● Zero-Trust Enabled

🛡️ Sentinel Security

Enterprise-grade threat detection, WAF, and zero-trust network access built directly into your cloud infrastructure. Protect without compromising performance.

Deploy Sentinel View API Docs

0.4ms

Added Latency

99.99%

Detection Rate

24/7

Threat Intel

$ cnx sentinel status --region us-east-1

✓ WAF Rules Active: 1,247

✓ DDoS Mitigation: ON (2.4 Tbps capacity)

⚠ Rate Limit Triggered: ip: 203.0.113.42

✓ Zero-Trust Policies: 14 enforced

$ _

Core Security Capabilities

Comprehensive protection layers designed for modern cloud-native architectures.

🛡️

Next-Gen WAF

Customizable rule sets with OWASP Top 10 coverage, bot management, and AI-powered anomaly detection.

🌐

DDoS Mitigation

Always-on volumetric and application-layer protection with automatic scrubbing under attack.

🔑

Zero-Trust Access

Identity-aware proxy with MFA, device posture checks, and least-privilege network segmentation.

📊

Threat Intelligence

Real-time feeds from 50+ global sources with automated IOC blocking and behavioral analysis.

🔍

Runtime Protection

Container and workload security with eBPF-based monitoring, vulnerability scanning, and policy enforcement.

📜

Compliance Automation

Continuous control mapping, audit logging, and one-click report generation for SOC2, ISO 27001, and HIPAA.

How Sentinel Works

Inline security that inspects traffic at the network edge before it reaches your workloads.

Client Request

→

Sentinel Edge

→

Load Balancer

→

App/DB

1. Ingest & Classify

Requests are parsed at Layer 7. SSL termination occurs at the edge for full payload inspection.

2. Threat Evaluation

WAF rules, threat intel feeds, and behavioral models evaluate traffic in parallel.

3. Zero-Trust Verify

Identity, device health, and access policies are validated before forwarding.

4. Forward or Block

Clean traffic is routed to your infrastructure. Malicious requests are dropped or challenged.

Compliance & Certifications

Built to meet strict regulatory requirements out of the box.

🔒

SOC 2 Type II

Independently audited controls for security, availability, and confidentiality.

Certified

🌍

ISO 27001:2022

Information security management system aligned with international standards.

Certified

🏥

HIPAA & GDPR

Data handling, encryption, and audit trails configured for healthcare and EU compliance.

Ready

💳

PCI DSS v4.0

Payment card data protection with tokenization, network segmentation, and logging.

Validated

Integration & API

Programmatic control over every security policy, rule, and alert.

# Enable WAF protection for a specific origin
curl -X POST https://api.cloudnexus.io/v1/sentinel/rules \
  -H "Authorization: Bearer $CNX_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "block-sql-injection",
    "action": "block",
    "conditions": [
      { "type": "request.uri", "operator": "contains", "value": "union select" }
    ],
    "priority": 1,
    "enabled": true
  }'
                        

GET/v1/sentinel/threatsFetch active threats

POST/v1/sentinel/rulesCreate WAF rule

PUT/v1/sentinel/policiesUpdate ZTNA policy

GET/v1/sentinel/auditExport audit logs

Native Integrations

Connect Sentinel with your existing security stack using pre-built connectors and webhooks.

✓ SIEM (Splunk, Datadog, ELK)
✓ CI/CD (GitHub Actions, GitLab, Jenkins)
✓ Identity Providers (Okta, Auth0, Azure AD)
✓ Cloud Providers (AWS, GCP, Azure)

Security Plans

Scale protection based on your threat landscape and compliance needs.

Essential

Baseline protection for startups

$49

/month + usage

✓ Standard WAF Rules

✓ Basic DDoS Protection

✓ Email Alerts

✓ 30-Day Log Retention

Choose Essential

Advanced

For production workloads

$199

/month + usage

✓ Custom WAF & Bot Management

✓ Advanced DDoS Scrubbing

✓ Zero-Trust Access (ZTNA)

✓ SIEM Integrations

✓ 90-Day Log Retention

Choose Advanced

Enterprise

Maximum security & compliance

Custom

volume pricing

✓ Everything in Advanced

✓ Dedicated Security Engineer

✓ Custom Compliance Reports

✓ On-Prem/VPC Deployment

✓ Unlimited Log Retention

Contact Sales

Frequently Asked Questions

Technical and operational questions about Sentinel Security.

How much latency does Sentinel add?

Sentinel adds an average of 0.4ms per request due to edge-based inspection and optimized rule engines. SSL termination and caching can actually reduce overall load times.

Can I customize WAF rules without waiting for support?

Yes. The dashboard and REST API allow real-time rule creation, testing, and deployment. You can use regex, IP reputation, rate limiting, and custom JSON payloads.

How does Zero-Trust Access work with existing SSO?

Sentinel integrates with SAML 2.0 and OIDC providers. It evaluates identity tokens, device posture, and contextual signals before granting network access, regardless of your SSO setup.

What happens during a massive DDoS attack?

Traffic is automatically routed to scrubbing centers. Malicious packets are filtered at the network edge while legitimate traffic continues to your infrastructure. No downtime expected.