WAF continent

For February 27, 2017 WAF Continent - the firewall for protection of web applications.

On February 27, 2017 the Code of Security company announced release of the WAF Continent firewall. The product is focused on protection of web applications and can be demanded by the organizations using difficult web applications there are portals of state services, the system of remote banking, ERP- and the CRM system with the web interface.

The product of the Continent family filters traffic at the level of applications. A system "understands" how the web application what activity is normal what is abnormal works. Such approach reduces an implementation time of this protectant and is implemented using the built-in mechanisms of machine learning which allow the product "comprehend" logic of the protected application and to create positive model of its work.

Architecture Continent of WAF, (2017)

"WAF continent" helps to detect activity of malefactors. For the companies which are independently developing web applications, use of a product will help to reduce a development cycle at achievement of required level of protection.

In a product protection gears are used:

• check of correctness of commands of the HTTP protocol;
• parsing of requests and answers of the Web server with support of different types of compression, coding and methods of data transmission (XML, JSON, BASE64, GZIP);
• analysis of process of identification, authentication, activity and control of sessions of users;
• protection against the bruteforce-attacks;
• the signature analysis with support of a format governed ModSecurity.

In most cases implementation and setup of signature means of protecting of web applications occupy a progressive tense. It does not happen to our product: distinguishing the attack, Continent of WAF is guided first of all not by signatures, and by positive model of work of the web application. Therefore at installation of these means of protecting there is no need to list types of the attacks, it is enough to describe regular processes of work of the web application. Unlike the competing products, Continent of WAF explains why this or that request was blocked. It promotes increase in transparency of security policies. As a result our development can provide intellectual protection of web applications. Alexander Kolybelnikov, product manager of Code of Security company

Due to the wide use the web and mobile technologies (the GIS personal portals, migration of applications in a web, etc.) increases in our life the importance of an information security system of web resources. Earlier, having released the product "TLS VPN Continent", we resolved issues of cryptographic user authentication and protection of the channel. With emergence in our line of the product "WAF Continent" we give means of protecting from attacks on web applications. Thus, we provide the complete solution on protection of web portals (authentication, protection of the channel, analysis of network traffic at the level of applications/protocols). Andrey Golov, CEO of Code of Security company

Possibilities of the application

• Analysis of traffic
  • Flexible configuration of models of operation of applications
    • Validation of the HTTP protocol
    • Parsing of requests and answers
    • Determination of business logic of the application
    • Identification, authentication of users and control of sessions

  • Automatic creation of model of operation of application
  • Variance analysis of behavior of the user from the standard scenario
  • Data analysis in a SSL tunnel
  • the Packet of the preconfigured signatures
  • Support of rules of the ModSecurity format

• Detection of the attacks on web applications
  • Detection of the attacks, specific to web applications
    • OWASP TOP 10
    • SQL injections
    • Cross Site Scripting
    • Cross Site Request Forgery

  • Detection of anomalies both in requests, and in answers of the Web server
  • Detection of anomalies on the basis of model of operation of application
    • Coincidence to model
    • A deviation from model

  • Detection of anomalies in the enclosed data transferred under the HTTP/HTTPS protocol
  • Detection of the bruteforce-attacks

• Management and monitoring

• • Graphic display of model of analysis of requests and answers of the Web server
  • Monitoring and management of protection of several applications from the single console
  • Graphic display and editing rules of decision making
  • the Output of the generalized statistics in real time
  • Aggregation and prioritization of data on cybersecurity events
  • the Automatic notification of the operator about cybersecurity events
  • Role model of access to the management console
  • Audit of actions of the operator of WAF in the management console
  • Integration into a SIEM system under the syslog protocol

• Operation modes
  • Work in the mirroring mode
  • Work "in a gap"
  • Work in the audit mode
    • Analysis of logs of activity of the Web server

According to the statement of the company, for February 27, 2017 Continent of WAF is transferred to FSTEC of Russia for carrying out certification tests. At their successful completion the product will be certified on the 4th class of protection for Web server level firewalls (type "G").