Artificial Intelligence for Web Application and API Security
OGO Security’s Web Application and API Protection (WAAP) service is based on Artificial Intelligence and behavioral analysis technology to protect the use of your web applications.
OGO’s IA WAAP engine is based on 3 fundamental principles:
- High performance: The analysis must not degrade the quality of service of the site by adding analysis time to the response time of the site.
- Explicability: The decisions made by the engine are documented and explicit.
- Adaptability: It is possible to manually configure the engine’s behavior with intelligible parameters to handle all special cases.
Although the engine is tuned for optimal efficiency, cybersecurity experts will be able to configure each sensor/actor in the engine individually. The Expert mode, with over 100 parameters, allows you to get the most out of the OGO engine in very specific contexts.
Zero Rules is the real-time automation of security policies adapted to each web application protected by OGO, while strongly limiting false positives (0.001%).
OGO is based on a 3-stage Expert System approach:
- Reflex Lobe: In charge of detecting anomalies and attack signatures, this stage must answer the question: Is this request acceptable?
- Empathy Lobe: By modeling the user’s behavior in real time, this stage seeks to establish whether the user is human and sincere.
- Learning Lobe: Real-time learning of the « typical » user profile of a site.
By the very principle of its operation and the application of human behavioural algorithms on the analysis of the web flow, the solution automatically distinguishes human traffic from non-human traffic.
This particularity of OGO Security’s concept allows it to quickly recognise the benevolent bots, to display them and to block any malicious bot attempting a scrape or a DDOS for example.
In addition, the interface allows you to simply set up whitelist exceptions for specific IPs generating non-human traffic.
As soon as your web application is provisioned on one of our platforms, OGO generates an SSL certificate without human intervention or administration.
The certificate is automatically renewed every two months, thus increasing the security level of your application.
The interface allows those who wish to upload their own certificate, while keeping the OGO certificate as a backup. OGO’s SSL Labs rating is grade A.
IPV6 & HTTP / 2
Full support and optimization for any network context:
The Average Decision Delay of the WAF Engine is a key performance indicator. This measures the average delay between the request reception by the WAF proxy and the forwarding to the backend site.
Most WAF solutions protecting against OWASP top 10 are showing an Average Decision Delay around 100ms.
In order to ensure a negligeable impact on protected sites performance, OGO is using a very optimized processing engine in order to keep this delay below 10ms. On the current OGO platform, an average of 5ms is measured.
OGO is also a performance oriented reverse proxy. As such, OGO provides the same connection performance optimization as advanced CDNs.
OGO transforms the big, messy Internet side connections from users – often coming from Mobiles and Wifi networks – into a clean HTTP/2 optimized stream toward the origin servers.
The origin servers are more efficient and the Users are better served even at higher load rates.
A unique dashboard to manage your protection
The reporting of the solution is done via our dashboard with the following features
Every month, our customers receive an activity report on all web applications protected by OGO.
The management of the solution is done via our dashboard with the following functionalities:
All these features are available on the OGO API.
It is therefore possible to create exceptions on IPs or URLs, to create access or redirection rules, as well as to set the sensitivity of the AI by category.
SOC / SIEM Integration
From the outset, the OGO solution was developed to address the issue of the explicability of decisions made by its Artificial Intelligence.
For each of its customers, or for each of the protected applications, OGO provides logs that can be accessed in the dashboard or by API.
These logs include the various elements, criteria and variables that led to the decision being made. They provide information on the types of attacks blocked or on malicious/abnormal user behavior.
Our logs can therefore be easily sent to a SIEM and used to anticipate attacks on a larger scale.
SaaS / On-Premise
The solution is available in SaaS mode (commonly known as the « main cluster ») thus freeing our customers from the management and monitoring of servers, CPUs, etc.
However, it is also possible to implement a solution within a customer’s infrastructure or within an MSSP. This is known as a Satellite Cluster.
The flexibility of the solution allows web applications to be provisioned both in the main cluster and in one or more satellite clusters (Hybrid Solution).
All provisioned sites are accessible from a single dashboard.
FR / RGPD
OGO Security offers a trusted sovereign solution: