What is WAF+ (A fully managed Web Application Firewall)?

cloudbric

In recent months, Cloudbric has overdone a major brand redesign. Along with a new look, we’re pleased to announce WAF+. WAF+ is a cloud-based web application protection solution based on artificial intelligence. 

Previously, Cloudbric released the beta launch of its machine learning AI (artificial intelligence) engine for users to test out via their security dashboards. Now, this soon to be patented AI technology is at the very core of WAF. 

WAP incorporates the revolutionary AI-based detection engine known as VISION into its detection capabilities along with a logic-based engine to create one of the most advanced web application protection solutions in the market. It leads with high precision detection, superseding traditional web application firewalls (WAF) and current next-generation firewalls. 

How is WAF+ different from cloud WAF solutions? 

WAF+ is one of the few AI deep learning-based WAFs in the web application security market. As a recap, Cloudbric’s in-house security developers patented a new method for feeding images into deep learning machines to recognize all web attack patterns. More specifically, VISION relies on a Convolutional Neural Network (CNN), one of the leading deep learning architectures, to extract patterns of behavior using a diverse set of attack inputs and data. (Read more details on VISION works). 

Low False Positives

This is critical as it sets SWAP apart from traditional WAFs and next-generation WAFs in terms of “smart” detection capabilities and low false-positive rates. For most businesses, having a WAF security solution with low false-positive rates is essential. Because WAFs are placed are the forefront of business-critical applications, it is crucial that all legitimate traffic is able to enter. Otherwise, it puts the business’s trust and reputation on the line (and possibly loss of potential clients and revenue) if access is denied.  

On the flip side, if a malicious actor is allowed entry, it puts the business organization at risk for the same concerns in addition to a damaged reputation and even millions of lost revenue if the hacker is successful in its attempts to steal customer data, knock entire websites offline, and take over accounts. 

Therefore, accurate and precise detection is key. Many cloud WAF solutions rely on the WAF engine of ModSecurity, used in conjunction with the OWASP ModSecurity Core Rule Set (CRS) to detect and block web attacks. However, it becomes a tedious process to reduce false positives since it requires users to tune their WAF installation. 

Precise Detection with AI & Deep Learning for WAF

Meanwhile, SWAP does this automatically for its users. SWAP uses VISION’s deep learning capabilities to learn web attack patterns, which then re-applies its learning results to more accurately identify, block, and predict future attacks. This directly contributes to SWAP’s low false-positive rate, which yields low false positives for all security events. 

SWAP also uses its logic-based detection engine to thwart web attacks and keep its rate of false positives low. The engine uses signature-less detection and 27 rulesets, also known as policies, to accomplish this and will be the main focus of our next blog

How does WAF+ protect businesses?

security computer waf business

As an advanced web application protection solution, Cloudbric WAF+ is a fully managed web security solution for any company or organization with a website, providing protection against the full spectrum of web threats. To learn more how we can help your business and what deployment is a best fit, please visit: Cloudbric WAF+.

Comments

Leave a Reply

Your email address will not be published.