Application Layer Firewal Solutions (WAF)

Background

The Next Generation WAF engine, which is integrated in Sangfor’s NGAF, was developed to protect against advanced web-based attacks such as SQL injection, web shells, struts2 injection, and deserialization flaws. Sangfor’s NGWAF engine uses machine- and deep-learning to analyze attack behaviors. It enhances detection rates and decreases false positives from traditional SNORT-based detection engines. By modeling attack behaviors, a threat model is created to easily manage the applications’ system threats.

The Next-Generation WAF Should Evolve In A More Intelligent Direction

Undoubtedly, WAF products, powerful tools against application layer attacks, are still the priority for many companies when dealing with complicated and changing application layer attacks. However, on the one hand, the means of attack keep increasing, on the other hand, corporate applications are becoming more and more complicated, which resulting in that traditional WAFs find it harder to provide corporate applications with protection. Many companies are becoming disappointed with the accuracy and ability of WAF in threat identification and defense against attacks.

Analyzing from the working principle of existing WAF products, it is not difficult to find that the root cause of this result is the inefficiency of the rule detection engine and regular expression matching method adopted by traditional WAF products in processing performance and methods of attack detection and interception when facing complicated and varied Web application attacks.


SANGFOR NGAF - Next-Generation WAF Defense Engine

1. Improve the overall device processing efficiency with deep learning capability of traffic

By introducing the machine learning, collect the characteristics of blank traffic in traffic layer, make legitimate traffic flow fast and double the device performance improvement.

SANGFOR's next-generation firewall adopts blank traffic filtering on WAF engine, executes deep learning based on application-layer interactive content, establishes deep traffic learning model on this layer, and implements monitoring, learning and comparison for each web element. The whole process is completed by the self-learning capability of device without manual intervention. Also, make self-adaptive adjustment according to web’s traffic change, and form blank traffic filtering capability. If there is traffic that obviously deviates from normal traffic pattern, import it to follow-up security detection process for handling in order to ensure that legitimate traffic may flow fast. It is just like that airport security inspection machine identifying the package containing forbidden objects, and then unpacking inspection is executed, while normal packages may directly go through. It greatly improves the processing efficiency compared with traditional WAF architecture of unpacking inspection in sequence.

2. Integrate business parse with recovery capability through business intelligence fusion engine

SANGFOR NGAF matches business environment in smart manner with business intelligence fusion engine, and matches parsing and recovery capability based on business dynamic characteristics. It has the capability of accommodating diverse businesses at the backend, including reverting business-specific content fast, executing security detection, and providing comprehensive solution for various attacks.

3. Accurately identify Web threat with threat depth detection engine

SANGFOR NGAF threat depth detection engine integrates lexical algorithm with syntactic algorithm, and fully adopts artificial intelligence to implement depth analysis for threat, can provide comprehensive solution for the complex business, business data, development approach etc. in real environment, and locate and process abnormality the first time.

Behavior-based data models may be established after acquiring AI learning experience data. Predict target event with these data models, which makes the core security capability have the characteristics of self-learning, model self-development and business self-adaption.

SANGFOR NGAF, based on the security concept of facing the future and effective protection, adopts the next-generation WAF defense engine that can provide user business with effective defense capability in comparison with the traditional WAF defense method.



Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2018 SANGFOR TECHNOLOGIES INC. ALL RIGHTS RESERVED.