WebOrion® / WebOrion® Restorer

WebOrion® Restorer

Threat Response and Recovery- Automate Your Response Playbook!

Swift Restoration of Defaced Website

When an unwanted defacement event happens to your website, do you have an easy solution to restore it back to normal? Are you restoring the same security vulnerabilities back? WebOrion® Restorer allows you to swiftly restore your web presence using a Secure Replica while you work backend to investigate – all done in a straightforward and effortless way.

How WebOrion® Restorer Can Benefit Your Organisation?

Zero Server Footprint

No software agent is required to be installed on the webserver.

Gain More Control

Simpler restoration allows faster reaction to a defacement and protection of the organisation’s web reputation.

Manage Your Replicas Easily

This feature allows the creation of Secure Replicas based on both ad-hoc and scheduled basis. Customer can also preview and choose the most appropriate replica for each website.

Deployment Architecture and its Main Functionalities (5Cs)

WebOrion® Restorer is an on-site appliance deployed in your organisation’s network. It is best deployed in conjunction with a Load Balancer or in-line to your webserver. Once it is installed, it will work as follows:


On day one, it will crawl your website and identify all the pages to be replicated.


After the crawl, it starts a copying process where it replicates all the pages.


It then strips off the vulnerabilities and creates a Secure Replica of the original website.


In inline mode, it will allow traffic to flow to the web server in a normal scenario. In the event of a defacement, traffic will be
redirected to the Restorer with the Secure Replica.


The Restorer will be commissioned to serve out the replicated webpages to preserve the organisation’s Web Reputation in the event of a defacement.

Secure Replica Creation

In our Saas edition, the subscriber first needs to login to the Self Service Portal to replicate the domain to be restored. It includes going through a crawl and copy process over the internet before creating a secure replica of the original website. You can create customized secure replica settings to modify the replica to strip off vulnerabilities that might exist on your websites.

You can manage different replicas and select the replica that you wish to restore to during a failover. In an event of a defacement, failover can be done by switching web traffic to our WebOrion® Restorer.

High Level Network Architecture (SaaS)

WebOrion® Restorer Deployment Model

Our WebOrion® Restorer is available in multiple deployment options to meet Enterprise customer needs. This includes Enterprise SaaS, On-Premise physical and virtual appliances. Please feel free to contact us at sales@cloudsine.tech for pricing information.

Enterprise SAAS

WebOrion® Cloud (SaaS)

Enterprise on-premise appliance

WebOrion® Appliance

How can I deploy the Restorer?

Current Setup

For Anti-DDOS service (for e.g. Incapsula, Cloudflare, etc.), they usually work by having the customer’s DNS send traffic to their servers. The Anti-DDOS services’s servers will then forward the traffic to the original web server (usually known as the Origin). For the restorer to work, we need to be able to switch customer’s traffic to the restorer device upon customer’s request.

Setup with WebOrion® Restorer SaaS

One way to do this is to change the origin server configuration on the Anti-DDoS name controlled by WebOrion® (e.g.x.restorer.banffcyber.net). Under normal situations, this DNS name with point to the origin server IP (

Failover with WebOrion® Restorer SaaS

When there is a need to switch to restorer, the user can initiate the process from our Monitor portal. The WebOrion® DNS name with change to the restorer IP ( Sine the WebOrion® DSN has a very shot TTL (less than 60s), when the Anti-DDoS provider tries to resolve the origin DNS the next time (when the TTL expires), it will use the replica on the restorer.