Decision Makers

Quo vadis, Internet?

  • Social networking produces tons of data
  • Big Data analytics create profiles of individuals
  • Platforms are free.
  • Others are making money with your data
Yet users are generally unaware of these facts, or take too little care about their personal security.

The vast amounts of data available on individuals open up new avenues of attack. Misuse is on the increase. Software tools are becoming more complex.

This is where CYAN Network Security comes in.

Just as we would now no longer contemplate running our computers without anti-virus software, so web filtering and web security have become an everyday part of safe and stress-free web use.

CYAN Network Security helps reduce the costs for an essential part of the security landscape. With our unique per-user pricing strategy, we cut down your licensing fees, training time and administrative effort.

Read more

CYAN keeps IT costs predictable.

CYAN helps reduce your security costs – both immediately and over the long run.

Do you get frustrated by major version upgrades which render your appliance machines insufficiently powerful to run the latest software, forcing you to invest in new hardware?

We have the solution.

Small is beautiful

CYAN Secure Web has a small memory footprint and its regular updates make no extra demands on the underlying hardware requirements. Which means you get to keep existing hardware and run it for longer.

And as the specifications for eventual hardware replacements are kept to a minimum, when the time finally comes, future machine upgrades won’t blow your budget.

Together with CYAN’s fixed per-user pricing strategy, you can be confident that there’ll be no nasty surprises along the way.

Read more

Unbeatable TCO

Why put up with the status quo if you can get more for less?

CYAN Network Security helps reduce the costs for an essential part of your security landscape. You get to spend less on licensing and training, and reduce the need for experienced personnel and administrative input. And all while increasing your security levels and enjoying scalability and flexibility.

As the CEO of Compass Group says, "CYAN is kindest to my budget; no hidden costs & transparent pricing."

Upgrade / Enhancement cost

Investing in CYAN now means saving costs over the long term.

Gone are the days when major version upgrades would render your appliance machines insufficiently powerful to run the latest software: CYAN Secure Web has a small memory footprint and its regular updates make no extra demands on the underlying hardware requirements. Which means you get to keep existing hardware and run it for longer.

And as specifications for eventual hardware replacements are kept to a minimum, when the time finally comes, future machine upgrades won’t blow your budget.

Operating costs

Cost of managing hardware load balancers: 0
Cost of operating a cluster system: A few minutes
Cost of understanding the rule set (analysis): 0
Cost of adding exceptions or new policies: –80%
Cost of training new employees: –80%
Cost of ongoing training / training on new versions: –50%

CYAN - keeping your IT costs predictable
Read more

You have an open policy …

and don’t think web filtering is necessary? Did you know that 50% of malware is found on porn and gambling & lottery sites?

How restrictive your Internet access policy will be depends on factors such as your company culture and scope of business, as well as security considerations. However, even if you have an open policy and allow employees free access to everything on the web, there are strong reasons for not being 100% open.

IBM Trend & Risk reports show that pornography and gambling & lottery sites are the source of almost 50% of malicious code. Stopping employees from accessing these sites not only raises productivity, it also significantly reduces the risk of inadvertently stumbling into danger, for example with drive-by-downloads.

Assuming that online games & gambling, or networking and chatting in Web 2.0 portals has no direct connection to your business, our modern web filter system gives you finely tuned controls, so you decide who can surf and where:
  • Block online games
  • Allow Facebook, but deny messaging and gaming
  • Limit video transmissions to preserve bandwidth for business-critical applications
CYAN – because security is always the best policy.
Read more

Is it all Web?

As soon as you unpack your new computer and hook it into your network it’ll immediately start looking online for updates and registrations. Our devices are very chatty these days.

Most modern applications include some call-home mechanism, but when it comes to our corporate networks, we want to be the ones who control the connections.

As today’s communication channels are pretty much restricted to the web protocol (http), vendors make their applications web-aware. Native protocols are wrapped into http because this is the communication method which is usually permitted – it’s the method used to access websites.

But is it all web? In terms of how we perceive the behaviour of the Internet, the answer is ‘yes’. But still we may wish to deny Live Messenger, iTunes, Internet radio with Real Player or Google Earth.

