.png)
Underscore’s Safe Internet Access (SIA) provides a cost-effective, non-intrusive, and scalable solution that enables service providers to enforce internet use policies with precision and speed.
Advanced Protocol Visibility &
Control
L3–L7 inspection across HTTP, HTTPS, SSH, Telnet, and email protocols with customizable policy enforcement.
Passive
Tap Mode
Deployment
"Deployed out-of-band using mirrored traffic, SIA enforces policies without changes to routing, firewalls, or infrastructure—ensuring zero latency or downtime."
High-Speed, Asymmetric Routing Support
Supports up to 40 Gbps traffic and supports asymmetric routing, ensuring consistent filtering across complex networks.
Block What You Must.
Maintain What You Trust.
Enhanced Resilience Proactively stops attacks, even against the most secure communications such as ECH, QUIC, DoH, DoT, and ODoH.
Selective Application Prevention Allows granular control, such as restricting messaging apps during critical periods without imposing a complete internet ban.
Regulatory Compliance Helps meet industry and regulatory guidelines with precise policy enforcement and reporting.
Data Sovereignty Assurance Blocks data transfers to or from entities owned by foreign or hostile entities, safeguarding sensitive assets.
Policy Management
-
One-Click Policy Delivery to Multiple Devices
-
Rule and Blocklist Updates Without Service Interruptions.
-
Support for Huge Blocklists
Underscore Safe Internet Access meet stringent regulatory requirements without compromising on performance, network integrity, or uptime.
Drop/Close Connections in Inline Mode
Enforces blocking policies in real-time, ensuring malicious traffic is stopped in inline deployment mode.
Layer 2 (L2) Failover Support
Maintains high availability and redundancy at the data link layer, ensuring continuous operations even in the event of hardware or link failures
Protocol support
-
Naming Services: DNS, DNS over HTTPS (DoH), etc.
-
Web Traffic: HTTPS, SSL/TLS, QUIC
-
File Transfer Protocols: FTP, TFTP, FTPS
-
File Sharing Platforms: Dropbox, Google Drive, Microsoft Office 365
-
Remote Access: SSH, Telnet, AnyDesk, etc
-
Meeting Platforms: Teams, Zoom, Zoho, Google Meet, WebEx
-
Chat and OTT Services: WhatsApp, LinkedIn, Facebook, Telegram, Signal, Gaming Chats, QQ, Ku
​Single Response Interface to Terminate Offending Communications
Utilizes a unified response mechanism to promptly terminate malicious or unauthorized connections, enhancing operational efficiency.
Single-Arm Mode for Multiple Networks
Enables seamless traffic monitoring across multiple networks using a single system, ensuring broad visibility with minimal deployment complexity.
Use Cases
URL Filtering
-
Enforce category-based or, threat-intel correlated preventive policies for HTTP, HTTPS, and QUIC protocols.
-
Works in both – Single-Arm (HTTP and HTTPS) and, Inline mode.
-
Request/Response based preventive policies for Web traffic over HTTP protocol.
Prevent Data Theft
-
Block access to file-sharing protocols and applications from sensitive segments.
-
DPI (Deep Packet Inspection), FQDN, and IP lists tuned & curated to address data privacy and performance concerns.
Volumetric Attack Management
-
Use correlation and threshold analysis to detect and mitigate volumetric attacks by dropping malicious communications based on traffic patterns.
Application Outage Prevention
-
Detect and prevent exploitation of protocol weaknesses, such as deliberately exhausting server resources by delaying SYN-ACK responses after server ACK.
Command and Control (C2) Disruption
-
Block hosts attempting to connect to blocklisted C2 infrastructure, ensuring proactive threat containment.
IP Intelligence Integration
-
Utilize IP intelligence to drop targeted communication, such as blocking all mobile traffic during critical operations.