How Wallarm WAF works

Unlike default cloud WAFs, Wallarm automates protection for apps and APIs with no manual tuning and investments into ongoing maintenance allowing the team to focus on different tasks. It scales. It works.

415 Brannan St, San Francisco, CA 94107
(415)940-7077
request@wallarm.com

2020 © Wallarm Inc.

Request a demo

How to prepare App Exposure API Protection Cloud-Native Security Replace old WAF!

Start your demo today!

Request a demo

Wallarm VS regular WAFs

Deploy in cloud

Wallarm

Regular WAF

Up in 30 minutes

Built for it

Low. No tuning.

Just works

Doesn’t break apps

Finds exploitable issues

Hard, not scalable

Poor or zero

High. Requires tuning

Nightmare. Not usable.

False positives kill it

Zero

API protection

TCO

Blocking mode

CI/CD readiness

Vulns detection

Protect modern applications on the web-scale and meet security compliance

Cloud Native NG-WAF

App Exposure

Identify APPs and API that require protection and discover vulnerabilities

API Threat Protection

Secure your exposed API and internal microservices in zero-trust environments

Universal protection for all your APIs

Against a full spectrum of threats

OWASP Top 10
OWASP Top 10 API
API Abuse
Credential Stuffing /
Account Takeover

Universal solution to protect APIs

SOAP / XML-RPC
- any XML-based
REST/RESTFul
- any JSON-based
GraphQL NEW!
gRPC NEW!

Deep API Request Inspection

Super-fast analysis of API calls for the payloads that can be harmful

Intelligent Parsing

Run w/o configuration
Doesn’t require schema
Automatically recognize data formats
Apply necessary parsers/decores
Apply chain of parsers
Works great in CI/CD

App Exposure Vulnerability scanner

You can’t protect what you don’t know

Track changes in your attack surface

Discover attack surface and shadow resources

Domains. Servers. Services.

Wallarm protects hundreds of Hi-Tech Companies globally

Optimised for performance

Streaming mode for near-zero latency

#1 Attack Detection

Wallarm Nodes mitigates attacks in real-time, locally

OWASP Top 10 Threats
Account Takeover
Business Logic Attacks
Misconfiguration
API Abuse

No RegExps
Strong bypass Resistance
libDetection, signature-free based on grammar analysis

Real-time blocking. Near zero latency

Combination of unique detection techniques

#2 Gain Low TCO.
Near-zero False Positives

Use you WAF in blocking mode!

Wallarm’s new libDetection and core signature-less attack detection provides low false positive from day one.
Metadata continuously collected from nodes helps to refine rules to make them application-specific

Automation
24/7 team of analysts

#3 The Only WAF with
Automated Incident Analysis

Active Verification of every detected attack with the cloud-based scanner.

Finding app-specific vulnerabilities using hacker / bug hunters intelligence
Prioritizing potential security incidents

Passive scans — verifying app responses to incoming requests.
Black-box scans for well-known vulnerabilities

Quick integrations

Setup cross-team workloads via your existing DevOps and security toolchain

Deployment options

Built from ground up to protect both legacy and cloud-native tech stack

Cloud Native WAF and API Security

Wallarm Cloud Console

When to consider Wallarm?

Protects APIs and microservices (RESTful API, GraphQL, gRPC)

Get Security and Developers into shared workflows

For migration to multi-cloud / multi-CDN environments

Meet PCI DSS, SOC2 and other compliance requirements

Near-zero False Positives with automatic tuning