Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML

Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML

The reason behind buying a market-leading Web Application Firewall (WAF) is to protect your website and web applications from malicious attacks, plus complying with industry or regional data and privacy standards. In addition to the typical OWASP Top 10 vulnerabilities, WAFs need to address a litany of cyber-threats from simple attacks like SQL injection to more sophisticated Advanced Bot Attacks. With the average cost of a data breach nearing 4 million dollars and the average time to identify and contain a breach nearing 280 days, enterprise security teams have an uphill battle to fight as the number and complexity of breaches grow. Fortunately, many security vendors are leveraging technologies – from automation and analytics to AI and crowdsourcing – in order to replace traditionally resource-intensive processes, for faster response times and for newer threat models. At Imperva, we recognized the growing threats of Bots from both the activity-level and threat complexity. To combat this, we’ve introduced Advanced Bot Protection (learn how Advanced Bot Protection is integrated into Imperva’s Cloud Application Security, here) that uses Machine Learning – this collects and analyzed data behavior for anomalies, and also incorporates advances in biometric data validation (e.g., mouse movements, mobile swipe, and accelerometer data, etc.) to catch malicious Botnets that attempt to hijack devices. We’re proud to say that we’ve become the industry leader in protecting and providing insights on advanced bots (download the 2021 Bad Bot Report).

Cybercriminals today are using AI, which typically runs on a supercomputer and is programmed to attack at any moment. Enterprise security professionals know the adage of ‘not bringing a knife to a gunfight’ and are continuing to seek out security solutions with advanced technologies to make their response a fair fight. Unfortunately, due to digital transformation initiatives or the post-covid era, the attack surface for enterprise continues to grow as threats continue to innovate, with the likes of botnet swarms and crypto-mining malware. Whether these threats are from individuals or nation-states, the intent to exploit has created a new economy called crimeware-as-a-service. Meanwhile, as enterprises continue to go digital, the software development culture has evolved from the centralized release management structures to adaptive release management to capitalize on the business benefits of shorter development cycles and a faster time to market. As development lifecycles mature, continuous and automated release cycles make it challenging for (already overburdened) security teams to properly review and secure applications before they are released. Enterprise security teams must rely on solutions that offer visibility and detection, but also automated remediation against existing and future threats. Now, having limited lines of sight into this modern application development process, enterprise security teams need to find a solution that offers visibility and detection, plus the automation to remediate against both existing and future threats. More importantly, the manual processes used by today’s security teams can introduce the possibility of human error, not to mention slow down release cycles, and prevent enterprises from realizing a faster return on the investment in application development.

To combat the ever-evolving threat landscape including familiar threat frameworks plus newer and more sophisticated attacks, enterprises need a plan of attack that combines the next generation of security tools including advanced ML and AI technologies in tandem with tried-and-true best practices. In the wake of these advanced threats and the acknowledgment of where they are in their digital transformation journey, many enterprises have sought the ability to customize their WAF security policies in order to have more control of their risks. Imperva’s WAF platform has long provided the capabilities for customers to write and deploy customized policies – which can be as simple or as complex as needed. Looking into our broader customer base, however, we realize that not every customer may have the time and skills required to write their own customized rules. Fortunately, Imperva Research Labs (in combination with the Imperva SOC) are constantly monitoring network traffic and developing new policies based on their observations, along with the crowdsourced data from other Imperva customers and security-related agencies. By leveraging the knowledge gained from having teams work to protect our customers from advanced threats, Imperva has developed security-first machine learning techniques to automatically protect customers leveraging its WAF platforms. Working with Machine Learning, Imperva SOC was able to detect up-to-the-minute unknown threats and generate more policies to combat the growing number and category of potential menaces along with time-sensitive responses to address zero-day attacks. This includes risks that affect key security operation KPIs, such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). While some of our customers can create policies within days to months, security-first Machine Learning models contribute to this multi-prong approach, especially via application within our SOC team’s practices for faster detection and response. As digital transformation trickles down to application security, we’re pleased to say that our customers now have the peace of mind due to this multi-prong approach to WAF policy development with ML is the best defense.

Web application attacks prevent important transactions and steal sensitive data. Imperva Web Application Firewall analyzes traffic to your applications to stop these attacks and ensure uninterrupted business operations. See a demo or download a free trial today.