Traditional web application firewalls (WAFs) that rely on signature-based detection are no longer effective against advanced attacks. As organisations move to the cloud and expand their API footprints, security professionals are facing unprecedented challenges in protecting digital assets.
Twain Taylor, editor at Software Plaza, spoke with Roy Barda, Director and Head of CloudGuard WAF at Check Point, about the shift in application security. Moving beyond signature-based approaches to an AI-driven model that detects zero-day threats with minimal false positives.
This article explores six powerful ways Check Point’s innovative technology is transforming web application security through advanced AI, machine learning, and comprehensive API protection.
1. Leverage dual-engine AI detection instead of static signatures
Traditional WAFs operate on a binary decision model; they identify attacks based on predefined signatures and then trigger actions accordingly. This approach inevitably creates security gaps and maintenance challenges. Check Point’s CloudGuard WAF takes a fundamentally different approach.
According to Roy Barda, Director at Check Point and head of CloudGuard WAF, the company has built an AI mechanism that scores each request based on the likelihood of it being malicious. He explains that Check Point gathered a large amount of malicious payloads internally and worked to identify common grounds and indicators that help identify malicious content.
This AI-driven approach enables organizations to detect sophisticated attacks that would otherwise bypass traditional signature-based WAFs entirely, thereby significantly improving their security posture against emerging threats.
2. Establish application behavior baselines to minimize false positives
One of the biggest challenges with traditional WAFs is the high rate of false positives, which often leads security teams to disable protection entirely. Check Point addresses this with its second engine, which works in conjunction with the AI scoring engine.
Barda emphasizes that their indicator approach enables zero-day detection by identifying small elements in traffic that signal malicious intent. He adds that the second layer, which builds application baselines, helps avoid false positives by understanding normal behavior patterns.
By understanding what constitutes normal behavior for your specific applications, CloudGuard WAF can significantly reduce false positives while maintaining robust protection against genuine threats.
3. Implement comprehensive API security through automated discovery
APIs represent one of the fastest-growing attack surfaces in modern applications. Many organizations struggle just to maintain visibility into their API landscape, creating security blind spots that attackers can exploit. CloudGuard WAF includes robust API discovery capabilities.
Barda describes the API discovery solution as the first feature they delivered in the product. He explains that it builds a schema of all APIs observed in traffic. The system is sensitive enough that even if someone sends a simple API request just once to a specific endpoint, it will be detected and added to the API schema.
The solution’s dashboard allows security teams to see the most used APIs, the least used APIs, and APIs that are no longer in use, enabling better resource allocation and security focus.
4. Enforce API governance through schema validation
Visibility is only the first step in API security. Check Point enables organizations to implement governance controls that prevent unauthorized API changes and ensure consistent security.
Barda notes that beyond creating schemas, the system can enforce them as well. He points out that this enforcement ensures developers cannot change their exposed APIs without consulting the CISO or whoever is responsible for security.
By enforcing API governance, organizations can prevent the security gaps that often emerge when developers deploy new API endpoints without proper security review.
5. Harness contextual AI for enhanced security decisions
CloudGuard WAF leverages contextual intelligence to make more informed security decisions by connecting information across multiple sources.
Barda describes an intelligence mechanism in the WAF that connects information between different Check Point solutions. He explains that the system can query its intelligence database about specific IPs to determine if they represent malicious actors.
He further explains that the system automatically adapts protection strategies based on the application being secured. For example, Jira would be protected differently from a Confluence application, with protection tailored to the specific application context.
6. Deploy advanced anomaly detection for sophisticated API attacks
Beyond basic protection, Check Point is developing sophisticated capabilities to detect subtle API misuse that would bypass traditional security controls.
Barda explains the challenge of detecting certain types of misuse, such as guessing CVV numbers on credit cards. He says such attacks aren’t just about rate limiting, as attackers can space requests over time. Even with one request per hour, an attacker could determine a CVV number after 1,000 hours of attempts.
By focusing on behavioral anomalies rather than just known attack signatures, CloudGuard WAF can detect attacks that fly under the radar of traditional security solutions.
Preparing for the next generation of application threats
As organizations increasingly incorporate AI into their applications and expand their API footprints, new security challenges are emerging. Check Point is already developing capabilities to address these evolving threats.
The rise of AI agents will dramatically increase machine-to-machine API interactions, creating new security challenges that Check Point is addressing.
By implementing these seven approaches with Check Point’s CloudGuard WAF, organizations can significantly enhance their ability to detect zero-day threats while reducing false positives.
To learn more about the solution's comprehensive approach, watch the full podcast on Software Plaza's YouTube channel.