Next generation proxy servers

CYAN Secure Web digs into the data streams, profiling and identifying apps and giving you flexible control to implement your own access policy. By detecting applications regardless of channel (ports in a firewall) CYAN Secure Web is clearly a next generation proxy server.

CYAN – putting you in control.
Read more

Focus on garbage out

Is your priority to get rid of harmful content and prevent users from wasting company time with online games or private activities?

Then welcome to CYAN Secure Web:
  • Saves time for system administrators
  • Efficient to maintain and update
  • Gives you more time for business IT tasks
  • Contributes to overall network security
Our experience shows that many enterprises are looking for solutions which keep garbage out - just as a spam filter takes care of unsolicited or harmful mails, containing viruses, malware or phishing attacks.

In web terms, keeping garbage out means identifying and blocking websites which host bad and damaging content, and groups of sites which are of no relevance to your business.

CYAN – leaving you free to get on with business.
Read more

Safeguard your reputation

You’ve spent time and effort building up your company’s reputation.

But do you realize that others are drawing conclusions about your company based on what your employees are doing online?

We are increasingly transparent and visible online. Our activities, preferences and habits are tracked and analysed. You think social media is there to help us network? It’s there to collect valuable information which is sold for marketing purposes!

CYAN Secure Web puts you back in control. You determine how your company is seen to the online world.

CYAN – because your reputation is valuable.

Read more


Next in Content Control

CYAN Secure Web accounts for the control of applications, Web 2.0 portals and analyzing data streams for viruses already in the initial architectural design.

The developers, who are industry experts that started one of the first proxy servers of the market, reinvented the wheel, starting over in 2006 on the drawing board, facing the latest Internet technologies and threats.

CYAN Secure Web is the most modern implementation of a fully-fledged proxy server. The proven technology is being used by enterprises ranging from 25 to 25000 employees, and even convinced telco operators of its quality and performance.

Read more

Robust by design

The availability of the Web is a business critical issue also for your company. Latest information drives your today´s business.
At the same time availability of B2B applications is key to the daily work flow.

Having learned what it takes to create a carrier grade product which also scale easily using load balancing solutions, the engineering team of CYAN searched for an approach to make clustering available also to small enterprises.

It was most important that no extra knowledge is required in order to setup and operate multiple nodes in a homogenous cluster. At the same time the solution shall be priced so also small companies can effort to buy technology, which used to be reserved for large enterprises.

Read more

Care about your money?

Clever sysadmins also care about business while being in love with the latest technology.

Why would you, as a system administrator, care about money? Because your tighter and tighter budget must account for the required investments. An increasing number of services must be handled with the same money and people.

The arbitrary selection of the virtual or the also inexpensive hardware appliances protects the investments for a long time. Cost for the hardware is a small, and cost system upgrades (if necessary after several years of usage) are low, supporting a long-term product life cycle and releasing resources for other necessary investments.
Read more

Is your company flat like a table?

Legacy, rule-based, access control systems are represented as lists of grants and revokes. A flat table, however, has nothing in common with the structure of a company.

CYAN Networks is the only network security provider to offer an alternative. CYAN's access control system is designed around the principle of simplicity. A tree structure that works with inheritance supports the nature of a company with departments and people.

What is a profile?

Every user is subject to a range of access rights, such as the categories of web content, applications to be used or if virus scanning shall be applied. Add up all these policies and lump them together under a single reference name. That's a profile.

The nature of a company

Profiles arranged in a tree structure allow to map the organic structure and hierarchie of a company directly into the access control setup. And like with a company the rights can be inherited from top to bottom.

Read more

Easy Profiles

Have you ever had to change all your access policies as a result of a change in company policy? Or needed to search through your policies because someone moved to a new department, placing them under a new set of rules?

That's where CYAN Secure Web with its unique profile-based access control comes into its own. The joy of CYAN Secure Web is its efficient design and ease of use, making profile changes quick and simple.

What is a profile?

Every user is subject to a range of access rights, such as the categories of web content allowed, their virus scanning status or even which online banking sites are regarded as private. Add up all these policies and lump them together under a single reference name. That's a profile.

The joys of profile-based access

Now let's assume you have an access policy which is consistent throughout your company. With a standard rule-based access control system, when this policy changes you're faced with changing the settings for every single user profile individually. A huge task.

