Skip to main content
Follow these recommendations to get the most out of Osto and keep your security posture strong.

Websites & SSL

  • Keep certificates valid: Use unexpired SSL certificates and renew them ahead of time. Osto can auto-generate and renew certificates for you, or you can upload your own.
  • Use a low DNS TTL during changes: Set your DNS record’s TTL to 600 seconds or lower before making changes so updates propagate quickly with minimal downtime.
  • Start in Detect, then move to Prevent: Run a new website in Detect Mode first to observe traffic without blocking, then switch to Prevent Mode once you’re confident legitimate traffic isn’t affected.
  • Tune the Advanced policy: Review the protections in your Website Protection Advanced policy (URL Protection, Parameter Protection, Data Theft Protection, Cookie Security, and rate/request limits) so coverage matches your application.

Endpoint user policies

  • Principle of least privilege: Put users in groups and grant the minimum access each role needs.
  • Review regularly: Periodically revisit Device Control, App Control, Domain Filtering, and DLP policies so they stay aligned with current needs.
  • Update as roles change: Revise policies when roles change or new apps are introduced to avoid stale or overly permissive rules.

Secure server access

  • Allow Osto connectivity: Make sure server firewalls permit the connections Osto needs for seamless access.
  • Enable MFA: Keep multi-factor authentication on for secure-server access.
  • Review session logs: Check Logs → Secure Server Logs for unauthorized or anomalous access.

Threat protection

  • Set realistic rate limits: Configure strict-but-realistic rate limiting on sites and APIs to blunt brute-force and volumetric attacks.
  • Keep bot & DDoS mitigation on: Leave Bot Mitigation and DDoS Protection enabled and review them as attack patterns evolve.
  • Watch for anomalies: Use the dashboard and Logs to monitor unusual activity and act before it escalates.

Scan and secure proactively

  • Scan before you ship: Run the Web Scanner on your sites and the App Scanner on mobile builds, and connect a Git provider to SAST (Code Security) to catch vulnerabilities, dependency issues, and secrets early.
  • Connect your cloud: Add your AWS, Azure, or GCP accounts under Cloud Security for continuous posture findings.
  • Stay audit-ready: Use Compliance → AutoComply to generate policies, track controls, and assign security awareness training.
See the How-to Guides for step-by-step walkthroughs of each area referenced above.