What's new at Monarx

Monarx is an AI-first server security platform built to stay ahead of modern threats. New innovations include ThreatShield for runtime application protection and SmartWAF for application and network-level attack prevention.

New Feature

ThreatShield—Runtime Application Protection

ThreatShield runs inside the application runtime (e.g., PHP), allowing Monarx to see each request and how it behaves — not just how it looks. Traditional firewalls and WAFs inspect traffic before it reaches the application, limiting visibility and making them easier to bypass using obfuscation, encoding, or encrypted payloads.

By operating inside the runtime, ThreatShield has full execution context, enabling more accurate detection and blocking — with signals from across the Monarx platform to inform every decision.

Why Runtime Matters
Inspects application behavior during execution

Terminates malicious requests early

Optimized for Linux PHP environments

Threat Coverage

ThreatShield detects and blocks a wide range of modern attack vectors at the execution layer.

Cross-Site Scripting

XSS attacks blocked at runtime before damage occurs

Golden line icon depicting a globe symbol with a bar chart overlay inside a rounded square border.

SQL Injection

SQLi attempts detected with full execution context

Remote Code Execution

RCE blocked before malicious code can run

Bots & Brute Force

Automated attacks and credential stuffing stopped

Spam & Abuse

Malicious scripts and abuse patterns terminated early

ThreatShield Result

20x

Fewer False Positives

Compared to legacy signature-based scanners

More precise detection means fewer disruptions to legitimate traffic — and moreconfidence in every block decision.

Coming Soon

SmartWAF — Application & Network-Level Protection

SmartWAF filters traffic across both the network and application layers, blocking malicious activity earlier while maintaining the context needed for accurate decisions. At the network level, SmartWAF enforces allow and block lists using iptables ornftables, continuously updated with global intelligence. At the application level, itapplies CAPTCHA-based graylisting to validate suspicious traffic before escalating enforcement.

How SmartWAF Works

Image with icon and text that reads "Traffic Arrives"

Failed CAPTCHA validation is automatically escalated to blocking at the network layer, reducing repeated load on the server. SmartWAF also uses signals from ThreatShield to make more informed decisions about what traffic to block, allow, or graylist.

Smart WAF Key Capabilities

Real-Time IP Lists

Allow, graylist, and block lists updated continuously with global threat intelligence

Automatic Escalation

Graylist automatically escalates to blocklist on failed validation

Monarx with all of the featured, enabled by default.

CAPTCHA Validation

Suspicious traffic is challenged before enforcement escalates

Icon of an eye with stylized iris containing horizontal lines inside a rounded square frame with gradient purple and blue colors.

Global Intelligence

Continuous updates ensure protection against emerging threats worldwide

Smart WAF Result

Earlier Filtering

Malicious traffic blocked before it reaches your application

Improved Accuracy

Context-aware decisions reduce false positives

Less Server Load

Network-layer blocking prevents repeated processing of bad traffic

ThreatShield + SmartWAF: Better Together

SmartWAF uses signals from ThreatShield to make smarter decisions — creating a unified, layered defense across both the runtime and network layers.

Monarx dark web breach report dashboard showing 4 emails found, 32 breaches found, no new breaches, 1.37 trillion data points scanned, threat score 52 of 100, and breach details for CarGurus and SynthientCredentialStuffingThreatData sources.

Sharing signals bidirectionally for unified protection.