
Are your online activities safe?
Web services and applications finally protected
with Pluribus One WAS®
Secure your business



and constantly updating
Discover the effectiveness of our next-generation solution for the protection of Web Services

Non-invasive and parallel structure

Pluribus One Web Application Security® is designed to enable, without requiring changes to the IT infrastructure that provides the Web Service, a highly specialized and effective level of traffic analysis and threat detection.
For them being able to detect attacks (and eventually stop them), the traditional Web Application Firewalls must be inserted in-line with the infrastructure which provides the services. This, unavoidably adds complexity to the infrastructure, which already consists of various components.
Pluribus One WAS® is instead designed to work in parallel with the existing infrastructure, in a NON-invasive way. The chance to exploit existing solutions (e.g. Web Server, Reverse-Proxy, Application Delivery Controllers, Load Balancer) as data sources, immediately allows starting monitoring services and detecting the first attack attempts within a few minutes.

- Full control of your data. Forever. Vulnerability information is confidential and locally stored.
- Read more
Full control of data and privacy

Pluribus One WAS® guarantees an absolute control of traffic data relating to the monitored services. All traffic data, useful for detecting possible threats, is locally stored by the solution, without having to pass your traffic through external or third-party infrastructures to benefit from the monitoring and protection features.
A big difference compared to what happens with WAF As-a-Service solutions and appliances (both physical and virtual), which instead require an external platform for threat analysis.
The Artificial Intelligence and Machine Learning modules available to Pluribus One WAS® are designed to run locally (directly on the Virtual Appliance on which the system is installed) and to build a protection model that is specific to the monitored services.
This means that the Artificial Intelligence onboard Pluribus One WAS® does not provide for the centralized collection of traffic data by Pluribus One and the consequent release of signatures and protection rules; rather, it provides the ability to locally learn the behaviour of the services and to build around them a dedicated protection model.

Pluribus One WAS® can interact with three types of objects:
- Data Sources (supported products: Apache Web Server; Nginx Load Balancer, Web Server, & Reverse Proxy; HAProxy Load Balancer; OPLON Networks LBL® Application Delivery Controller; Pulse Secure Virtual Traffic Manager);
- Monitoring devices (supported products: IBM QRadar; Microfocus® ArcSight);
- Protection devices (supported products: Trustwave® Modsecurity; OPLON Networks LBL® WAF; PfSense Open Source Firewall).

The list of supported products is constantly under update. Contact us for more info.

What protects?

Unparalleled protection and detection capabilities, customizable and tailored on every infrastructure.
At the same time, this autonomy gives Pluribus One WAS® users the possibility to interrupt and cancel the service at any time, without worries, without consequences, and keeping the availability of their data.

Automatic reports
Easy installation and management for any operator or system administrator

Intuitive Graphical User Interface

- In the presence of anomalies, the interface explains to operators, reasons why an alert has been raised: this increases the accountability of Pluribus One WAS®.
- Detected threats can be easily inspected by means of the Pluribus One WAS® GUI, which besides providing detailed information, also features granular filtering capabilities.
- The interface also allows to constantly keeping under control the status of Pluribus One WAS® and of the hosting machine.

- Fully developed in Italy, under European laws. Quick assistance and effective customer service.
- Read more
Italian excellence, European discipline

Immediate assistance, just a click away


Secure transactions, relaxing e-commerce


What detects?

Pluribus One WAS® is able to protect Web Services against malicious requests that, leveraging vulnerabilities, poor and misconfigurations of such Services, put at risk the services themselves as well as the data they manage:
- Attacks in the OWASP Top 10
- Injection attacks
- Cross-Site Scripting (XSS)
- Sensitive Data Exposure
- Phishing
- Zero-day attacks

Artificial Intelligence behind your applications, Machine learning behind your protection

Smart and sophisticated, it automatically learns thanks to its detection engine based on Artificial Intelligence and Machine Learning.
Pluribus One WAS® automatically learns the legitimate (normal) traffic profile by observing its live traces and works in three steps:
- Learns the profile of legitimate traffic;
- Detects anomalous events to highlight computer attacks;
- Protects web services according to the detected anomalies, with custom protection rules.
Safe by design and explainable
The AI exploited by Pluribus One WAS® is designed to be safe (more resilient against attacks which attempt to evade the detection mechanism) and explainable (in the presence of anomalies, it explains to the operators the reasons why an alert has been raised).

- Significant savings in costs and business times. It also protects no longer updatable applications.
- Read more
The WAF that doesn't need a WAF

Web Application Firewalls (WAF) are, in this context, the solution responsible for ensuring application security. To properly work, the WAFs must be inserted in-line with the infrastructure which provides the services, adding complexity to the infrastructure, which already consists of various components like the Application Delivery Controller (ADC), the Reverse Proxy, the Load Balancer, and the perimeter Firewall. This complexity is not justified in many cases, especially in cases where the WAF replicates functionalities yet made available by the other components already present. In general, therefore, there is a risk of overcomplicating the existing infrastructure and consequently of generating unnecessary costs and risks.
Pluribus One WAS® goes beyond this model, focusing entirely on the prevention and detection of attacks, and thanks to the possibility of operating parallel to the already existing infrastructure, allowing significant time saving even for less experienced operators.
It satisfies security needs even on obsolete services or no longer updatable applications

SAFER AI FOR A BETTER WORLD
Forget the Web applications vulnerabilities
Forget the rules
Pluribus One WAS®
rewrites them
Forget the vulnerabilities of
AI-based technologies
Our AI is safe by design
- Detecting attacks against the monitored Web Services: this offers enhanced protection and coverage against a broader range of attacks; ad-hoc detection algorithms can be also defined, upon request, to meet specific needs.
- Ensuring the safety of the learning and detection process: this makes Pluribus One WAS® more resilient against attacks who attempt to evade the detection mechanism.
- Explaining the operators, in presence of anomalies, reasons why an alert has been raised: this increases the accountability of the solution.
Firewall, IDS & IPS can’t detect attacks against the WebApp as they do not look at the right level on the stack.

A WAF which is not aware of how the application is expected to work and what to take as inputs, CAN’T detect attacks. If the WAF relies on pre-configured sets of signatures generated from a set of widely used standard applications and components, it is intrinsecally ineffective against custom applications.

Pluribus One WAS® does actually such kind of work, leveraging Machine Learning and Artificial Intelligence to analyse and model the traffic incoming toward the Web services and automatically, to learn how the application is expected to behave and work, and to generate virtual patches and protection rules tailored on the monitored applications.

The best teams have the best defenses.
Together we will be a great team.
Wanto to see a
live demo?
