Attack Prophecy® is the most advanced system for the detection and protection against web attacks. It automatically learns the legitimate (normal) traffic profile by observing its live traces and works in three steps.

• Learn the profile of legitimate traffic
• Detect anomalous events to highlight computer attacks
• Protect web services according to the detected anomalies

Forget the Web applications vulnerabilities Traditional Firewalls and Intrusion Detection Systems can do nothing in terms of protecting Web Applications during operations, as they inspect the traffic at a level which is actually not that of the application. Similarly, standard Web Application firewalls based on pre-configured sets of signatures can offer very poor protection, since they can eventually detect standard vulnerabilities (such as for instance those of a standard Content Management System installation) but not those present in custom application. Forget the rules Using its Machine Learning Engine, Attack Prophecy® is able to reconstruct autonomously the logic behind the monitored Web Services. This is what makes Attack Prophecy® different from other Web Application firewalls. There is not any pre-configured set of rules, which may be eventually effective only in protecting applications distributed on a large scale (such as, for instance, standard CMS installations). The protection model of Attack Prophecy® is built around the monitored services, which can be then effectively protected even against attack exploiting ad-hoc and non-public vulnerabilities. Forget the vulnerabilities of AI-based technologies Leveraging the Pluribus One leading research on Security of Machine Learning, Attack Prophecy® features an improved AI-based detection engine with increased capabilities of:

• Detecting attacks against the monitored Web Services: this offers enhanced protection and coverage against a broader range of attacks; ad-hoc detection algorithms can be also defined, upon request, to meet specific needs.
• Ensuring the safety of the learning and detection process: this makes Attack Prophecy® more resilient against attacks who attempt to evade the detection mechanism.
• Explaining the operators, in presence of anomalies, reasons why an alert has been raised: this increases the accountability of the solution.

What detects?

• Attacks in the OWASP Top 10
• Injection attacks
• Cross-Site Scripting (XSS)
• Sensitive Data Exposure
• Phishing
• Zero-day attacks