Asset sorting and automatic protection

DBAPP Web Application Firewall can help customers proactively discover Web application systems existing in the existing network environment, and sort out Web business asset information. The asset information sorted out includes protocol type (HTTP/HTTPS, IPv4/IPv6), server IP , Server port, domain name and other information. It allows customers to quickly understand the current existing Web business asset information and implement automatic security protection for the sorted Web assets.

Intelligent semantic analysis engine

Traditional web application firewall security engines use regular static signatures to implement security detection of web attacks such as SQL injection, XSS, command injection, and WebShell . This method has a high false positive and false negative rate, making it difficult to detect unknown attacks. and 0day security protection.

DBAPP Web Application Firewall uses lexical analysis and syntax analysis, and performs correlation analysis based on context to analyze mutated Web attacks, restore threats , and realize the judgment of Web attacks through the scoring decision-making module.

DBAPP Web Application Firewall supports 13 types of Web attacks based on semantic syntax detection , including SQL injection ,  The reporting rate and false negative rate are far lower than those using regular static signatures, which can greatly reduce the workload of security administrators in rule maintenance.

Machine learning engine

The machine learning model uses statistical algorithms to learn and train website traffic and finally obtains a whitelist business model. It is different from the self-learning function of traditional web application firewalls . The process of establishing a machine learning model does not require manual intervention, and the model is automatically established and updated. , the learning content includes URL, parameters, parameter types, parameter lengths, cookies and other information.

After the machine learning model is established, the overall traffic can be divided into three layers: white (normal traffic), gray (abnormal traffic), and black (attack traffic). If it is normal traffic or attack traffic, the machine learning model will directly allow or block it; if it is determined to be abnormal traffic, the traffic will be sent to other security engines (semantic analysis, basic features, etc.) for further matching to determine whether it is an attack. It uses machine learning to autonomously detect and defend known attacks, and has the ability to detect unknown threats or false positives, freeing users from tedious rule maintenance work.

Behavior analysis engine

DBAPP Web Application Firewall adopts an original behavior detection algorithm (which has applied for a national patent) to realize the identification, detection and interception of automated attack behaviors such as application layer DDoS and brute force cracking . Detection is based on multiple combinations of conditions such as URL, request header field, target IP, request method, etc. In the original detection algorithm, multiple detection algorithms such as request rate, request concentration, and request dispersion are used to ensure the accuracy of detection.

Threat intelligence engine

DBAPP Web Application Firewall can be linked with cloud threat intelligence. Threat intelligence data includes scanner IP, proxy IP, C&C and other malicious IPs. Threat intelligence data will be updated in real time to proactively discover suspicious access behaviors and help customers quickly locate potential threats.

SSL accelerator card

DBAPP Web Application Firewall can support built-in SSL accelerator card, which can solve the problem of insufficient HTTPS protection performance of a single WAF through the SSL accelerator card. It can support up to 20GB SSL accelerator card, and its HTTPS processing performance can be increased by 2 times.