Starting with release 7.6, Airlock Gateway includes Airlock Anomaly Shield, an unsupervised machine learning-based anomaly detection mechanism. Airlock Anomaly Shield can be licensed to detect anomalies in the web traffic of the applications protected by Airlock Gateway.
The Airlock Anomaly Shield must be configured and initially baseline-trained for each application separately to detect anomalies. After training, the Anomaly Shield analyzes web session request traffic patterns and generates anomaly information continuously as new requests arrive. The Anomaly Shield enforcement logic uses configured patterns against the anomaly information to determine the appropriate actions for each session.
Airlock Anomaly Shield operates on the behavior of a web session and complements conventional security features of the Security Gate core process that acts directly on the properties of every request.