Skip to content
Q Proxy

Take Control of Your Egress Traffic

Restrict external access based on identity, scrub sensitive data, and inject short-lived access tokens on the fly with an Envoy-based egress controller.

Homepage hero image

Lock Down the Egress Traffic from Your Production Applications and Third-Party Software

Support the Full Range of Egress Security Use Cases

Zero Trust Security

Challenge

Operators cannot effectively restrict which applications and services can communicate with external systems, leading to potential unauthorized data access and data exfiltration. This lack of control increases the risk of security breaches and compliance violations, as outbound traffic is not sufficiently regulated.

Qpoint Solution

Use Qproxy to restrict outbound access with identity-based policies, ensuring that only approved third-party interactions are allowed.

Challenge

Operators struggle to securely manage access to third-party APIs, as static tokens can be easily compromised and do not provide precise, time-limited access control.

Qpoint Solution

Use Qproxy to inject access tokens on the fly, ensuring that each request is authenticated with a highly scoped token that has a short lease duration.

Challenge

Operators lack automated mechanisms to systematically filter out personally identifiable information (PII) from outbound traffic across applications, increasing the risk of accidental data exposure and non-compliance with privacy regulations.

Qpoint Solution

Use Qproxy to selectively filter out personally identifiable information from outbound traffic from production environments, ensuring data privacy and compliance with regulatory standards.

Designed for Platform Teams and Operators

Built on Envoy, Qproxy enables zero trust security with seamless in-line execution for effective egress traffic control.

Built on Envoy

Qproxy leverages Envoy to deliver security and control over egress on top of best-in-class, highly performant, industry-standard technology.

Zero Trust

Access to external resources is restricted based on identity to prevent exfiltration of sensitive data by applications, unauthorized personnel, or malicious intruders.

In-line Execution

Automatically scrub PII and other sensitive information from outbound traffic to prevent erroneous exposure and meet compliance requirements.

Extend Qproxy with In-line Middleware

Qproxy leverages the Qpoint middleware framework to enable customizable, inline processing of egress traffic flows.

Flexible

Stack functions from our middleware catalog together for serial execution.

Flexible

Customizable

Write and deploy custom functions using any WASM-capable language.

Customizable

High Performance

Execute functions at near-native speed and with low latency for critical workloads.

High performance