CYAN Secure Web, however, with its profile-based access, makes company-wide changes a cakewalk. Secure Web locates each profile within in a hierarchical structure – the profile tree. That means each profile has one parent (superordinate) profile and a number of child (subordinate) profiles. This is where benefits of CYAN's inheritance come into play.

By default, all policy settings are set to "inherit", which can be translated as "use the setting from your parent profile". So if you set company policy in the root profile, all profiles will inherit the setting by default. Make a change at a single point in the hierarchy, and all its subordinate profiles will use the updated setting. This removes the need to change each profile individually. And where you need a different policy setting for a specific user, then simply change the value of the setting in the user's profile from "inherit" to the desired value.

Access controls reflect company structure

These inherited hierarchies make it easy to mirror your company's structure. Use "department profiles" for the different policy needs of your departments, and then fine-tune them for individual users with child profiles subordinate to the department profile. Every profile set to "inherit" throughout the profile tree can be changed at a single point.

Now we've discussed profiles, inheritance and the hierarchical structure. But how do you assign a profile to a user?

Assigning profiles at a click

The profile itself is an independent entity. By default it is not linked to a specific user. You can connect a profile to a single user, a group of users or an IP address. You can also use it for more than one user or group.

So let's assume Mr X at company ABC moves department and needs to be governed by a new set of access policies.<br>All we need to do is move Mr X's profile link to his new department profile. His user profile automatically inherits the department level settings, whilst retaining any exceptions to company policy which might have been specified at user level. It's that simple.
Read more

Computers never fail ...

Did you ever wish that the computer systems that are necessary to do your job never fail?

I presume that all of us do have similar demands on computers. Our experience with computers, however, is contrary.

The good news is that computers systems can be built to be fault tolerant, absorbing breakdowns and providing a continuous working experience to the end user. The concept of making a computer system “high available” takes into account that something will fail and creates countermeasures in order to avoid total stalling of the service that has to be provided, or as Wikipedia puts it “High availability is a system design protocol and associated implementation that ensures a certain degree of operational continuity during a given measurement period.”

What does it take?

Having said that we are sure that something will fail, the logical conclusion is that if we have the same thing available a second time, we can continue using this instead of the broken system. Furthermore HA requires that, in the case of a fault of the primary system (the master), the secondary system (the slave) takes over the job automatically and continues to fulfill the work with a minimum or even no downtime at all.

Systems that are designed in the above mentioned way of having a master that is working and a slave that will take over on fault of the master (the so-called fail-over) are described as active/passive – i.e. the master is working (active) and the slave is waiting (passive) for the master to fail. The slave has to be identical to the master and has to be kept identical, i.e. all data has to be available to the slave in the same state as to the master at the time the master fails – the slave has to mirror the master.

What we do

CYAN Secure Web is designed to easily connect multiple machines into a cluster system. A Secure Web cluster, however, gives you even more potential:
  • High Availability: two machines build a high-availability cluster
  • Load Balancing: the machines are active/active and share the load
  • Scalability: the cluster can be extended to any number of nodes to share the load (max. 254)
Read more

The Next Generation Proxy Server

Today it is not only relevant where users are going. Applications are becoming increasingly chatty.
Are you aware which applications are being used in the network?

In our corporate networks we would like to have control over the connections made. Firewalls usually lock down direct access, so vendors make their applications HTTP aware, packing their native protocols into streams that are allowed because 80 (http) and 443 (https) are made available in most networks.

The detection and identification of applications is nowadays subsumed as "Next Generation". CYAN Secure Web was built from ground up to dig deep into the http(s) stream in order to become aware of the actual application transported.

What is even more important is that the management is made fairly easy. Applications are combined into application groups, giving you the power to apply controls on a semantic classes like "Audio/Vido information" or "Messaging". This makes it quick and easy to block a certain topic. Certainly exclusions for specific applications can be made easily as well.

Read more


CYAN Site Watch is an Add-On to Secure Web to defence against Phishing and similar attacks. CYAN Network Security created Site Watch as a link between the URL categorization and the Anti-Virus Add-On. An Add-On that has been optimized for these kinds of threats.

