Rydex Next Generation WAF - WAAP Platform, a one-stop dynamic active defense covering Web, APP, Cloud and API

2022.03.15

There is no doubt that traditional WAFs are losing their value.

 

According to a survey published by Neustar's International Cyber Security Council in 2020, 40% of security stakeholders surveyed said that at least half of attacks against their application layer bypassed the WAF; while 10% said that over 90% of attacks could easily avoid WAF defences.

 

This report also corroborates the Ponemon Institute's findings in 2019: 65% of organisations experienced bypass in their WAF, while only 9% said they were not compromised; meanwhile, only 40% of respondents were satisfied with their existing WAF. the Ponemon Institute also found that, on average, each organisation employs 2.5 security administrators who spend 45 hours a week dealing with WAF alerts and another 16 hours a week writing new WAF rules.

 

The reliability and satisfaction issues of traditional WAFs have become a major concern for the industry, meaning that the WAF market is facing a major restructuring and change.

 

The rise of multiple types of applications highlights the limitations of traditional WAF protection

 

In fact, WAF is a fairly mature security category that has been in development for nearly 20 years now.

 

In the early days, when web applications with websites at their core emerged, traditional WAFs based on rules and feature matching could meet the needs of web application protection due to the single type of application and the low complexity of malicious programs.

 

However, times are changing at a rapid pace. The rapid development of the mobile Internet in recent years has given birth to a variety of application forms such as APP, H5 and applets. More and more enterprises' core business and trading platforms are increasingly dependent on these new applications, which may be deployed locally, on the cloud or even in a hybrid environment, and can be accessed by enterprise employees and users from anywhere on the network. At the same time, more and more third-party API interfaces are being called, and the API business brings with it an ever-expanding web exposure risk and chain of risk control that is beyond the scope of traditional WAF protection.

 

Bot threats are on the rise and Bot bot management goes beyond traditional WAFs

 

Bot threats are not only increasing the number of attacks that exploit web application vulnerabilities, but are also having a significant impact on digital business. Addressing the known and unknown application risks, data leakage risks, and business risks posed by Bots is well beyond the scope of traditional WAF protection.

 

Forrester Analytics: Application Security Solutions Forecast, 2020 To 2025 (Global) reports that the application security solutions market size will grow from $4.7 billion to $12.9 billion between 2019 and 2025, and that Bot bot management will cover many of the core features of Web Application Firewalls (WAFs) and be able to overtake traditional WAFs as the core application protection solution by 2025. With Bot Bot Management, a range of Bot-based attacks, including fraudulent threats such as crashes and crawlers, can be detected and blocked. In addition, while Bot Bot Management tools protect applications from malicious bot attacks, bona fide bots will be allowed to pass and human users will not be hindered by unnecessary CAPTCHAs and other challenges.

 

The next generation of WAFs, from WAF tools to WAAP platforms

 

It is easy to see that traditional WAFs have struggled to keep pace with the evolution of the threat landscape. How should WAF protection mechanisms evolve in the digital era to help enterprises defend against unknown threats and secure their operations in the new era? In 2021, Gartner will change the Magic Quadrant for WAFs, which has been published for many years, to the Magic Quadrant for WAAP, further extending the scope and depth of security protection.

 

Gartner states that by 2023, more than 30% of public-facing web applications and APIs will be protected by the Cloud Web Application and API Protection (WAAP) service, which combines distributed denial-of-service (DDoS) defence, Bot Mitigation, API protection and WAF.

 

WAF Capabilities: WAFs are able to detect not only known threats but also unknown threats, which is a big challenge for traditional WAFs based on rules and feature matching.

 

Bots automated attack protection capability: Bots automated attacks are increasing year by year, with almost 60% of internet traffic being generated by bot programs. To increase the efficiency of their attacks, Bots attackers try to use a variety of means to bypass detection measures, which escalates the front-end confrontation. However, compared to traditional security attacks, enterprises generally lack knowledge of Bots attacks, which further exacerbates the damage caused by Bots attacks. Therefore, the next-generation WAF should have the ability to identify and protect against automated Bots attacks.

 

API protection capability: Compared with traditional web pages, APIs carry more business processes. As the API access environment becomes more and more open, the number of APIs climbs extremely fast, and the APIs themselves change rapidly, the rule-based protection against API application vulnerability attacks can no longer meet the security protection needs of API interface abuse, unauthorized access, bot APIs and data leakage. Therefore, the next generation WAF should have the ability to protect inside and outside the API, which is the direction that many WAF products in the market are trying to fill.

