Cequence Security Expands Its Security Platform with CQ appFirewall
June 06, 2019

Cequence Security, a provider of innovative application security solutions for today’s hyper-connected enterprises, expanded the capabilities of its Application Security Platform with a new security module – CQ appFirewall.

This new module will leverage the intelligence of CQAI, the patented analytics engine within the platform, to automatically detect and defend against attacks that exploit known and unknown application vulnerabilities – and even eliminate much of the administrative effort associated with creating and maintaining WAF signatures.

The Cequence Application Security Platform, originally launched in November 2018 with CQ botDefense, leverages the application intelligence generated by CQAI to detect and defend against automated attacks that appear to be legitimate as they target the application business logic itself. CQ appFirewall takes full advantage of the same application intelligence to provide non-stop security, even with continuous application updates and modifications by DevOps teams. CQ appFirewall will complement CQ botDefense to deliver comprehensive application security that is effectively “baked in” to the web, mobile, and API-based application tier.

“We actually solved the hardest security problem first, stopping malicious bot attacks with our initial module, CQ botDefense,” said Ameya Talwalkar, Chief Product Officer and co-founder of Cequence Security. “With CQ appFirewall, we have significantly extended the platform’s value with innovations that overcome the inherent security limitations of traditional WAFs. When customers deploy both security modules, the platform will not only prevent attacks targeting their web, mobile, and API-based applications, it will also help eliminate unwanted application traffic on their network.”

CQ appFirewall includes support for OWASP Top 10 and PCI DSS Section 6.6, which address basic vulnerability protection and compliance requirements that customers expect from their WAF. But the new Cequence Security module goes well beyond that with several important innovations:

- Discover – Automatic discovery of all web, mobile, and API-based applications that could be targeted with targeted attacks that exploit application vulnerabilities. This eliminates the need to continually monitor and update traditional application and threat signatures. In addition, it provides discovery and lockdown of misconfigured applications that should not be exposed to the Internet.

- Detect – Leverages the multi-dimensional analysis of CQAI to fully understand normal application transaction, also known as syntactic behavior, and creates a unique profile between external clients and the customer’s web, mobile, and API-based applications. Any abnormal transactions – including those targeting zero-day vulnerabilities – are automatically detected and blocked, without the need to create a new WAF signature.

- Defend – In addition to block and alert as response options, CQ appFirewall allows customers to defend against attacks using rate-limiting, geo-fencing, and deception techniques that convinces the bad actor the attack was successful, when in fact it wasn’t.

The need for these advanced features was recently validated in a report Cequence Security published with Ponemon Institue and based on data collected from WAF users in nearly 600 US organizations. “The research clearly reveals WAF dissatisfaction in three areas,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “First, organizations are frustrated that so many attacks are bypassing their WAFs and compromising business-critical applications. In addition, they’re experiencing the pain of continuous, time-consuming WAF configuration and administration tasks. Lastly, they’re dealing with significant annual costs associated with WAF ownership and staffing.”

“We’ve definitely addressed the security concerns raised in that report,” said Shreyans Mehta, CTO and co-founder of Cequence Security. “In addition, by combining AI-driven bot defense and application firewall capabilities within the same platform and a single pane of glass for management, we’re enabling our customers to reduce architectural complexity and improve staff productivity. And the open architecture of the platform makes it easy to share relevant data with other security tools, such as SIEMs or anti-fraud systems.”

The changing requirements for application security – which include bot mitigation and protection against vulnerability exploits – were recently highlighted in a report from Gartner, which stated: “Considering the range of exploits and abuse that can occur with web and mobile applications and web APIs, technical professionals must leverage a mix of externalized security controls to deliver appropriate protection and alleviate burdens to development staff.” (Source: Gartner Protecting Web Applications and APIs From Exploits and Abuse, Frank Catucci, Michael isbitski and Ramon Krikken, April 24, 2019)

The CQ appFirewall solution includes the underlying platform, CQAI analytics engine, CQ Insight management application, and CQ Connect for sharing information. The annual subscription price is based on the number of transactions processed by the solution, which can vary significantly by customer. Controlled release and beta testing begin next month, with general availability in Q4 2019.

Share this

Industry News

September 24, 2020

NetApp announced the availability of Elastigroup for Microsoft Azure Spot Virtual Machines (VMs).

September 24, 2020

CloudBees announced a robust new set of DevSecOps capabilities for CloudBees CI and CloudBees CD. The new capabilities enable customers to perform early and frequent security checks and ensure that security is an integral part of the whole software delivery pipeline workflow, without sacrificing speed or increasing risk.

September 24, 2020

Pulumi announced the release of a Pulumi-native provider for Microsoft Azure that provides 100% coverage of Azure Resource Manager (ARM), the deployment and management service for Azure that enables users to create, update and delete resources in their Azure accounts.

September 23, 2020

Puppet announced new Windows services, integrations and enhancements aimed at making it easier to automate and manage infrastructure using tools Windows admins rely on. The latest updates include services around Group Policy Migration and Chocolatey, as well as enhancements to the Puppet VS Code Extension, and a new Puppet PowerShell DSC Builder module.

September 23, 2020

Red Hat announced the release of Red Hat OpenShift Container Storage 4.5, delivering Kubernetes-based data services for modern, cloud-native applications across the open hybrid cloud.

September 23, 2020

Copado, a native DevOps platform for Salesforce, has acquired ClickDeploy.

September 22, 2020

CloudBees announced general availability of the first two modules of its Software Delivery Management solution.

September 22, 2020

Applause announced the availability of its Bring Your Own Testers (BYOT) feature that enables clients to manage their internal teams – employees, friends, family members and existing customers – and invite them to test cycles in the Applause Platform alongside Applause’s vetted and expert community of testers.

September 22, 2020

Kasten announced the integration of the K10 data management platform with VMware vSphere and Tanzu Kubernetes Grid Service.

September 21, 2020

PagerDuty entered into a definitive agreement to acquire Rundeck, a provider of DevOps automation for enterprise.

September 21, 2020

Grafana Labs announced the release of Grafana Metrics Enterprise, a modern Prometheus-as-a-Service solution designed for the scale, architecture, and security needs of enterprises as they expand their observability initiatives.

September 21, 2020

Portshift's Cloud Workload Protection platform is now available through the Red Hat Marketplace.

September 17, 2020

env0, a developer of Infrastructure-as-Code (IaC) management software, announced the availability of its new open source solution for Terraform users, Terratag.

September 17, 2020

Push Technology announced a partnership with Innova Solutions, an ACS Solutions company, specializing in global information technology services.

September 17, 2020

Alcide achieved the AWS Outposts Ready designation, part of the Amazon Web Services (AWS) Service Ready Program.