WAF as a Service
Web applications are an important part of your business and vital to how customers interact with you. Unfortunately, web applications also give attackers another gateway into your critical assets and data.
Businesses need to distinguish the good traffic from the bad in real-time, accurately. Fortra’s Alert Logic delivers a competitively priced, highly versatile, enterprise-level, cloud-ready WAF that comes with a team of experts to eliminate the complexity for you.
Complete Setup and Management
From installation, deployment through to configuration, our experts ensure your Web Application Firewall is ready to block threats against your critical web applications.
Our analysts fine-tune your Managed WAF by monitoring your web application traffic, whitelisting valid requests and data, and building a policy that blocks malicious web traffic and other undesired activity.
As new threats emerge and your apps and portfolio change, our web application security experts analysts will update your policies as needed or required. Our services eliminate the steep learning curve and associated staffing costs that come with managing a WAF.
Tuned and Optimized
Combining deep expertise in enterprise web applications and security with an intimate knowledge of web application technologies and the threat landscape, our dedicated team partners with you to optimize the Alert Logic technologies based on your unique profile.
Our out-of-the-box policies cover 10,000+ vulnerabilities, including unique flaws in off-the-shelf and custom web applications (e.g., OWASP Top 10, URL tampering, web scraping, buffer overflow attacks, Zero-Day web application threats, and DoS attacks).
Traditional and Behavior Based Threat Detection
Fortra Managed WAF provides comprehensive features to protect your web applications and APIs. Whitelisting, blacklisting, and signature-based blocking are augmented by a learning engine that builds a model of your application to recognize activity that deviates from a known-good baseline of traffic. Using both a positive and negative security model in this way means our virtual WAF knows how to recognize malicious activity as well as unexpected activity.
How a WAF Differs from a
If you’re wondering what the difference is between a network firewall and a web application firewall, also known as WAF, you’re not alone. Watch this short educational video to learn more.
Leveraging Fortra’s Threat Intelligence
To keep pace with the constantly evolving threat landscape, Fortra’s Threat Intelligence unifies the portfolio’s programs and insights gathered from tens of thousands of global customers. This allows us to track the evolution of tactics used by bad actors, build and maintain a repository of active threats and campaigns, and create research-driven security policies and controls — including virtual patches, signature updates, and attacker source IPs— that are automatically distributed to our customers helping to maintain security posture against threats to web applications and APIs.
Behavioral-based content is leveraged to detect, monitor for, and block, more unusual attacks that WAFs with more specific signatures will miss.
Essential Compliance Coverage
Immediately meet the web application firewall requirement of PCI DSS 3.2.1 6.4, PCI DSS 4.0 6.4.2, and other compliance mandates. PCI DSS penetration tests are often performed from inside the network as well as outside, to try to attack web applications through all possible vectors. Cloud-based WAFs may be bypassed and can fail this requirement.
24/7 SUPPORT FROM OUR SOC
Alert Logic’s MDR platform supports the flexibility of a combined infrastructure with security and compliance across your hybrid cloud environment.
Alert Logic project management team works with our technical experts and your teams to ensure a rapid and hassle-free deployment.
ONGOING MANAGEMENT & TUNING
A strong partnership between Alert Logic’s virtual WAF experts and your teams enable us to deliver the best experience.
Abnormally high volumes of traffic (L7) are redirected and absorbed upstream, protecting against even extreme-scale DDoS attacks. For WAF Deployments in AWS and Azure.
Protect exposed APIs from application attacks with targeted policies informed by automated API discovery and mapping.
FALSE POSITIVE RESOLUTION
Our web security experts will responsibly resolve identified or reported false positives, fine tuning policies to maintain protections and legitimate access.
ZERO-DAY EMERGING THREAT DETECTION
Our global threat research team delivers a broad signature set allowing capture of zero-days and emerging threats.
Rule and Behavior-Based Detection
Usage-based application learning combines with a huge signature set to provide defence from web application attacks.
Credential Attack Protection
Secure your application from exploitation using stolen credentials, including credential stuffing attacks.
Protect against automated attacks and unwanted data scraping bots using session anomaly detection and CAPTCHA enforcement.
Managed application of virtual patches for 100+ top applications keeps apps secure between patch cycles.
Adaptive Trust-based Policies
Minimize false positives and maximize protections by applying policies of increased scrutiny based on connection trust score.
Fortra Threat Intelligence
Unifies leading intelligence programs and insights from securing tens of thousands of customers to track active tactics and techniques and actively malicious infrastructure.
Fully featured WAF as a Service
Our WAF as a service provides a full set of features, including end to end encryption, rate limiting, data masking, connection throttling and more.
AUTO-SCALING AND HIGH AVAILABILITY SETUP
Flexible deployment options let you choose the best way to implement our virtual web application firewall.
CLOUD DEPLOYMENT READY
Auto-scaling in the cloud allows you to deal with the highly variable load that can come with doing business digitally.
APPLICATION DELIVERY CONTROLS
Leverage features including virtual hosts, load balancing, caching and acceleration to simplify operations and improve network performance.