How Wallarm WAF works

Unlike default cloud WAFs, Wallarm automates protection for apps and APIs with no manual tuning and investments into ongoing maintenance allowing the team to focus on different tasks. It scales. It works.

Start your PoC today

415 Brannan St, San Francisco, CA 94107

2020 © Wallarm Inc.

When to consider Wallarm WAF?


of the customers use Wallarm WAF in full blocking mode

Near-zero False Positives


10K protected applications and API’s


80 integrations and supported platforms


support in POC 
and in production

Start your trial today!

Request a demo

Team is unhappy with with the legacy WAF

Need to protect APIs and microservices

Get Security and Developers into shared workflows

cloud-native infrastructure

Migrating to multi-cloud / multi-CDN environments

Meet PCI DSS, SOC2 and other compliance requirements

Replace your yesterday’s WAF

Deploy in cloud


Your legacy WAF

Up in 30 minutes

Built for it

Low. No tuning.

Just works

Doesn’t break apps

Finds exploitable issues

Hard, not scalable

Poor or zero

High. Requires tuning

Nightmare. Not usable.

False positives kill it


API protection


Blocking mode

CI/CD readiness

Vulns detection

Protect modern applications on the web scale and meet security compliance

Cloud-Native NGWAF

App Exposure

Identify apps and API that require protection and discover vulnerabilities

API Threat Protection

Secure your exposed API and internal microservices in zero-trust environments

Universal protection for all your APIs

Against a full spectrum of threats

  • OWASP Top 10
  • OWASP Top 10 API 
  • API Abuse
  • Credential Stuffing / 
    Account Takeover

Universal solution to protect APIs

    • any XML-based
    • any JSON-based
  • GraphQL NEW!
  • gRPC NEW!

Deep API Request Inspection

Super-fast analysis of API calls for the payloads that can be harmful

Intelligent Parsing

  • Run w/o configuration
  • Doesn’t require schema
  • Automatically recognize data formats
  • Apply necessary parsers/decores
  • Apply chain of parsers
  • Works great in CI/CD

App Exposure Vulnerability scanner

You can’t protect what you don’t know

Track changes in your attack surface

Discover attack surface and shadow resources

  • Domains. Servers. Services.

Wallarm protects hundreds of Hi-Tech Companies globally

Optimised for performance
  • Streaming mode for near-zero latency

Single solution for your web exposure:

Product Demo


Dashboard functionality overview for Wallarm Automated Cloud Application Security Platform

Dissecting One Attack


Wallarm Automated Cloud Application Security Platform: Dissecting one attack

API Deep Request Inspection


Wallarm Automated Cloud Application Security Platform:
API Deep Request Inspection

the attack surface


Exploring company's attack surface with Wallarm Scanner

#1 Attack Detection

Wallarm Nodes mitigates attacks in real-time, locally  

  • OWASP Top 10 Threats 
  • Account Takeover
  • Business Logic Attacks
  • Misconfiguration
  • API Abuse
  • No RegExps
  • Strong bypass Resistance
  • libDetection, signature-free based on grammar analysis

Real-time blocking. Near zero latency

Combination of unique detection techniques

#2 Gain Low TCO.
Near-zero False Positives

Use you WAF in blocking mode!

  1. Wallarm’s new libDetection and core signature-less attack detection provides low false positive from day one.
  2. Metadata continuously collected from nodes helps to refine rules to make them application-specific
  • Automation
  • 24/7 team of analysts

#3 The Only WAF with
Automated Incident Analysis

  • Active Verification of every detected attack with the cloud-based scanner.
  • Finding app-specific vulnerabilities using hacker / bug hunters  intelligence
  • Prioritizing potential security incidents

  • Passive scans — verifying app responses to incoming requests.
  • Black-box scans for well-known vulnerabilities

Quick integrations 

Setup cross-team workloads via your existing DevOps and security toolchain

Deployment options

Built from ground up to protect both legacy and cloud-native tech stack

Cloud-Native WAF and API Security 

Identify PoC requirements and objectives

Setting up Wallarm Node

Checking setup by test attacks / tools

Evaluating performance, latency, and features

Setting up integrations with DevOps, SIEM, SOC

Checking up the detection quality and PoC objectives

Formal POC plan checklist, 24/7 support through POC

Week 1

Week 2

Wallarm Cloud Console