build own website

Cleafy: Unique technology to protect your business from unknown cyber threats

Cleafy detects web and mobile application tampering attempts and deploys countermeasures to guarantee data and content integrity

Introducing Cleafy

Cleafy Detect

Stealth detection of client-side malicious content and data tampering

Cleafy Protect

Content integrity enforcement and attack deflection

Are You Equipped to Protect Your Business and Your Customers
When They Interact on the Web or on Mobile?

Cleafy protects millions of users of Financial Services, Enterprise and Internet Companies customers.

50 million

HTTP requests
per day

15 million

event verifications
per day

10 thousand

threats detected
per day

1 single

pane of glass

Leap-frogging Current Industry Standards

Current web security products rely on signature or web-based DOM scan methods. The very nature of how pages are uniquely assembled inside a browser renders this approach thoroughly inadequate against today’s sophisticated attacks. The extensive use of mobile APIs accelerates software development and delivers a seamless integration between enterprise applications and mobile apps.

These benefits come at a cost: a significant expansion of the attack surface.

Cleafy inspects the app processes during API consumption, analyzes user behavior and collects critical context variables to single out tampering attempts.

Unique, Patent-pending Technology

Cleafy relies on a unique algorithm that detects and deflects tampering attempts, providing full visibility of each client's rendering behaviour in real-time.


Batch integrity verification in real-life production applications is more challenging than in a controlled lab environment. Cleafy, leveraging its content integrity verification technology, identifies threats with unmatched accuracy and extracts the malware injection in real-time. Cleafy detection technology verifies that the server-generated and the client-rendered content match.


Signature- based detection approaches fall short when it comes to recognising similar patterns. Since they are based on an exact match approach, they can be countered with minor modifications of the attack pattern. Cleafy uses data clustering, a dynamic fingerprinting method based on aggregation of similar attack patterns.


Using unpredictable hopping technology, RDE obfuscates and encrypts any data communication between the browser or mobile app and the server, delivering content in a safe environment inside the client end-point. Instead of serving a modified version of the content, Cleafy simply removes DOM and XHR injection vulnerabilities without interfering with web or app content.


Cleafy mitigates the risks resulting from the adoption of APIs thanks to its integrity verification engine. Cleafy verifies the validity of messages and data exchanged between mobile apps and back-end applications. It checks for tampering evidence in the communication between the client and server, and provides real-time client-side visibility during API consumption. Cleafy integrates with market-leading load balancers and API gateways, therefore it requires no gateway modifications.


Analysing collected data, Cleafy tracks malicious user behaviours and identifies high-risk sessions. Cleafy's high- performance risk engine evaluates parametric risk factors on a wide set of variables related to environment, behaviour and content type.

How Cleafy is Deployed

Cleafy is a clientless solution operating server side. It is fully transparent to web and mobile applications and it does not require any application change.

Cleafy is modular and scalable. Each node of a Cleafy cluster ships with full detect, investigate and protect capabilities, enabling horizontal scalability and robustness. 

Contact Us

Protecting your applications from the unknown.