Tencent Cloud Web Application Firewall (WAF) helps internal and external Tencent Cloud users fight security issues such as web attacks, intrusions, exploits, trojans, tampering, backdoors, crawlers and domain name hijacking. By deploying WAF, corporate users can redirect the threat and pressure of web attacks to the protection cluster nodes of WAF, obtaining the web business protection capabilities of Tencent Cloud in just minutes to safeguard websites and secure operations of web businesses.
Web attack recognition is based on AI+ rules. It is anti-bypass and low in both false negative and false positive rates. Web attack recognition defends effectively against common web attacks including the OWASP top 10 web security threats (SQL injection, unauthorized access, cross-site scripting, cross-site request forgery, web shell trojan upload, etc).
The 24/7 monitoring service from Tencent security team identifies and responds to vulnerabilities proactively. Within 24 hours, it issues virtual patches to zero-day and high-risk web vulnerabilities. Protected users can get zero-day and emergency vulnerability protection instantly and automatically, cutting vulnerability response time dramatically.
Users can cache core web contents to the cloud and publish cached web pages. It acts like a substitute and can prevent negative consequences of web page tampering.
Backend data is well protected by pre-event server and application concealing, mid-event attck prevention and post-event sensitive data replacement and concealing.
WAF’s customized access control, human-machine identification and frequency limitation can effectively filter spam access and reduce CC attacks.
The AI+ rules-based webpage crawler and bot management feature of WAF helps enterprises avoid business risks caused by malicious bot behaviors, including website user data leakage, content infringement, competing price comparison, inventory search, malicious SEO and business strategy leakage.
WAF performs nationwide DNS verification of the domain names submitted by the customer to detect and display the hijacking conditions of the protected domain names in various regions, helping avoid data theft and financial losses caused by hijacking of website users.
Traditional WAF core engines generally use a collection of regular expressions, which are prone to false negatives bypass and false positives and can result in operation problems. In contrast, Tencent Cloud WAF takes the lead to adopt AI+ rules-based dual engine detection technology to maximize detection and capture of known and unknown threats. It minimizes false positives and adapts to changing web applications.
With AI for threat prevention, rule-based dual engine, cross-validation and continuous learning, WAF can accurately and effectively identify and block various conventional, zero-day and new types of attacks.
There are chances that common semantic learning-based AI technologies for threat prevention may be bypassed by experienced hackers. However, the AI system of WAF is based on Tencent's proprietary probability map technology and trained with massive amounts of data of attacks and normal access requests to Tencent's business platforms, which is proven to significantly increase the ability to identify threats and adaptively protect constantly changing web applications.
By continuously learning the characteristics of high volumes of business data, WAF can automatically generate business-based personalized protection strategies to prevent false positives of special business access requests.
Leveraging Tencent's 20 years of experience in processing massive amounts of data and fighting against cybercriminals, Tencent Cloud has established an industry-leading big security data and threat intelligence platform, which contains detailed information about high numbers of botnets, global proxies, high anonymity proxies and tor proxies and billions of malicious IPs (for database comparison, brute force attacks, scans, etc.), vulnerabilities and crawlers. In addition, the platform includes great volumes of internet attack traceability data and domain name attack data.
By fully taking advantage of Tencent's big data-based threat intelligence capabilities, WAF can identify known and unknown attacks and threats on the internet as soon as they occur. It enables protected users to share threat intelligence, quickly detect intrusions to web businesses and dynamically adjust threat protection strategies to defend against various zero-day attacks and intrusions by cybercriminals.
Security OPS teams are overwhelmed by ever-increasing zero-day vulnerabilities. Relying on Tencent's top threat intelligence capabilities, WAF actively detects and promptly identifies high-risk web vulnerabilities and zero-day vulnerabilities and generates protection rules accordingly. Protected users can enjoy WAF's capabilities of protection against emergent and zero-day vulnerabilities without any operations required, keeping protected websites from ever-emerging web vulnerabilities.
Tencent's professional security team offers 24/7 response services for such vulnerabilities.
Patches will be made available within 12 hours after identification for high-risk vulnerabilities and 24 hours for common vulnerabilities.
The attack protection strategies of WAF are automatically updated in the cloud and then uniformly distributed globally in just seconds.
WAF boasts a proprietary AI+ rules-based bot and crawler management module which can differentiate between friendly and malicious bots and crawlers and take corresponding management strategies such as letting through the traffic of search engine bots and blocking the traffic of malicious item information crawlers. This feature reduces resource consumption, information leakage and business competition caused by malicious bots and crawlers on the one hand and ensures normal operations of friendly ones (such as search engine bots and advertising programs) on the other hand. Learn more
WAF supports the identification of many types of known bot and crawler behaviors, including but not limited to feed fetching, advertising, screenshotting, search engine crawling, website monitoring, link querying, utility crawling, vulnerability scanning, virus killing, web crawling and speed testing.
It can intelligently identify undisclosed and malicious crawler programs and exceptional crawler traffic by using AI technology to model and learn business traffic characteristics, normal human access behaviors and bot access behaviors.
The bot behavior identification rules of WAF can be customized based on referer characteristics, UA characteristics, request rate, number of times, parameters, path characteristics, IP range, etc.
