Announcing WAF Attack Score Lite and Security Analytics for business customers

Radwa Radwan
6 min readbeginner
--
View Original

Overview

Cloudflare has introduced WAF Attack Score Lite and Security Analytics for Business plan customers, expanding the capabilities of their Web Application Firewall (WAF). These features enhance attack detection and mitigation through machine learning, providing users with insights into their HTTP traffic and the ability to create custom rules.

What You'll Learn

1

How to utilize WAF Attack Score Lite for improved security analytics

2

Why machine learning enhances attack detection in WAFs

3

When to implement custom WAF rules based on attack classifications

Prerequisites & Requirements

  • Understanding of web application security concepts
  • Familiarity with Cloudflare's WAF and dashboard(optional)

Key Questions Answered

What is WAF Attack Score Lite and how does it work?
WAF Attack Score Lite is a feature that uses machine learning to classify incoming HTTP requests into categories such as Attacks, Likely Attacks, Likely Clean, and Clean. It enhances security by detecting SQL Injection, Cross Site Scripting, and Remote Code Execution attacks, allowing users to create custom rules for mitigation.
How does Security Analytics improve visibility over HTTP traffic?
Security Analytics provides a comprehensive dashboard that displays all HTTP requests, regardless of whether they match rules. This feature helps users investigate false negatives and refine their security configurations, enhancing overall visibility into traffic patterns.
What types of attacks can the machine learning model detect?
The machine learning model is optimized to detect three main types of attacks: SQL Injection (SQLi), Cross Site Scripting (XSS), and various Remote Code Execution (RCE) attacks. These categories account for over 24% of mitigated layer 7 attacks in the past year.
What steps are involved in deploying WAF Attack Score Lite?
To deploy WAF Attack Score Lite, users need no action as the HTTP machine learning inspection rollout will automatically start for Business plan customers. Users can then view attack analysis in Security Analytics, which does not block traffic until custom rules are created.

Key Statistics & Figures

Number of records in CVE program
over 197,000
This statistic highlights the vast number of vulnerabilities that web application owners must contend with.
Percentage of mitigated layer 7 attacks represented by SQLi, XSS, and RCE
over 24%
This figure indicates the prevalence of these attack types, underscoring the importance of effective detection mechanisms.

Technologies & Tools

Security
Waf (web Application Firewall)
Used to protect web applications by filtering and monitoring HTTP traffic.
AI/ML
Machine Learning
Employed to detect unknown attacks and enhance the accuracy of threat classification.

Key Actionable Insights

1
Utilize the WAF Attack Score Lite feature to classify incoming traffic effectively.
By categorizing requests into attack classes, you can better understand threats and tailor your security measures accordingly.
2
Leverage the Security Analytics dashboard to investigate traffic patterns and refine rules.
This tool allows you to identify false negatives and adjust your security configurations, enhancing your overall defense strategy.
3
Create custom WAF rules based on the attack classifications provided by the machine learning model.
Implementing these rules can significantly mitigate potential threats and improve your web application's security posture.

Common Pitfalls

1
Failing to create custom rules after enabling WAF Attack Score Lite can lead to unmitigated threats.
While the detection feature provides insights, it does not automatically block malicious traffic. Users must actively create rules to enforce security measures.

Related Concepts

Web Application Firewalls
Machine Learning In Security
Attack Detection And Mitigation Strategies