Skip to main content

AppSec-nginx

Check Point's AppSec-Nginx is part of the CloudGuard AppSec solution that provides protection for web applications and APIs that are based on Linux. This solution focuses on eliminating the need to manually adjust security rules and write exceptions every time an update is made to the web application or APIs, which represents a significant advantage in terms of efficiency and security.

CloudGuard AppSec can be deployed as an add-on to NGINX, providing protection to any application or API served by the NGINX Reverse Proxy. This configuration gives administrators the flexibility to manage all aspects of NGINX on their own. The use of this open technology and the open source code provided by Check Point facilitates its integration and customization.

In addition, CloudGuard AppSec integrates seamlessly into Kubernetes environments, protecting vulnerable applications and APIs running in these environments. It integrates with the most popular NGINX ingress controller, and acts as a secure HTTP/S load balancer for one or more services within Kubernetes clusters.

Check Point's CloudGuard AppSec uses advanced machine learning techniques to provide robust threat protection for web applications and APIs. The solution implements two machine learning models:

  1. Supervised model: This model is trained offline with millions of requests, both malicious and benign. This allows the system to learn from a wide variety of traffic patterns and attack behaviors.

  2. Unmonitored model: This model is built in real time in the protected environment, using environment-specific traffic patterns to adapt and respond to emerging threats more effectively.

In addition, CloudGuard AppSec employs a patented, patent-pending contextual AI engine. This engine learns how an application is typically used, profiles the user and application content, and scores each request accordingly. This approach helps to identify and mitigate threats more precisely, tailored to the specific use of the application.

CloudGuard AppSec also uses Contextual Learning to detect and prevent attacks. This approach is based on a three-phase model for attack detection and prevention:

  • Phase 1: Payload Decoding - This phase involves a thorough understanding of the underlying application protocols that are constantly evolving, which is crucial for effective machine learning.

When inspecting HTTP requests, the CloudGuard AppSec Contextual Learning model achieves different levels of learning. Each level represents the maturity of the learning model and helps you understand what you need to reach the next level. It also indicates when it is time to switch from learning/detection mode to prevention mode.

The solution also includes an application firewall based on contextual learning, which is capable of preventing the top 10 OWASP web application security risks and advanced attacks. This patented engine protects against advanced and zero-day web attacks by running a three-stage analysis of HTTP web requests and delivering an accurate verdict.

In short, Check Point's CloudGuard AppSec innovatively integrates machine learning and contextual AI into its security architecture, offering an adaptive and advanced approach to protect web applications and APIs from a variety of cyber threats and attacks.