Big Data Intelligence (Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud) presented at AppSec USA 2013

by Ory Segal, Tsvika Klein,

Summary : Presentation Title: "Big Data Intelligence"
Subtitle: "Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud"
As web application attacks turn into massive campaigns against large corporations across the globe, web application firewall data increases exponentially, leaving security experts with a big data mess to analyze. Pinpointing real attacks in a sea of security event noise becomes an almost impossible tedious task. In this presentation, we will unveil a unique platform for collecting, analyzing and distilling Petabytes of WAF security intelligence information. Using the collected data, we will discuss the OWASP ModSecurity Core Rule Set project's accuracy, and reveal common attack trends, as well as our impressions and suggestions for how to wisely make the best out of the CRS project.
Topic covered in this presentation: • Using Big Data for analyzing web application security trends
• Akamai's Cloud Security Intelligence (CSI) platform - collecting Petabytes of WAF events with near-real time analysis capabilities
• Sample data analysis - Top 10 web application attacks and trends, as collected by the system
• Short demo of a unique user interface for navigating and analyzing big WAF data (SARA - Security Analytics Research Application)
• Measuring the accuracy of the OWASP CRS project?
• Analyzing the accuracy of CRS - precision, recall & accuracy statistics against real world traffic
• Frequent real world false positives scenarios, and how to remediate them
• Top 10 triggering rules statistics