
Attacks on web applications are a widespread problem. A recent report by CyCognito found 70 percent of web applications have severe security gaps, like lacking WAF protection or an encrypted connection like HTTPS. Furthermore, 25 percent of all web applications lacked both.
To protect web applications – and the business that uses them – you can deploy a web application firewall (WAF). These solutions monitor web applications for unusual activity and log events, send alerts, or take action to stop the threat.
Most WAFs use application learning (AL) to stop attacks like SQL injections or cross-site scripting (XSS). AL technology builds profiles based on how users typically interact with an application – and on the application itself – that reflect typical use. It uses that data to create policies, and when an activity doesn’t align with those policies, it logs the event or triggers an alert.
Crying Wolf
A common complaint about web application firewalls is the number of false positives they generate. A Fortinet article for CSO Online explains, “There is simply no good way for AL to account for every variation of normal application usage, or to easily adjust to changes in an application, without triggering an anomaly-based filter.”
Therefore, managed security service providers (MSSPs) or other professionals overseeing WAFs often have resources dedicated to addressing activities flagged as potentially malicious and, in response, managing policies and exceptions.
Moreover, people assigned to this task walk a line. If you make policies too liberal to avoid false positives, an attack could get through. But if you keep policies strict, you deal with constant alerts and possibly even block legitimate traffic.
A More Intelligent Solution
AL is limited because it depends on what it learns from usage patterns that it has encountered. However, web application firewalls that leverage machine learning ML take a different approach. With ML, the WAF can minimize false positives by using a statistical model to determine the probability that an anomaly is evidence of a cyberattack or if it’s just an error or a change in how users interact with the application.
WAFs can utilize ML in an additional way – training ML models to recognize specific threats based on data collected from actual attacks or security solutions. For example, the Barracuda Web Application Firewall leverages machine learning to detect advanced bots, providing a total picture of bot activity on web applications.
What Else Can Web Application Firewalls with Machine Learning Do?
In addition to decreasing false positives and more accurately identifying malicious activity, web application firewalls leveraging ML can make life easier for security professionals managing these solutions.
An Airlock blog points out that machine learning can, for example, automate log analysis or help create or optimize WAF configurations.
Web application firewalls that leverage machine learning technology can also help you differentiate your business. With a WAF + ML, you can deliver a superior security solution that works without the inefficiency of high numbers of false positives, trained to recognize known threats and spot activity associated with zero-day attacks.
Web application firewall technology is advancing, with some vendors even exploring how deep learning can enhance their offerings. The takeaway is not to be complacent about the solutions you offer. Stay informed about how vendors use advanced technologies to deliver better results and greater value to benefit your customers and your business.