Chaitin Technology: Cyber Security Powered by AI and ML
Yusen Chen, Co-Founder & CEO
In recent years, the global web service has rapidly grown with the emergence of numerous hyperscale websites. The booming internet unicorn capabilities have compelled companies to solve network security puzzle for super large traffic on their websites, especially in China. Ever-evolving web standards and complex architecture requirements aggravate technical debt in WAF appliance solutions. Existing demands for an innovative solution have given rise to semantic WAF that has distinguished features from signature-based WAF, displaying not only operation method and capability but also potential possibilities to leverage cutting-edge technologies, like machine learning. However, the current WAFs are focused on using machine learning for attack behavior training and bot mitigation. To this end, Chaitin Technology has taken semantic WAF to the next level by merging machine learning with adaptive classifier training to improve defense accuracy, false positive detection, success attack analysis and bot mitigation.
As a pioneer in Next Generation WAF (NGWAF) based on artificial intelligence and semantic algorithms, Chaitin’s SafeLine implements a delicate classification model to identify normal and suspicious requests. The solution offers dynamic self-adaptive capabilities through machine learning technology like GAIL (Generative Adversarial Imitation Learning) and LSTM (Long Short-term Memory) to obtain the best classification ability to address different business security requests automatically. Also, SafeLine detection model based on semantic analysis algorithms can be easily abstracted as a parameter representation following the parameterized classification model.
SafeLine adopts a different approach deploying specific functional component into a specific server to ensure 'the best use of everything
After parameterization, the platform is constantly updated with new data from normal network traffic and automatically generated false negative/false positive data for training data-driven learning processes based on the current network service. The platform mitigates anomalies found on a website’s general access patterns and user-level behavior characteristics from the historical request logs by automatically generating access control policies in case an abnormal access event occurs to reduce the consumption of protected system resources. What is more, SafeLine also finds useful information such as false positive detection and success attack identification from attack logs to discover vulnerabilities and resolve potential problems at the earliest. Technology-driven enterprises from financial industry, some of the biggest banks, securities and insurances, firstly choose SafeLine to protect their websites and applications away from attacks.
Unlike traditional WAFs, SafeLine separates all WAF's functional components into independent modules so that it can be deployed in an all-in-one manner as well as several available combinations. “SafeLine adopts a different approach deploying specific functional component into a specific server to ensure ‘the best use of everything,’” says Yusen Chen, co-founder and CEO of Chaitin Tech. Also, Chaitin has simplified the management of multiple servers through a centralized management to reduce cost and time.
With Chen at its helm, a Forbes30 Under 30 Asia technologist, who is one of the youngest entrepreneurs of B2B cybersecurity industry in China, Chaitin has garnered the attention of numerous companies looking for an effective WAF. In one instance, Bilibili, a video danmaku website in China, had a large traffic of 150 million active users with HTTP API requests reaching 10 billion per day. This made it vulnerable to frequent attacks. SafeLine provided Bilibili a dynamic module on its load balancing software.
Chaitin will continue to bring innovative technology to traditional cyber security solutions to ensure that they become simple and intelligent to all customers. “We are also planning to expand application security to cloud security. Along the same lines, we have updated our NGWAF to Private Cloud Cluster Edition, and we also plan to officially launch new cloud security product earlier this July,” concludes Chen.