Sold by: Check Point Software TechnologiesÂ
Deployed on AWS
Check Point CloudGuard WAFaaS is an AI-driven, fully managed web application firewall that provides advanced security for applications and APIs. It delivers real-time protection against zero-day threats, OWASP Top 10 vulnerabilities, DDoS attacks, and more, ensuring high availability, AWS security compliance, and uninterrupted service.
CloudGuard WAFaaS integrates seamlessly with AWS services, including Amazon Route 53, AWS WAF, AWS Shield, AWS API Gateway, Amazon CloudFront, and AWS Lambda, enabling automated threat prevention with minimal operational overhead.
4.4
Overview
Check Point CloudGuard WAF-as-a-Service (WAFaaS) for AWS simplifies web application security by eliminating the complexity of traditional WAF solutions. Easily deployable via AWS Marketplace, it provides automated API discovery, schema validation, and real-time security updates to minimize misconfigurations and unauthorized data exposure.
Designed for cloud-native agility, CloudGuard WAFaaS integrates directly with AWS CI/CD pipelines and Infrastructure-as-Code (IaC) frameworks such as AWS CloudFormation and Terraform. This allows security teams to embed protection into their AWS development workflows without slowing down innovation. It prevents cyber threats, including zero-day attacks, OWASP Top 10 vulnerabilities, bot-driven exploits, and large-scale DDoS attacks, ensuring uninterrupted service availability and security compliance.
CloudGuard WAFaaS delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security.
CloudGuard WAFaaS is available in premium and advanced packages (Advanced package does not include API Discovery and Zero-day file security).
ADVANCED PACKAGE: The Advanced package provides core protection features, including:
- AI-based zero-day prevention: Detects and blocks unknown threats before they exploit vulnerabilities.
- Intrusion Prevention System (IPS): Shields against OWASP Top 10 attacks with over 2,800 Web CVEs.
- AI-driven contextual analysis: Ensures precise threat detection with minimal false positives.
- Advanced DDoS mitigation: Protects applications from overload attacks while keeping services accessible.
- Rate limiting: Controls traffic flow based on IP address and XFF (limited to 5 rules).
- Bot prevention: Detects and blocks automated threats.
- Snort 3.0 signature enforcement: Provides deep packet inspection for enhanced security.
- Includes 3 months of full logs retention (based on the fair usage policy).
PREMIUM PACKAGE: The Premium package includes all Advanced Package features and adds:
- Real-time API discovery & governance: Monitors API traffic for sensitive data exposure and compliance.
- Auto-generated Swagger schema validation: Ensures API security by enforcing structure and access controls.
- Unlimited rate limiting: Expands traffic control beyond IP-based limits, including JWT, cookies, and headers.
- Zero-day file security: Blocks malicious uploads and emerging threats.
- Includes 6 months of full logs retention (based on the fair usage policy).
Highlights
- ZERO-DAY PREVENTION: CloudGuard WAFaaS has demonstrated prevention of zero-day exploits across a wide spectrum of security events, including log4shell, text4shell, and MOVEit, all in real-time.
- DEPLOYED WITHIN MINUTES: CloudGuard WAFaaS delivers a non-agent Web application Firewall, deployable within minutes. Only a one-time DNS configuration is necessary for CloudGuard to start routing traffic securely to applications in the cloud.
- PREVENT DDoS AND AUTOMATED ATTACKS: CloudGuard WAFaaS provides real-time detection and automatic mitigation protection against Distributed Denial of Service (DDoS) attacks and bot-driven assaults.
Details
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
SaaS Premium - Up to 10M Req / Month | CloudGuard WAF-as-a-Service Premium | $1,800.00 |
SaaS Premium - Up to 20M Req / Month | CloudGuard WAF-as-a-Service Premium | $2,240.00 |
SaaS Premium - Up to 30M Req / Month | CloudGuard WAF-as-a-Service Premium | $2,680.00 |
SaaS Premium - Up to 40 Req / Month | CloudGuard WAF-as-a-Service Premium | $3,120.00 |
SaaS Advanced - Up to 10M Req / Month | CloudGuard WAF-as-a-Service Advanced | $1,500.00 |
SaaS Advanced - Up to 20M Req / Month | CloudGuard WAF-as-a-Service Advanced | $1,880.00 |
SaaS Advanced - Up to 30M Req / Month | CloudGuard WAF-as-a-Service Advanced | $2,260.00 |
SaaS Advanced - Up to 40M Req / Month | CloudGuard WAF-as-a-Service Advanced | $2,640.00 |
Additional pricing options: Custom sizing Req / Month | CloudGuard WAF-as-a-Service: Custom sizing | $100,000.00 |
Vendor refund policy
No Refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Check Point CloudGuard Network Security is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and a built-in security management server
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Are you looking for an automated Web Application Firewall (WAF) with precise prevention and no management overheads? CloudGuard WAF delivers AI-enabled Web Application and API protection.
