Gcore announced the launch of Gcore WAAP, its end-to-end web application and API protection solution. Leveraging advanced AI capabilities, Gcore WAAP integrates four powerful products in one solution: 1) Web application firewall (WAF): Delivers robust protection against OWASP Top 10 threats and zero-day attacks. Highly configurable with custom and advanced rules, heuristics, and behavioural analytics to detect and block malicious traffic before vulnerabilities are exploited. Includes device-level fingerprinting for enhanced security. 2) L7 DDoS protection: Mitigates application-layer DDoS attacks of any size with adaptive and behavioural protection. Monitors both regular IP and API traffic, using AI-based IP filtering, rate limiting, browser validation, and classification features to neutralise malicious traffic and maintain the availability of web applications. 3) Bot management: Distinguishes between legitimate users, good bots, and malicious bots to protect against automated attacks and fraud. Uses behavioural analytics, JavaScript challenges, CAPTCHA detection, session management, and browser validation to defend against threats like scraping, credential stuffing, and brute-force attacks. 4) API security: Leverages WAF and DDoS mitigation features to defend against targeted threats for enterprise-grade API discovery and protection. Employs proprietary ML-based IP filtering, AI-driven profiling with JA3 fingerprints, and heuristics-based behaviour adjustment to provide adaptive, robust defence against API vulnerabilities.
Stytch unveiled advanced device fingerprinting technology that allows developers to integrate fraud prevention into their applications
Identity platform startup Stytch unveiled advanced capabilities for its Device Fingerprinting technology that allows developers to integrate fraud prevention into their applications. Stytch Device Fingerprinting now includes supervised machine learning to detect and classify new devices to provide protection against zero-day threats, those too new to have been patched yet. The addition combines the precision of a deterministic approach to security with real-time insights from AI. Varying from traditional methods such as reCAPTCHA and web application firewalls, Stytch creates a unique, persistent fingerprint and threat verdict for every visitor. Unlike CAPTCHAs, the solution is completely invisible to users and detects bots and fraud with 99.99% accuracy, eliminating the need for security tools that add friction to the user experience. Stytch Device Fingerprinting also differs from existing solutions with built-in protection against reverse-engineering and network spoofing techniques or tools such as CAPTCHA-solving API services, AI-based vision models such as GPT-4o, and click-farms. The new capabilities include intelligent rate limiting, which uses predictive analysis of device, user and traffic sub-signals to detect unusual traffic volumes and apply precise rate limits. By leveraging precision fingerprinting, it ensures legitimate users are not restricted and adapts to new attacker profiles in real time.
Intezer’s Autonomous SOC platform uses unique AI models to simulate human analysts’ decision-making process
Intezer, an AI-powered technology provider for autonomous security operations has raised $33 million in Series C funding, bringing its total capital raised to $60M. Intezer’s Autonomous SOC platform uses unique AI models to simulate human analysts’ decision-making process, effectively functioning as an extension of the security team. Intezer integrates with the customer’s existing security tools to automatically investigate endpoint alerts, SIEM alerts, user-reported phishing, and more. Intezer’s platform triages new alerts in two minutes, automatically resolves false positives, and escalates only 4% of alerts to the SOC team with clear findings and recommended incident response actions, leading to faster response times for critical threats.