By, Yaffa Finkelstein, Product Marketing, Check Point CloudGuard
You’re an AppSec aficionado and you have an automated WAF up and running. Presumably, you’re relying on an AI powered solution to reduce management overheads, so that as your app evolves, your security is automatically applied to the new content.
The thing is, your DevOps teams are undoubtedly working with third party applications, creating APIs and working with a multitude of cloud services and databases. Suddenly in the cloud your attack surface is so enormous that it’s overwhelming.
When confronted with situations where bad actors rely on their knowledge of a third party vulnerability, which can be exploited using a non malicious request – how can you expect your WAF to protect your application?
There are many examples of criminals exploiting known vulnerabilities in third party platforms:
- A WordPress plugin with over 1 million active installations included a vulnerability that allowed an attacker to access any file stored on the server. Even the most advanced WAF would be unable to detect an exploit which includes a seemingly benign request, without an IPS component. In this case, a hacker with prior knowledge of the plugin’s vulnerability would have been able to use seemingly innocuous web requests in order to access files on the application server.
- Earlier this year a vulnerability in a Microsoft Server product was detected, and a successful exploit could have even allowed a hacker to execute restricted code. Typically, it would be impossible for a WAF to identify this exploit because in this case it would involve a malicious actor omitting data, rather than submitting something which could be flagged as malicious.
Intrusion Prevention Systems (IPS) detect and prevent attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. The systems rely on dynamic patching (fixing vulnerabilities without patching the actual system), which ensures that any vulnerability, whether it was released years ago, or a few minutes ago, is unable to pose a threat to your organization.
IPS coupled with automated application security, is a potent combination, ensuring that applications are protected continuously from both known and previously unknown threats.
That’s why we have expanded the reach of our award winning Intrusion Prevention System to become part of CloudGuard AppSec. The AI powered AppSec solution precisely identifies malicious requests based on machine learning, by examining multiple parameters included in each web request.
With 90% of AppSec customers running the solution in prevention mode, with fewer than 10 exception rules in every deployment, our CloudGuard AppSec customers can see the value immediately. If you’d like to learn more about how CloudGuard can protect your web applications and APIs using advanced AI, start your free trial today!