Hassle-Free Enterprise-Level

WAF as a Service

Web applications are a critical part of your business and vital to how customers interact with you. Unfortunately, web apps also give attackers another gateway into your critical assets and data.

Businesses need to accurately distinguish good traffic from the bad in real-time. Fortra’s Alert Logic delivers a competitively priced, highly versatile, enterprise-level, cloud-ready WAF that comes with a team of experts to eliminate the complexity of managing the WAF for you.

Web Application Firewall - WAF as a Service visual explanation

Complete Setup and Management

From installation, deployment through to configuration, our experts ensure your web application firewall is ready to block threats against your critical web applications.

Our analysts fine-tune your managed WAF by monitoring your web application traffic, allow-listing valid requests and data, and building a policy that blocks malicious web traffic and other undesired activity.

As new threats emerge and your apps and portfolio change, our security analysts will update your policies as needed or required. Our services eliminate the steep learning curve and associated staffing costs that come with managing a WAF.

Tuned and Optimized

Combining deep expertise in enterprise web applications and security with an intimate knowledge of web app technologies and the threat landscape, our dedicated team partners with you to optimize the Alert Logic technologies based on your unique profile.

Our out-of-the-box policies cover 10,000+ vulnerabilities, including unique flaws in off-the-shelf and custom web applications (e.g., OWASP Top 10, URL tampering, web scraping, buffer overflow attacks, Zero-Day web application threats, and DoS attacks).

Web Application Firewall - WAF as a Service visual explanation

Traditional and Behavior Based Threat Detection

Fortra Managed WAF provides comprehensive features to protect your web applications and APIs. Allow-listing, deny-listing, and signature-based blocking are augmented by a learning engine that builds a model of your application to recognize activity that deviates from a known-good baseline of traffic. Using both a positive and negative security models in this way means our virtual WAF knows how to recognize malicious activity as well as unexpected activity.

Visual representation of WAF utilizing traditional and behavioral threat detection

 

How a WAF Differs from a
Network Firewall

If you’re wondering what the difference is between a network firewall and a web application firewall, also known as WAF, you’re not alone. Watch this short educational video to learn more.

 

 

Leveraging Fortra’s Threat Intelligence

To keep pace with the constantly evolving threat landscape, Fortra’s Threat Intelligence unifies the portfolio’s programs and insights gathered from tens of thousands of global customers. This allows us to track the evolution of tactics used by bad actors, build and maintain a repository of active threats and campaigns, and create research-driven security policies and controls — including virtual patches, signature updates, and attacker source IPs — that are automatically distributed to our customers helping to maintain security posture against threats to web applications and APIs.

Behavioral-based content is leveraged to detect, monitor for, and block more unusual attacks that WAFs with more specific signatures will miss.

Essential Compliance Coverage

Meet the web application firewall requirements of PCI DSS 4.0 6.4.1, 6.4.2, 6.4.3, and 11.6.1, as well as other compliance mandates. PCI DSS penetration tests are often performed from inside the network as well as outside, to try to attack web apps through all possible vectors. Cloud-based WAFs may be bypassed and can fail this requirement.

pci dss

Capabilities

24/7 SUPPORT FROM OUR SOC

Alert Logic’s MDR platform supports the flexibility of a combined infrastructure with security and compliance across your hybrid cloud environment.

MANAGED DEPLOYMENT

Alert Logic project management team works with our technical experts and your teams to ensure a rapid and hassle-free deployment.

ONGOING MANAGEMENT & TUNING

A strong partnership between Alert Logic’s virtual WAF experts and your teams enable us to deliver the best experience.

DDoS PROTECTION

Abnormally high volumes of traffic (L7) are redirected and absorbed upstream, protecting against even extreme-scale DDoS attacks. For WAF Deployments in AWS and Azure.

API PROTECTION

Protect exposed APIs from application attacks with targeted policies informed by automated API discovery and mapping.

FALSE POSITIVE RESOLUTION

Our web security experts will responsibly resolve identified or reported false positives, fine tuning policies to maintain protections and legitimate access.

ZERO-DAY EMERGING THREAT DETECTION

Our global threat research team delivers a broad signature set allowing capture of zero-days and emerging threats.

Rule and Behavior-Based Detection

Usage-based application learning combines with a huge signature set to provide defence from web application attacks.

Credential Attack Protection

Secure your application from exploitation using stolen credentials, including credential stuffing attacks.

Bot Management

Protect against automated attacks and unwanted data scraping bots using session anomaly detection and CAPTCHA enforcement.

Virtual Patching

Managed application of virtual patches for 100+ top applications keeps apps secure between patch cycles​.

Adaptive Trust-based Policies

Minimize false positives and maximize protections by applying policies of increased scrutiny based on connection trust score.

Fortra Threat Intelligence

Unifies leading intelligence programs and insights from securing tens of thousands of customers to track active tactics and techniques and actively malicious infrastructure.

Fully featured WAF as a Service

Our managed WAF as a service provides a full set of features, including end to end encryption, rate limiting, data masking, connection throttling and more.

AUTO-SCALING AND HIGH AVAILABILITY SETUP

Flexible deployment options let you choose the best way to implement our virtual web application firewall.

CLOUD DEPLOYMENT READY

Auto-scaling in the cloud allows you to deal with the highly variable load that can come with doing business digitally.

APPLICATION DELIVERY CONTROLS

Leverage features including virtual hosts, load balancing, caching and acceleration to simplify operations and improve network performance.

Ready to Protect Your Organization with Fortra Managed WAF?