Nemesida WAF review | Nemesida WAF

Review of the pricing, the main opportunities, the features and technical specifications of Nemesida WAF.

A feature of Nemesida WAF is the accuracy of detecting attacks with a minimum number of false positives, the presence of a virtual patching system, a high-quality signature database, scalability and pricing policy, allowing you to ensure the safety of online stores, portals, API and other web-applications in enterprises of any size.

General information

Interface language	English
Documentation language	Russian, English
Availability of a research center in Russia	lab.pentestit.ru
Operation mode	IPS, IDS, Combined
Delivery type	Installation packages
Demonstration stand	A demo stand for the Nemesida WAF web interface and functionality is available at demo.lk.nemesida-security.com (login: demo@pentestit.ru, password: pentestit).

Pricing and options

Features	Price (per year)
	Light	Business	Enterprise
	$1,500	$3,800	$7,300
Signature method analysis	+
Integration with ClamAV antivirus software	+
Automatic blocking of an attacker by IP-address	+
Protection against brute-force attacks	+
SMS flooding protection	+
Nemesida WAF Management API	+
Syncing the list of blocked IP-addresses	+
Creating virtual patching rules	Manually	Automatically and manually
Output of attacks information, report generation and statistics	+
Vulnerability detection using Nemesida WAF Scanner	-	-	+
Number of behavioral models¹ included in the basic license	-	1	5
Cost of additional license²	$500	$1,900
Cost of additional behavioral model	-	$750

¹ it is possible to use wildcard values when building models.

² every Nemesida WAF dynamic module instance for Nginx (install package nwaf-dyn) must use unique license key (license).

To reduce the percentage of false positives, it is recommended to use a separate behavioral model for each web application, and the domains on which web applications are located may differ.

Clustering, SSL, standards

Termination SSL
Passive decoding SSL
Support of sessions established on client certificates
Support of Active-Active clustering
Support of Active-Passive clustering
Support of balancing of loading between the protected web applications
Support of WebSockets
Support of XML
Support of JSON

Detection of attacks

Class of blocked attacks	Injection (RCE, SQLi, OS command, etc.) XSS XXE Information Leakage Path Traversal Open Redirect Web Shell HTTP Response Splitting RFI/LFI Server-Side Request Forgery Brute-force attacks (including distributed attacks): cracking password, SMS flooding protection «Zero-day» attacks
The presence of a reputation base	Own reputation and GeoIP base.
Virtual patching module	Built-in virtual patching module for fixing vulnerabilities on-the-fly.
Detection of bots on the basis of values of query fields	Based on their signatures using machine learning.
Additional features	Blocking of separate request Temporary blocking of requests from the source by IP-address Check of HTTP transactions on compliance of RFC and to the best practices of control Categorization by type of activity (type of attack) of sources Creating signature rules and their exclusions based on a set of criteria (for example: method, URL, parameter value, title) and regular expressions Using machine learning to minimize the number of false positives (less than 0.01%) and identify unknown attacks based on their characteristics, easy management of the training/retraining process via the web interface

Machine learning (Nemesida AI)

Accuracy of identification of the attacks	Nemesida AI about 30% more efficient than signature analysis.
Machine learning method	The Nemesida WAF operation is based on classical machine learning algorithm «Random Forest», that is able to detect attack with minimum response time, nearly without false positives.
Hardware resource requirements	Unlike training models using neural networks, classical machine learning algorithms do not require much processing power, so the processor of the Intel Core i3 family or higher will be sufficient for calculations.
Additional features	Adaptation of WAF to a mutable application Automatic creation of behavioral models Detection of anomalies and assessment of their severity level Identification of new signs of attacks, including the identification of «zero day» attacks Behavioral models management interface (additional training of models) Ability to change the training period of behavioral models Additional training of models using a backup copy of the training sample

Brute-force attacks

Nemesida WAF is able to detect brute-force attacks, including distributed ones used Levenshtein distance and fuzzy logic.

Additional features

Analysis of web application deficiencies in automatic mode using Nemesida WAF Scanner
Antivirus analysis
Simply SIEM integration
Firewall Integration
Lack of traffic and virtual hosts limitation for the Standalone-version
Multi-lease mode with no restrictions on the number of RPS
Availability of a free version with limited functionality Nemesida WAF Free, which provides basic protection of web applications from OWASP attacks based on signature analysis

Auxiliary modules

Nemesida WAF Cabinet
Nemesida WAF Scanner
Virtual patching
Signtest

Filtering and notifications

Comfortable in use Cabinet for dealing with incidents
Flexible filtering of security log entries by specified criteria
Manual and automatic aggregation of security log entries by attack type, parameter name, URL, IP address
Attack verification using the built-in dynamic scanner
Automatic aggregation of events with intense character
Possibility of setting up reporting for obtaining summary information about safety events (attack timeline, detailed reports in PDF and CSV format)
Existence of the interface with information on network loading of WAF
The recorded events contain inquiry in full (entirely)
The recorded events contain the description of the worked rule of security policy
Export and import of the security event log in full amount
E-mail notifications

Nemesida WAF application

Nemesida WAF can help the company to save from unnecessary costs by providing high-quality protection of the web application in cases when:

Creating, editing and storing users' personal data requires special measures to protect data from vulnerabilities
The company's profit and reputation directly depend on the reliable and secure operation of the web application

Conclusion

Nemesida WAF is well-scalable, does not have any limitations of virtual hosts or traffic and auxiliary modules such as vulnerability scanner, virtual patching and personal cabinet will make your work with Nemesida WAF easy and transparent. Now it is not required to make exclusion rules - machine learning module will adapt to any web application. You can inspect incidents in personal cabinet and enjoy the work with Nemesida WAF.

Free Trial