Harnessing machine learning to fight web application attacks

Alert Logic has introduced key enhancements to the Alert Logic Cloud Defender solution that enable businesses to better defend against web application attacks, the most significant source of breaches for organisations leveraging cloud and hybrid computing infrastructures.

  • Friday, 5th May 2017 Posted 7 years ago in by Phil Alsop
Enhanced capabilities to Cloud Defender include supervised machine learning and expanded anomaly detection capabilities that give businesses an unparalleled ability to stop complex, multi-stage web application attacks and further differentiates Alert Logic’s already unique ability to help businesses protect their cloud computing workloads.                                                       
“Data breaches resulting from web application attacks have increased significantly in the last three years and a multi-layer web application attack defence should be the cornerstone of any effective cloud security solution,” said Gray Hall, CEO of Alert Logic. “Machine learning delivered as part of a managed service that analyses petabytes of security data from our more than 4,000 customers enables unrivaled detection of complex, hard to identify attacks on web applications.”
One of the many advantages of cloud computing is the ability for businesses to more quickly develop and deploy revenue-generating web applications. Web applications, however, are rich targets for cybercriminals because of inherent vulnerabilities in ubiquitous third-party web application components and insecure coding practices.?
“Most of the security incidents we identify with machine learning techniques include multiple attack stages that take advantage of flaws within a web application’s layers, and patience by the attacker,” said Misha Govshteyn, co-founder and SVP of Products for Alert Logic.  “We are now able to reliably identify highly persistent attack campaigns lasting several weeks or months.”
Machine Learning, Human Expertise and Petabytes of Security Data
Alert Logic combines the required elements of data scientists, threat researchers and Security Operations Center (SOC) analysts who use event telemetry – standardised network, log and application security data – from Alert Logic’s more than 4,000 customers to quickly and continually train algorithms which learn by example. In a technique known as supervised machine learning, this “human-in-the-loop” approach is now delivered as part of a fully-managed service enabling Alert Logic to achieve an unprecedented accuracy rate in detecting advanced, multi-stage SQL Injection attacks.  SQL Injection attacks are one of the most prevalent attack vectors in the OWASP Top 10 and the first in a series of planned web application attack types to be identified through Alert Logic’s machine learning techniques.
Enhanced Anomaly Detection with Expanded Application Coverage
Additionally, Cloud Defender is now able to detect a wider range of web application attacks using out-of-band anomaly detection techniques specifically developed for web application transactions, in addition to signature-based detection already available. This further improves detection accuracy, and lowers false positives for attacks on unique flaws in custom web applications, without interfering with legitimate application access. Alert Logic has also expanded analytics capabilities of its ActiveWatch Services to detect attacks against more than 150 recently announced vulnerabilities at all layers of the web application and cloud infrastructure stack.  This further strengthens Alert Logic’s event-driven visibility into exploits against vulnerabilities in web applications built using WordPress, Magento, PHP, Apache, ASP.Net, MongoDB and Hadoop.  The benefit of combining application anomalies with signature detection includes a better signal-to-noise ratio and more actionable context in protecting against layer 7 attacks.