Introduction

Qpoint is a universal security and operations platform for egress HTTP/S traffic. It offers endpoint discovery, real-time insights, identity-based security, and dynamic middleware injection.

How It Works

Qpoint is designed to optimize egress traffic management through a modular architecture that includes three main components: an outbound proxy with selective SSL termination, an eBPF probe, and a control plane. Each component can operate independently or be integrated to provide a comprehensive solution.

Qpoint Proxy

The proxy component of Qpoint acts as an intermediary for clients seeking resources from external servers. It has the capability to perform selective SSL/TLS termination per endpoint. This means that SSL/TLS traffic can be terminated at the proxy to allow for inspection and monitoring of encrypted traffic, then re-encrypted as it continues to its destination. This selective termination is vital for maintaining security while enabling deep packet inspection and data loss prevention functionalities.

Qpoint Tap

The eBPF (Extended Berkeley Packet Filter) probe gives you access to application traffic before it's encrypted without the need to manage certificates. It operates at the kernel level, allowing it to gather data out of band without significant overhead. The eBPF technology is highly efficient and flexible, ideal for real-time data collection and analysis in high-throughput environments.

Control Plane

The optional control plane serves as the central nervous system of Qpoint. The control plane provides a user interface for administrators to manage their fleet of Qpoint Proxies and Taps.

These components can be deployed independently depending on the specific needs of the network environment, or linked together to enhance Qpoint's capability to manage, monitor, and secure network traffic more effectively.

Why Qpoint?

Enhanced Observability

Qpoint provides tools to clearly identify which applications are communicating outside your network, continuously monitors traffic flows, and delivers real-time insights into third-party API usage. It offers detailed visibility into API token usage and accurately maps the sources and destinations of all requests involving personally identifiable information (PII), which is essential for data flow management and compliance with privacy regulations.

Zero Trust Security

Qpoint supports a zero trust security model by limiting access to external endpoints based on the identities of applications or services. This approach ensures that only verified and authorized entities can interact with sensitive external systems. Qpoint also includes features to remove PII and other sensitive data from outgoing requests, enhancing data security and reducing exposure to data breaches.

Operational Resilience

Qpoint improves operational resilience by providing insights into endpoint performance and the real-time detection of anomalies or operational issues. This proactive monitoring allows teams to address and mitigate potential rate limits before they result in throttling or affect production applications. Qpoint's ability to adapt dynamically to network changes ensures reliable operation and optimal performance.

Last updated