The plans, the main opportunities, the features and technical specifications of Nemesida WAF.
General information
Active users: | 400+ |
Features: |
|
WAF operation mode | IPS, IDS and combined |
Delivery type |
|
Demonstration stand | demo.lk.nemesida-waf.com |
🔗 Plan features
Features | Light | Business | Enterprise |
General information | |||
Support for web servers | Nginx, Nginx Plus, Envoy proxy soon | ||
On-premises software | yes | ||
No artificial restrictions on traffic, RPS and the number of virtual hosts | yes | ||
Support for community edition with limited functionality | yes | ||
The index of protection against attacks | ~ 46.62% | up to 99.98% | |
Installation and scaling | |||
Support for Active-Active and Active-Passive cluster | yes | ||
Support for fault-tolerant operation of components | yes | ||
Support for multinode WAF installation | yes | ||
Support for multitenancy mode installation | yes | ||
Support for reverse proxy mode | yes | ||
Support for deployment in a virtual environment | yes | ||
Support for deployment in Docker containers | yes | ||
Request processing | |||
Checking requests for RFC compliance | yes | ||
Deep Inspection of HTTP(s) requests | yes | ||
Support for HTTP/2 | yes | ||
Support for WebSockets | yes | ||
Support for HTML5 | yes | ||
Support for JSON | yes | ||
Processing XML documents and SOAP requests | yes | ||
Termination of SSL/TLS traffic | yes2 | ||
The ability for the client to remove a temporary IP address ban using a Captcha | yes | ||
Create custom block page | yes | ||
Detection of attacks | |||
Detection of attacks by the signature method Attack detection time: from 0.001 sec. |
yes | ||
Attack detection by the AI/ML Attack detection time: from 0.07 sec. |
n/a | yes | |
Class of blocked attacks | SQLi, RCE, OS Injection, SSTI, LDAP, NoSQL, XSS, XXE, Information Leakage, Path Traversal, Open Redirect, Web Shell, RFI/LFI, SSRF, DDoS L7, bruteforce, flood etc. | ||
Protection against threats of the OWASP class | yes | ||
Blocking an individual request | yes | ||
Protection from bots: detection of DDoS L7, bruteforce, flood and other parasitic traffic | yes | ||
Protection based on the principle of a “black” list of IP addresses | yes | ||
Protection against web scraping | yes | ||
Blocking attempts to exploit zero-day vulnerabilities | using signatire method | using signatire method and machine learning | |
Analysis of the behavioral activity of web application users | n/a | yes | |
Blocking attempts to download viruses Attack detection time: from 0.015 sec. |
yes | ||
API Firewall (OpenAPI, Swagger) Attack detection time: from 0.003 sec. |
n/a | yes | |
WAF Management Interface | |||
Managing settings using the web interface and API | yes | ||
Role-based system access system (administrator – user) | yes | ||
Creating a “white” list of signatures | yes | ||
Creating personal blocking rules | yes | ||
Flexible filtering of incidents by specified criteria | yes | ||
Manual and automatic aggregation of incidents by attack type, parameter name, URL, IP address | yes | ||
Setting up reporting to get summary information on security events (attack schedule, detailed reports in PDF and CSV formats) | yes | ||
Email notifications about attacks | yes | ||
Creating virtual patching rules | Manually | Automatically and manually | |
Vulnerability detection and attack verification using the built-in dynamic analyzer (Nemesida WAF Scanner) | n/a | yes | |
Additional features | |||
Getting extended IP address information1 | yes | ||
Centralized collection of Nemesida WAF component operation events | yes | ||
Centralized collection of information on detected attacks/anomalies | yes | ||
The ability to send operation events of Nemesida WAF components to third-party systems | yes | ||
Getting information about Nemesida WAF component operation events using the web interface and API | n/a | yes | |
Getting information about detected attacks/anomalies using the web interface and API | yes | ||
Integration with third-party TI-systems (Threat Intelligence) based on black/white lists |
yes | ||
Integration with third-party AntiDDoS systems for synchronization of black/white lists | yes | ||
Finding the flaws of Web applications using Nemesida WAF Scanner | n/a | yes |
1 Obtaining extended information about the IP address allows you to determine the geographical location based on the IP address, check the presence of the address in the lists of proxy servers: Tor, VPN, Mobile or hosting sites, etc. The functionality is included in the software price and does not require the connection of third-party databases.
2 SSL termination is configured by means of a web server.
🔗 Nemesida® AI – a machine learning module
Accuracy of identification of the attacks | Nemesida AI is about 53.04%* more efficient than signature analysis. |
Machine learning method | The Nemesida WAF operation is based on classical machine learning algorithm «Random Forest», that is able to detect attack with minimum response time, nearly without false positives. |
Hardware resource requirements | Unlike training models using neural networks, classical machine learning algorithms do not require much processing power, so the processor of the Intel Core i3 family or higher will be sufficient for calculations. |
Additional features |
|
* Test result of Nemesida WAF using only signature analysis and AI/ML (detection accuracy: 47.2% and 99.78%, respectively). The testing was performed using the specialized WAF Bypass Tool. Based on the test results, the use of machine learning improves detection accuracy by 52.58%.
Pricing
Price (annual subscription) |
Plans | ||
Light | Business | Enterprise | |
Basic license | $3,800* | $12,000* | ** |
Additional license | $770 | $2,500 | ** |
Additional behavioral model | n/a | $300 per model |
** |
The number of free behavioral models included in the plan | n/a | 1 | 5 |
Basic technical support |
Included in plan price (by email) |
* 30% discount on renewal of the annual subscription) from the current cost of the plan at the time of renewal.
** The price is available on request.
Try Nemesida WAF for free
Nemesida WAF is well-scalable, does not have any limitations of virtual hosts or traffic and auxiliary modules such as vulnerability scanner, virtual patching and cabinet will make your work with Nemesida WAF easy and transparent. Now it is not required to make exclusion rules – machine learning module will adapt to any web application. You can inspect incidents and enjoy the work with Nemesida WAF. Request a fully-featured trial by sending request to info@nemesida-waf.com.