Skip to main content

Concepts

GKTinc provides two dissuasion levels: Basic Dissuasion and Enhanced Dissuasion.
This section introduces the core concepts used in Enhanced Dissuasion, where protection behavior is configurable through policies and protection groups.

Basic vs Enhanced

Basic Dissuasion

Basic Dissuasion is the entry-level mode. It does not require configuration and is primarily oriented to visibility and monitoring, providing dashboards for activity observation.

Enhanced Dissuasion

Enhanced Dissuasion is the configurable mode. It allows administrators to define risk tolerance and security restrictions through protection groups and policies.

Protection Groups

A Protection Group represents a protected target system (for example, a website or application).
In practice, it is recommended to create one protection group per system/site.

Each Protection Group defines:

  • Which policy will be applied to evaluate access risk
  • Optional GeoFirewall restrictions for the protected target
  • The deployment configuration required to integrate the protection into the application

Protection Groups are the main unit used to manage and deploy Enhanced Dissuasion.

Group Policies (Risk Policy)

A Group Policy defines the risk threshold accepted by the protected application.

Currently, a policy includes a single parameter:

Access Max Score (0–100)

The Access Max Score determines the maximum risk score allowed for access:

  • 0: most restrictive (deny anything that indicates risk)
  • 100: least restrictive (accept any risk score)

When a request is evaluated, the risk score is compared against the configured threshold:

  • If score ≤ Access Max Score → access is allowed
  • If score > Access Max Score → access is denied

Policies are reusable and can be applied to multiple protection groups.

GeoFirewall (Geographic Restrictions)

Each Protection Group may optionally enforce geographic restrictions through GeoFirewall.

GeoFirewall allows administrators to define:

  • Allowed countries only (allowlist mode), or
  • Blocked countries (denylist mode)

This feature is applied at the protection group level and is intended to mitigate unwanted traffic patterns and regional abuse.