In recent years, with the rapid development of the mobile Internet, a variety of application forms such as APP, H5, and applets have been born, and more enterprise core businesses and trading platforms have increasingly relied on these new applications. At the same time, more and more third-party API interfaces are being called, and the web exposure risk and risk control chain brought by API services are constantly expanding, which is no longer within the scope of protection of traditional WAFs. Although WAF products have been relatively mature through years of development, their detection and response capabilities to complex threats still need to be further improved, and the product concept of a new generation of WAF has begun to be proposed.
In order to better explore the application value and development direction of the new generation of WAF, Security Bull cooperated with 7 domestic WAF product R&D and application representative manufacturers such as Ruishu Information to launch the research work of the "New Generation WAF Technology Application Guide" report, starting from the current web application protection needs of enterprises, and giving suggestions for the deployment and selection of new generation WAF products based on the user's system application characteristics. On December 19, the report was officially released. Wu Jiangang, Director of Information Technology of Ruishu, was invited to participate in the online press conference held on the same day, and shared the practice and exploration of Ruishu Information in the process of building WAAP solutions in combination with the theme of "Multiple Protection and Dynamic Integration".
Multi-protection and dynamic integration—Swiss-digital WAAP solution
Wu Jiangang is the director of information technology of Ruishu.
According to Wu Jiangang, since the beginning of this year, more and more enterprises have encounteredZero-day vulnerabilitiesAttackers exploit vulnerabilities in software to gain unauthorized access, encrypt and manipulate enterprise servers, and use them as extortion chips, causing huge losses and business interruptions to enterprises.
According to statistics from the Identity Theft Resource Center (ITRC), zero-day exploit attacks are on the rise, with the number of attacks increasing by 1,620% in the first three quarters of 2023 compared to last year. A series of security incidents caused by zero-day vulnerabilities have aroused widespread concern and panic among enterprises, and also exposed the vulnerability of network security and the inadequacy of enterprises in the face of emerging threats.
At the same time, with the development of enterprise business in the direction of polymorphism, in addition to traditional ** business, various ports such as APP, applet, H5, and API are further enriched, which also continues to increase the risk exposure. EspeciallyApps and appletsBecause the development is relatively simple and fast, its security protection is not as detailed as traditional security protection, so it has become one of the main attack targets.
Wu Jiangang introduced that in order to reduce the cost of attack, attackers often try to bypass the restrictions of APP and applet on the client and directly launch attacks on the API interface.
For traditional web security, the defense method pursues static "absolute security", and it is difficult to withstand the test of malicious attacks in the whole life cycle. As the application security architecture continues to evolve, a new set of security challenges arise.
Among them,Business and datais becoming a prime target for cyberattacks. For example, when providing services to customers, enterprises usually provide registration and login interfaces, which are exposed to the risks of bulk registration, credential stuffing, and brute-force attacksWhen providing services, it will face the risk of being maliciously crawled with information and sensitive dataWhen conducting ** transactions, there is a risk of false transactions and transactions being tampered with;When carrying out online marketing activities, it will also face the risk of malicious seizure of marketing resources, wool gathering and other hazards of varying degrees.
With the continuous development of new technologies, attack methods will also be dynamically upgraded, and the above risks are often labeled as "legitimate", using tools to simulate legitimate business operations, which is more hidden. At the same time, the extensive use of automated tools makes cyber attacks more efficient and scalable, coupled with the characteristics of multi-source and low-frequency, making it difficult to identify and protect traditional security such as firewalls.
According to Wu Jiangang, more than 90% of security attacks worldwide are caused by:Automated attacksMore than 90% of the attack traffic is initiated by automated tools, and more than 50% of network traffic is initiated by automated tools. With the continuous improvement of the technical level of network attacks, the attack characteristics have become more and more hidden, and it has evolved from the initial attack on known vulnerabilities to the support of advanced automated attacks, automation + black market resource library and other technical means to hide machine characteristics and malicious characteristics. In addition, through intelligent AI technology, traditional protection methods based on rule databases, signature databases, traffic learning, reputation databases, and threat intelligence can be bypassed, so that passive defense faces a "failure" situation.
