What is the Airlock Suite?

The Airlock Suite is a package solutions from Ergon Informatik (Switzerland). It deals with the issues of filtering and authentication in one complete and coordinated solution – setting standards for usability and services.

At the base of the Airlock Suite is the Airlock WAF (Web Application Firewall) for reliable protection of Internet web applications. Features include systematic control and filtering mechanisms with a variety of enhancement options.

The Airlock Suite combines Airlock WAF with Airlock Login or IAM for reliable user authentication and authorization. Airlock Login is a simplified version of IAM.

Airlock IAM is the suite’s central authentication platform, including enterprise functions. With this product, customers, partners or employees log in just once for secure access to data and applications. Airlock IAM also automates user administration.

Optimal security is not the only benefit: Using Airlock brings high usability and cost efficiency to web application security.

Airlock Suite, Ergon’s main security product, was launched on the market in 2002 and is now used by 350 customers around the globe.

Airlock Suite

This FAQ question contains copyright material from ©Ergon Informatik AG
2016/02/05, last update 2018/07/10 ©ACROSEC Inc.

Who created the Airlock Suite?

The Airlock Suite has been created by the Swiss company Ergon Informatik AG (in short Ergon), based in Zurich.

In 1997, Ergon developed Switzerland’s first eBanking system for a well-known Swiss bank. Airlock Suite, was launched in 2002 pioneering the WAF and secure entry server market and is now expanding to be used around the globe.

2016/02/05 © ACROSEC Inc.

Can Airlock run as cloud service?

Yes, definitively, Airlock is already used by some security service providers in Europe in order to provide WAF cloud services.

Airlock can be deployed on bare metal or on virtual machines on premise or in the cloud. Creating a WAF security cloud service to third parties with the Airlock WAF is possible, however, requires a special contract.

2016/02/05, last update 2018/07/10 ©ACROSEC Inc.

Who is Ergon?

The Swiss based Ergon Informatik AG (in short Ergon) is the company behind the Airlock.

Smart people – smart software: Ergon Informatik AG

Founded in 1984, Ergon Informatik AG now has a workforce of 255 and numbers among the most long-standing and successful IT service providers in Switzerland. Over 80% of Ergon’s employees are graduate software developers, and most of them have trained as IT engineers at the Swiss Federal Institute of Technology (ETH), Zurich — one of the world’s top ten universities. Ergon Informatik AG has also won multiple awards for its sustainable personnel policy. Ergon Informatik AG is a broadly diversified company that provides services to a wide variety of sectors. Ergon has exceptional expertise in various sectors such as financial services, eBanking, telecommunications and security. In 1997, Ergon developed Switzerland’s first eBanking system for a well-known Swiss bank. Airlock Suite was launched on the market in 2002 and is now used by 350 customers around the globe.

This FAQ question contains copyright material from ©Ergon Informatik AG

Where to place the Airlock components?

This depends on scenario and use case requirements.

For the web application scenario, Airlock WAF is normally placed upstream in front of these applications – which usually are placed in an inbound DMZ dedicated for web applications.

Building such a DMZ depends on the customer preferences. However, all traffic to the web applications should be routed through the Airlock WAF.

The Airlock WAF is a hardened security device, however, it still is recommended to place it behind a network firewall and open only the few ports which are required to access the WAF.

The Airlock Login can be implemented on the WAF itself (via Tomcat or by using the WAF as Docker host) or on an application server behind the WAF.

A scenario with a cloud based Airlock would look slightly different in requirements and setup. An important consideration is the use of https or other VPN tunnel solutions for integrating securely the downstream backend application servers to such a cloud based service.

2016/02/05, last update 2018/07/10 ©ACROSEC Inc.

What is the difference between Airlock WAF and Airlock Login or IAM?

The Airlock WAF (core) is the base of the Airlock Suite for providing WAF filtering functionalities. Further functionality can be added on the WAF core itself and/or with components running on different systems.

Using Airlock Login (and Authorization Enforcement Module) turns the WAF into a web access management solution, providing central authentication and access control functionalities upfront to all backend applications. Deploying it in a dedicated DMZ (on premise or in the cloud) is the ideal base for creating a high end security solution. The Airlock Login is a subset of the Airlock IAM package which is often not required in many cases.

The Airlock WAF is a reverse proxy solution. Compared to the analogy of a building, Airlock acts like a fortified entrance door with a security guard to enforce entry procedures. The access to the building is secured, however, the setup makes only sense if the building also has solid walls and if there are no other open doors or windows somewhere else which would circumvent the whole purpose of having a fortified front entrance.

Airlock is very effective as official security gate. Based on above analogy of a fortified entrance, the WAF Core compares to a body and luggage check point in order to prevent that dangerous goods enter the building. The Airlock Login provides additional security capabilities as it can be controlled who is allowed to access the building based on an identity check and access control list.

2016/02/05, last update 2018/07/10 ©ACROSEC Inc.