Cequence Security Expands Its Security Platform with CQ appFirewall

New security module leverages the platform’s CQAI analytics engine to bring much-needed innovation unavailable in legacy web application firewalls

Cequence Security, a provider of innovative application security solutions for today’s hyper-connected enterprises, today announced it has expanded the capabilities of its Application Security Platform with a new security module - CQ appFirewall. This new module will leverage the intelligence of CQAI, the patented analytics engine within the platform, to automatically detect and defend against attacks that exploit known and unknown application vulnerabilities – and even eliminate the need for WAF signatures.

The Cequence Application Security Platform, originally launched in November 2018 with CQ botDefense, leverages the application intelligence generated by CQAI to detect and defend against automated attacks that appear to be legitimate as they target the application business logic itself. CQ appFirewall takes full advantage of the same application intelligence to provide non-stop security, even with continuous application updates and modifications by DevOps teams. CQ appFirewall will complement CQ botDefense to deliver comprehensive application security that is effectively “baked in” to the web, mobile, and API-based application tier.

“We actually solved the hardest security problem first, stopping malicious bot attacks with our initial module, CQ botDefense,” said Ameya Talwalkar, Chief Product Officer and co-founder of Cequence Security. “With CQ appFirewall, we have significantly extended the platform’s value with innovations that overcome the inherent security limitations of traditional WAFs. When customers deploy both security modules, the platform will not only prevent attacks targeting their web, mobile, and API-based applications, it will also help eliminate unwanted application traffic on their network.”

CQ appFirewall includes support for OWASP Top 10 and PCI DSS Section 6.6, which address basic vulnerability protection and compliance requirements that customers expect from their WAF. But the new Cequence Security module goes well beyond that with several important innovations:

  • Discover - Automatic discovery of all web, mobile, and API-based applications that could be targeted with targeted attacks that exploit application vulnerabilities. This eliminates the need to continually monitor and update traditional application and threat signatures. In addition, it provides discovery and lockdown of misconfigured applications that should not be exposed to the Internet.
  • Detect – Leverages the multi-dimensional analysis of CQAI to fully understand normal application transaction, also known as syntactic behavior, and creates a unique profile between external clients and the customer’s web, mobile, and API-based applications. Any abnormal transactions – including those targeting zero-day vulnerabilities – are automatically detected and blocked, without the need to create a new WAF signature.
  • Defend – In addition to block and alert as response options, CQ appFirewall allows customers to defend against attacks using rate-limiting, geo-fencing, and deception techniques that convinces the bad actor the attack was successful, when in fact it wasn’t.

The need for these advanced features was recently validated in a report Cequence Security published with Ponemon Institue and based on data collected from WAF users in nearly 600 US organizations. “The research clearly reveals WAF dissatisfaction in three areas,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “First, organizations are frustrated that so many attacks are bypassing their WAFs and compromising business-critical applications. In addition, they’re experiencing the pain of continuous, time-consuming WAF configuration and administration tasks. Lastly, they’re dealing with significant annual costs associated with WAF ownership and staffing.”

“We’ve definitely addressed the security concerns raised in that report,” said Shreyans Mehta, CTO and co-founder of Cequence Security. “In addition, by combining AI-driven bot defense and application firewall capabilities within the same platform and a single pane of glass for management, we’re enabling our customers to reduce architectural complexity and improve staff productivity. And the open architecture of the platform makes it easy to share relevant data with other security tools, such as SIEMs or anti-fraud systems.”

A recent report from Gartner states: “Considering the range of exploits and abuse that can occur with web and mobile applications and web APIs, technical professionals must leverage a mix of externalized security controls to deliver appropriate protection and alleviate burdens to development staff.” (Report available to Gartner subscribers: Protecting Web Applications and APIs From Exploits and Abuse, Frank Catucci, Michael Isbitski and Ramon Krikken, April 24, 2019)

Pricing and Availability

The CQ appFirewall solution includes the underlying platform, CQAI analytics engine, CQ Insight management application, and CQ Connect for sharing information. The annual subscription price is based on the number of transactions processed by the solution, which can vary significantly by customer. Controlled release and beta testing begin next month, with general availability in Q4 2019. Please contact Cequence Security for more details.

Featured

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • The Progress of Biometrics

  • Next-Gen AI for Smart Cities

    The future of smart city technology is not being shaped in Silicon Valley — it is taking root in Dubuque, Iowa. With a population of about 60,000, this mid-sized city has become a live testbed for AI-driven traffic management thanks to a unique public-private collaboration led by Milestone Systems. Project Hafnia demonstrates how cities can transform urban mobility and safety through Responsible Technology—without costly infrastructure overhauls. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.