What's New in SigSci - RSA 2018 Edition!

Andrea Swaney

Andrea Swaney is the Director of Strategic Partnerships. She has spent the last 10 years with security startups in leadership roles including Sales, Business Development and Alliances. When not working to secure the web, Andrea is likely to be found reading about or drinking wine, or on a vineyard somewhere in California or France.

RSA is finally here! We had to wait an extra 2 months - remember it was in February last year? Well, it is good to see you. You all look great.


First up...

Patent!

Our patent for our module-agent architecture was granted. This split architecture allows us to get installed in blocking mode where other WAFs and RASPs can’t. Our agent does quick detection, working closely with our cloud for smart, out of band decision making. If the agent detects something that the cloud has already told it to block or allow, it takes action immediately. If it doesn’t yet have enough data, it sends sanitized request details to our cloud until thresholds are met.


Other WAFs and RASPs have to make decisions in-line to the request, which sacrifices accuracy. In-line detection has to be as fast as possible because it’s holding the request hostage before it gets to the app. Instead, our software agents capture important detection data from the request and send to our cloud to make a decision. This allows for fast detection to occur, but accurate decisioning to happen out of band where it doesn't affect your app. We provide all the details in the dashboard of why we made a decision. Engineers like data, and it gives them confidence to move into blocking mode - which 95% of customers have done for their production sites for all attack types!


Network Effect!

We value our customers and believe that our customers can get value from one another. This is the whole reason behind Network Effect, which is a way to crowdsource attack prevention. Our goal is to identify potential threats elsewhere in our customer network before they become malicious on your site. We’ve been busy building the backbone for Network Effect and are excited to be exposing this capability to our customers! You’ll find this on the Suspicious IP card on the main overview page. The “Network Effect” signal with a shield will be visible if we’ve already flagged it as malicious in the network. You’ll be able to investigate further to determine whether to take action. Longer term, we’ll be building in the functionality to define and automate actions on these Network Effect flagged IPs.

network effect


Signal Visibility

With Signal Visibility, you can easily dream up any transaction via our UI that you want visibility into. Create a signal and dashboard for your new signal, along with an optional action, like blocking or allowing the request through.

signal visibility

Advanced Filtering


Advanced Filtering enables you to easily block or allow traffic using complex conditions like paths, hosts, methods, and more.

A use case: Block external access to admin pages.

advanced filtering


Geolocation


Geolocation now allows you to easily block, allow, or tag requests from specific countries.

geolocation

IP Anonymization Aids GDPR Compliance

In accordance with upcoming E.U. General Data Protection Regulation (GDPR) requirements, we’re announcing support for the ability to anonymize IP addresses, since IPs can be deemed personally identifiable information. Remember, we only collect IP data when we see something malicious, anomalous, or suspicious, which is on average around 1% of traffic that goes to our cloud. Read more about this in our docs. This is one of the many steps you may need to take in sifting through what GDPR means for your business, so be sure to check with your legal advisor.

Getting started: simply enable IP Anonymization within Site Settings.

ip anon1

This is how IPs will appear on the flagged list once anonymization is enabled.

ipanon2

Drilling in a bit further, you’ll see request details that show what path the attack targeted, as well as browser information and response data.

ipanon3

HA-Y, Another Platform! (HA Proxy)

Signal Sciences is constantly listening to our customers’ requests for additional platforms. And due to that clever agent-module patented architecture we talked about earlier, it’s really quick and easy to create support for other platforms. HA Proxy (version 1.7.2 and later) is now supported! Check out our install docs here.

Immediately Patch Known CVEs

We want to provide you with the ability to apply patches quickly when CVEs are released. One-click virtual patching via our UI lets you protect your applications from published vulnerabilities even before you can patch your software.

cve

You can always work with our Professional Services team to create and enable customized blocking capabilities for other vulnerabilities.

Summary

So a patent, enhanced application logic visibility and blocking, new platforms, geolocation restrictions, IP anonymization, and virtual patching--it’s been a very productive few months. We can’t thank our customers enough. We’re excited for what’s ahead - stay tuned for some exciting partnership information around Verisign, Kong, and others in the coming weeks and months!


As always, learn more at www.signalsciences.com.