Core Concepts

Assets

Assets are your organization’s critical digital resources that require protection. Osto categorizes them as follows:

• Web Applications: Internal or public-facing applications that must be defended against online threats.

• Users: Employees, administrators, or external stakeholders who require secure access to your systems.

• Servers: The core infrastructure that hosts your data, services, and applications.

• APIs: Application Programming Interfaces that are automatically discovered and secured to protect critical app-to-app communication.

Objects

Objects are reusable configurations that streamline the management of your security policies. They allow you to define a setting once and apply it across multiple rules.

• Ports: Define how network traffic is permitted to move across your infrastructure (e.g., Port 22 for SSH, Port 443 for HTTPS).

• URLs: Specify web addresses and paths to control access to specific online content.

• Applications: Define and protect the software tools and services your organization relies on.

• Devices: Secure all endpoints across your workforce, from company laptops to IoT devices.

Policies

Policies are the sets of rules that enforce your security strategy across the entire ecosystem.

• Website Security: A collection of rules designed to block malware, prevent Distributed Denial-of-Service (DDoS) attacks, and mitigate common vulnerabilities like the OWASP Top 10.

• User Access Controls: Rules that enforce identity verification, role-based permissions, and Zero Trust principles for users accessing resources.

• Server Protection: Policies that restrict access to sensitive server environments through validated, time-bound workflows.