Starting with release 7.6, Airlock Gateway includes Airlock Anomaly Shield, an unsupervised machine learning-based anomaly detection mechanism. Airlock Anomaly Shield can be licensed to detect anomalies in the web traffic of the applications protected by Airlock Gateway.
To detect anomalies, the Airlock Anomaly Shield must be configured and initially baseline-trained for each application separately. After training, the Anomaly Shield analyzes request traffic patterns of web sessions and generates anomaly information continuously as new requests arrive. The Anomaly Shield enforcement logic uses configured patterns against the anomaly information to determine the appropriate actions for each session.
Airlock Anomaly Shield operates on the behavior of a web session and complements conventional security features of the Security Gate core service that acts directly on the properties of every single request.