Customer reviews
Ruben Cordero
AI-driven threat detection has reduced incidents and saved team hours weekly
Reviewed on Nov 22, 2025
Review provided by PeerSpot
What is our primary use case?
Check Point CloudGuard WAFÂ 's main use case is protecting web application APIs from external threats. It helps us block common attacks like SQL injections, cross-site scripting, and bot traffic, while also ensuring compliance with the security standards.
One unique aspect of our use case for Check Point CloudGuard WAFÂ is how we leverage it to protect customer APIs that are critical to our business. Because we develop and host several in-house applications, we needed a solution that could adapt quickly to new endpoints and traffic patterns. Check Point CloudGuard WAFÂ has been especially helpful here, automatically learning and adjusting protection without requiring constant manual tuning.
What is most valuable?
The best features Check Point CloudGuard WAFÂ offers include AI-driven threat prevention, protection against OWASP Top 10, and zero-day attacks.
The zero-day attack protection in Check Point CloudGuard WAF has been very effective for us. Instead of waiting for signature updates or manual rule changes, the system uses AI to detect abnormal patterns and block suspicious traffic automatically.
Check Point CloudGuard WAF has positively impacted our organization by strengthening application security while reducing the workload in our team. The AI-driven protection against zero-day attacks and OWASP Top 10 vulnerabilities means threats are blocked automatically before patches are applied. This noticeably reduced the number of incidents we needed to investigate, freeing up time for more strategic projects.
Check Point CloudGuard WAF's ability to preemptively block zero-day attacks is one of its strongest advantages. Instead of relying on traditional signature updates, it uses AI and contextual analysis to spot abnormal traffic patterns and block them before they can exploit vulnerabilities. For example, during the Log4Shell disclosure, Check Point CloudGuard WAF was already blocking the suspicious payloads without us needing to manually adjust rules.
The breach reduction feature of Check Point CloudGuard WAF is one of the most impactful aspects of the solution. It proactively blocks suspicious traffic before it can exploit vulnerabilities, which has noticeably reduced the risk of breach in our environment.
What needs improvement?
Check Point CloudGuard WAF's support is only available in English. I gave Check Point CloudGuard WAF a rating of 9 out of 10 because the language limitation of support keeps it from being a perfect score, as I prefer support in different languages.
For how long have I used the solution?
I have been using Check Point CloudGuard WAF for around six years.
What do I think about the stability of the solution?
Check Point CloudGuard WAF is very stable.
What do I think about the scalability of the solution?
Check Point CloudGuard WAF's scalability is very good, and I have no issues with this.
How are customer service and support?
Check Point CloudGuard WAF's customer support is very great and very fast.
I would give Check Point CloudGuard WAF a rating of 10 for customer support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Azure WAF, but I decided to switch to Check Point CloudGuard WAF.
How was the initial setup?
The first deployment of Check Point CloudGuard WAF was initially difficult because the documentation is not intuitive, but it is no longer an issue.
What about the implementation team?
I do not utilize Check Point CloudGuard WAF alongside any other Check Point products. I prefer to use a centralized WAF or specialist WAF to assess the efficiency improvements provided by Check Point CloudGuard WAF compared to traditional WAFs.
What was our ROI?
I have saved a significant amount of time and resources since implementing Check Point CloudGuard WAF. Before, our teams often spent several hours manually tuning rules and chasing false positives. The detection has now cut the workload by more than half, freeing up three or four hours less per week.
Check Point CloudGuard WAF has reduced our total cost of ownership by approximately 10%. I consider the time saved as a return on investment since using Check Point CloudGuard WAF.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing for Check Point CloudGuard WAF are excellent, and I have no concerns with them.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Check Point CloudGuard WAF.
What other advice do I have?
Check Point CloudGuard WAF is an excellent security tool, and my advice to others looking into using it is that it is complete and modern. Check Point CloudGuard WAF is an excellent solution for web applications, and you should consider it for future deployments. I would rate this product 9 out of 10.
Alejandro M.
Seamless Deployment and Robust Threat Protection with Minimal Maintenance
Reviewed on Nov 19, 2025
Review provided by G2
What do you like best about the product?
