CQAI is deployed out-of-band using TAP mode or SPAN port to receive application traffic from the customer network.
ML-based automation indicators analyze the traffic to discover publicly exposed application and API endpoints as well as ongoing automated attack campaigns and vulnerability exploits. Threat findings can be exported to an existing security infrastructure solution like a SIEM or a WAF for further analysis and remediation.
Integrations supported: TAP mode, SPAN port.
Moving from Discovery mode to Defense mode entails the deployment of a lightweight enforcement module inline to the application traffic through network or app server-based integration.
- Network Integrations supported: Load Balancers, Proxy Servers. Enforcement module is integrated with proxy servers or load balancers via loopback proxy configuration or as a next hop configuration.
- App Server Integrations supported: App Servers, Service Mesh. Enforcement module is configured as a sidecar helper to the ingress controller of the service mesh or as a sidecar to the app server.
Malicious activity can be remediated using response options that include: block, rate limit, deception or geo-fence.