  • the Site Watch Add-On focuses on websites which aim at being clearly fake
  • the Anti-threat database is updated on a 4-hourly basis and automatically retrieved from the installations
  • in " imminent danger ", updates can be released immediately
  • the URLs of Phishing attacks often only" live " a few hours
  • Phishing attacks mostly use deep links in websites
  • the Site Watch Add-On blocks the Phishing URLs hard (no soft Use Policy)
  • 30 Categories
  • millions of domains, billions of URLs analyzed
  • daily updates
  • focus on garbage out

Secure Web includes a database organized into categories of similarly-themed websites. Activate one or more categories according to your needs: for a specific user, defined user groups or individual IP addresses.

User can no longer access the websites which are not relevant to your business. This helps your company to stay productive.

In cooperation with its partner IBM, CYAN Network Security has launched its product Secure Web with the IBM Security Content Analysis SDK. You may choose between CYAN’s categorization database Secure List or the IBM content database.

The categorization database is updated daily and downloaded automatically to your installation. So, your system is always up-to-date.
Nearly every modern application incorporates Web technologies to "talk" to the Internet. But most firewalls allow access only for HTTP and HTTPS protocols. So, applications "wrap" themselves in HTTP to be accepted by your firewall. There´s only one problem: firewalls and standard proxy servers don´t know what´s actually being transferred inside the HTTP "wrapper".

Application Blocking helps you uncover the real data, and the danger that can come with it. It analyses Internet requests in various ways to detect embedded protocols, types of data transported and other typical traffic characteristics. Then, it builds a profile of the application and its purpose. So that you can "see" what is really inside an application.

Just like with Secure List, you can permit or refuse an application as you like: for a specific user, defined user groups or individual IP addresses.
Web sites have changed during the last decade. At the beginning, the Web was mostly static content that has been served from a web server. A web formular for feedback or contact was considered high-end dynamic content.

But the web has changed. There was an evolution to content not created by web designers, but by users. You and me. The Web 2.0 was born.

Today, Web 2.0 sites like Facebook, Twitter or YouTube are among the top-20 high traffic sites in the world. They all shared one principle - give the users a framework and let them create their content. Chats, photogalleries, video blogs and all kinds of games have been born and can be freely linked, liked and tweeted to anyone who is interested.

Companies are going with the trend and have been setting up their representation on these sites as well. Blocking access to Web 2.0 sites for your employees is no longer an option. So what can you do?

We´ve choosen to follow our principles and "dig deeper". We allow you to control access to Web 2.0 on a very low level. Be it messaging, relation management or playing games, you have the power to either allow or deny specific actions on Web 2.0 sites for your users. And we constantly update the ruleset for you to keep up with the pace of todays web - which became pretty fast!
Secure Web gives you in-depth coverage, complementing your client anti-virus software. Our protection starts at the gateway, where we scan incoming data to prevent infected files from entering your network domain. We have tightly integrated anti-virus scanners from ESET and Avira into Secure Web, so your administrative tasks are minimal. All you have to do is decide which scan engine to use.

And, to block viruses, Trojan horses, worms and other malicious code hidden in encrypted data, Secure Web first breaks up the data, then applies its filters to the clear text stream. Of course, we make the clear text available only in your proxy server memory. That means that the data is still encrypted when transferred to your network.

Together these features give you better system performance and stability. And peace of mind.
SSL ensures that your communication channel is secure when you transfer data. But, your systems may not be safe, because a classic firewall is "blind" to content in encrypted connections.

Even when the system displays user warnings about invalid security certificates, most people simply click "Continue" when they see these browser popups. Something we call "click-thru syndrome." Which means that undesirable data can be entering your network.

Secure Web helps remove the danger caused by "click-thru syndrome." It gives you the power to control the policy and access in handling certificate validation failure. It intercepts encrypted connections to reveal the traffic inside the proxy in clear text. Then, it applies all filters, including anti virus scanning, without losing the security of transport link encryption.

When you activate Secure Web SSL Interception, your security solution can "see" clearly.
Reporting System is our database analysis tool that lets you know what‘s going on in your system. You can direct the Internet traffic logs of all your Secure Web installations into one central database, then use Reporting System to compile quick, comparison and summary reports.

