Web Application Firewall
Web applications have become the main target of the modern hacker community and the inadequate protection offered by so-called “network-level” security solutions makes customers and businesses increasingly vulnerable to malware and phishing attacks.
New generation NGFW firewalls are also inadequate and are not effective in defending against specific and increasingly targeted threats to applications. The evident limitations of traditional security solutions are a clear answer to why your organization needs a firewall for web applications.
Companies must not only protect their networks, applications and data, they must also protect their customers.Protection of web applications is a strategic element to allow unknown web attacks to be automatically detected and blocked.
Oplon WAF is the next-generation web application firewall (Web Application Firewall) that protects websites and web applications from known and unknown attacks, including all application-level and zero-day threats.
Oplon WAF can perform deep-packet inspection of HTTP, HTTPS and XML traffic through a signature-based firewall system and can protect web applications by providing complete and immediate coverage from major OWASP (top-ten) threats including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), broken authentication and session management and security misconfiguration. It is also possible to create custom rules that block the most common attack patterns and application-specific rules.
From the architectural point of view, the positioning of Oplon WAF works as a Full Reverse Proxy by inserting a security layer to manage the multiple applications that make up a service and offer an analysis engine to L7 data traffic.
With Oplon WAF, application-level routing capabilities are greatly enhanced by the data traffic inspection and rewriting engine. The system allows easy action with rules at both level 4 TCP/UDP layer 4 and HTTP/S layer 7. Content rewriting extends to L7 components at both header and body levels allowing total control of data traffic.
Thanks to the advanced deep-inspection capabilities, Oplon WAF can inspect XML traffic. It is precisely through the full reverse proxy function that it is possible to achieve the best security levels since all sessions are terminated and inspected also in an XML protocol break intermediary perspective. Through the extraordinary inspection functions it is possible to check in run-time the characteristics of XML traffic ranging from “well formed” verification to DTD validation, XSD with dynamic cache for large volumes of data.
WSDL formats are tested with different degrees of depth in relation to needs up to validation. It is also possible to extend the basic features with libraries for the validation of other XML formats and to apply the checks and validations in run-time.
WAF continuously evolving thanks to machine learning
Thanks to the deep experience in the security field, Oplon WAF also integrates the Attack Prophecy component (powered by Pluribus One) in order to counteract the types of uncensored attacks (zero-day) and forms of evasive attacks, that is, new forms of attack or variants constructed to circumvent the filtering rules in place.
Attack Prophecy completes the level of protection based on signatures and offered by the Oplon WAF component, with a next-generation solution to detect threats to web services and the implementation of the corresponding defense and protection mechanisms that takes advantage of the latest technologies in the field of machine learning and behavioral analysis (Pattern Recognition & Machine Learning), to identify, in addition to existing attacks, new threats in a efficient and scalable manner.
Attack Prophecy Anomaly based alghoritm
Attack Prophecy offers an independent detection mechanism from signatures, based on statistical and behavioral models capable of representing the normal operating conditions of monitored web services, and therefore to detect attacks as representative of anomalous conditions with respect to these models.
Models are constantly being updated by Attack Prophecy in order to keep account of the dynamic nature of the applications and services monitored, on the basis of the traffic observed and directed towards these services. The Attack Prophecy algorithm allows the detection of interception even particularly sophisticated and specific cyber attacks for web services that are attacked even with large traffic volumes (DDoS).
The system, in its basic modules, therefore does not need to find signatures and constant updates from outside, but is able to build a layer of protection tailored to the monitored services, totally autonomously. The operator will be able to act at a high level with minor adjustments on the detection models, to achieve the right balance between detection accurcay and system sensitivity, and determine the high-level actions to be taken to, possibly block, and automatically report attacks/events detected as suspicious and eliminating a priori false-positive events.
The anomaly-based paradigm, on which the Attack Prophecy algorithm is based, therefore allows, through the analysis of the traffic profile, to detect different categories of attack, from those related to vulnerabilities intrinsic of the application services to the more general and widespread ones such as OWASP top 10 without the need for continuous updates and providing detailed reports.
Attack Prophecy is one of the solutions for the protection of next-generation web services, by virtue of the innovative mechanism threat detection behavior. It is the result of over 20 years of experience in the development of artificial intelligence, machine learning and automatic recognition in cybersecurity applications that is unmatched in the market today.