Scribd
Upload
77 views

Prophaze WAF - Native Cloud Security Platform k8s

Prophaze KubeWAF's enterprise grade solution protects your organization by intelligently tracking down malicious requests into your web APIs.

Uploaded by

Prasad G
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
77 views

Prophaze WAF - Native Cloud Security Platform k8s

Prophaze KubeWAF's enterprise grade solution protects your organization by intelligently tracking down malicious requests into your web APIs.

Uploaded by

Prasad G
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Prophaze WAF

Zero-Touch WAF Automation


Making Security
Safer. Simpler. Affordable.
Prevents attacks others miss. Not more CVE alerts.
Cuts security costs. Not more spending.
Automated prevention. Not manual rules.
Protection in minutes. Not months.
System Internals – Full Architecture
IBM/HCL AppScan Test by STQC

<
Dashboard Control

Actionable intelligence with real-time threat data, drill


down and risk scoring, eliminating the need for complex
workflows between products.
Monitor all security events identified on cloud-based and on-
24.7%
premises deployments.
• Block mode control
DDoS Attacks
• Blacklisting control
• IP Geolocation control
• Rate limiting control
• Threat analytics
• Integration with SIEM, SOAR
• Alerts via Slack
• Import/export control
• API publishing
• Compliance reporting
What DevOps expect?

Current WAF solutions are ineffective What do DevOps expect? Prophaze is a better solution

Take weeks / months to deploy Easy to deploy Go live a day with zero down time

Easy to configure ML profiles traffic to auto-generate rules 


Difficult to configure
Flexible white/ Allows true hybrid mode with regular
blacklisting updates
Impossible to maintain
Remediates before an application patch
Vulnerability Patching
is available
Do not protect applications and
data as expected Works seamlessly Dashboard visibility and simple control
Features

Threats Protection WAF Automation Deployment


Managed updates Protecting apps, APIs, Native Kubernetes
containers
AI threats Private cloud on-
Zero-configuration premises
OWASP top 10
AI firewall Public cloud
DDoS
Automated security policy Integrations
Bots
Proactive security Multi-tenancy
Anomalies
API security
Dashboard control
Compliance
Virtual patching
AI WAF

AI-Automated Zero-Touch WAF

AI Generated Dashboard
Threats AI Profiler Security Policy Control

OWASP top 10 threats, • Context-based • Blacklisting • Block mode control


DDoS, malicious bots, API application, API, • Import/export lists
abuse, traffic anomalies, • Whitelisting
container logic, and • API publishing
fileless attacks, new • Anomalies filtering
behavior
malware variants, zero-day • Virtual patching • Rate limiting
attacks • Payload contents
• Threats updates • Integration options
• Static attributes of
processes, files • Events
• Previous threats • Alerts
Bots and Anomalies

Anomalies
• Control behavior anomalies in traffic flows
• Response code anomaly
• Bandwidth anomaly
• IP Geo anomaly
• Rate anomaly diversion using DNS routing

Bots
Automatically identifies, detects, and blocks known and
unknown web application threats in real-time
• MITM attacks
• Zero day attacks
• Malware attacks
• Brute force attacks
• Data Leaks
• Bad bots
DDoS

DDoS Protection
• Protects your applications from distributed denial of service
DDoS attacks by malicious bot networks.
• ML behavior analysis
• Detection – protocol, IP, and anomalies in traffic flows
• Diversion - traffic is redirected using DNS routing
• Filtering - blocking DDoS traffic while legitimate requests flow
through
• Analysis - previous security logs are analyzed to improve
resilience
API Security

• Automatic positive security model to enforce boundary checking for


API requests
• Test APIs for misconfigurations, logic manipulation, and input
validation
• Distinguish between legitimate and malicious payloads and bots
• Use regular expressions to enforce required parameters in the
message body
• Rate limiting incoming and outgoing traffic 
• Integration with API tools
• Decode Open API (Swagger) files, header and body payload
• Decode all the data formats including nested and encoded custom
API protocols as JSON inside Base64 encoding
• Protect east-west API traffic
Virtual Patching

• Automatically deploys virtual patching to web applications, APIs


and microservices to block malicious traffic from exploiting
vulnerabilities
• Patching is scalable and implemented on all hosts
24.7%
• Reduces risk until a vendor-supplied patch is released and tested
• Does not conflict
DDoS with libraries and support code files
Attacks
• Protects mission-critical systems that cannot be taken offline
• Eliminates time and money spent on emergency patching
• Enables agile CI/CD teams to remediate vulnerabilities and release
code without stopping production
Compliance

• Automated compliance and governance policies enforcement


• For eCommerce, FinTech, Health Tech, and other organizations that
process PII and PHI data
• Protect your web applications, APIs, and configuration settings in
24.7%
real-time
DDoS Attacks
Deployment Options

Kubernetes WAF Deployment


• One hour deployment
• Native Kubernetes deployment
• Private cloud deployment behind load balancer
• Public clouds deployment as reverse proxy at DNS in
same time zone
• Across multiple cloud providers and enterprise data
centers
Customers

• nOps AWS cloud management


platform used by Uber
• GuideSpark Serving
• Bank of America, ADP, Visa,
American Express, Adobe, Salesforce,
and many Fortune 500 companies
• Amrita Technological Incubator
Next steps
• Project scope and
technology review
• Pilot deployment

Contact
[email protected]
9645449968
Thank you!

You might also like