The combination of seamless deployment and strong, intelligent threat protection is the greatest upside. The Ease of Implementation was a significant win, allowing us to onboard critical applications with minimal downtime or configuration overhead. The managed intelligence behind the WAF dramatically reduces false positives while effectively stopping complex Layer 7 attacks, freeing up our team to focus on other priorities. Its low maintenance requirement and high-fidelity alerting are also major benefits.
What do you dislike about the product?
While the core WAF functionality is excellent, the reporting and dashboard visualization could be improved for enterprise-level visibility. It sometimes requires extra effort to correlate specific security events across a large fleet of applications outside of the primary console. Furthermore, the initial licensing model required a bit more negotiation to align perfectly with our specific scale-out architecture. However, the strong Customer Support helped us resolve these initial issues quickly.
What problems is the product solving and how is that benefiting you?
The primary problem solved is the comprehensive and proactive defense of critical web applications and APIs against the escalating threat landscape, particularly zero-day attacks and OWASP Top 10 vulnerabilities. This ensures regulatory compliance is consistently met without excessive manual oversight. The benefit is a significant reduction in operational risk and a dramatic increase in security team efficiency, as the intelligent, automated protection means we spend far less time on triage and fine-tuning rules, ultimately accelerating our application deployment timelines.
chetan k.
AI-Driven Security but Costly & Complex Setup
Reviewed on Nov 19, 2025
Review provided by G2
What do you like best about the product?
I appreciate how Check Point CloudGuard WAF effectively protects our cloud-based applications from web attacks, malicious traffic, and zero-day threats. It significantly aids in securing APIs, blocking unauthorized access, and maintaining compliance with security policies. I find it particularly valuable due to its ease of deployment, excellent integration with cloud environments, and robust automated threat prevention. The advanced AI and machine learning capabilities enable it to protect applications without the constant need for manual tuning. Moreover, its dual-layer detection system efficiently identifies both known and zero-day threats. Features like automatic API discovery, strong bot protection, and built-in DDoS mitigation provide a comprehensive solution for modern cloud environments. The system is smart and low-maintenance, automatically learning application behaviors and reducing the need for manual rule tuning while accurately safeguarding API traffic.
What do you dislike about the product?
Some parts of Check Point CloudGuard WAF can feel a bit complex at the beginning, especially the dashboard and policy setup, which may require time to understand. In addition, pricing can be on the higher side compared to other cloud WAF options. While the security is strong, the user experience and guidance could be smoother. The initial setup is not as simple as it appears and needs extra effort for new users who are not familiar with it.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect cloud applications from web attacks and unauthorized access, while ensuring compliance. It automates threat prevention, reduces manual rule-tuning, and efficiently manages security across multi-cloud environments, decreasing operational burden.
Computer Software
Seamless Cloud Integration and Effortless Deployment for DevOps
Reviewed on Nov 19, 2025
Review provided by G2
What do you like best about the product?
I liked that it integrates well with cloud environments and supports laC workflows and this makes the deployment smooth for the Devops team.It is very effective against common web attacks like SQL injection, XSS etc.
What do you dislike about the product?
The User Interface is powerful but it felt slightly overwhelming at first open. Some advanced and powerful options are bit hidden in the menus. Sometimes I felt UI lag issues.
What problems is the product solving and how is that benefiting you?
Cloudguard WAF helped us to tackle two major issues , securing our API's and protecting out web app from modern attacks pattern. During our trial we were able to quickly setup protections against SQL injection and DDOs attack. It gave us better visibility into the suspicious requests and helped us to understand where our product was vulnerable. We used the trial to evaluate whether we could adopt it long term and the experience was vey positive.
Food & Beverages
AI-Powered Protection That Adapts and Blocks Zero-Day Threats
Reviewed on Nov 19, 2025
Review provided by G2
What do you like best about the product?
What I like best is that it uses AI and machine learning, blocking zero-day web attacks, bypassing the need for signatures. It can also distinguish humans from bots using behavioral analysis like mouse movements and keystrokes. The upsides of using the tool basically is that its ML engine adapts to changing traffic patterns automatically and it inspects uploaded files for malicious content. and its frequency of use is high because teams monitor it daily.
What do you dislike about the product?
Well, there is a few things I don't like the cost is higher than more basic WAFs, especially for smaller apps. On the downside if by any chance you have unusual or custom web apps, the contextual ML might misclassify traffic until properly “trained". Their customer support is not that good.
What problems is the product solving and how is that benefiting you?
For my work maintaining order flow is key, forestalling lost earnings and safeguarding customer satisfaction. it helps me to keep safe business information and sensitive data. Since my line of work greatly depend on uptime, logistics, consumer trust and supply chain reliability. the main problem it helps me solve is that it keeps our digital operations secure, stable, readily available - directly shielding both income and brand's standing.