Cyberlytic news

AI for Web Application Threats

On Thursday 12th October 2017 IBM issued an advisory notice, informing of an aggressive local file inclusion attack trend that is botnet oriented, enabling security teams to implement appropriate protection against their webservers and prevent this botnet-induced command injection attack targeting businesses and organisations globally.

The attack was delivered via an automated scanning tool, with the intention of executing malicious code on the web server itself.  This was a reconnaissance attack with the intention of identifying a vulnerable server to further escalate the initial compromise and increase the severity of the next stage of attack.
 
The attack was detected on one of our Customer websites on 29th September 2017, demonstrating adequate protection, two weeks prior to IBM issuing their advisory guidance.

Profiler_171016_111737.png#asset:448

For this customer, the Profiler determined the attack was low risk, as the target web server on this occasion was not vulnerable to this exploit. If the target web server had been vulnerable to this attack, then the Profiler would have immediately detected and raised an alert for the security team to initiate their incidence response process. With traditional web application firewalls, the attack would not have been detected, as it would have been more than likely that there would have been no specific rules crafted in place to detect it. Companies relying on such tools can only use reactive measures for protection, creating the regex rules only after it has been discovered.
 
Once again, the Profiler has proven its ability to detect new or sophisticated attacks that would traditionally overlooked by conventional web application firewalls, which rely on up-to-date rules.
 
To start your free Profiler trial, contact sales@cyberlytic.com 


About the Profiler:
Cyberlytic’s advanced web application security software uses AI to deliver advanced threat detection and prioritisation of web-injection attacks. 
Originally developed for the UK Ministry of Defence and GCHQ, Cyberlytic’s software uses machine learning to classify attack data, identify threat patterns and detect anomalies.  By analysing web server traffic in real-time, the Profiler detects and immediately determines the sophistication, capability and effectiveness of each attack.  This information is translated into a risk score to prioritise incident response.


Cyberlytic’s patented classification approach is more effective at detecting sophisticated attacks than traditional, signature-based security solutions and adapts to new or evolving threats without requiring any manual intervention.