Cyber threats are one of the very worst things about the internet. Making matters worse is the rapid expansion of the size and scale of cyber-attacks in the recent years. At the heart of this maelstrom is digital innovation, which though unequivocally and undeniably necessary, often adds friction in operations, as a result inviting adversaries and even serving as the origin point of an unfolding attack. Fortinet presented FortiWeb, a Web Application Firewall at the recent Tech Field Day event in California that detects and intercepts cyberattacks making sure that digital innovation continues uninterrupted.
Traditional WAFs Aren’t Enough in Today’s Threat Environment
The traditional approach to threat detection entails signature-based scanning. Using an approach called whitelist matching, Web Application Firewalls (WAFs) approve or deny materials entry. This long-standing approach has its strengths where detection of anomalies and hostile bots or analyzing patterns are concerned, but an old-fashioned WAF takes an awful lot of tuning and tuning is a demanding job. It costs time and involves substantial work. Besides traditional WAFs are only great at catching malicious materials that are crude and unsophisticated. We are living in a time of rentable bots and malware-as-a-service which means modern firewalls must protect a broader spectrum of threats that are not only more malicious, but also exceedingly advanced.
The biggest of all problems is that a traditional WAF cannot tell apart an anomaly from a real attack. So it treats every anomaly as a potential threat, blocking them as soon as they pop up in the radar without further processing. This contributes to absurdly high false positives and inaccurate results triggering excessive safety alerts which quickly end in alert fatigue. Also these systems are rather easy to game if you know the patterns and know how to work around them, and therefore bring their own attack surfaces.
Fortinet Patches Up the Holes in Traditional WAFs
Fortinet devised a way to secure web applications and APIs by bypassing the gaps of the traditional approach. In the cybersecurity space, Fortinet needs no introduction. Known for its spectrum of security solutions designed to integrate easily, automate security and overall accelerate digital innovation, Fortinet has a record of upskilling over 700, 000 security professionals in the industry so far in a campaign to close skill gaps. As a leading provider in security, Fortinet is focused on designing solutions that protect against multi-vector threats by proactively guarding the ever-expanding attack surfaces.
Contrary to how a legacy WAF learns and detects threats, FortiWeb adopts a different approach with machine learning. Where traditional WAF blocks out all anomalies no questions asked, FortiWeb’s model entails granular processing of individual item before barring them. This minimizes false positives and results in higher accuracy with better learning, not to mention automating a range of quotidian SecOps tasks. It swaps the old-fashioned only signature-based WAF appliances with a more intelligent system that uses artificial intelligence to thresh benign anomalies from the real threats and accurately discover and triage potential threats .
FortiWeb, a Firewall Built with AI to Protect and Prevent
Aidan Walden of Fortinet, Global Director of Public Cloud Architecture and Engineering presented FortiWeb at the recent Tech Field Day event in California. At the presentation, he talked about the current security challenges facing organizations. Focusing on application security, he explained how Fortinet leverages AI to deliver advanced Web service and API protection.
FortiWeb is engineered with a dual-layer machine learning technology comprising of the localized ML and FortiGuard threat models. It lets the normal request traffic to pass through. Then using the ML-based threat detection and FortiGuard, it automatically hunts for vulnerabilities in those requests. Leveraging the underlying data provided by the FortiGuard updated threat models, it inspects all traffic for signs of malicious anomalies and blocks them instantly.
The other part of its capabilities is API protection. With machine learning algorithms, FortiWeb examines application traffic and automatically discovers APIs. Once found, it enforces security policies both out of box as well as those based on the security permissions of the enterprise.
FortiWeb protects against malicious botnets, crawlers and automated bots. Being able to differentiate between humans and bots, it can individually recognize automated requests, changing behavior and repeat offenders, enforcing CAPTCHA when required to block down bots and spammy materials. With a combination of approaches and schemas including threshold-based and biometric detection, it eliminates disruptions caused by traditional WAFs and ensures a smooth user experience. Graphical analysis of the threat reports can be viewed on the FortiView, FortiWeb’s dashboard.
Final Words
In a time when organizations are outgrowing the uses of traditional WAFs, FortiWeb is a WAF that offers many advantages of WAAP. Minimizing the disruptions created by rapid rollout of applications and noise caused by traditional solutions, it unshackles enterprises from the limitations of legacy WAFs that have throttled SecOps and stood in the way of defending themselves from zero-day threats. FortiWeb gives defenders a decisive advantage in the fight against emerging threats and has the potential to transform cyber defense for web services and APIs.
For a technical deep-dive of FortiWeb, be sure to check out Fortinet’s other presentations from the recent Tech Field Day event.