Alert Logic harnesses machine learning to fight web application attacks
- Published: Thursday, 11 May 2017 08:13
Alert Logic has announced key enhancements to the Alert Logic Cloud Defender solution that enable businesses to better defend against web application attacks, the most significant source of breaches for organizations leveraging cloud and hybrid computing infrastructures.
Enhanced capabilities to Cloud Defender include supervised machine learning and expanded anomaly detection capabilities that give businesses the ability to stop complex, multi-stage web application attacks and further enhances Alert Logic’s ability to help businesses protect their cloud computing workloads.
“Data breaches resulting from web application attacks have increased significantly in the last three years and a multi-layer web application attack defence should be the cornerstone of any effective cloud security solution,” said Gray Hall, CEO of Alert Logic. “Machine learning delivered as part of a managed service that analyses petabytes of security data from our more than 4,000 customers enables unrivaled detection of complex, hard to identify attacks on web applications.”
Machine learning, human expertise and petabytes of security data
Alert Logic combines the required elements of data scientists, threat researchers and Security Operations Center (SOC) analysts who use event telemetry – standardised network, log and application security data – from Alert Logic’s more than 4,000 customers to quickly and continually train algorithms which learn by example. In a technique known as supervised machine learning, this ‘human-in-the-loop’ approach is now delivered as part of a fully-managed service enabling Alert Logic to achieve an unprecedented accuracy rate in detecting advanced, multi-stage SQL Injection attacks. SQL Injection attacks are one of the most prevalent attack vectors in the OWASP Top 10 and the first in a series of planned web application attack types to be identified through Alert Logic’s machine learning techniques.
Enhanced anomaly detection with expanded application coverage
Additionally, Cloud Defender is now able to detect a wider range of web application attacks using out-of-band anomaly detection techniques specifically developed for web application transactions, in addition to signature-based detection already available. This further improves detection accuracy, and lowers false positives for attacks on unique flaws in custom web applications, without interfering with legitimate application access. Alert Logic has also expanded analytics capabilities of its ActiveWatch Services to detect attacks against more than 150 recently announced vulnerabilities at all layers of the web application and cloud infrastructure stack. This further strengthens Alert Logic’s event-driven visibility into exploits against vulnerabilities in web applications built using WordPress, Magento, PHP, Apache, ASP.Net, MongoDB and Hadoop. The benefit of combining application anomalies with signature detection includes a better signal-to-noise ratio and more actionable context in protecting against layer 7 attacks.