Earlier this month, Hillstone Networks released the new W-Series Web Application Firewall (WAF), which provide enterprise-class, comprehensive security for web servers, applications, and APIs. The new WAF features dual-engine threat detection, coupled with machine learning technology, to deliver enterprise-class, comprehensive security for web servers, applications and APIs.
Combined with a host of other advanced features, Hillstone’s WAF provides comprehensive security across all web assets for enterprises and other organizations of all sizes. Let’s take a closer look.
A WAF is essentially a firewall that’s customized to protect web resources, like web servers, sites, and applications. In addition, application programming interfaces, or APIs, are becoming increasingly popular for facilitating complex interactions among web services. As a result, API protection is essential, and included in Hillstone’s WAF.
Hillstone’s WAF defends against attacks at the network layer, like DDoS and flood attacks, scanning, spoofing and other threats, and at the application layer, including the OWASP Top 10 list. The OWASP list represents the most critical security threats for web applications, including injection, cross-site scripting (XSS), and other attacks and risks. Similarly, APIs are protected through a number of advanced techniques.
Dual-Engine Detection for Accurate, Comprehensive Protection
W-Series WAFs utilize both traditional rules-based detection as well as an innovative semantics analysis engine. Together, they provide highly accurate threat detection while minimizing false positives and improving operational efficiency.
Rules-based detection has long been a standard in web application firewalls, for good reason. By analyzing patterns and signatures in traffic, it allows the WAF to quickly identify and take action against a wide variety of threats.
Semantics analysis is a newer technology that is similar to the concept of the definition of a word versus the connotation or nuance of the word. Hillstone’s semantics analysis engine can understand the context inside an HTTP message, resulting in an approximately 30% decrease in false positives.
Attackers have becoming increasingly skilled at concealing their attacks and payloads in traffic that may otherwise seem normal. The combination of a traditional WAF detection engine with a semantics analysis engine provides broad-spectrum protection against these concealed threats. For example, the semantics analysis engine includes a recursive decoding capability that allows the engine to detect even attacks that are obscured by multiple encodings.
Advanced API Protection
As mentioned earlier, APIs are increasingly used for complex interactions with web resources, for example, mobile banking, booking, e-commerce and many others. As useful and versatile as they are, however, APIs can potentially expose new attack surfaces like excessive data exposure, excessive requests that hog resources, and injection and XSS attacks within API calls, for example.
To protect against these types of attacks, Hillstone’s WAF validates APIs against the schema defined in the OpenAPI files and helps generate positive security model policies.
Machine Learning for Rule Optimization and Unknown Attack Defense
Hillstone has been an industry leader in artificial intelligence and machine learning for many years. The W-Series WAFs implement these technologies in an auto-learning capability that helps mitigate never-before-seen exploits, protecting web applications from zero-day attacks. The ML-based model learns from normal traffic patterns (like parameter link, cookies, HTTP methods and more), and auto-tunes itself based upon the assessment as well as input from administrators.
Further, the WAF continuously updates its learning models and optimizes WAF rules as applications evolve. These advanced capabilities significantly reduce operational overhead by eliminating manual policy tuning and the time spent troubleshooting false positives.
Rich Logs for Intelligent Analysis and Reporting
Hillstone’s WAF gives administrators and operators deep visibility and comprehensive reporting through threat analysis, traffic analysis, attack breakdowns and threat controls. It provides an aggregation capability that allows logs to be aggregated and cross-referenced across multiple dimensions, which helps operators easily identify suspicious anomalies or find false positives, and then tune security policies accordingly.
Hillstone WAF for Comprehensive Web Application Security
To recap, the W-Series WAF provides complete security of web-based applications and APIs for enterprises and other organizations. It detects and defends against attacks at both the network layer and at the application layer, and also protects APIs. The WAF automatically discovers web servers and related assets and puts them under protection. With this capability, Hillstone WAF covers the entire web estate even when it scales, which helps improve operational efficiencies and deliver faster time-to-value.
Hillstone’s WAF is available immediately in four VM versions, supporting from 5G to 40G network throughput and 400K to 4M concurrent sessions. For more information or a demo, contact your Hillstone representative or authorized reseller today.
