Review of the main opportunities, the features and technical specifications of Nemesida WAF.

A feature of Nemesida WAF is the accuracy of detecting attacks with a minimum number of false positives, the presence of a virtual patching system, a high-quality signature database, scalability and pricing policy, allowing you to ensure the safety of online stores, portals, API and other web-applications in enterprises of any size.

General information

Interface language English
Documentation language Russian, English
Availability of a research center in Russia lab.pentestit.ru
Operation mode IPS, IDS, Combined
Delivery type In the form of the installation distribution

Clustering, SSL, standards

  • Termination SSL
  • Passive decoding SSL
  • Support of sessions established on client certificates
  • Support of Active-Active clustering
  • Support of Active-Passive clustering
  • Support of balancing of loading between the protected web applications
  • Support of WebSockets
  • Support of XML
  • Support of JSON

Detection of attacks

Class of blocked attacks
  • Injection (RCE, SQLi, OS command, etc.)
  • XSS
  • XXE
  • Information Leakage
  • Path Traversal
  • Open Redirect
  • Web Shell
  • HTTP Response Splitting
  • RFI/LFI
  • Server-Side Request Forgery
  • Brute-force attacks (including distributed attacks)
  • «Zero-day» attacks
The presence of a reputation base Own reputation and GeoIP base.
Detection of bots on the basis of values of query fields Based on their signatures and behavioral analysis.
  • Protection against the attack on XML
  • Blocking of separate request
  • Temporary blocking of requests from the source by IP-address
  • Check of HTTP transactions on compliance of RFC and to the best practices of control
  • Categorization by type of activity (type of attack) of sources
  • Creating signature rules and their exclusions based on a set of criteria (for example: method, URL, parameter value, title) and regular expressions

Machine learning (Nemesida AI)

Accuracy of identification of the attacks Nemesida AI ≈ 30% more efficient than signature analysis.
Machine learning method The classical algorithm of machine learning is used. Key features of Nemesida AI are the accuracy of identification of anomalies, the minimum quantity of false operations and lack of high requirements to hardware resources.
  • Adaptation of WAF to a mutable application
  • Automatic creation of behavioral models
  • Detection of anomalies and assessment of their severity level
  • Identification of new signs of attacks, including the identification of «zero day» attacks
  • Behavioral models management interface(additional training of models)

Brute-force attacks

Nemesida WAF is able to detect brute-force attacks, including distributed ones used Levenshtein distance and fuzzy logic.

Additional features

  • Integration with vulnerability scanners, including the Nemesida WAF Scanner
  • Antivirus analysis
  • Simply SIEM integration
  • Firewall Integration
  • Lack of traffic and virtual hosts limitation for the Standalone-version

Auxiliary modules

  • Nemesida WAF Cabinet
  • Nemesida WAF Scanner
  • Virtual patching
  • Signtest

Filtering and notifications

  • Cabinet for dealing with incidents
  • Flexible filtering of security log entries by specified criteria
  • Manual and automatic aggregation of security log entries by attack type, parameter name, URL, IP address
  • Attack verification using the built-in dynamic scanner
  • Automatic aggregation of events with intense character
  • Possibility of setting up reporting for obtaining summary information about safety events
  • Existence of the interface with information on network loading of WAF
  • The recorded events contain inquiry in full (entirely)
  • The recorded events contain the description of the worked rule of security policy
  • Export and import of the security event log in full amount
  • E-mail and Syslog notifications

Conclusion

The Nemesida WAF operation is based on classical machine learning algorithm «Random Forest», that is able to detect attack with minimum response time and with 99.98% accuracy, nearly without false positives and the CPU Intel Core i3 or higher is enough.

Nemesida WAF is well-scalable, does not have any limitations of virtual hosts or traffic and auxillary modules such as vulnerability scanner, virtual patching and personal cabinet will make your work with Nemesida WAF easy and transparent. Now it is not required to make exclusion rules - machine learning module will adapt to any web application. You can inspect incidents in personal cabinet and enjoy the work with Nemesida WAF.

You are not ready? Then try Nemesida WAF Free - free version of Nemesida WAF with quality signatures.