Ruishu's next-generation WAF - WAAP platform, a one-stop dynamic active defense covering Web, APP, cloud and API

There is no doubt that traditional WAF is losing value.

According to a survey report released by the Neustar International Cybersecurity Committee in 2020, 40% of the security personnel interviewed said that at least half of the attacks on their application layer bypassed WAF; and 10% of the personnel said that more than 90% of the attacks can easily avoid WAF defense.

This report also confirms the findings of the Ponemon Institute in 2019: 65% of organizations have experienced bypasses in their WAFs, while only 9% said they had not been hacked; at the same time, only 40% of respondents were satisfied with their existing WAFs. Ponemon Institute also found that the average enterprise employs 2.5 security administrators, who spend 45 hours per week handling WAF alerts and another 16 hours per week writing new WAF rules.

The reliability and satisfaction issues of traditional WAF have attracted great attention from the industry, which means that the WAF market is facing a major adjustment and change.

The rise of various types of applications highlights the limitations of traditional WAF protection

In fact, WAF is a fairly mature security category that has been developed for nearly 20 years.

In the early days, Web applications centered on websites emerged. Due to the single application type and low complexity of malicious programs, traditional WAF based on rules and feature matching can meet the needs of Web application protection.

However, the times are changing rapidly. The rapid development of mobile Internet in recent years has given rise to a variety of application forms such as APP, H5, and mini-programs. More and more core businesses and trading platforms of enterprises are increasingly dependent on these new applications. They may be deployed locally, on the cloud, or even in a hybrid environment. Enterprise employees and users can access them from anywhere on the network. At the same time, more and more third-party API interfaces are being called, and the Web exposure risks and risk control chains brought by API business are constantly expanding, which is no longer within the protection scope of traditional WAF.

Bot threats are rising, and bot management is beyond traditional WAF

In addition to the limited protection scope, traditional WAFs are also unable to identify various types of large-scale, efficient, intelligent, and personified bot attack behaviors. Bot threats not only increase the number of attacks using web application vulnerabilities, but also have a significant impact and harm on digital businesses. Dealing with known and unknown application risks, data leakage risks, and business risks caused by bots has far exceeded the protection capabilities of traditional WAFs.

The report "Forrester Analytics: Application Security Solutions Forecast, 2020 To 2025 (Global)" points out that from 2019 to 2025, the application security solution market will grow from US$4.7 billion to US$12.9 billion. Bot management will cover the core functions of many Web Application Firewalls (WAFs) and will be able to surpass traditional WAFs to become a core application protection solution in 2025. Through Bot management, a series of Bot-based attacks, including fraud threats such as credential stuffing and crawlers, can be detected and blocked. In addition, while the Bot management tool protects applications from malicious bot attacks, good-intentioned bots will be allowed to pass, and human users will not be hindered by unnecessary verification codes and other challenges.

Next-generation WAF, from WAF tools to WAAP platforms

It is not difficult to find that traditional WAFs have been unable to keep up with the pace of threat development. How should the WAF protection mechanism evolve in the digital age to help enterprises resist unknown threats and perform security operations in the new era? As an industry-recognized authoritative consulting organization, Gartner has given an answer to the further evolution of WAF technology. In 2021, Gartner changed the WAF Magic Quadrant that has been released for many years to the WAAP Magic Quadrant, further expanding the scope of security protection and security depth.

Gartner notes that by 2023, more than 30% of public-facing web applications and APIs will be protected by cloud web application and API protection (WAAP) services that combine distributed denial of service (DDoS) defense, bot mitigation, API protection and WAF.

WAF capabilities: WAF should not only detect known threats, but also unknown threats, which is a big challenge for traditional WAF based on rules and feature matching.

Bots automated attack protection capability: Bots automated attacks are increasing year by year, and almost 60% of Internet traffic is generated by robot programs. In order to improve the efficiency of attacks, Bots attackers try to use various means to bypass detection measures, which makes the front-end confrontation escalate. However, compared with traditional security attack and defense, enterprises generally lack the knowledge of Bots attacks, which further aggravates the harm caused by Bots attacks. Therefore, the next generation of WAF should have the ability to identify and protect against Bots automated attacks.

