Web Application Firewall

An AI-based one-stop web business protection solution

Overview

Tencent Cloud Web Application Firewall (WAF) helps internal and external Tencent Cloud users fight security issues such as web attacks, intrusions, exploits, trojans, tampering, backdoors, crawlers and domain name hijacking. By deploying WAF, corporate users can redirect the threat and pressure of web attacks to the protection cluster nodes of WAF, obtaining the web business protection capabilities of Tencent Cloud in just minutes to safeguard websites and secure operations of web businesses.

Benefits

AI+ Web Application Firewall

Web attack recognition is based on AI+ rules. It is anti-bypass and low in both false negative and false positive rates. Web attack recognition defends effectively against common web attacks including the OWASP top 10 web security threats (SQL injection, unauthorized access, cross-site scripting, cross-site request forgery, web shell trojan upload, etc).

Virtual Patches for Zero-day Vulnerabilities

The 24/7 monitoring service from Tencent security team identifies and responds to vulnerabilities proactively. Within 24 hours, it issues virtual patches to zero-day and high-risk web vulnerabilities. Protected users can get zero-day and emergency vulnerability protection instantly and automatically, cutting vulnerability response time dramatically.

Webpage Tampering Prevention

Users can cache core web contents to the cloud and publish cached web pages. It acts like a substitute and can prevent negative consequences of web page tampering.

Data Leakage Prevention

Backend data is well protected by pre-event server and application concealing, mid-event attck prevention and post-event sensitive data replacement and concealing.

CC Attack Prevention

WAF’s customized access control, human-machine identification and frequency limitation can effectively filter spam access and reduce CC attacks.

Crawler and Bot Behavior Management

The AI+ rules-based webpage crawler and bot management feature of WAF helps enterprises avoid business risks caused by malicious bot behaviors, including website user data leakage, content infringement, competing price comparison, inventory search, malicious SEO and business strategy leakage.

DNS Hijacking Detection

WAF performs nationwide DNS verification of the domain names submitted by the customer to detect and display the hijacking conditions of the protected domain names in various regions, helping avoid data theft and financial losses caused by hijacking of website users.

Features

Tencent Cloud WAF empowers users with top-notch security capabilities and provides protection strategies optimized for web business operations that leverage Tencent's web security protection practices with its own businesses.
Industry-leading AI+ Rules and Dual Engine

Traditional WAF core engines generally use a collection of regular expressions, which are prone to false negatives bypass and false positives and can result in operation problems. In contrast, Tencent Cloud WAF takes the lead to adopt AI+ rules-based dual engine detection technology to maximize detection and capture of known and unknown threats. It minimizes false positives and adapts to changing web applications.

With AI for threat prevention, rule-based dual engine, cross-validation and continuous learning, WAF can accurately and effectively identify and block various conventional, zero-day and new types of attacks.

There are chances that common semantic learning-based AI technologies for threat prevention may be bypassed by experienced hackers. However, the AI system of WAF is based on Tencent's proprietary probability map technology and trained with massive amounts of data of attacks and normal access requests to Tencent's business platforms, which is proven to significantly increase the ability to identify threats and adaptively protect constantly changing web applications.

By continuously learning the characteristics of high volumes of business data, WAF can automatically generate business-based personalized protection strategies to prevent false positives of special business access requests.

Scenarios

Internet+ Businesses

WAF protects business data from being intruded, tampered with and stolen and filters out all kinds of attack and spam traffic, supporting normal and stable operations of core internet+ businesses.

It eliminates the negative impact of various issues caused by malicious bots, such as copyright infringements, malicious SEO, data crawling and leakage and spam traffic.

It features high availability and elastic scalability based on business size and reduces protection costs.

O2O Ecommerce Websites

WAF intelligently filters out attacks and spam access requests by malicious crawlers to ensure smooth business access in various high-concurrence scenarios such as flash-sales and marketing campaigns.

It eliminates the negative impact of various issues such as competing price comparison, inventory query and malicious SEO caused by malicious bots and crawlers to ensure the effectiveness of marketing strategies.

It features high availability and elastic scalability based on business size and reduces protection costs.

Finance Websites

WAF effectively detects and identifies exceptional access requests such as web intrusions, database comparison and DNS hijacking to protect user information from leakage.

It identifies and manages the behaviors of bot programs and assists with the anti-crawler management strategies of financial organizations to help prevent financial information from being crawled and protect financial strategies from leakage.

Government Service Websites

WAF protects the content of government service websites (such as those for governmental affairs, health care, education, social security and taxation) from being hacked and tampered with. It also prevents intrusion and theft of civic data and ensures the availability of civic services.

Corporate Websites

WAF protects corporate portals from intrusions, trojans and tampering to avoid economic losses and damage to brand image caused by website security incidents.

Its hardware-free and OPS-free characteristics help enterprises reduce security-related labor costs.

Pricing

Tencent Cloud Web Application Firewall is Pay-as-You-Go with a daily billing cycle. No advanced payment is required. The bill is generated per day according to the QPS peak and billing tier. View more>>