Use Cases

Spherical Defence is a unique API security system that uses machine learning to understand the language of the application. We automatically build a model of your application’s API, which evolves dynamically so it can recognize legitimate data traffic and detect intrusions. This learned knowledge maintains application security as it adapts to changes in hackers’ behaviour, and can subvert hackers by generating spoofed responses that mimic the behaviour of the API.

Internal Networks

Protecting East - West Application Traffic

Protecting East-West traffic requires a different approach to North-South application traffic. Many firms are now trying to do network-level (layer 3) filtering and protection for application layer East-West traffic, using traditional Intrusion Detection and Protection Systems.

Until now there has been no effective way of protecting against anything but the most generic automated attacks. The result is a critical lack of internal visibility into internal API and networks, which means organizations are unable to protect or detect breaches and lateral movement.

Spherical Defence is the only system truly capable of protecting application layer East West traffic within internal networks. Our modern technology can be deployed at the intersection of application and network layer traffic providing enhanced visibility into East-West communication, analysing not just the layer 3 metadata but the application request themselves.

API Traffic

Protecting North - South Application Traffic

Traditional WAFs fail to protect modern applications. They use antiquated and legacy static rules to try and protect against modern dynamic attacks. As API traffic continues to grow in complexity, these rulesets become unwieldy, and produce many more false positives, resulting in alert fatigue.

At Spherical we take a different approach and provide you with the ability to protect your most critical interface, especially APIs. We apply autonomous and completely unsupervised learning to automatically model both the language and grammar of your API and how your API is used. Our system can learn complex tree and graph based data such as JSON and XML, and understand entire sequences of events, that is, user sessions and workflows.

We can provide you insight into how the behaviour of your users has changed, or if just a small subset have started to deviate. Instead of using static rules that are out of date as soon as they are deployed, our system can dynamically retrain, self learn and continuously evolves alongside your application - modelling new endpoints, new behaviour, and new users. Spherical Defence can either be deployed in front of your application, or as a network tap in passive analytics mode.

System Calls

Protecting Up - Down Traffic

The Kernel is the beating heart of every operating system. Messages pass down from applications, programs and containers into the center, where they are translated into actions that the underlying machinery executes. These messages are called ‘System Calls’.

The behaviour of any program can be described by understanding the pattern of System Calls that it sends to the Kernel. When the system is breached, and malicious programs are started or hijacked - the pattern of System Calls subtly changes. Static rule-based systems are no longer fit for purpose in modern dynamic application environments. They cause false positives whenever applications are modified, and result in alert fatigue.

At Spherical Defence we provide you with the ability to understand and protect your most complex interface, your System Calls. We apply autonomous and completely unsupervised learning to automatically model both the language and grammar of your SysCalls. Our system can learn complex tree and graph based data and understand entire sequences of System Calls, in order to learn what ‘business as usual’ looks like for your servers, and save you time in detecting breaches and lateral movement.

Service Mesh (Kubernetes)

Protecting Container to Container Traffic

In the rapidly growing world of microservices and Kubernetes, it has become crucial to be able to monitor application layer traffic between the containers associated with each service in order to protect against attacks. Monitoring each individual container is possible through proxies such as HA Proxy, but existing security solutions are not capable of delivering sufficient insight into application layer communication within the service mesh.

Spherical Defence can analyze application layer communications between containers, from log data taken from the Service Mesh / AppMesh, and detect deviations from normal patterns.

Visit our blog