Web Application Firewall

WAF is a platform for protection against attacks and vulnerabilities in web applications that allows to significantly reduce costs and time-consuming efforts aimed at achieving a high level of security for web applications and websites.
Find out more
Price list
Technical characteristics

  • DAST scanner checks common mistakes in business logic, OWASP Top10
  • The DAST scanner detects application-specific vulnerabilities and uses knowledge warehouse on application logic. The warehouse is updated using machine learning on real traffic
  • Use of several variants of DNS & BGP queries along with other open sources. It visualizes the surface of a potential attack. Scanning determines configuration errors and serious vulnerabilities
  • One of the lowest percentages of false positive results and automatic detection of valid false negative results. Training to identify false positive results in the whole cloud
  • Configuring when working with APIs is not required for any data encodings including multiple nested encodings
  • Automatic identification and decoding of all current data formats for web applications. Including such serialization formats as XML, JSON, WebSockets, Base64, GZIP, VIEWSTATE, PHP, Java, etc.
  • Security regulations are updated automatically and are adapted to traffic
  • Service is based on the "Valarm" platform for protecting and testing web applications
Technical characteristics
  • DAST scanner checks common mistakes in business logic, OWASP Top10
  • The DAST scanner detects application-specific vulnerabilities and uses knowledge warehouse on application logic. The warehouse is updated using machine learning on real traffic
  • Use of several variants of DNS & BGP queries along with other open sources. It visualizes the surface of a potential attack. Scanning determines configuration errors and serious vulnerabilities
  • One of the lowest percentages of false positive results and automatic detection of valid false negative results. Training to identify false positive results in the whole cloud
  • Configuring when working with APIs is not required for any data encodings including multiple nested encodings
  • Automatic identification and decoding of all current data formats for web applications. Including such serialization formats as XML, JSON, WebSockets, Base64, GZIP, VIEWSTATE, PHP, Java, etc.
  • Security regulations are updated automatically and are adapted to traffic
  • Service is based on the "Valarm" platform for protecting and testing web applications

Advantages

Simplicity and convenience

  • Automatic tuning and self-learning of system based on real traffic and attacks
  • Continuous machine learning ensures constant updates of protection rules

Cost-effectiveness

  • Solution cost is significantly lower in comparison with hardware solutions

Reliability and guarantees

  • Virtual Patching (restricting access to vulnerable parts of the application until they are fixed)
  • Incidents recorded only for confirmed vulnerabilities
  • Customer sensitive data never goes leaves the perimeter
  • Solution is easily modified by increasing the number of nodes that allow to maintain data control
  • Best detection of Zero Day attacks, behavioral attacks, OWASP Top 10, bots and password selection
  • Works without signatures and confirms threats in real time

Infrastructure

1
Web traffic goes through filtering nodes deployed in the client's infrastructure.
2
Filter nodes block attacks and send statistics on traffic to computing cluster (Valarm cloud).
3
Every 15 minutes Valarm Cloud updates blocking rules with the help of machine learning for each of the protected applications.
4
Vulnerability Scanner checks vectors of detected attacks for the presence of relevant vulnerabilities in the application.
5
When an incident is detected client is notified

Rates

Select the rate
Basic WAF service
Standard
WAF service
Fail-safe
configuration
of WAF service
DDoS protection
(traffic up to 1000 RPS included)
Network vulnerability scanner
DDoS attacks review and
Zero-Day Attacks detection
Behavioral Attack Protection1
Module of advanced configurations2 and Virtual patching3
Node capacity
1
1
2
70 000 RUB
90 000 RUB
135 000 RUB

*The monthly service cost is specified in Rubles excluding VAT.
1Automatic attacks made to obtain information (e.g. Brute-force – submitting many passwords with the hope of guessing)
2 Allow for the administrator to create manual rules of blocking
3 Access limitation to the vulnerable parts of the soft until they are fixed

Service provides:

Protection of web portals and web apps from hacker attacks
Protection against theft, substitution and unauthorized access to web application data
Automatic attack detection system
Single user account for all protected applications and roles
Analytics intelligence on attacks and incidents
Perimeter and vulnerability scanner
Security and Incident Report constructor
Technical characteristics
  • DAST scanner checks common mistakes in business logic, OWASP Top10
  • The DAST scanner detects application-specific vulnerabilities and uses knowledge warehouse on application logic. The warehouse is updated using machine learning on real traffic
  • Use of several variants of DNS & BGP queries along with other open sources. It visualizes the surface of a potential attack. Scanning determines configuration errors and serious vulnerabilities
  • One of the lowest percentages of false positive results and automatic detection of valid false negative results. Training to identify false positive results in the whole cloud
  • Configuring when working with APIs is not required for any data encodings including multiple nested encodings
  • Automatic identification and decoding of all current data formats for web applications. Including such serialization formats as XML, JSON, WebSockets, Base64, GZIP, VIEWSTATE, PHP, Java, etc.
  • Security regulations are updated automatically and are adapted to traffic
  • Service is based on the "Valarm" platform for protecting and testing web applications

Advantages

Simplicity and convenience

  • Automatic tuning and self-learning of system based on real traffic and attacks
  • Continuous machine learning ensures constant updates of protection rules

Cost-effectiveness

  • Solution cost is significantly lower in comparison with hardware solutions

Reliability and guarantees

  • Virtual Patching (restricting access to vulnerable parts of the application until they are fixed)
  • Incidents recorded only for confirmed vulnerabilities
  • Customer sensitive data never goes leaves the perimeter
  • Solution is easily modified by increasing the number of nodes that allow to maintain data control
  • Best detection of Zero Day attacks, behavioral attacks, OWASP Top 10, bots and password selection
  • Works without signatures and confirms threats in real time
FAQ
?What are the advantages of cloud WAF?
?Is it possible to order the WAF service from you and keep the website hosting separately on another server or infrastructure that is convenient for us?
?Does WAF service protect against DDoS attacks?
?Can I order WAF service if our infrastructure is located in #CloudMTS IaaS Federal Law-152 segment?