Security Practices
CloudGuard AppSec provides two Security Best Practices that can be easily activated in Detect/Learn mode or Prevent Mode: Web Application Protection and Web API Protection.
The practices use multiple security engines to analyze HTTP web requests and to deliver accurate verdict whether the request is malicious or benign. The engines protect applications and APIs against unknown and advanced web attacks, validate the input of APIs, distinguish humans from bots and protects against industry's well known attacks and CVEs.
- Web Application Protection Practice
- Contextual Machine Learning based-WAF
- Anti-Bot Protection
- Intrusion Prevention
- File Security
- Custom Signatures (SNORT)
- Web API Protection Practice
- Machine Learning based-WAF looks for malicious payload inside API requests
- Schema Validation module ensure that API requests adhere to API schema
- Intrusion Prevention
- File Security
- Custom Signatures (SNORT)
This patented engine protect against advanced and zero-day web attacks. It executes a three-stage HTTP web request analysis and delivers an accurate verdict. It uses Contextual Machine Learning to identify if a web request is malicious or benign and provides:
- 1.Superior false-positive rate than traditional WAF (in traditional WAF decisions are mainly based on matches to signatures).
- 2.Provide zero-day protection by blocking different attack scenarios that are not blocked with a signature-only approach. For example, Log4Shell and Spring4Shell were blocked by CloudGuard AppSec preemptively, without any software update.
- 3.Reduction in administration time because it is not constantly necessary to tune the engine, create exceptions, disable signatures, and more.
Frequently, software developers do not include verification of API input in their code.
The CloudGuard AppSec API security component provides two protection models: positive and negative. Administrators can enable one of them, or the two of them.
- The positive model delivers preemptive protection for possible API vulnerabilities through a schema validation procedure.API schemas in OpenAPI (such as used in "Swagger") are uploaded to AppSec.Incoming API requests are validated against these schemas to block all invalid API requests.
CloudGuard AppSec supports OpenAPI Schemas V3 and above
- The negative model uses the WAF and automatically detects and blocks malicious payloads in the API.
CloudGuard AppSec Anti-Bot protection component performs a three-step procedure:
- 1.Inject scripts into web application pages, such as login pages.
- 2.Collect data about input patterns and canalize key stroke sequences, mouse moves, and finger touches.Bots do not use such patterns. If a bot artificially creates such patterns, AppSec identifies them.
- 3.Make a decision if the input is entered by a human or by an automatic script (such as a bot), and block this activity.
In addition to the Contextual Machine-Learning based engine, CloudGuard AppSec provides traditional signature-based protections for over 2800 web-based CVEs (Common Vulnerabilities and Exposures). The signatures arrive automatically to agents/gateways as soon as Check Point Security Research team releases them. One of the benefit of these signatures is the ability to see logs that indicate specific CVE number.
Files being uploaded to the web server may contain malicious content. CloudGuard AppSec's File security contains several engines that allow detection of those malicious files.
Admins can add signatures in Snort format and they will be enforced by CloudGuard AppSec Security Engines.
Last modified 8mo ago