Knowledge Base

What is Osto?

Osto is an all in one cybersecurity platform that helps businesses protect their devices, applications, and data from cyber threats. It offers a complete suite of security features, including threat protection, device control, content filtering, and Zero Trust Network Access (ZTNA), all in one easy-to-use solution.

With Osto, companies can monitor, manage, and secure their digital environment without the need for complex security setups or a large IT team. Whether you're protecting employees’ devices, securing your APIs, or ensuring safe web access, Osto simplifies security while keeping your business protected.

Overview

Who is Osto for?

Osto is designed for businesses of all sizes that need strong cybersecurity without complexity. It is particularly useful for:
Startups & SMBs – Businesses that need enterprise-level security without expensive infrastructure
Tech & SaaS Companies – Organizations that must protect their web applications, APIs, and remote workforce
Security Teams – IT and security professionals who want to streamline device and network security management

Key Benefits of Osto

All-in-One Protection – Secure your devices, applications, and data with a single platform
Real-Time Threat Detection – Continuously monitor for cyber threats and respond instantly
Secure Access Anywhere – Enable safe remote work with Zero Trust Network Access (ZTNA)
Easy to Deploy & Manage – Simple setup with minimal configuration required
Automated Security Controls – Reduce manual intervention with intelligent protection features
Seamless Integration – Works smoothly with your existing IT and security infrastructure

Key Features of Osto

🔹 Threat Protection – Detect and block malware, ransomware, and cyber threats in real time
🔹 Device Control – Secure company devices and prevent unauthorized access
🔹 Content Filtering – Restrict access to harmful or unproductive websites and content
🔹 Website & API Protection – Safeguard web applications and APIs from cyberattacks
🔹 Zero Trust Network Access (ZTNA) – Ensure secure remote access without traditional VPNs
🔹 File Backup – Automatically back up important files to prevent data loss
🔹 Auditing & Reporting – Get detailed insights into security incidents and system activities
🔹 Device Misuse Prevention – Enforce security policies to prevent unauthorized device usage

Core Concepts of Osto

Assets:

Assets refer to the key digital resources that require protection within your organization. These include:
Websites & Subdomains – Public-facing or internal web applications that need security against threats.
Users – Individuals accessing your digital infrastructure, including employees and administrators.
Servers – Physical or virtual machines that host applications, store data, and provide computing resources.
APIs – Interfaces that allow applications to communicate with each other. Osto automatically discovers and protects your APIs against vulnerabilities and attacks.

Objects:

Objects are reusable components within Osto that can be configured and applied across multiple security policies. These items support basic operations such as creation, reading, updating, and deletion (CRUD). The key objects include:
Ports – Communication endpoints on servers and devices that define how data is transmitted over a network.
URLs – Web addresses that are monitored and controlled to prevent access to malicious or unauthorized content.
• Applications – Software programs that require security policies for safe operation and controlled access.
Devices – Endpoints such as laptops, mobile phones, and IoT devices that need protection from misuse or security threats.

Policies:

Policies define the security rules and configurations that determine how assets are protected. They enforce access controls, security monitoring, and response mechanisms. Key policy types include:
Website Protection – Safeguards websites from cyber threats, including DDoS attacks, malware, and unauthorized access attempts.
User Protection – Implements identity verification and access restrictions to ensure that only authorized users can interact with critical systems.
Secure Server Access – Controls and secures access to servers, ensuring that only verified users and processes can connect to sensitive infrastructure.
By implementing these core components, Osto provides a structured and effective approach to cybersecurity, ensuring that organizations can manage and protect their digital assets efficiently.

Quick Start Guide for Osto

Welcome to Osto! Follow this guide to set up and start securing your digital assets in just a few steps.

Step 1: Sign Up and Log In

  1. Visit the Osto website and click on Sign Up.
  2. Enter your business email or sign up via Google Workspace or Microsoft.
  3. Enter the OTP sent to your Email.
  4. Complete Onboarding.
  5. Log into your Dashboard.

Step 2: Add Your Assets

  1. Navigate to the Assets section in the dashboard.
  2. Register your websites, users, servers, and APIs for protection.
  3. Osto will auto-discover and analyze your APIs for security.

Step 3: Define Security Policies

  1. Go to the Policies section to configure security rules.
  2. Set up policies for Website Protection, User Protection, and Secure Server Access.
  3. Customize rules based on your business needs.

