center and your website enjoys full, uninterrupted protection.

  • What kind of hardware and operating system do I need to run xyberShield?

    xyberShield works with Java, .NET, and PHP applications. There are no other system requirements.

  • What versions of .NET, Java, and PHP does xyberShield support?

    xyberShield works with Java 1.5 and higher, .NET 2.0 and higher, and PHP 4.0 and higher.

  • How long does it take to install xyberShield?

    Installation typically takes a couple of hours with the help of our Installation Team.

  • After installation, how long does it take to configure or tune xyberShield?

    No tuning or configuration is required. xyberShield learns and adapts to your website and the applications on it. However, xyberShield can also be manually configured to meet any special security or operational requirements you may have.

  • Does xyberShield need regular tuning to protect against the latest attacks?

    No. xyberShield learns and adapts its protection to your website, and the applications on it, automatically. And we’re constantly reviewing new and emerging threats, and updating xyberShield to combat them as needed.

  • Once installed, can xyberShield be turned on and off at any time?

    Yes. You can activate or deactivate xyberShield protection in a matter of minutes.

  • Will there be downtime when installing or configuring xyberShield?

    No. All visitors continue to enjoy full, uninterrupted access to your website during the installation of xyberShield.

  • How can I learn more about xyberShield?

    Our partners can provide detailed information, demos, and a free trial of xyberShield. Please contact our sales team (1.866.434.4257 or sales@xyberShield.com) and we’ll connect you with one of our partners in your area.

  • Can I try xyberShield on my website before subscribing?

    Absolutely. You can sign up for a free trial on our website or contact our sales team (1.866.434.4257 or sales@xyberShield.com).

  • What if I have more questions?

      We’d love to answer them. Email us at sales@xyberShield.com or call us at 1.866.434.4257.