How it Works
Spherical uses examples of trusted data to build the baseline model. A typical implementation comprises three simple phases.
Phase
1
Evaluation on a small dataset of 100MB of application data logs – Spherical Defence builds an initial model which can be used to detect artificially injected attacks but will ignore genuine anomalies
Phase
2
Spherical Defence builds a trial model using a larger dataset of around 50 million logs – This exercise also detects historical attacks on application data
Phase
3
The system provides you with alerts of on-going application attacks. Depending on the mode of deployment, Spherical Defence can perform real-time blocking
Ideally, Spherical Defence is deployed where the SSL traffic terminates, with access to API traffic either through a reverse proxy or as an Apache / Nginx mod security plugin. In this mode, automatic alerts can be generated to warn of attacks in real-time to enable blacklisting of hackers.