Managed Web Application Firewall
The WAF serves as an essential part of any defense-in-depth security architecture by providing advanced inspection and specialized security for the web application layer. Amandata WAF solution not only detects known attack patterns via pattern-matching analysis, but also analyzes traffic for malicious behavior with two additional unique detection methods: Semantic analysis and Heuristic analysis. This allows our logic based analysis engine to detect known, unknown and even modified attacks with industry-leading accuracy. Offered as a Cloud Service, Amandata WAF is based on the technology of Penta Security Systems Inc., a leading web application and database security vendor in the Asia-Pacific (APAC) region. Certified and acknowledged by leading industry experts such as Frost & Sullivan, Gartner and Tolly, Amandata WAF is the trusted solution for renowned companies worldwide.
Amandata XecureWeb™ offers large enterprises WAF Solution using WAPPLES technology from Penta Security Systems’ Web Application Firewall. While traditional WAFs depend on high-maintenance signature updates for low-accuracy pattern-matching, WAPPLES uses a logic-based detection engine called COCEP. Utilizing 26 pre-configured detection rules, modified and even unknown attacks are categorized and blocked heuristically and semantically. This proprietary technology allows WAPPLES to deliver superior security with industry-leading accuracy and low false positive rates under various network environments.
The third generation of web application firewalls combine various techniques such as blacklisting, whitelisting and data packet analysis to logically detect and categorize attacks. In this way, false positives encountered are greatly reduced compared to with 1st and 2nd Generation WAFs. Furthermore, due to the logic-based approach to detection, new variants of attacks, along with modified attack patterns can be detected by intelligent 3rd Generation WAFs with minimal signature updates. WAPPLES Intelligence web application firewalls combine various techniques such as blacklisting, whitelisting and data packet analysis to logically detect and categorize attacks. Essentially a signature-free solution, the performance degradation impact of previous generations of signature-based WAFs relying on continuous signature updates is now avoided. System administrators can instead focus more on policy management, optimized around attack characteristics, rather list management which is inefficient.
WAPPLES is one of these 3rd Generation WAFs which, utilizing signature-free detection mechanisms, require low operational workload for installation and maintenance. The COCEP (Contents Classification and Evaluation Processing) engine detects web attacks by logical analysis, and the difference can be seen in the example below.
In the above illustration, Attack Pattern A, when modified, is blocked by WAPPLES but not by 1st or 2nd Generation WAFs.
Take for example, an attack with the pattern [A is (name of fruit)]. If only [A is apple], [A is banana] and [A is orange] are included within the list of detection signatures, a new attack like [A is strawberry] will pass through undetected.
On the other hand, if [A is] is added to the list of detection signatures, in order to block modified attacks like [A is strawberry], non-attack variations like [A is (color)] will all be misidentified as malicious accesses, resulting in a great number of false positives.
WAPPLES’s COCEP engine, which doesn’t solely depend on simplistic signature or pattern matches, can analyze whether what follows after [A is] indeed has the characteristics of an attack. Through heuristic and semantic analysis of attack techniques, Penta Security’s WAPPLES can block modified and even “unknown” attacks.
In this way, WAPPLES achieves superior detection accuracy while reducing false positives.
Our WAF Services
Our infrastructure located at Cyber 1 Building, and able to serve customer as public or private cloud to protect sensitive data and applications. Our WAF Cloud Services will protect incoming traffic to your web server and allows legitimate traffic to pass using private channel (VLAN) and resolve security concerns and privacy worries of clouds services.
High-Accuracy Web Attack Defense
- Logic-analysis based COCEP™ engine protects websites against OWASP Top 10 risks
- Extremely low false positive rates through heuristic and semantic traffic analysis
- Utilizes 26 detection rules that can be fine-tuned to create robust custom security policies
- Defense from known, zero-day, and HTTP DDoS attacks
- Validity testing (Luhn: ISO/IEC7812) prevents leakage of sensitive data
Minimal changes to existing systems
- Quick setup with pre-configured security policies
- Statistics visualized on centralized dashboard
- Intuitive and easy-to-use GUI management console
Supports Various Environments
- Supports various network environments (Internet, VLAN)
- Support for HTTP/2