WebLoc is a security solution that allows organizations to protect their Web-based applications without changing the application code or the network infrastructure.

WebLoc is a Web-application firewall that is able to block both known and unknown attacks by using a unique set of positive models.

WebLoc analyzes all application traffic and uses a multi-model profiling technique to capture legitimate user behavior.

The behavior models are customized to the specific application being protected and are tailored to the application's internal logic.

When users interact with the application, their behavior is compared to the profile. If their activities deviate from the models in a malicious way, an alert is raised and, possibly, the request is blocked.

By using automatically generated profiles, there is no need for either attack signatures or pattern matching techniques to detect and block attacks. WebLoc also automatically adapts to application changes and updates its profiles accordingly.

WebLoc is based on the patent-pending "Anomaly Signature" technology, which provides attack aggregation and superior explanatory power. Anomaly Signatures give the System Administrator all the information necessary to understand which web-based application is being attacked and how.

WebLoc's Key Features

Positive Models

WebLoc uses sophisticated models to capture the behavior of web applications during a training period. These profiles are then used as the basis to develop a set of positive models that only let requests that fit the established profiles get through.

The profiles characterize the behavior of web applications using a composition of statistical models, temporal analysis, and structural inference. WebLoc stands out with respect to its competitors because of the sophistication of its models, which support precise characterization of the web application behavior. Therefore, both false positives and false negatives are eliminated.

Anomaly Signatures

WebLoc is based on patent-pending "Anomaly Signature" technology. Anomaly Signatures support the aggregation of similar attacks and provide accurate explanation of the type of attack.

Aggregation and characterization allow the system administrator to deal with groups of alerts with one single action, effectively reducing the time needed to deal with attacks.

Fine-grained Policy Control

Even though WebLoc is able to automatically derive the usage profiles for a web application, the administrator is able to modify and customize every aspect of the security policy. The administrator can also include additional ad hoc models to control the application's behavior.

Change Detection

Web applications are inherently dynamic. WebLoc is able to follow the evolution of web applications and is able to dynamically adapt its models to take into account application changes.

High-Performance Analysis

WebLoc uses high-speed analysis algorithms with optimized implementations to support real-time protection in high-throughput environments. WebLoc is able to analyze SSL-protected sessions without introducing any additional overhead.

Seamless Integration

WebLoc works with any web-based application and does not require any modification to the network infrastructure. WebLoc can be seamlessly integrated as a module into both Microsoft IIS and Apache. In addition, WebLoc can be deployed as an appliance that transparently monitors the network traffic.

WebLoc's management infrastructure is compatible with SNMP and UNIX-style logging.

Intelligent Management and Reporting

WebLoc components report their findings to a centralized management console, which allows the administrator to correlate attacks, provide feedback on anomalous activity, and selectively drill down for the information that is relevant to the attack.

WebLoc's unique reporting style presents a set of representative normal queries to the administrator as supporting evidence for the abnormality of a suspicious request. The system administrator can therefore make a decision even if he/she is not familiar with the internals of the web application under attack.

Web Services and Ajax Protection

WebLoc is able to learn how web services are accessed and is able to correlate service access to Ajax-enabled client-side code to protect against service abuse.

Response-aware Analysis

WebLoc is able to correlate requests with responses to identify anomalous application behavior and the leaking of sensitive information, such as credit card information and social security numbers.