Web Application Firewall

Web applications have become the main target of the modern hacker community and the inadequate protection offered by so-called “network-level” security solutions makes customers and businesses increasingly vulnerable to malware and phishing attacks.

New generation NGFW firewalls are also inadequate and are not effective in defending against specific and increasingly targeted threats to applications. The obvious limitations of traditional security solutions are a clear answer to why your organization needs a firewall for web applications.

Companies need not only protect their networks, applications and data, but also protect their customers. The protection of web applications is a strategic element to allow automatic detection and blocking of unknown web attacks.

Oplon WAF is the next-generation web application firewall (Web Application Firewall) that protects websites and web applications from known and unknown attacks, including all application-level and zero-day threats.

Oplon WAF is able to perform deep-packet inspection of HTTP, HTTPS and XML traffic through a signature-based firewall system that can protect web applications by providing complete and immediate coverage from the main OWASP (top-ten) threats among such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), broken authentication and session management and security misconfiguration. It is also possible to create custom rules that block the most common attack patterns and application-specific rules.

XML Firewall

From the architectural point of view, the positioning of Oplon WAF is like Full Reverse Proxy going to insert a layer of security to manage the many applications that make up a service and offer a data analysis engine to L7.

With Oplon WAF, application-level routing capabilities are greatly increased by the inspection and rewriting of data traffic. The system allows to act easily with rules both at level 4 TCP/UDP and at level 7 HTTP/S. Content rewriting extends to the L7 components of both header and body level, allowing total control of data traffic.

Thanks to the advanced deep-inspection capabilities, Oplon WAF is able to inspect XML traffic. It is precisely through the full reverse proxy function that it is possible to achieve the best levels of security since all sessions are terminated and inspected also in an XML protocol break intermediary perspective. Through the extraordinary inspection functions it is possible to check in run-time the characteristics of XML traffic ranging from “well formed” verification to DTD validation, XSD with dynamic cache for large volumes of data.

WSDL formats are tested with different degrees of depth in relation to needs up to validation. It is also possible to extend the basic features with libraries for the validation of other XML formats and to apply the checks and validations in run-time.

WAF evolving thanks to machine learning

Thanks to the deep experience in the security field, Oplon WAF also integrates the Attack Prophecy component (powered by Pluribus One) in order to counteract the types of uncensored attacks (zero-day) and forms of evasive attacks, that is, new forms of attack or variants constructed to circumvent the filtering rules in place.

Attack Prophecy complements the level of protection based on signature and offered by the Oplon WAF component, with a solution of new generation for the detection of threats to web services e the implementation of the corresponding defense and protection mechanisms that takes advantage of the latest technologies in the field of machine learning e behavioral analysis (Pattern Recognition & Machine Learning), to identify, in addition to existing attacks, new threats in a efficient and scalable.

machine learning web application firewall

Attack Prophecy Anomaly based alghoritm

Attack Prophecy offers an independent detection mechanism from signatures, based on statistical and behavioral models capable of represent the normal operating conditions of web services monitored, and therefore to detect attacks as representative of anomalous conditions with respect to these models.

Models are constantly being updated by Attack Prophecy to keep account of the dynamic nature of the applications and services monitored, on the basis of the traffic observed and directed towards these services. The Attack Prophecy algorithm allows the detection of interception even particularly sophisticated and specific cyber attacks for web services that are attacked even with large volumes of traffic (DDoS).

The system, in its basic modules, therefore does not need to find signatures and constant updates from the outside, but it is able to build a tailor-made protection layer for services monitored, in a totally autonomous way. The operator may act to high level with small adjustments on the survey models, for achieve the right balance between detection accuracy and system sensitivity, and establish the high-level actions from undertake to possibly block, and report automatically attacks/events detected as suspicious and eliminating events a priori of false positive.

The anomaly-based paradigm, on which the Attack Prophecy algorithm is based, therefore allows, through the analysis of the traffic profile, to detect different categories of attack, from those related to vulnerabilities intrinsic of the application services to the more general and widespread ones such as OWASP top 10 without the need for continuous updates and providing detailed reports.

Attack Prophecy is one of the solutions for the protection of latest generation web services, by virtue of the innovative mechanism threat detection behavior. It is the result of over 20 years of experience in the development of artificial intelligence, machine learning and recognition techniques automatic in cybersecurity applications that cannot be found today equal on the market.