Nemesida WAF OnPrem Plans and Features

The plans, the main opportunities, the features and technical specifications of Nemesida WAF.

General information

Active users:	400+
Features:	On-premises software Does not use cloud computing Does not transmit traffic and other sensitive data outside the perimeter
WAF operation mode	IPS, IDS and combined
Delivery type	Linux (Debian, Ubuntu, CentOS) and FreeBSD installation packages Virtual Appliance Docker image
Demonstration stand	demo.lk.nemesida-waf.com

Plan features

Features	Light	Business	Enterprise
Type of software delivery	Full on-premises software
Types of blocked attacks	SQLi, RCE, OS Injection, SSTI, LDAP, NoSQL, XSS, XXE, Information Leakage, Path Traversal, Open Redirect, Web Shell, RFI/LFI, SSRF, Account Takeover, Brute-force, DDoS L7, flood and other malicious traffic
Scalability and fault tolerance: supports Active-Active and Active-Passive clustering	Yes
Bot protection: detection of DDoS L7, account takeover (ATO), flooding and other malicious traffic	Yes
Detecting attacks by signature method	Yes
Getting extended IP address information^*	Yes
Attack detection by the AI/ML	n/a	Yes
Blocking attempts to exploit zero-day vulnerabilities	n/a	Yes
API Firewall (OpenAPI, Swagger)	n/a	Yes
Centralized collection of events	n/a		Yes
Vulnerability detection using Nemesida WAF Scanner	n/a		Yes
Generating of virtual pathching rules	Manually	Manually and automatically
Configuration using the web interface and API	Yes

^* Obtaining extended information about the IP address allows you to determine the geographical location based on the IP address, check the presence of the address in the lists of proxy servers: Tor, VPN, Mobile or hosting sites, etc. The functionality is included in the software price and does not require the connection of third-party databases.

🔗 Nemesida^® AI – a machine learning module

Accuracy of identification of the attacks	Nemesida AI is about 53.04%* more efficient than signature analysis.
Machine learning method	The Nemesida WAF operation is based on classical machine learning algorithm «Random Forest», that is able to detect attack with minimum response time, nearly without false positives.
Hardware resource requirements	Unlike training models using neural networks, classical machine learning algorithms do not require much processing power, so the processor of the Intel Core i3 family or higher will be sufficient for calculations.
Additional features	Adaptation of WAF to a mutable application Automatic creation of behavioral models Detection of anomalies and assessment of their severity level Identification of new signs of attacks, including the identification of «zero day» attacks Behavioral models management interface (additional training of models) Ability to change the training period of behavioral models Additional training of models using a backup copy of the training sample

^*Test result of Nemesida WAF using only signature analysis and AI/ML (detection accuracy: 46.62% and 99.66%, respectively). The testing was performed using the specialized WAF Bypass Tool. Based on the test results, the use of machine learning improves detection accuracy by 53.04%.

The result of testing Nemesda WAF

Diagram of Nemesida WAF modules interaction

¹ Includes Nginx, the Nemesida WAF dynamic module and the Nemesida AI MLA machine learning agent.

Nemesida WAF dynamic module carries out a signature analysis of requests coming to the server and, based on the behavioral models built by Nemesida AI MLC, makes a decision to block them or transfer them to other modules.
Nemesida AI MLA machine learning module applies behavioral models built by Nemesida AI MLC to requests received from the dynamic module and sends a blocking command.
Nemesida AI MLC machine learning module is designed to build behavioral models and detect other anomalies (for example, Brute-force, Flood, DDoS L7).
The Nemesida WAF API is designed to receive information about attacks and identified vulnerabilities, as well as transmit information about blocked requests and the results of the Nemesida AI and Nemesida WAF Scanner modules to the PostgreSQL DBMS.
Nemesida WAF Cabinet is designed for visualization and analysis of the events of the components from the PostgreSQL DBMS, management of Nemesida WAF settings, management of OpenAPI query schemes, configuration of the use of behavioral models built and applied by the Nemesida AI module, as well as systematization of information about anomalies and identified vulnerabilities.
The Nemesida WAF Scanner Vulnerability Scanner is designed to detect vulnerabilities in a protected web application.

Additional Information

Blocking an individual request
Temporarily blocking requests from the source by IP address
No artificial restrictions on traffic, RPS and the number of virtual hosts
Validate HTTP Transactions for RFC Compliance and Best Practices
Categorization by the type of activity (type of attack) of sources
Detection of bots based on their traits and behavioral analysis
Creation of signatures and their exclusions based on a set of criteria (for example: method, URL, parameter value, headers) and regular expressions
Using machine learning to minimize false positives and detect unknown attacks, easy management of the learning or retraining process via a web interface
Support for WebSockets, XML, JSON
Integration with ClamAV antivirus, SIEM systems and firewalls
Analysis of web application vulnerabilities using Nemesida WAF Scanner
Noncommercial version with limited functionality Nemesida WAF Community Edition with basic protection of web applications from OWASP attacks based on signature analysis
Access to the GeoIP service, which does not require the connection of additional files, modules, etc.

Filtering and notifications

Comfortable in use Nemesida WAF Cabinet for dealing with incidents
Flexible filtering of security log entries by specified criteria
Manual and automatic aggregation of security log entries by attack type, parameter name, URL, IP address
Attack verification using the built-in dynamic scanner
Automatic aggregation of events with intense character
Possibility of setting up reporting for obtaining summary information about safety events (attack timeline, detailed reports in PDF and CSV format)
Existence of the interface with information on network loading of WAF
The recorded events contain inquiry in full (entirely)
The recorded events contain the description of the worked rule of security policy
Export and import of the security event log in full amount
E-mail notifications

Pricing

Price (annual subscription)	Plans
Price (annual subscription)	Light	Business	Enterprise
Basic license	$3,800^*	$12,000^*	**
Additional license	$770	$2,500	**
Additional behavioral model	n/a	$300 per model	**
The number of free behavioral models included in the plan	n/a	1	5
Basic technical support	Included in plan price (by email)

^* 30% discount on renewal of the annual subscription) from the current cost of the plan at the time of renewal.
^**The price is available on request.

Try Nemesida WAF for free

Nemesida WAF is well-scalable, does not have any limitations of virtual hosts or traffic and auxiliary modules such as vulnerability scanner, virtual patching and cabinet will make your work with Nemesida WAF easy and transparent. Now it is not required to make exclusion rules – machine learning module will adapt to any web application. You can inspect incidents in Nemesida WAF Cabinet and enjoy the work with Nemesida WAF.