Step 4: Deploy Security Controls

  1. Install Osto agents on required devices or servers.
  2. Configure access controls for secure authentication.
  3. Enable Content Filtering, Threat Protection, and Device Control as needed.

Step 5: Monitor and Manage Security

  1. Use the Dashboard to track security threats and system performance.
  2. Review logs and alerts in the Auditing & Reporting section (Future Scope).
  3. Update policies as needed to enhance security.

Need Help?

Visit our Help Center or contact Osto Support for assistance.

How-To Guide for Osto

Assets

Managing Websites

• How to Add a Website

Step 1: Go to Assets
Step 2: Select Manage Websites
Step 3: Click Add a Website
Step 4: Add your website’s domain (example.com)
Step 5: Click Get to fetch your website’s Server IP or add your IP manually
Step 6: Upload your certificate
Step 7: Select the uploaded certificate
Step 8: Click Save
Step 9: Replace the given IP with the OSTO IP in your DNS record
Step 10: Set your Time To Live (TTL) setting to 600 secs
Step 11: Save and your website is added.

• How to Add Subdomains to a Website

Step 1: In the Websites section, select the website you want to add a subdomain to.
Step 2: Click Add Subdomain.
Step 3: Enter the subdomain name (e.g., sub.example.com).
Step 4: Click Get to fetch the subdomain’s Server IP or add the IP manually.
Step 5: Upload the SSL certificate for the subdomain.
Step 6: Select the uploaded certificate.
Step 7: Click Save.
Step 8: Replace the given IP with the OSTO IP in your DNS record.
Step 9: Set your Time To Live (TTL) setting to 600 secs.
Step 10: Click Save, and the subdomain is added.

• How to Edit or Delete Websites and Subdomains

Step 1: To edit a website or subdomain, select it, update details, and click Save.
Step 2: To delete a website or subdomain, select it and click Delete (Note: A domain website can only be deleted if all its subdomains are deleted).

Managing SSL Certificates

• How to Add an SSL Certificate

Step 1: Navigate to the Certificates section in the Osto Dashboard.
Step 2: Click Add a Certificate.
Step 3:Select the certificate file and upload it (ZIP file, Individual .cert/.key or pem file, or wildcard certificates).
Step 4: Click Save to apply the changes.

• How to Edit an SSL Certificate to Edit or Delete Websites and Subdomains

Step 1: Navigate to the Certificates section in the Osto Dashboard.
Step 2: Select the certificate you want to edit.
Step 3: Update the necessary details.
Step 4: Click Save to apply the changes.

• How to Delete an SSL Certificate

Step 1: Navigate to the Certificates section in the Osto Dashboard.
Step 2: Select the certificate you want to delete.
Step 3: Click Delete to remove the certificate.

Managing Users & User Groups

• How to Add a User Group

Step 1: Go to the Users section under Assets in the Osto Dashboard.
Step 2: Click Add User Group.
Step 3: Enter a name for the user group.
Step 4: Click Save to create the group.
Step 5: By default, we create a group called Common; all users uploaded are added to it by default.

• How to Add a User to a User Group

Step 1: Navigate to the Users section under Assets.
Step 2: Select the user group you want to add a user to.
Step 3: Click Add Users.
Step 4: Add or Import Users.
Step 5: Click Save to apply the changes.

• How to Edit or Remove a User Group

- To edit a user group: Select it, update details, and click Save.
- To delete a user group: Select it and click Delete (Note: A user group can only be deleted if it has no users assigned).

• How to Add a User

Step 1: Go to the Users section in the Osto Dashboard.
Step 2: Click Add User in the Common Group.
Step 3: Enter the user details manually or import them.
Step 4: Assign the user to a user group (optional).
Step 5: An email with the link to the agent app will be sent to the users.

• How to Edit or Remove a User

- To edit a user: Select the user, update details, and click Save.
- To remove a user: Select them and click Delete.

Managing Servers

• How to Add a Secure Server

Step 1: Navigate to the Secure Server Access section.
Step 2: Click Add a Secure Server.
Step 3: Enter a name for the server.
Step 4: Click Generate.
Step 5: Copy the code and paste it into your Command Prompt (Note: The system should be Linux-based).
Step 6: Run the code.
Step 7: Your Secure Server has been created.

