Break Through
Traditional Perimeters
And Experience A New
Firewall Paradigm

Still Relying On
Traditional Network Firewalls
In This New IoT Era?

Avnos Decentralised Software-Defined Firewall (DSDF) redefines existing perimeter defense technologies, breaking through traditional perimeters, and extending defense globally.

Avnos DSDF Policies are local to devices, providing always-on protection for devices wherever they are - internal network or on the public internet.

Decentralised Software-Defined Firewall (DSDF)

Avnos DSDF Perimeter Engine

Manage all authorised and unauthorised communications directly from the host with full visibility to all traffic connections. Perimeter Engine forms the core foundation of Avnos DSDF, receiving cloud-delivered host-based traffic configurations regardless of the host location - internal network or on the public internet.

Traffic Control

Taking whitelisting a step further with traffic control. Full visibility and control over all traffic connections from applications and processes. Terminate unauthorized or malicious connections and blocks off multi-stage malware attacks in real-time.

Network Traffic Analytics

Full visibility to north-south and east-west traffic. Leverages network communications as the foundational data source for detecting and investigating security threats and anomalous or malicious behaviors within the network.

Global Automation Policies

Protecting devices against the fastest growing threat vectors – fileless, scripts, document-based and exploit attacks. Automatically apply global policies to protect commonly exploited applications from launching 2nd stage malware attacks.

Network Isolation

Remotely isolate infected devices from the network without having to disable internet connectivity. Disable all network connections from infected devices, whilst keeping Avnos' connection to the device alive - allowing remediation and investigations to be carried out remotely.

Avnos DSDF
Apps Engine

Full visibility and control over authorised and
unauthorised application executions directly from
the host. Apps Engine provides local and global reputation
intelligence on applications, ensuring reliable and
scalable protection against zero-day and targeted attacks.

Most Comprehensive
Whitelisting Platform
In The Market

Avnos DSDF Defense Engine

Protect against latest infections and targeted attacks with up-to-date global threat intel. Defense Engine, working together with the other engines, acts as the last line of defense against targeted attacks. Leverage signature and signature-less technologies to minimize the attack surface significantly.

Global Threat Intelligence

Get up-to-date protection against latest attacks and infections with Avnos global threat intelligence information. Prevent known attacks and infections from executing on the devices.

Real-Time Signature-less Anti-Ransomware

Future-proof your protection against ransomware with Avnos signature-less anti-ransomware technology. Proprietary runtime behavioural analysis technology detects and blocks ransomware encryption in real-time.

Vulnerabilities Visibility

Understand your security posture by identifying and prioritizing risks across the organisation. Discover vulnerabilities without compromising on performance as you would with traditional scanners.

Minimizing The Attack Surface

Minimize the attack surface with a combination of whitelisting and behavioral-based
technologies. Taking whitelisting to the next level with Avnos traffic whitelisting.

Whitelisting Applications

Minimize the attack surface against unknown zero-day malware. Preventing execution of unauthorised applications.

Whitelisting Traffic

Minimize the attack surface against exploits, scripts and documents-based attacks. Effectively preventing downloads of 2nd stage payloads.

Global Threat-Intelligence

Accurate and up-to-date threat intelligence on newly detected infections. Reducing response time by effectively detecting and blocking malicious threat actors across your organisation.


Non-signature behavioral based engine. Stopping known and unknown ransomware encryption in real-time.

Avnos Cloud Local Area Network (C-LAN)

A robust and decentralised architecture built upon globally distributed Points of Presence (PoPs). Avnos C-LAN decentralised architecture provides much higher levels of scalability and redundancy, and reduces the risk of catastrophic failures significantly. Unlike traditional centralised cloud solutions, Avnos C-LAN ensures optimal last mile connections between DSDF devices and C-LAN PoPs globally. DSDF devices and C-LAN PoPs continuously monitors latencies and connectivity, promising best-possible performance for all connected devices, wherever they are.

Decentralized architecture provides compartmentalisation of risks

Avnos C-LAN decentralised architecture provides services to connected devices in isolation. When a decentralised C-LAN PoP suffers from an outage and is forced to go offline, the remaining cloud PoPs take over as the connecting point for the affected PoP's connected devices. This robust network design provides an inherent failsafe ability that increases the stability of the overall C-LAN infrastructure. In essence, C-LAN decentralised architecture ensures heightened security to core functionalities, whilst traditional centralised architectures connect functionalities within the same hub - leading to catastrophic failures when that single hub goes offline.

Distributed firewall architecture necessary to scale up the performance of firewalling services

Traditional network firewall architecture pushes network traffic through a single 'choke point' - the firewall itself. As a result, there is a tendency for firewall rulesets protecting growing number of hosts to become very complex over time. And in order to inspect encrypted traffic, the firewall has to terminate or proxy encrypted traffic that traverses through it. Avnos distributed software-defined firewall architecture solves the above by emphasizing the security of individual hosts, with each host responsible for filtering the traffic that it individually sends and receives.

While a centralised firewall architecture today can scale to handle higher throughputs, this will always be limited to hardware investments. Avnos distributed software-defined firewall architecture, on the other hand, can scale to unlimited bandwidth without having complex considerations around hardware investments and throughput calculations. Avnos distributed software-defined firewall architecture also automatically enables cloud-delivered host-based configuration management - policies are local to all devices, providing always-on protection wherever the devices are - a necessity in today's IoT era.