Behavioral Analysis Counters Evolving Threats
xyberShield’s Behavioral Analysis and Correlation Engine (BACE) sets a new standard in protecting web applications from attack. Our design team created BACE specifically to address the malicious probing process inherent in hacker behavior. In conjunction with known threat signatures and rules, BACE makes xyberShield the most complete web application security solution available.
BACE uses a sophisticated set of algorithms to evaluate every user session, correlating all the data it collects against evolving statistical norms for each individual user and individual application on your site. BACE analyzes behaviors including duration, repetition, recurrence and navigation patterns, as well as HTTP header content.
BACE analyzes and profiles website traffic in real time, distinguishing between normal and suspicious traffic. Suspicious traffic is subjected to in-depth monitoring and inspection and blocked when it’s determined to be a threat. Normal traffic, which accounts for over 95% of a typical website’s volume, is inspected but flows through without restriction or delay.
BACE is part of the xyberShield system that runs in each xyberShield regional data center. Each data center monitors traffic on assigned customer websites, via the xyberShield script installed on those sites. The script sends session data to the regional data center, where it’s compared to known threats and run through BACE – but it’s important to note that xyberShield does NOT store any personally identifiable information.
xyberShield’s combination of behavioral analysis and known threat signatures and rules makes our product highly effective against the top OWASP vulnerabilities, other known vulnerabilities, and zero day attacks. When a hacker develops a new attack or a variant of an existing attack, BACE recognizes the behavior underlying the attack, and can block the attack before it is successful. Since xyberShield is a SaaS solution, the signature of the new attack is shared across xyberShield’s worldwide network in real time, benefitting all our customers. In contrast, traditional WAFs struggle to handle zero day attacks because WAFs rely on signatures and rules, which require substantial time to develop, distribute, and implement.