• How to Edit a Secure Server

Step 1: Navigate to the Secure Server Access section.
Step 2: Select the secure server you want to edit.
Step 3: Update the necessary details.
Step 4: Click Save to apply the changes.

• How to Delete a Secure Server

- To delete a secure server: Select it and click Delete (Note: Deleting a secure server will remove its access configurations).

Objects

Managing Servers

• How to Add a Secure Server

Step 1: Navigate to the Secure Server Access section.
Step 2: Click Add a Secure Server.
Step 3: Enter a name for the server.
Step 4: Click Generate.
Step 5: Copy the code and paste it into your Command Prompt (Note: The system should be Linux-based).
Step 6: Run the code.
Step 7: Your Secure Server has been created.

• How to Add a Secure Server

Step 1: Navigate to the Secure Server Access section.
Step 2: Click Add a Secure Server.
Step 3: Enter a name for the server.
Step 4: Click Generate.
Step 5: Copy the code and paste it into your Command Prompt (Note: The system should be Linux-based).
Step 6: Run the code.
Step 7: Your Secure Server has been created.

Managing Servers

• How to Add a Secure Server

Step 1: Navigate to the Secure Server Access section.
Step 2: Click Add a Secure Server.
Step 3: Enter a name for the server.
Step 4: Click Generate.
Step 5: Copy the code and paste it into your Command Prompt (Note: The system should be Linux-based).
Step 6: Run the code.
Step 7: Your Secure Server has been created.

• How to Add a Secure Server

Step 1: Navigate to the Secure Server Access section.
Step 2: Click Add a Secure Server.
Step 3: Enter a name for the server.
Step 4: Click Generate.
Step 5: Copy the code and paste it into your Command Prompt (Note: The system should be Linux-based).
Step 6: Run the code.
Step 7: Your Secure Server has been created.

Managing Servers

• How to Add a Secure Server

Step 1: Navigate to the Secure Server Access section.
Step 2: Click Add a Secure Server.
Step 3: Enter a name for the server.
Step 4: Click Generate.
Step 5: Copy the code and paste it into your Command Prompt (Note: The system should be Linux-based).
Step 6: Run the code.
Step 7: Your Secure Server has been created.

• How to Add a Secure Server

Step 1: Navigate to the Secure Server Access section.
Step 2: Click Add a Secure Server.
Step 3: Enter a name for the server.
Step 4: Click Generate.
Step 5: Copy the code and paste it into your Command Prompt (Note: The system should be Linux-based).
Step 6: Run the code.
Step 7: Your Secure Server has been created.

Policies

Managing Website Policies

• How to Configure Website Protection Policy

Step 1: Navigate to the Policies section in the Osto Dashboard.
Step 2: Select the Website Protection policy.
Step 3: Choose from the available sub-policy options:
- DDoS Protection: Toggle on or off.
-
Bot Mitigation: Enable or disable.
-
Advanced Policies: Configure settings such as rate limiting.
-
OWASP Top 10: Enable protection against common web vulnerabilities as defined by the OWASP Top 10.
-
API Discovery: Enable to automatically detect and protect your APIs.
Step 4: Select the websites or subdomains you want to apply this policy to.
Step 5: Click Edit Policy to modify any settings.
Step 6: Click Save to apply the policy.

Managing User Policies

• How to Configure User Protection Policy

Step 1: Navigate to the Policies section in the Osto Dashboard.
Step 2: Select the User Protection policy.
Step 3: Choose from the available sub-policy options:
- Device Control: Set up rules for managing and restricting devices.
-
App Filtering: Configure which applications are allowed or blocked.
-
URL Filtering: Define allowed or blocked URLs.
Step 4: Select the user groups or individual users you want to apply this policy to.
Step 5: Click Edit Policy to modify any settings.
Step 6: Click Save to apply the policy.

Secure Server Policy

Step 1: Navigate to Secure Server Access in the Policy Section.
Step 2: Click Add Policy.
Step 3: Enter the Policy Name.

Define Policy Rules

- Source: Select user groups, users, etc., that this policy will apply to.
- Destination: Choose the secure servers they will be allowed to access.
Service (Port): Specify the port (SSH, RDP, or custom ports).
Priority: Assign a priority level to the policy.
- Action:
Choose Allow or Drop to permit or deny access.

