Public Relations

Asgent Launches WAAP Solution to Improve Cloud Security

June 8, 2023
Asgent, Inc.
(TSE Standard ・Code No. 4288)

  Asgent Inc. (President & CEO: Takahiro Sugimoto, Tokyo), a provider of network security, has signed a distributor agreement with Radware Ltd. (Location: Israel, Chief Executive Officer and President: Roy Zisapel, "Radware") and will start providing Radware's WAAP solution.

[Cloud penetration and the need for WAAP]
   Many web service platforms are being considered for migration from on-premises to the cloud. Advantages of moving to the cloud include lower initial costs and shorter system construction periods. For the same reasons, demand for Web APIs is also increasing, and many Web services are using them.
   With these changes, security needs have also changed. Gartner has been advocating Web Application and API Protection (WAAP) as a next-generation web security concept since 2017.　WAAP includes the basic functions of a Web Application Firewall (WAF), plus API protection (REST API and SOAP APIs), DDoS protection (to protect web applications from large-scale processing requests), and bot protection (to identify malicious bots and block harmful communications).

[Radware's WAAP Solution]
   With this in mind, Asgent is pleased to announce the availability of Radware's WAAP solution. While most WAF vendors use a negative security model that uses signatures to block known attacks, Radware's WAAP solution uses not only a negative security model but also a positive security model that learns legitimate traffic and blocks unusual access. ^*1 By employing these two models, Radware's WAAP solution addresses both known and unknown attacks, and has a proven track record of blocking critical vulnerabilities such as "Log4Shell" and "Spring4shell" from the first day the attacks were observed.
   Radware's WAAP solution is offered as a cloud service and consists of two services.

Cloud Application Protection Services (WAF, API protection, bot prevention)

• By employing both negative and positive security models, known attacks are detected and prevented through signature-based and unknown attacks through policy creation using machine learning.
• Defended against all OWASP Top 10 attacks^*2.
• IP-independent source tracking protects against web scraping, DDoS attacks/Web DDoS attacks, brute force attacks, etc.
• Detect harmful bots using a unique machine learning-based approach.
• Detailed analysis of various types of non-human traffic, including search engine crawlers and malicious bots.
• Detect and block highly human-like bots in real-time using API or Out-of-Path mode (Scrubbing Center solution)

Cloud DDoS Protection Services

• Unique behavior analysis functionality distinguishes between legitimate and illegitimate traffic to protect the network layer (L3-4) and application layer (L7) against DDoS attacks.
• It supports not only various types of DDoS attacks at the network and application levels, but also circuit saturation attacks and SSL-based DDoS attacks, which have been increasing in recent years.

Asgent plans to begin selling Radware's WAAP solution in phases starting in June 2023, aiming for sales of 500 million yen in three years.

*1 Log4Shell: Critical log4j Vulnerability
     Spring Hell: CVE-2022-22965 (Spring4Shell)
*2 OWASP Top 10: The 10 most dangerous web vulnerabilities announced by the Open Web Application Security Project (International Web Security Standards Organization). The top 10 vulnerabilities are announced in the security reports issued periodically (2-3 years cycle).

*Company and product names are the trademarks or registered trademark of the respective companies.

*A translation system is used to translate our press releases into English. In the event of any inconsistencies between the original Japanese text and its translated version, the former shall prevail.