Traditional technology wisdom has long held that many attacks can be prevented at the network perimeter with tools like Web application firewalls (WAFs). Convinced there is a better way, Immunio this week announced the general availability of its technology that embeds security directly into applications.
Zaid Al Hamami, co-founder and CEO of the Canadian startup, explained to eSecurity Planet that his company provides a software-as-a-service (SaaS) offering that enforces real-time Web application security as a service.
Immunio embeds a small library into an organization's Web application. The library adds security instrumentation that provides a measure of visibility and control into potential security risks. Hamami sees his company's technology as an alternative to WAFs in many respects.
"We don't stop DDoS, but for everything else there is no need to use a WAF if you're using Immunio," he said.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Most WAFs are signature based, Hamami said, making them easy to evade. In contrast, Immunio's technology is not signature based and makes use of sensors that spread across an application listening for different elements and interaction.
One such sensor looks at the interaction between the application and the database, for example.
"Our sensor will look at every database SQL query and will know what normal statements should look like," Hamami said. "If the application has code that could be manipulated by a malicious third party, what happens is the minute the attacker tricks the application into sending a manipulated SQL statement, Immunio will detect that and intercept the query."
Immunio sensors detect attacks other than SQL injection, including common vectors such as cross site scripting, cookie and session manipulation.
Not Like a WAF
Immunio also works differently than a WAF in terms of deployment. Many WAF services require an organization to use the WAF service as a proxy, where DNS information is pointed to the service. In contrast, no traffic re-rerouting is required with the Immunio approach.
"Immunio is inside the application so you don't have to re-route traffic," Hamami said.
Once an Immunio agent is added to an application, the detection capabilities are already integrated by way of sensors. If there is an attack and a sensor detects an anomaly, a message is sent to the Immunio cloud API, which then triggers an alert on a user's dashboard.
If a company chooses to set up a policy to automatically block attacks as soon as an alert is triggered, Hamami said the agent will respond by providing an "unauthorized access" page to the end user. The system offers different types of potential remediation depending on the scenario, he noted.
At launch, Immunio is providing support for Ruby, Python and Java, with support for more languages to become available over time.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.