Review of the pricing, the main opportunities, the features and technical specifications of Nemesida WAF.
A feature of Nemesida WAF is its high accuracy in detecting attacks with a minimum number of false positives, the presence of a vulnerability scanner, machine learning and virtual patching modules, scalability and pricing policy. This allows you to ensure the security of sites, online stores, personal accounts, portals, APIs and other web applications at the stage of development or full use.
|Number of active users:||400+|
|Documentation language||Russian, English|
|Availability of a research center in Russia||lab.pentestit.ru|
|Operation mode||IPS, IDS, Combined|
|Demonstration stand||A demo stand for the Nemesida WAF web interface and functionality is available at demo.lk.nemesida-waf.com (login: firstname.lastname@example.org, password: pentestit).|
Pricing and options
|Features||Price (per year)|
|Type of attacks blocked||SQLi, RCE, OS Injection, SSTI, LDAP, NoSQL, XSS, XXE, Information Leakage, Path Traversal, Open Redirect, Web Shell, RFI/LFI, SSRF, Account Takeover, Brute-force, abuse of SMS functionality, DDoS L7 etc.|
|Integration with ClamAV antivirus software||+|
|Automatic blocking of an attacker by IP-address||+|
|Syncing the list of blocked IP-addresses||+|
|Supports Active-Active / Active-Passive clustering||+|
|Detection of DDoS L7, password guessing, flooding and abuse of SMS functionality||+|
|Detecting attacks by signature method||+|
|Attack detection by the machine learning module||–||+|
|Blocking attempts to exploit zero-day vulnerabilities||–||+|
|Creating virtual patching rules||Manually||Manually and automatically|
|Management of settings using a cloud-based web interface||+|
|Management of settings using a cloud-based API||–||+|
|Number of behavioral models included in the basic license||–||1||5|
|Cost of additional license1||$500||$1,900|
|Cost of additional behavioral model||–||$750|
|Vulnerability detection using Nemesida WAF Scanner||–||+|
1 every Nemesida WAF dynamic module instance for Nginx (install package nwaf-dyn) must use unique license key (license).
To reduce the percentage of false positives, it is recommended to use a separate behavioral model for each web application, and the domains on which web applications are located may differ.
The principle of operation and purpose of Nemesida WAF components
- Nemesida WAF dynamic module carries out a signature analysis of requests coming to the server and, based on the behavioral models built by Nemesida AI MLC, makes a decision to block them or transfer them to other modules.
- Nemesida AI MLA 1 machine learning module applies behavioral models built by Nemesida AI MLC to requests received from the dynamic module and sends a blocking command.
- Nemesida AI MLC 1 machine learning module is designed to build behavioral models and detect other anomalies (for example, Brute-force, flood, DDoS L7).
- Nemesida WAF API is designed to receive information about attacks and detected vulnerabilities, as well as transmit information about blocked requests and the results of the Nemesida AI and Nemesida WAF Scanner modules in the PostgreSQL DBMS.
- Nemesida WAF Cabinet is designed to visualize and analyze the events of the components from the PostgreSQL DBMS, as well as systematize information about anomalies and identified vulnerabilities.
- Nemesida WAF Signtest module tweaks the use of the models built and applied by the Nemesida AI module.
- Vulnerability Scanner Nemesida WAF Scanner is designed to identify vulnerabilities in a protected web application.
1 Attack detection using machine learning is only available for Business and Enterprise plans.
For the effective operation of Nemesida WAF components, it is recommended to use servers that have the following technical characteristics:
|Server for the Nemesida WAF dynamic module and Nemesida AI MLA
analyses and redirects unblocked requests to the server with the web application
|Processor||Intel Core i3 or similar|
|RAM||4 GB or greater|
|Available disk space||1 GB or greater|
|Server for the Nemesida AI MLC
is used to build behavioral models and analyse all incoming requests with their help, brute-force attacks, flood and Layer 7 attacks
|Processor||Intel Core i5 or similar|
|RAM||16 GB or greater|
|Available disk space||4 GB or greater|
|Server for the Nemesida WAF API, Nemesida WAF Cabinet, Nemesida WAF Signtest and PostgreSQL DBMS
used to store and visualize identified anomalies and flaws in a web application, as well as to control the behavior of a machine learning module
|Processor||4-core Intel Core i3 or similar (from 4 cores)|
|RAM||6 GB or greater|
|Available disk space||2 GB or greater|
Clustering, SSL, standards
- Termination SSL
- Passive decoding SSL
- Support of sessions established on client certificates
- Support of Active-Active clustering
- Support of Active-Passive clustering
- Support of balancing of loading between the protected web applications
- Support of WebSockets
- Support of XML
- Support of JSON
Detection of attacks
|Class of blocked attacks||
|The presence of a reputation base||Own reputation and GeoIP base.|
|Virtual patching module||Built-in virtual patching module for fixing vulnerabilities on-the-fly.|
|Detection of bots on the basis of values of query fields||Based on their signatures using machine learning.|
- Blocking an individual request
- Temporarily blocking requests from the source by IP address
- No artificial restrictions on traffic, RPS and the number of virtual hosts
- Validate HTTP Transactions for RFC Compliance and Best Practices
- Categorization by the type of activity (type of attack) of sources
- Detection of bots based on their traits and behavioral analysis
- Creation of signatures and their exclusions based on a set of criteria (for example: method, URL, parameter value, headers) and regular expressions
- Using machine learning to minimize false positives and detect unknown attacks, easy management of the learning or retraining process via a web interface
- Support for WebSockets, XML, JSON
- Integration with ClamAV antivirus, SIEM systems and firewalls
- Analysis of web application vulnerabilities using Nemesida WAF Scanner
- Free version with limited functionality Nemesida WAF Free with basic protection of web applications from OWASP attacks based on signature analysis
- Own GeoIP base
Machine learning (Nemesida AI)
|Accuracy of identification of the attacks||Nemesida AI about 30% more efficient than signature analysis.|
|Machine learning method||The Nemesida WAF operation is based on classical machine learning algorithm «Random Forest», that is able to detect attack with minimum response time, nearly without false positives.|
|Hardware resource requirements||Unlike training models using neural networks, classical machine learning algorithms do not require much processing power, so the processor of the Intel Core i3 family or higher will be sufficient for calculations.|
Filtering and notifications
- Comfortable in use Cabinet for dealing with incidents
- Flexible filtering of security log entries by specified criteria
- Manual and automatic aggregation of security log entries by attack type, parameter name, URL, IP address
- Attack verification using the built-in dynamic scanner
- Automatic aggregation of events with intense character
- Possibility of setting up reporting for obtaining summary information about safety events (attack timeline, detailed reports in PDF and CSV format)
- Existence of the interface with information on network loading of WAF
- The recorded events contain inquiry in full (entirely)
- The recorded events contain the description of the worked rule of security policy
- Export and import of the security event log in full amount
- E-mail notifications
Try Nemesida WAF for free
Nemesida WAF is well-scalable, does not have any limitations of virtual hosts or traffic and auxiliary modules such as vulnerability scanner, virtual patching and personal cabinet will make your work with Nemesida WAF easy and transparent. Now it is not required to make exclusion rules – machine learning module will adapt to any web application. You can inspect incidents in personal cabinet and enjoy the work with Nemesida WAF.