Web Security Breakthrough Eliminates Annoying Website Blocks Without Sacrificing Protection

Suppose you are trying to access a site and get blocked, without any reason. Frustrated, you will probably try another site or give up. Whether it’s a false-positive security flag or an overzealous firewall, legitimate users can be caught in the crossfire of outdated security practices. But John Komarthi, a security testing expert with years of experience at companies like SonicWALL, Fortinet, and McAfee, has been quietly trying to eliminate that.

Komarthi’s career has revolved around refining how security systems treat network traffic, especially in web environments where the balance between safety and usability is difficult to strike. At SonicWALL, where he worked extensively on firewall, web application firewall (WAF), and remote access solutions, he encountered a recurring theme: security systems were routinely blocking legitimate users based on outdated or overly simplistic rules.

“Many firewalls and WAFs rely on static IP reputation, outdated geolocation filters, or poorly tuned threat signatures,” Komarthi explained. “The result is that normal user behavior is flagged as suspicious, leading to unnecessary disruptions for customers and headaches for security teams.”
Komarthi helped develop and test adaptive threat detection models that evaluated traffic in real-time, focusing on session-level behavior and metadata rather than relying solely on binary rules.

These models could intelligently differentiate between automated bot traffic and legitimate usage even when both originated from shared or obscured IP spaces. This approach allowed them to retain full-spectrum protection while dramatically reducing user disruption and false block rates.
In his experience, Komarthi points out that one of the most overlooked aspects of web security is the user experience. “Blocking by IP address or country is a blunt instrument,” he said. “It doesn’t account for how the internet works today people use mobile proxies, VPNs, CGNAT and global CDNs.”

At SonicWALL, instead of blocking first, they started analyzing traffic behavior such as session consistency, navigation patterns, and request timing to determine intent. This shift from rule-based denial to context-aware evaluation not only enhanced protection but also restored trust in the user experience.

Komarthi’s role was critical in this evolution. He led the QA automation efforts for a wide range of features that interacted with encrypted traffic, IP reputation services, and adaptive WAF layers. He created testing frameworks that simulated thousands of user scenarios from normal browsing and mobile app traffic to scraping bots and stealthy crawlers.

“By feeding these simulations into our AI-enhanced inspection engines, I was able to validate how effectively the system could distinguish malicious intent from non-traditional but valid traffic,” Komarthi said.

One of his most notable contributions was integrating a feedback loop into the testing process. Instead of relying on static test results, the system learned from new inputs, refining detection logic over time using baseline traffic behaviors. This allowed for more precise filters and significantly reduced false positives.

Now at Fortinet, Komarthi has expanded this work by developing telemetry-driven test harnesses for FortiWeb, Fortinet’s WAF platform. These tools allow for validation of context-aware protections across cloud environments, ensuring that new web applications are both secure and user-friendly. At McAfee, his background in embedded testing taught him to recognize that behaviour patterns rather than payload contents often reveal more about potential threats.

Taken together, Komarthi’s body of work points to a shift in the web security space: one where intelligent, behaviour-based models replace rigid rulebooks. His approach doesn’t just prevent breaches it makes the digital experience better for everyone, from banking customers to enterprise users.

As security threats evolve and internet infrastructure grows more complex, Komarthi believes the development of web security lies in smarter systems that learn from context rather than react to stereotypes. For users tired of hitting error messages on legitimate websites, it’s a welcome shift, towards a smoother online experience.