Web applications have become the main target of the modern hacker community and the inadequate protection offered by so-called “network-level” security solutions makes customers and businesses increasingly vulnerable to malware and phishing attacks.
New generation NGFW firewalls are also inadequate and are not effective in defending against specific and increasingly targeted threats to applications. The obvious limitations of traditional security solutions are a clear answer to why your organization needs a firewall for web applications.
Companies need not only protect their networks, applications and data, but also protect their customers. The protection of web applications is a strategic element to allow automatic detection and blocking of unknown web attacks.
LBL WAF is the next-generation web application firewall (Web Application Firewall) that protects websites and web applications from known and unknown attacks, including all application-level and zero-day threats.
LBL WAF is able to perform deep-packet inspection of HTTP, HTTPS and XML traffic through a signature-based firewall system that can protect web applications by providing complete and immediate coverage from the main OWASP (top-ten) threats among such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), broken authentication and session management and security misconfiguration. It is also possible to create custom rules that block the most common attack patterns and application-specific rules.
From the architectural point of view, the positioning of LBL WAF is like Full Reverse Proxy going to insert a layer of security to manage the many applications that make up a service and offer a data analysis engine to L7.
With LBL WAF, application-level routing capabilities are greatly increased by the inspection and rewriting of data traffic. The system allows to act easily with rules both at level 4 TCP / UDP and at level 7 HTTP / S. Content rewriting extends to the L7 components of both header and body level, allowing total control of data traffic.
Thanks to the advanced deep-inspection capabilities, LBL WAF is able to inspect XML traffic. It is precisely through the full reverse proxy function that it is possible to achieve the best levels of security since all sessions are terminated and inspected also in an XML protocol break intermediary perspective. Through the extraordinary inspection functions it is possible to check in run-time the characteristics of XML traffic ranging from “well formed” verification to DTD validation, XSD with dynamic cache for large volumes of data.
WSDL formats are tested with different degrees of depth in relation to needs up to validation. It is also possible to extend the basic features with libraries for the validation of other XML formats and to apply the checks and validations in run-time.
WAF evolving thanks to machine learning
Thanks to the extensive experience in security LBL WAF also integrates the component of Attack Prophecy (powered by Pluribus One) in order to counter the types of attacks not recorded (zero-day) and the forms of evasive attacks, that is, new forms of attack or variants built to bypass the filtering rules implemented.
Attack Prophecy completes the signature-based protection level offered by the LBL WAF component, with a next-generation solution for detecting threats to web services and implementing the corresponding defense and protection mechanisms that exploits the latest technologies in the field of machine learning and behavioral analysis (Pattern Recognition & Machine Learning), to identify, in addition to existing attacks, new threats in an efficient and scalable way.
Attack Prophecy Anomaly based alghoritm
Attack Prophecy offers a mechanism of independent detection by signatures, based on statistical and behavioral models able to represent the normal operating conditions of the monitored web services, and to detect attacks as they are representative of anomalous conditions with respect to such models.
The models are constantly updated by Attack Prophecy to take into account the dynamic nature of the applications and services monitored, based on the observed and direct traffic to these services. The Attack Prophecy algorithm allows the interception of cyber attacks even particularly sophisticated and specific for web services that are attacked even with large volumes of traffic (DDoS).
The system, in its basic modules, therefore does not need to find signatures and constant updates from the outside, but is able to build a layer of protection tailored to the services monitored, in a totally autonomous manner. The operator can act at a high level with small adjustments on the detection models, to achieve the right balance between detection accuracy and sensitivity of the system, and establish the high-level actions to be taken to, possibly block, and automatically report the attacks / events detected as suspicious and eliminating a false positive events.
The anomaly-based paradigm, on which the Attack Prophecy algorithm is based, thus allows, through the analysis of the traffic profile, to detect different categories of attack, from those linked to intrinsic vulnerabilities of application services to the more general and widespread ones such as OWASP top 10 without the need for continuous updates and providing detailed reports.
Attack Prophecy is one of the solutions for the protection of the latest generation of web services, by virtue of its innovative behavioral threat detection mechanism.
It is the result of over 20 years of experience in the development of techniques of artificial intelligence, machine learning and automatic recognition in applications of computer security that is not today equal on the market.