Japanese startup unveils AI-powered rule sets solution to secure AWS-hosted websites


See the original story in Japanese.

Tokyo-based Cyber Security Cloud, the Japanese startup behind a cloud-based web application firewall (WAF) called Kogeki Shadan-kun, unveiled a new product called WafCharm earlier this month. WafCharm uses artificial intelligence to automatically apply a WAF signature (rule set) setting for websites hosted on Amazon Web Services. It can be used for free until the end of January 2018. By introducing WafCharm, the information systems division of a company operating a cloud-based web server on AWS can automate the complicated tasks of selecting and applying optimal signatures for defense against attacks.

Typical WAF systems can be categorized into software-based, appliance-based, and cloud-based ones. Cyber Security Cloud has been specialized in developing cloud-based WAF solutions to secure cloud-based web servers, launched Kogeki Shadan-kun in December of 2013. Since then, the service has seen a steady increase in clients, including NTT Docomo, ANA (All Nippon Airways), and SBI Securities, and has been adopted by 4,000 websites in about three and a half years since the launch. The monthly report that the dashboard outputs can be easily used for meetings within a company, and in the event of damage, insurance of up to 10 million yen (about $88.2K US) is accompanied (for the moment, there have been no applicable cases). The fact that compensation of up to 10 million yen can be granted may also be a factor in the growth of the company.

The dashboard for “Kougeki Shadan-kun”
Image credit: Cyber Security Cloud

Cyber Security Cloud collects tendencies of web attacks and security defense from Kougeki Shadan-Kun, and based on the findings obtained, then WafCharm applies optimal rule sets to user instances leveraging artificial intelligence (AI). The application of rule sets according to the software stack, supporting the OWASP Top 10 security risks, and the speedy addition of new rule sets in response to new weaknesses are all automatically done for user instances on AWS.

AWS also provides 11 rule sets by five security vendors (as of December, 2017) as WAF Managed Rules. This is intended to make it easier to operate even for users less familiar with security measures while customized setting is difficult because detailed settings are black-boxed. Having said that, it is a painstaking task to manually set rule sets one by one. WafCharm aims at solving this pain point.

Cyber Security Cloud CEO Hikaru Ono says:

AWS has 34% market share in the global cloud user base. To reach one-third of all cloud users (by offering the WAF optimization service for AWS) would be a great opportunity. I think that WafCharm could set these cloud users free from security risks.

In 2016, two years after the service launch, Kougeki Shadan-kun won the largest share in the cloud-based WAF market in Japan. By introducing the new product WafCharm, Cyber Security Cloud has its sights set on the number one position in the global automated WAF operation sector. As a short-term goal the company is looking to sign with 10,000 companies in 2018. While looking at future user trends, it is also considering deploying services to other cloud platforms such as GCP (Google Cloud Platform) and Microsoft Azure.

Cyber Security Cloud was established in August of 2010 (under the name of Amitie). The company raised around 100 million yen (about $883K US) from Ambition, Legend Partners, Epsilon Group, Real World, SBI Investment and other investors in January of 2016.

Translated by Amanda Imasaka
Edited by “Tex” Pomeroy