Why did we build another WAF?
Our experience with protecting multi billion dollar ecommerces taught us 4 things:
- Signature-based, ModSecurity WAFs are easy to bypass.
- Heuristics and Machine learning is a very powerful technology to combat hackers
- “One for all solution” will never work as good as a custom-build for specific client.
- Companies don’t have time and resources to manage their web security 24/7.
These experiences lead us to building Grey Wizard with three main ideas:
Machine Learning, A.I. and Behaviour Based Anomaly Detection that we’ve developed for past 5 years allow us to detect even unknown attacks or distributed brute force. GW WAF is also prepared for Zero-day exploits.
Custom build for each client
One-for-all solution rarely works as good as custom-build service. That's why around 90% of our WAF is tailored to clients specific needs and traffic characteristics. Static rules and patches from external providers like Magento or Wordpress represent only 10% of GW WAF.
Managed Service 24/7
WebSecurity is challenging and often requires constant monitoring. We understand, that our clients want to focus on their core business. That's why they tend to outsource 100% of their work to our Security Operation Center working 24/7.
How is Grey Wizard WAF is build?
How does Machine Learning and Behaviour Based Anomaly Protection work?
From the very beginning when a domain is connected to our infrastructure we model the traffic of our client using 63 different metrixes, for example: we make a detailed cookie analysis of each request, we measure the levels of similarities of requests, we measure the % of requests from TOR networks, etc Then when our software detects an anomaly we react to it after a deeper inspection. GreyWizard uses Captcha if it detects a BOT or simply blocks the IP in case of a detected hacker.
Currently 21% of our threats is detected by Machine Learning and Behavioural Based anomaly detection. The rest is captured by static rules, personalized rules and patches against zero-day exploits.
The GW service itself can be largely adapted to the client’s needs. Our cybersecurity experts analyze clients traffic characteristics and apply special measures if needed.contact sales