8 800 250-10-01Connect
Project solutions
Оставить заявку

Web Application Firewall (WAF)

Web Application Firewall (WAF)

WAF is a platform for protection against attacks and vulnerabilities in web applications.

Web Application Firewall (WAF)

Exploiting vulnerabilities in corporate web resources is one of the most popular ways for attackers to break into the perimeter. Valarm-based cloud firewall (WAF) reduces costs and efforts to achieve a high level of site and web application security.

Automatic system for detecting attacks and unauthorized access attempts
Perimeter and vulnerability scanner
Single personal account for all protected applications and roles
Security status and incident report builder

Why does a web application need a Firewall?

Popular environment for attacks

About 70% of web applications contain critical vulnerabilities that can be used to access sensitive data

Rapid development

The vast majority of vulnerabilities are caused by errors in the source code. In the pursuit of functionality, developers often miss solutions to security issues

Point protection

Intrusion detection systems (IPS) are not suitable for protecting web applications, and conventional firewalls are useless against application vulnerabilities

Strong web applications protection

Protection against SQL injection, XSS, XXE, RCE and other threats OWASP Top-10

Prevent brute force, account theft, and other similar attacks

Detecting attacks on application logic

Continuous machine learning ensures constant updates of protection rules

Fast scaling by increasing the number of nodes and maintaining control over data

Low percentage of false positive results and automatic detection of valid false negative results.

Detailed Analytics on detected threats

Solution cost is significantly lower in comparison with hardware solutions

Works without signatures and confirms threats in real time

Technical characteristics

Errors and vulnerabilities detection

The DAST scanner detects application-specific vulnerabilities and uses knowledge warehouse on application logic.

Surface and potential attack visualization

Use of several variants of DNS & BGP queries along with other open sources. It visualizes the surface of a potential attack. Scanning determines configuration errors and serious vulnerabilities

Recognition of popular formats

All modern web application data formats are automatically identified and decoded, including XML, JSON, WebSockets, Base64, GZIP, VIEWSTATE, PHP, Java, and others



"Web traffic goes through filtering nodes deployed in the client's infrastructure."


Filter nodes block attacks and send statistics on traffic to computing cluster (Valarm cloud).


Every 15 minutes Valarm Cloud updates blocking rules with the help of machine learning for each of the protected applications.


Vulnerability Scanner checks vectors of detected attacks for the presence of relevant vulnerabilities in the application


When an incident is detected client is notified


Basic WAF Service

  • Detecting a protecting against attacks on web applications module
  • Local intelligence module
  • Control module
  • Cloud-based analytics module
  • Crosschecking attacks module
up to 100 RPS

Request per seconds (Number)

70 000 RUB

monthly payment (excl. VAT)

Standard WAF Service

All modules are included in the price, in addition to the basic WAF service:

  • Perimeter and vulnerability scanner modules
  • Protection against behavioral attacks module 1
  • Advanced Configuration Module 2
  • Virtual patching
up to 500 RPS

Request per seconds (Number)

110 000 RUB

monthly payment (excl. VAT)

1. Автоматизированные атаки, нацеленные на сбор информации, например Brute-force (перебор пар логин‑пароль)
2. Позволяют администратору создавать ручные правила блокировки
3. Ограничение доступа к уязвимым частям приложения до их устранения

Individual configuration of the WAF service

  • Modules сomposition at the customer's choice, for any performance

The parameters are not fixed in the standard contract, edits are made after the order placement

more than 500 RPS

Request per seconds (Number)

On request

Need expert advice on enabling the web application protection service (WAF)? Leave a request — the #CloudMTS expert will contact you shortly and answer all your questions in detail




Data management in hybrid multicloud environments


BaaS и ФЗ-152 — особенности работы в защищенном сегменте


IaaS ФЗ-152: Всё о защите персональных данных в облаке


Corporate mail #CloudMTS


Что такое Публичное облако (Elastic Cloud)


Project solutions


Backup Commvault


Backup Veeam


Private Cloud


Аттестованные Облака ФЗ-152: концепция безопасности и решения С-Терра для виртуальной среды


Объектное S3-хранилище на базе Dell ECS


Построение гибридного облака на практике


Обновленная линейка Microsoft Online Services


Как автоматизировать процессы с помощью VMware vRealize Automation


Инструменты для анализа больших данных в облаке: детали всегда имеют значение


Облачные ИТ-решения в большом бизнесе: мифы, правда и холодный расчет


Обзор современных BaaS-решений для резервного копирования


Решения для оптимизации ИТ-инфраструктуры в сфере логистики


Expert article

The Evolution of Web Application Firewall: From Firewalls to Machine Learning Cloud Security

Read the article
Expert article

Ральф Баер: пиксель, пиксель, огуречик

Read the article
Expert article

Знакомство с vRealize Automation

Read the article
Expert article

Kubernetes: open source против вендорского

Read the article
Expert article

Почему традиционные антивирусы не подходят для публичных облаков. И что делать?

Read the article


1. Flexible cost management whenever your business grows as well as traffic volume. Simply order WAF with required performance service deployed into #CloudMTS virtual infrastructure when your website load increases.2. Cloud solution does not require assembling, installation and maintenance of expensive hardware and equipment. Any hardware becomes outdated and unusable (a need to keep spare parts arises), also one must keep in mind that equipment support period eventually comes to “End of support”.3. You have no need to hire and train specialists.

Yes, WAF will be deployed in #CloudMTS infrastructure and website hosting will remain in any place convenient for you.In this case, we are always happy to offer interesting conditions for infrastructure hosting in our IaaS.

WAF is not suitable for protection against powerful DDoS attacks on overflow of the communication channel and denial of service.A service specifically designed for protection against powerful attacks is available in our portfolio – Protection against DDoS attacks.

Yes, we will additionally set correct settings of safety rules and provide any necessary information.

Sign up to #CloudMTS news updates