Question 1

How quickly does TR7 respond to security vulnerabilities?

Accepted Answer

TR7 maintains an average patch response time of less than 4 hours for critical vulnerabilities. Our security team works 24/7 to monitor emerging threats and deploy protective WAAP rules within hours of vulnerability disclosure, often before organizations become aware of new threats.

Question 2

How many CVEs does TR7 WAAP protect against?

Accepted Answer

TR7 WAAP actively protects against 500+ known CVEs including critical vulnerabilities like Log4Shell (CVE-2021-44228), Spring4Shell (CVE-2022-22965), and MOVEit Transfer (CVE-2023-34362). Our protection rules are automatically updated across all customer deployments.

Question 3

How can I report a security vulnerability to TR7?

Accepted Answer

TR7 welcomes responsible security disclosures. Send your findings to security@tr7.com with detailed technical information and proof of concept. We acknowledge all reports within 48 hours, follow a 90-day coordinated disclosure timeline, and recognize researchers in our Security Hall of Fame.

Question 4

What threat categories does TR7 IP Intelligence cover?

Accepted Answer

TR7 IP Intelligence covers 24 threat categories with over 100,000 blacklisted IPs updated daily. Categories include port scanning, hacking attempts, web application attacks, brute-force attacks, DDoS participation, phishing sources, bad web bots, and exploited hosts.

Question 5

Does TR7 WAAP protect against OWASP Top 10 vulnerabilities?

Accepted Answer

Yes, TR7 WAAP provides comprehensive protection against all OWASP Top 10 vulnerabilities with 71 advanced rule categories. This includes protection against SQL injection, XSS, command injection, SSRF, and emerging threats like AI/LLM prompt injection and GraphQL attacks.

Question 6

What is TR7's security certification level?

Accepted Answer

TR7 products are certified at EAL4+ (Common Criteria Evaluation Assurance Level 4 Augmented), demonstrating rigorous security testing and validation. Our 24/7 security operations center maintains continuous monitoring of global threat intelligence feeds.

Question 7

What services does TR7 Security Center offer?

Accepted Answer

TR7 Security Center delivers comprehensive security services: security advisories, CVE vulnerability disclosures, real-time threat protection status, and a responsible disclosure policy. The platform delivers enterprise security services including WAAP protection, threat intelligence, incident response, and vulnerability management. With 24/7 monitoring, EAL4+ certification, and an average patch time of less than 7 days, it protects businesses end-to-end.

Question 8

How does the automated update and patch deployment system work?

Accepted Answer

TR7's automated update system delivers three-stage deployment: online appliances receive updates automatically (within 24 hours), customers running manual updates with remote support are accommodated (within 72 hours), and air-gapped installations are served with on-site support (within 7 days). The system guarantees 100% customer coverage and zero service disruption. Critical patches are developed, tested, and released within 4 hours.

Question 9

How is protection against AI/LLM and modern threats delivered?

Accepted Answer

TR7 WAAP delivers AI/LLM Prompt Injection protection against ChatGPT/Claude jailbreaks and prompt manipulation. It also blocks GraphQL introspection abuse, nested query DoS, and batching attacks. The container escape prevention feature detects Docker/K8s breakout attempts, and supply-chain detection monitors dependency confusion and malicious package injection.

Question 10

How does the responsible disclosure process work?

Accepted Answer

TR7's responsible disclosure process consists of 5 steps: findings are sent to security@tr7.com with detailed technical information; an acknowledgement and tracking number are issued within 48 hours; the security team reviews the report and assesses severity; for confirmed vulnerabilities a fix is developed; and finally, after the patch is released, coordinated public disclosure is made with credit to the researcher. A 90-day coordinated disclosure window applies.

Question 11

How many WAAP rule-set categories are included and what threats do they cover?

Accepted Answer

TR7 WAAP includes 71 advanced rule categories and delivers comprehensive web application protection. Categories include SQL injection (with multi-encoding detection), XSS baseline, command injection (Unix/Windows), SSRF protection, file-upload security, JWT & API security, NoSQL protection (MongoDB, Redis, CouchDB), and zero-day heuristic analysis. All rules are updated automatically.

Question 12

What is the response time for critical vulnerabilities like Log4Shell and Spring4Shell?

Accepted Answer

TR7 delivers protection against critical vulnerabilities with comprehensive response times: protective rules go live in less than 2 hours for Log4Shell (CVE-2021-44228), less than 4 hours for Spring4Shell (CVE-2022-22965), less than 6 hours for HTTP/2 Rapid Reset, and less than 12 hours for the XZ Utils Backdoor. The average response time stays under 4 hours.

Question 13

How does the IP Intelligence system work?

Accepted Answer

TR7's IP Intelligence system holds more than 100,000 blacklisted IP addresses across 24 threat categories, refreshed daily. Categories include port scanning (28.8K), hacking (26.3K), web application attack (20.8K), brute force (18.1K), compromised host (16.5K), malicious bot (14K), DDoS (10.7K), phishing (4.3K), and SSH abuse (5.7K).

Question 14

What does the proactive security approach include?

Accepted Answer

TR7's proactive security approach has four core components: 24/7 security operations center for continuous threat monitoring and global threat-intelligence feed analysis; rapid incident response with 24-hour response and 7-day patch deployment for critical vulnerabilities; defense-in-depth architecture covering WAAP, DDoS protection, bot management, and access control; and a dedicated security research team that proactively hunts for vulnerabilities.

TR7 Security Center

Security Advisories

Privilege Escalation in Application Security Platform

Incident Response Timeline

Vulnerability Reported

Patch Released

Online Customers Updated

Remote Assistance

100% Coverage Achieved

Update Delivery Methods

Automatic Update

Remote Assistance

On-Site Support

Real-Time Threat Protection

Active Protection Categories

IP Intelligence

WAAP Rule Sets

Proactive Security Approach

Continuous Threat Monitoring

Rapid Incident Response

Defense in Depth

Security Research Team

Responsible Disclosure Policy

Report a Vulnerability

Disclosure Process

Report

Acknowledge

Investigate

Remediate

Disclose