And, knowledge is power. Reports show you the results of your efforts and of your investment in Secure Web. Reports give you a comprehensive insight into your system. Reports help you evaluate the effectiveness of your security solution, so you can make adjustments, as necessary, to keep your network safe.
The Internet has become an indispensable part of our business life. As the vendor of a proxy server it is obligatory for us to offer a solution that supports high availability. We do not appreciate something that is idle and passively waiting, hence load balancing is a must for this solution.

A common believe is that computers never fail. Thats true, if you chose to make your systems failsafe! We give you the power to build high available and load balanced proxy environments with a single click on the web interface. No extra costs, no fine-prints on the contract, no hurdles.

Two or more machines can be combined to a cluster which is, however, visible as a single service gateway to the users. And still your environment can be administrated through a single web interface. This puts a firm protection on your investment making it easy to operate, maintain and particularly easy to scale the cluster with the changing future. Start with one machine if HA is not an issue today, and add a second machine in the case HA becomes an issue. In the case of increased bandwidth and/or expansion in the number of users, add yet another machine to the cluster and you are done.
Streaming media and Web 2.0 are bandwidth monsters. We´ve seen a lot of customers having bandwidth utilization problems with their Internet backbones as a result of these. And their business critical application suffer from this as well. Many choose to just block access to resource hungry sites at all.

But wait, there is a solution to this problem. We´ve made it easy to restrict bandwidth utilization for web sites or application to a reasonable level. With a click in the UI, you can set limits of the available up- and downstream bandwidth.

We´ve made it easy for you to decide which traffic should be restricted. You may choose the traffic limits on a per category, application and target host basis for all of your users, groups or IPs. And with this, you can keep YouTube in check and don´t have to block it off completely.
Most proxy solutions are forward-only. They allow your clients to access the Web from within your company network. But what about your clients, when on the road or in home office, that need to access that specific document on your SharePoint server or need to check their mail in Outlook Web Access?

We´vecovered this with help of the Reverse Proxy module. Simply publish your internal web applications, that reside either in your DMZ or in your internal network, to the public with the same high-performance proxy technology. You have control, from a single point of configuration for all your web traffic.
Central Management is all about operating a large scale environment of Secure Web from a single point of contact. We´ve designed the product from grounds-up with these scenarios in mind, so there is almost no environment we can not serve.

The entry level are multiple proxy servers in a cluster system, where two or more machines are interconnected while still using an easy management interface. All interconnected machines are accessible via one single IP address (service IP), and all machines in a cluster are active/active, so there is no need for an additional load balancer. High-availability as well as load-balancing is automatic.

Higher level scenarios cover the area of distributed proxy instances, where single proxy systems are interconnected to a central configuration system. Similar to the cluster mode, the proxy instances receive the identical configuration, i.e. all instances are operated with the same configuration information.

In the future, we will also supply the third stage of central management, in case when the web interface visualizes different proxy instances that are working 100% independently from each other but can be managed from one single web interface.
The administration of Secure Web is done using your favorite web browser. Utilizing latest AJAX technology, the interface provides an expierence usually found in a desktop application. You don´t have to install a fat client that relies on a specific operating system but rather can choose the browser and operating system of your choice to administrate all of the Secure Web product.

The web interface is the single point of contact with the Secure Web product. All of the configuration, administration and maintenance work can be made from within your web browser. From managing a small virtual on-premise solution to maintaining a multi-cluster, central managed environment, everything can be done with use of latest web technologies.
Product upgrades often ask the customer to replace their hardware, re-install the software from CD or, in the worst case, a new version requires the customer to buy a new license.

We´ve chosen to make it easy for you.

Upgrades can be done at any time, on any platform, with a single click in the web interface. All you need is a valid Secure Web license.

Our decision to ship all our appliances with Ubuntu Linux makes it easy for us to fullfil this promise. We operate our own Ubuntu mirror and only release packages to the public that have been proven stable in our QA labs.

The Secure Web software follows the same ideas. Software releases are distributed through our Ubuntu package repositories and made available for all customers to upgrade.

So no hardware replacement, no re-installation of operating system or software, no costs of a new license. As easy as possible.