API protection capabilities: Compared with traditional web pages, APIs carry more business processes. With the increasing openness of the API access environment, the rapid increase in the number of APIs, and the rapid changes in the APIs themselves, rule-based API application vulnerability attack protection can no longer meet the security protection needs of API interface abuse, unauthorized access, zombie APIs, data leakage, etc. Therefore, the next generation of WAF should have the ability to protect APIs internally and externally, which is also the direction that many WAF products on the market are trying to make up for.

DDoS protection capability: DDoS is a common attack method, which is very effective when attacking applications. Nowadays, the DDoS attack capability of the black and gray industries is increasing year by year, and the ability to organize large-scale attacks is also constantly improving. Attackers try to bypass defense rules and overwhelm the performance of protection equipment by changing multiple attack features and large-scale distribution. Attacks can be carried out without triggering the speed limit defense strategy, making the traditional WAF strategy invalid. Therefore, the next generation of WAF should have DDoS protection capabilities, better prediction of the threat surface of vulnerabilities, and more in-depth and continuous tracking of the monitoring of attack groups.

Although WAF products have become relatively mature after years of development, their ability to detect and respond to complex threats still needs to be further improved. Therefore, traditional WAF functions will be incorporated into the WAAP platform, closely coordinating with threat intelligence, Bot protection, DDoS defense, API protection and other functional components to help enterprise users build an active protection system for Web applications.

Ruishu's next-generation WAF - WAAP platform provides one-stop dynamic active defense

Ruishu's next-generation WAF, namely the WAAP platform, uses the unique "dynamic security" as its core technology and Bot protection as its core function. It combines intelligent threat detection technology and behavioral analysis technology to provide traditional Web security defense capabilities while being able to stop threats in advance at the vulnerability detection and site-scouting stages of attacks, and can easily deal with emerging and rapidly changing Bot attacks, 0day attacks, application DDoS attacks and API security protection.

In terms of bot protection, the identification and defense of bots automated tools is one of the most outstanding capabilities reflected in Ruishu Information's products. Ruishu Information's "dynamic security engine" with "dynamic security" technology as its core increases the "unpredictability" of server behavior through continuous dynamic transformation of the underlying code of server web pages, and uses innovative technologies such as dynamic encapsulation, dynamic verification, dynamic obfuscation, and dynamic tokens, making it difficult for attackers to start, greatly increasing the difficulty of attacks, and thus achieving all-round "active protection" from the user end to the server end.

In terms of DDoS protection, the application of multi-source low-frequency, slow attack, and precision strike technologies makes it difficult to protect against CC attacks on the business/application layer. Different from the protection technology based on frequency limiting, the "dynamic token" technology in the "dynamic security engine" of Ruishu Information can identify and intercept CC attacks launched by Bots from the root, reduce resource consumption, and ensure the normal and stable operation of the business.

At the WAF level, with the help of the "dynamic security engine", Ruishu Information can achieve tool-based application vulnerability detection and attack identification, as well as 0day automated attack and detection without relying on traditional rules based on signatures and features. At the same time, it forms three engines that work together with the "intelligent threat detection engine" and "rule engine" to provide more efficient and comprehensive Web application protection capabilities for manual attacks and automated attacks, and achieve in-depth defense.

At the API protection level, Ruishu Information uses intelligent threat detection technology and behavioral analysis technology to achieve automatic discovery of API interfaces and establish an API list through four major modules: API perception, discovery, monitoring and analysis, and protection. This can effectively achieve API asset management and API access behavior control. At the same time, an API security baseline is established to monitor and analyze API abuse, abnormal API access, malicious scanning, injection attacks, etc., which can achieve API security protection and sensitive data control.

At present, Ruishu's next-generation WAF - WAAP platform has been widely used in operators, finance, government, education, hospitals, and corporate customers, helping various organizations to truly achieve security protection for websites/APPs/applets/APIs, effectively combating black production, and reducing their security risks and economic losses. At the same time, Ruishu Information has participated in a large number of national-level network security security work such as attack and defense actual combat exercises, CIIE security, and the 70th anniversary of the founding of the People's Republic of China, and has achieved good results, so it has been praised by users as a "security artifact."

As Wu Jiangang, Director of Information Technology at Ruishu, said, "Network security follows the 'barrel principle', and the overall security level of the network is determined by the part with the lowest security level". When a single WAF product is no longer sufficient to solve ubiquitous security risks, the overall security capabilities from WAF to WAAP can make up for the existing security blind spots and achieve truly integrated application security defense covering Web, APP, cloud and API assets. Ruishu's next-generation WAF - WAAP platform is such a representative work.