In view of the increasingly severe network security situation, Wu Jiangang believes that it is more necessary to change passive response to active defense and implement active defense, which requires a more comprehensive perspective on network security issues, and rely on the mutual cooperation between various technologies to be aware of the application and system security.
gartner**
In 2026, 40% of enterprises will choose WAAP solutions based on more advanced API protection capabilities, and more automated risk detection and anomaly detection capabilities will attract industry attention.With the continuous evolution of next-generation application security WAAP capabilities, the future application security trend will be the WAAP application security convergence platform. In this regard, Wu Jiangang said that the WAAP solution of Ruishu Information has built the ability of unified protection of all business channels, which not only realizes the unified management of web applications and APIs, but also carries out multi-dimensional unified protection, and builds an application security defense system from multiple dimensions such as web application security protection, DDoS attack defense, bot management to API security protection, etc., so as to escort enterprise business continuity and data security.
On the whole, the WAAP solution of Ruishu Information collects and integrates the omni-channel business for unified protection, accurately traces the source of attacks through device fingerprints, full access records, client collection, and behavior analysis, and uses vulnerability hiding, attack blocking, etc., to provide comprehensive protection for the Web, H5, APP, applet, and API, so as to achieve asset exposure convergence. At the same time, it fully protects against multiple attacks such as WAF, BOT, DDOS, and APIs, and finally realizes joint prevention and control between different business channels and other security products.
In response to the increasingly fierce automated attacks, Ruishu Information continuously changes the content and behavior of the target system through a series of dynamic security technologies, including dynamic verification, dynamic encapsulation, dynamic token and dynamic obfuscation, etc., to prevent attackers from finding breakthroughs and improving the behavior of the target system, thereby increasing the difficulty of attacks and making attackers unable to start.
In addition, Ruishu Information also integrates dynamic security technology and AI technology, covering AI technologies such as machine learning, intelligent human-machine recognition, intelligent threat detection, holographic device fingerprinting, intelligent response, etc., to record all request logs from the client to the server, continuously monitor and analyze traffic behavior, achieve accurate attack positioning and traceability, and conduct deeper analysis and mining of potential and more hidden attack behaviors, so as to more accurately and continuously resist automated attacks brought by malicious crawlers.
At present, the WAAP solution supports local, cloud and SaaS and other multi-form deployments, as well as a variety of business access channels such as WEB, APP, API, WeChat, and applets, and has more than 1,000 leading benchmarking and key infrastructure enterprise customers, with a wide user base covering many industries and fields such as telecommunications, finance, medical care, education, power and energy, and the Internet.
In the past two years, with the outstanding achievements made in the field of API and data security in recent years, its technical strength and market performance have been recognized by international authorities. In September this year, Ruishu Information was selected as a representative vendor in the API field of Gartner in ChinaIn November, Ruishu Information was listed as a representative manufacturer in China's data security market by IDC, and was included as a representative technology provider in the two hot fields of anti-ransomware + anti-crawler.
At the same time, Ruishu Information has become the first batch of security vendors certified by "Cloud Native API Security Capability" and "WAAP Capability" in China, and deeply participated in the compilation of the "Cloud Native Security Capability Requirements Part 1: API Security Governance" standard initiated by the China Academy of Information and Communications Technology, providing reference for cloud service providers and enterprise users to build cloud native API security governance capabilities. In August this year, Ruishu Information also co-authored and released the "WAAP Development Insight Report on the Cloud (2023)" with the Institute of Cloud Computing and Big Data of the Chinese Academy of Information and Communications Technology, which shows the strong strength of Ruishu Information in comprehensive fields such as API and WAAP.
In the era of AI and large models, the confrontation between cyber security attack and defense is escalating. For the future of Rich Data Information,
Wu Jiangang saidFrom the perspective of forward-looking technology, Ruishu Information will continue to carry out security technology innovation, consolidate the foundation of application and data security, and build a new generation of active defense security system for enterprise users in the intelligent era.