Web Application Firewalls (WAFs) do not work for API traffic. Requests that are sent over APIs often contain complex application-specific data which are hard to codify with rules - especially if you are using a legacy solution or ruleset. Furthermore, as the pace of development and continuous releases have become the industry standard, the cost of maintaining WAFs has sky-rocketed.
If you are aiming to protect complex web applications or APIsour solution is the best fit for you.
Spherical has a false positive rate of as low as 0% in structured APIs, to as high as 0.5% in highly irregular API traffic (including requests with natural language components - like a chat app).
In the CSIC2010 WAF Benchmark, Spherical performs extremely favourably against off the shelf Web Application Firewall Solutions, including ModSecurity (core ruleset) - as seen below.
Solution | False Negatives | False Positives |
ModSecurity CRS | 23.93% | 65.68% |
Spherical Defence | 3.15% | 0.5% |
For a limited time, Spherical costs $1 per hour for a smaller instance, and $2 per hour for a larger instance.
If you are using Amazon Web Services, you can get up and running within 1 minute. If you also already have a data stream ready, you can get a trained security model within 4 hours. To do this, follow these instructions:
Unfortunately not at the moment, although these deployment options are under active development.
Spherical works best on APIs that have a regular internal structure. The less structure there is in a request, the less effective Spherical will be at detecting attacks in it. For example, the following request will be hard to learn from, because there is minimal internal structure:
{"encoded" : "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcy="}
Additionally, Spherical Defense is also less effective in the case of API traffic with highly imbalanced endpoints. If one endpoint is hit a million times less frequently than another, it will be less effectively protected.
An example of an API request that Spherical Defense will learn well from is as follows:
{"method": "POST","url": "/api/payment","body": {"expiry": "11/2020","number": "3112893758824764","cvv": "718"},"headers": {"Content-Length": "311","Accept-Language": "en-US,en;q=0.8","Content-Type": "application/json,*/*;q=0.1","Accept": "application/json","Accept-Encoding": "deflate","X-Forwarded-Port": "9490","Cookies": [{"vk": "O226kQr8-WC5P-gVll-bkRc-1aGv3bLW"}]}}