Bot behaviors and blocking details can be classified and displayed graphically to provide a basis for bot management decision-making.
Strategies for "monitoring", "blocking" and "letting through" can be flexibly configured.
DNS hijacking attacks can cause serious damage to your business and brand reputation. With the aid of Tencent's high numbers of terminal detection points and powerful cloud-based data analysis capabilities, WAF performs nationwide DNS verification of domain names submitted by the customer to detect and display the hijacking conditions of the protected domain names in various regions, helping eliminating business risks caused by DNS hijacking.
Attacks such as web attacks and system vulnerability exploits operate the backend database, resulting in leakage of sensitive data like user identity and contact information stored in the database. For data thefts, WAF provides pre-, mid-, and post-event strategies:
Pre-event: WAF hides server information such as response codes and database error messages and identifies and blocks hacking scans to prevent footprinting and vulnerability detecting by hackers and increase the difficulty of hacking.
Mid-event: WAF detects and blocks hacking and intruding behaviors such as SQL injections and web shell uploads to prevent the database from being further intruded by hackers.
Post-event: WAF features custom information leakage protection rules that automatically enable data replacement strategy for detected data thefts, i.e., replacing and hiding sensitive data (such as phone number and ID card number) in the attack response transmission to prevent the data from being acquired by hackers.
WAF comes with time-tested CC attack protection algorithms, which intelligently and efficiently filter out spam access requests by blocking high numbers of malicious requests at layer 4 and layer 7. This effectively defends against CC attacks, protects business data from malicious crawling and guarantees the stability of normal business access.
CC attacks can be identified based on access frequency and criteria.
Strategy for "access blocking" or "human-machine recognition" can be enabled.
Punishment duration can be customized.
After WAF is deployed for a website, core webpages can be cached to the cloud and the webpages in the cache can be published instead, realizing the effect of webpage substitution. After the deployment, any changes to webpage content will be published only after they are synced to the cloud-based cache in WAF, ensuring that the updates of the protected webpages are controllable and reliable:
If the real server is tampered with due to attacks, the content published is still that of the normal webpages in the cache, which prevents the tampering event from spreading.
During sensitive periods, the content published can be locked as that of the webpages in the cache, intensifying protection against tampering for sensitive periods.
WAF offers a simplified cloud-based web application firewall protection and management experience. Plus, it allows flexible configuration of protection strategies, making it easy to meet the defense needs of special businesses.
Custom defense rules: Web attack protection measures can be configured according to refined custom defense rules that are based on IP, URL path, referer and POST parameters.
Region-specific blocking: WAF supports extensive region-based blocking that blacklists all access requests from a specific region such as a province or country.
Protection mode: ""Blocking mode"" or ""Observation mode"" can be chosen based on actual business protection needs.
Business offerings are often subject to DDoS attack threats. For abrupt high-volume DDoS attacks, WAF provides the function to access Tencent Cloud's Advanced Anti-DDoS system with one click, which synchronously covers core regions and seamless integrates with hundreds of gigabytes of protection packs to hide real servers and defend against massive DDoS attacks.
Advanced Anti-DDoS offers 2 Gbps of free basic protection bandwidth that can meet daily needs for secure business operations.
WAF takes advantage of Tencent Cloud's platforms to secure the realizability and availability of business traffic.
WAF clusters can be deployed in multiple regions with their loads distributed globally to avoid single points of failure.
A highly available elastic scaling architecture is used among nodes, which can quickly migrate and restore data in case of faults and scale the protection capabilities on demand.
The protective cluster resources for different users are isolated to eliminate the potential interplay among business protection services.
WAF protects business data from being intruded, tampered with and stolen and filters out all kinds of attack and spam traffic, supporting normal and stable operations of core internet+ businesses.
It eliminates the negative impact of various issues caused by malicious bots, such as copyright infringements, malicious SEO, data crawling and leakage and spam traffic.
It features high availability and elastic scalability based on business size and reduces protection costs.
WAF intelligently filters out attacks and spam access requests by malicious crawlers to ensure smooth business access in various high-concurrence scenarios such as flash-sales and marketing campaigns.
It eliminates the negative impact of various issues such as competing price comparison, inventory query and malicious SEO caused by malicious bots and crawlers to ensure the effectiveness of marketing strategies.
It features high availability and elastic scalability based on business size and reduces protection costs.
WAF effectively detects and identifies exceptional access requests such as web intrusions, database comparison and DNS hijacking to protect user information from leakage.
It identifies and manages the behaviors of bot programs and assists with the anti-crawler management strategies of financial organizations to help prevent financial information from being crawled and protect financial strategies from leakage.
WAF protects the content of government service websites (such as those for governmental affairs, health care, education, social security and taxation) from being hacked and tampered with. It also prevents intrusion and theft of civic data and ensures the availability of civic services.
WAF protects corporate portals from intrusions, trojans and tampering to avoid economic losses and damage to brand image caused by website security incidents.
Its hardware-free and OPS-free characteristics help enterprises reduce security-related labor costs.
WAF is billed postpaid monthly based on the basic package and add-on packages. For more details, please go to the purchase page. After purchasing the basic package is purchased, you will be able to purchase add-on packages for domain names, QPS and bandwidth according to your actual business needs. View more>>