BitSensor is a cloud-based Software as a Service (SaaS) or on-premise solution protecting web applications against security vulnerabilities using realtime blocking and visual insight.
Right now it takes companies 9 months, on average, before they even know that they have been hacked, let alone before they can protect themselves.
BitSensor changes this to 50 milliseconds.
Legislation is changing rapidly in response to a digital world. This requires organisations to comply with privacy and data leakage regulations such as PCI, Data Breach Notification Obligation (Meldplicht Datalekken) and the General Data Protection Regulation. Not only do most European governments require strong security enforcement, customers also expect and demand an effective security strategy. Breaches that result in leakage of sensitive, financial or personal information are simply not accepted anymore.
At the same time, organisations need to innovate faster and are moving towards DevOps and continuous delivery strategies with high-frequency releases. Security teams can only audit so often, so how to ensure security at all times while applications and services are changing at an increasing pace?
The Web Application Firewall is the preceding technology to BitSensor's in-application security approach.
WAF technology acts as a shell around the application, inspecting only HTTP traffic. Skilled attackers are aware of this, and use it to their advantage, obfuscatng their attacks. The second pitfall of a WAF is that it has no "memory" of past attacks, giving attackers a second chance. Or a third, fourth, fifth... Attackers abuse this to eventually bypass the WAF altogether.
Incident Response Analysts should spot these attempts. In reality the analysts are often overloaded with the WAF’s false positives. This leads to highly sensitive events being ignored.
Meet Igor, a skilled but underpaid Russian hacker. Igor knows most developers are not security professionals, and looks for companies' applications. After doing reconnaissance on the website, he finds the application's login page where he gets through using a brute force attack. He discovers a page where he could execute a command injection attack, and now has access to all users' confidential data.
BitSensor instruments the application from the inside, providing insights with code level accuracy. During the attack it has captured the usernames, session ID’s, email addresses, IP addresses and the hacking tools that were used. Using this data BitSensor responded as a sniper, isolating Igor to a sand-boxed environment while leaving other users untouched.
DDoS and fail open were issues for IDS technology, affecting the protected application when under attack. BitSensor in-application plugin runs on a separate thread and is processing millions of requests in production environments.
The in-application dependency instruments the application asynchronously. This means 0 ms added latency.
The correlation engine of BitSensor Application SIEM reduces analyst time by 80%.
Analysts are tired by the false positve rates of IDS. BitSensor correlates attacker profiles to only alert on high severity attacks.
5 min. integration
Deployment into an application will take your developer 5 minutes, and won't require specialized consultants.
Deployment into an application will take your developer 5 minutes, traditionally this took two weeks.
The in-application brings the two weeks of consulting time down to 5 minutes, freeing time for the developer to work on features.
BitSensor also monitors good traffic, diffrentiating agains the key attacker attributes.
BitSensor acts as a sniper, affecting only the attacker while leaving the users of your business untouched.
BitSensor will block on the key attributes of the attacker, leaving the users of your business untouched.
Create hacker profiles through our advanced big data correlation engine.
GDPR requires response in 72 hours. BitSensor responds in 50 milliseconds.
GDPR and Meldplicht Datalekken requires response in 72 hours. BitSensor responds in 50 milliseconds.
Currently it takes companies 9 months on average to respond to a data leakage. This is incompliant with GDPR and Meldplicht Datalekken.