 

DDoS protection capability: DDoS is a common attack method, especially very effective in attacking applications. Nowadays, the DDoS attack capability of the black and grey industry is strengthening year by year, and the organisation capability of large-scale attacks is also increasing. Attackers try to increase the attack volume by varying multiple attack characteristics and large-scale distribution to bypass the defence rules and overwhelm the performance of the protection equipment; at the same time, they can achieve the attack without triggering the speed-limit defence policy, making the traditional WAF's policy ineffective. Therefore, the next-generation WAF should have DDosS protection capabilities, better prediction of the threat surface of vulnerabilities, and more in-depth and continuous tracking of the monitoring of attack groups.

 

Although WAF products have become relatively mature through years of development, their detection and response capabilities to complex threats still need to be further improved. Therefore, traditional WAF functions will be incorporated into the WAAP platform, working closely with threat intelligence, Bot protection, DDoS defence, API protection and other functional components to help enterprise users build a proactive protection system for web applications.

 

Rydex Next-Generation WAF - WAAP platform, providing one-stop dynamic active defence

 

With its unique "dynamic security" as its core technology, the WAAP platform combines intelligent threat detection technology and behavioural analysis technology with Bot protection as its core function to provide traditional web security defence capabilities while stopping threats in advance at the vulnerability detection and stepping-stone stage of attacks, easily addressing emerging and fast-changing Bots attacks, 0day attacks, application DDoS attacks and API security protection.

 

At the Bot protection level, the identification and defence of automated tools for Bots is one of the most prominent capabilities reflected in Clojure's products. The "Dynamic Security Engine", with "Dynamic Security" technology at its core, increases the "unpredictability" of server behaviour by continuously and dynamically transforming the underlying code of server pages with innovative technologies such as dynamic encapsulation, dynamic authentication, dynamic obfuscation and dynamic tokens. By continuously and dynamically transforming the underlying code of the server's web pages, we use innovative technologies such as dynamic encapsulation, dynamic authentication, dynamic obfuscation and dynamic tokens to increase the "unpredictability" of the server's behaviour, making it impossible for attackers to attack and significantly increasing the difficulty of attacks, thus realising a full range of "active protection" from the user side to the server side.

 

At the DDoS protection level, the application of technologies such as multi-source low frequency, slow attack and precision strike makes it difficult to protect against CC attacks targeting the business/application layer. Different from the frequency-based protection technology, the "dynamic token" technology in the "dynamic security engine" of RISD can identify and intercept the CC attacks launched by Bots from the root, reduce resource consumption and guarantee the normal and stable operation of the business.

 

At the WAF level, with the help of the "Dynamic Security Engine", RISD does not rely on traditional rules based on signatures and features, and can achieve the identification of instrumental application vulnerability detection and attacks, as well as 0day automated attacks and detection. At the same time, with the "intelligent threat detection engine" and "rules engine" to form the three engines work together to provide more efficient and comprehensive Web application protection capabilities for manual and automated attacks, to achieve deeper defense.

 

At the API protection level, RISD uses intelligent threat detection technology and behavioural analysis technology to achieve automatic discovery of API interfaces and establish API lists through four modules: API awareness, discovery, monitoring and analysis and protection, which can effectively achieve API asset management and API access behaviour control. At the same time, API security baseline is established to monitor and analyse API abuse, abnormal API access, malicious scanning and injection attacks, which can realize API security protection and sensitive data control.

 

At present, Clochase's next-generation WAF - WAAP platform has been widely used in operators, finance, government, education, hospitals and enterprise customers, helping all kinds of organizations to truly realize the security protection of websites/APPs/applets/API, effectively fight against blackmail and reduce their security risks and economic losses. At the same time, Clochase has participated in a large number of offensive and defensive practice exercises, the protection of the Fair, the 70th anniversary of the founding of the country and other national network security re-insurance work, and has achieved good results, and is therefore praised by users as "re-insurance magic tool".

 

As the Director of Information Technology of Ridu, Wu Jiangang said, "Network security follows the 'barrel principle', the overall security level of the network is determined by the lowest level of security". When a single WAF product is no longer enough to solve the ubiquitous security risks, the overall security capability from WAF to WAAP can complement the existing security blind spots and realise a truly integrated application security defence covering Web, APP, Cloud and API assets, and the next generation WAF - WAAP platform from Clochase is the representative work of such.

 

 

 

Editor: Zhao Lijing

Source: Ridgid Information

 

Translated with www.DeepL.com/Translator (free version)