The CloudGuard AppSec Solution

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
>> CloudGuard AppSec enables automated deployment
00:00
that requires no rule tuning.
00:00
It relies on the concept of applications,
00:00
self-protection powered by a contextual AI engine.
00:00
CloudGuard AppSec can stop application layer attacks,
00:00
including OWASP Top 10 with little
00:00
to no manual tuning or false positives.
00:00
It can stop on authorized API access and
00:00
abuse without breaking applications
00:00
and frustrating users,
00:00
it can identify and stop malicious bots
00:00
before they can negatively
00:00
impact the customer's experience,
00:00
and it can catch any HTTP based CVEs
00:00
>> and known vulnerabilities.
00:00
>> AppSec relies on several mechanisms
00:00
to provide its top of the line protection.
00:00
Contextual score based decision engine,
00:00
continuous learning,
00:00
open API schema validation,
00:00
bot identification, and IPS protection.
00:00
Let's face it.
00:00
>> No customer trying to access a website
00:00
>> would be happy with being blocked
00:00
>> due to a false positive on the websites end.
00:00
>> This is critical to any business
00:00
>> or service delivered via a web application.
00:00
>> AppSec uses contextual analysis,
00:00
which combines the risk analysis of multiple engines
00:00
>> to determine if the transaction with
00:00
>> a target application is legitimate or not.
00:00
Those engines include a transaction risk engine,
00:00
which breaks the transaction into
00:00
small elements called attack indicators,
00:00
which are then examined by
00:00
a dedicated machine learning algorithm
00:00
>> to make the decision to block or allow.
00:00
>> Additionally, AppSec uses a user behavior risk engine,
00:00
which analyzes all of the requests made from
00:00
a specific user looking into
00:00
malicious intent in prior user requests.
00:00
You can take this one step further by
00:00
creating an allow-list of trusted users,
00:00
which accelerates the application learning.
00:00
Furthermore, the crowd behavior risk engine
00:00
>> maps a site based on how all users interact with it.
00:00
>> If a critical mass of users
00:00
>> uses a website a certain way,
00:00
>> the probability of a request
00:00
being a specific attack is lower.
00:00
Finally, the content risk engine learns
00:00
>> what content is typical
00:00
>> for a specific field in a specific application,
00:00
>> providing a deeper analysis of the content itself
00:00
>> and the patterns that are expected in each field.
00:00
>> The final score reached by
00:00
the decision engine is either
00:00
to allow the transaction through
00:00
to the application or to block it,
00:00
this while dramatically
00:00
minimizing false positive decisions.
00:00
Before the engines kick into action
00:00
>> the system begins in learn detect mode.
00:00
>> In only a short period of time,
00:00
it completes its learning
00:00
>> and the user can choose to switch it to prevent mode.
00:00
>> Behind the scenes, the system gathers
00:00
raw data on the transaction sources,
00:00
their HTTP methods,
00:00
>> the type of HTTP requests,
00:00
>> and their headers.
00:00
>> This information is all parsed
00:00
>> and fed into the aforementioned engines for analysis.
00:00
>> When the system completes its learning,
00:00
the user can choose to switch it to prevent mode.
00:00
This process of gathering data, parsing it,
00:00
and feeding it to the engines is
00:00
performed on a continuous basis.
00:00
A user can assist the learning process and shorten
00:00
the learning curve by responding to tuning suggestions.
00:00
For example this user assistance
00:00
is called supervised learning.
00:00
AppSec narrows the scope of API attacks
00:00
>> by allowing API schema validation.
00:00
>> Users can upload their schema,
00:00
which describes the API functionality of the server.
00:00
AppSec then makes sure to enforce
00:00
this schema by ensuring that
00:00
>> no one can infiltrate applications
00:00
>> via API fields and values
00:00
>> that are not explicitly allowed in the schema.
00:00
>> The use of bots for automated attacks against
00:00
login pages is a regular practice among threat actors.
00:00
CloudGuard AppSec utilizes
00:00
client-side behavioral analysis
00:00
to distinguish between human behavior and bot behavior.
00:00
Once a client connects to a server,
00:00
it performs a GET operation.
00:00
It receives the page from the server,
00:00
including a JavaScript developed by checkpoint
00:00
>> that is injected to the browser of the client.
00:00
>> The script collects behavioral
00:00
information from the client.
00:00
When the client performs
00:00
a post operation to the server it will include
00:00
the decision of the script which defines
00:00
>> if the request originated from a bot or from a human.
00:00
>> Finally, the IPS protection offered by
00:00
CloudGuard AppSec is complimentary
00:00
to the protections already discussed.
00:00
AppSec IPS protection,
00:00
>> which is based on checkpoints,
00:00
>> award winning gateway IPS protection
00:00
catches any known vulnerabilities
00:00
>> preventing known malicious CVEs
00:00
>> by looking for network signatures in HTTP requests.
Up Next