CloudGuard WAF is an automated solution that delivers superior benefits of a top-tier Web Application Firewall with API Protection, requiring minimal manual intervention. The AI engine continuously learns the behavior of your application, tracking changes throughout its lifecycle. This ensures a minimal false positive rate and reduces tedious rule tuning after each application change.

CloudGuard WAF-as-a-Service delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security.

CloudGuard WAF-as-a-Service supports is available in advanced and premium tier packages.

The advanced package provides:

AI-based engines for zero-day prevention

Intrusion prevention signatures to block OWASP Top 10 known attacks

AI-based contextual analysis engine to ensure precise detection rate with minimal

false positives

Advanced DDoS mitigation to ensure your applications stay accessible to

legitimate users by mitigating attacks that overwhelm your network, servers, or

applications

Rate limiting based on identifiers such as IP address and XFF (limited to 5 rules)

Intrusion Prevention (IPS), over 2,800 Web CVEs, based on award-winning NSS-

Certified IPS

Bot prevention

Snort 3.0 signature enforcement engine

The premium package includes all advanced package features, and adds:

Real-time API discovery, sensitive data, and public exposure governance

Auto-generated swagger schema for validation and schema enforcement

Unlimited rate limiting

Rate limiting functionality adds identifiers such as keys within JWT, cookies, or

headers

Zero-day file security