CloudGuard WAF is an automated solution that delivers superior benefits of a top-tier Web Application Firewall with API Protection, requiring minimal manual intervention. The AI engine continuously learns the behavior of your application, tracking changes throughout its lifecycle. This ensures a minimal false positive rate and reduces tedious rule tuning after each application change.

CloudGuard WAF-as-a-Service delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security.

CloudGuard WAF-as-a-Service supports is available in advanced and premium tier packages.

The advanced package provides:

• AI-based engines for zero-day prevention
• Intrusion prevention signatures to block OWASP Top 10 known attacks
• AI-based contextual analysis engine to ensure precise detection rate with minimal
  false positives
• Advanced DDoS mitigation to ensure your applications stay accessible to legitimate users by mitigating attacks that overwhelm your network, servers, or applications
• Rate limiting based on identifiers such as IP address and XFF (limited to 5 rules)
• Intrusion Prevention (IPS), over 2,800 Web CVEs, based on award-winning NSS- Certified IPS
• Bot prevention
• Snort 3.0 signature enforcement engine

The premium package includes all advanced package features, and adds:

• Real-time API discovery, sensitive data, and public exposure governance
• Auto-generated swagger schema for validation and schema enforcement
• Unlimited rate limiting
• Rate limiting functionality adds identifiers such as keys within JWT, cookies, or headers
• Zero-day file security