BinaryIdiot — thanks for a great feedback! I'll answer in several posts.
# What's Wallarm Cloud?
A very good question! We can't run machine-learning stuff on the Nodes as it is performance consuming thing. But we can get all the metrics from all the node (some of our customers have 300+ of them) and craft blocking rules in our cloud. We don't get data; we analyze only statistics. So, we don't have sensitive data. Also, it's possible to deploy a standalone version of Wallarm Cloud.
Here's how it works:
1. All web traffic is proxied through Wallarm Nodes which instantly block any malicious/abnormal request preventing it reaching the application.
2. To get rid of false positives and for better protection, Wallarm Nodes like New Relic agents share application metrics in exchange for an updated blocking ruleset. Wallarm Cloud crafts application profile, its structure, normal user behaviour—and updates corresponding blocking rules every 15 minutes using machine learning. Updated blocking rules are distributed among all the Wallarm Nodes.
3. A built-in vulnerability scanner discovers security flaws in an application and checks the actual severity of each payload detected in attacks (is it targeting existing vulnerability?) allowing to prioritize company defensive efforts.
The only case when we're receiving the data from the request when we detect a malicious request. We need this request to show analytics in the user interface and get a payload to check if it's targeting vulnerability. To avoid situations when we get sensitive data with attacks details, it's possible to configure Wallarm Node to cut all the data from sensitive fields (cookies, password, SSNs, etc.). We have companies with HIPAA certificates.
# What's Wallarm Cloud?
A very good question! We can't run machine-learning stuff on the Nodes as it is performance consuming thing. But we can get all the metrics from all the node (some of our customers have 300+ of them) and craft blocking rules in our cloud. We don't get data; we analyze only statistics. So, we don't have sensitive data. Also, it's possible to deploy a standalone version of Wallarm Cloud.
Here's how it works: 1. All web traffic is proxied through Wallarm Nodes which instantly block any malicious/abnormal request preventing it reaching the application. 2. To get rid of false positives and for better protection, Wallarm Nodes like New Relic agents share application metrics in exchange for an updated blocking ruleset. Wallarm Cloud crafts application profile, its structure, normal user behaviour—and updates corresponding blocking rules every 15 minutes using machine learning. Updated blocking rules are distributed among all the Wallarm Nodes. 3. A built-in vulnerability scanner discovers security flaws in an application and checks the actual severity of each payload detected in attacks (is it targeting existing vulnerability?) allowing to prioritize company defensive efforts.
The only case when we're receiving the data from the request when we detect a malicious request. We need this request to show analytics in the user interface and get a payload to check if it's targeting vulnerability. To avoid situations when we get sensitive data with attacks details, it's possible to configure Wallarm Node to cut all the data from sensitive fields (cookies, password, SSNs, etc.). We have companies with HIPAA certificates.
Look at: https://wallarm.com/how-it-works.html