Edit or Delete a Secure Server Policy

- To edit a policy: Select it, update details, and click Save.
- To delete a policy: Select it and click Delete.

Troubleshooting

1. Website Not Loading After Adding to Osto

  • Check if the OSTO IP is correctly updated in your DNS settings.
  • Verify if your SSL certificate is properly uploaded and selected.
  • Ensure your firewall or server allows traffic from Osto.
  • Check the website protection policies for any restrictive settings.
  • Try clearing the DNS cache or waiting for DNS propagation.

2. SSL Certificate Not Applying

  • Ensure the certificate is in a valid format (.cert, .key, .pem).
  • Verify that the certificate matches the domain or subdomain.
  • Try re-uploading the certificate and selecting it again.
  • Check if the certificate has expired.

3. Policies Not Applying to Users/Websites

  • Verify that the correct assets (websites or users) are assigned to the policy.
  • Check if the policy has been saved after editing.
  • Ensure there are no conflicting settings in other policies.

4. Secure Server Not Connecting

  • Confirm that the setup command was correctly executed.
  • Check if the server firewall allows Osto’s connection.
  • Verify that the access credentials are correct.

Frequently Asked Questions (FAQs)

1. What is Osto used for?

Osto is an all-in-one cybersecurity solution that provides Threat Protection, Device Control, Content Filtering, Website & API Protection, ZTNA, File Backup, Auditing & Reporting, and Device Misuse Prevention.

2. How do I add my website to Osto?

Go to Assets > Manage Websites > Add a Website, enter your domain, fetch or add your server IP, upload an SSL certificate, and update your DNS settings with the provided OSTO IP.

3. Can I apply multiple policies to a single user or website?

Yes, you can assign multiple policies to users and websites as needed.

4. What happens if I delete a website or user?

Deleting a website or user will remove all associated policies and settings. Ensure you back up any necessary configurations before proceeding.

5. How long does it take for DNS changes to take effect?

DNS propagation can take anywhere from a few minutes to 24 hours, depending on your DNS provider and TTL settings.

Best Practices

1. Managing Websites Efficiently

  • Always use valid SSL certificates and keep them up to date.
  • Set TTL to 600 seconds for faster DNS updates.
  • Regularly review OWASP Top 10 settings to stay protected against new threats.

2. Configuring User Policies

  • Assign minimal privileges necessary for each user group.
  • Regularly audit device control, URL filtering, and app filtering settings.
  • Update policies as business needs evolve to prevent outdated configurations.

3. Secure Server Management

  • Ensure server firewalls allow Osto connections for seamless access.
  • Use unique access keys for each server to enhance security.
  • Regularly review logs for unauthorized access attempts.

4. Optimizing Threat Protection

  • Keep rate-limiting rules strict to block potential attacks.
  • Regularly update bot mitigation settings to detect new attack patterns.
  • Monitor audit logs to identify and address anomalies.

Release Notes

(Latest updates and feature releases)

|Check the Osto Dashboard for full release details.

Support & Contact

1. Getting Support

2. Contact Us

  • Support Email: connect@osto.one
  • Working Hours: Monday - Friday, 9 AM - 6 PM (IST)

About Us

At Osto, we're pioneering the future of cybersecurity with our innovative all-in-one platform. Founded with a vision to make enterprise-grade security accessible to businesses of all sizes, we've developed a comprehensive solution that simplifies the complex world of digital protection.

Our Vision

We envision a digital world where businesses can operate securely without the burden of managing multiple security tools or requiring extensive technical expertise. Our mission is to democratize cybersecurity by making it simple, effective, and accessible.

Our Approach

We believe in security without compromise. Our platform combines advanced protection capabilities with user-friendly interfaces, ensuring that businesses can maintain robust security postures without sacrificing operational efficiency.

Our Vision

  • Unified Security: One platform for all your cybersecurity needs, from threat protection to device management.
  • Simplified Management: Intuitive interfaces and automated processes that reduce complexity and save time.
  • Continuous Innovation: Regular updates and new features to stay ahead of evolving cyber threats.

Our Commitment

We're committed to providing exceptional security solutions backed by dedicated support and continuous innovation. Our team of security experts works tirelessly to ensure your digital assets remain protected in an ever-evolving threat landscape.
Join the thousands of businesses that trust Osto to secure their digital future. Experience the power of simplified, comprehensive cybersecurity today.