Tencent Cloud Web Application Firewall (WAF) helps internal and external Tencent Cloud users fight security issues such as web attacks, intrusions, exploits, trojans, tampering, backdoors, crawlers and domain name hijacking. By deploying WAF, corporate users can redirect the threat and pressure of web attacks to the protection cluster nodes of WAF, obtaining the web business protection capabilities of Tencent Cloud in just minutes to safeguard websites and secure the operations of web businesses.
Web attack recognition is based on AI+ rules. It is anti-bypass and low in both false negative and false positive rates. Web attack recognition defends effectively against common web attacks including the OWASP top 10 web security threats (SQL injection, unauthorized access, cross-site scripting, cross-site request forgery, web shell trojan upload, etc).
The 24/7 monitoring service from Tencent's security team identifies and responds to vulnerabilities proactively. Within 24 hours, it issues virtual patches to combat zero-day and high-risk web vulnerabilities. Protected users can get zero-day and emergency vulnerability protection instantly and automatically, reducing vulnerability response time dramatically.
Users can cache core web contents to the cloud and publish cached web pages, which act as substitutes and can prevent the negative consequences of web page tampering.
Backend data is well protected by pre-event server and application concealing, mid-event attack prevention and post-event sensitive data replacement and concealing.
WAF’s customized access control, human-machine identification and frequency limitation can effectively filter spam access and reduce CC attacks.
The AI+ rules-based webpage crawler and bot management feature of WAF helps enterprises avoid business risks caused by malicious bot behaviors, including website user data leakage, content infringement, competing price comparison, inventory search, malicious SEO and business strategy leakage.
WAF performs nationwide DNS verification of the domain names submitted by the customer to detect and display the hijacking conditions of the protected domain names in various regions, helping avoid data theft and financial losses caused by the hijacking of website users.
Traditional WAF core engines generally use a collection of regular expressions, which are prone to false negatives bypass and false positives that can result in operation problems. In contrast, Tencent Cloud WAF adopts AI+ rules-based dual engine detection technology to maximize detection and capture of known and unknown threats. It minimizes false positives and adapts to changing web applications.
Utilizing AI for threat prevention, rule-based dual engine, cross-validation and continuous learning, WAF can accurately and effectively identify and block various conventional, zero-day and new types of attacks.
It's possible that common semantic learning-based AI technologies for threat prevention may be bypassed by experienced hackers. However, the AI system of WAF is based on Tencent's proprietary probability map technology and trained with massive amounts of data of attacks and normal access requests to Tencent's business platforms, significantly strengthening WAF's ability to identify threats and adaptively protect constantly changing web applications.
By continuously learning the characteristics of high volumes of business data, WAF can automatically generate business-based personalized protection strategies to prevent false positives of special business access requests.
Leveraging Tencent's 20 years of experience in processing massive amounts of data and fighting against cybercriminals, Tencent Cloud has established an industry-leading big security data and threat intelligence platform, which contains detailed information about numerous botnets, global proxies, high anonymity proxies and tor proxies and billions of malicious IPs (for database comparison, brute force attacks, scans, etc.), vulnerabilities and crawlers. In addition, the platform includes great volumes of Internet attack traceability data and domain name attack data.
By fully taking advantage of Tencent's big data-based threat intelligence capabilities, WAF can identify known and unknown attacks and threats on the Internet as soon as they occur. It enables protected users to share threat intelligence, quickly detect intrusions to web businesses and dynamically adjust threat protection strategies to defend against various zero-day attacks and intrusions by cybercriminals.
Security OPS teams are overwhelmed by ever-increasing zero-day vulnerabilities. Relying on Tencent's top threat intelligence capabilities, WAF actively detects and promptly identifies high-risk web vulnerabilities and zero-day vulnerabilities and generates protection rules accordingly. Protected users can use WAF to combat emergent and zero-day vulnerabilities without performing any operations, safeguarding websites from ever-emerging web vulnerabilities.
Tencent's professional security team offers 24/7 response services for such vulnerabilities.
Patches will be made available within 12 hours after identification for high-risk vulnerabilities and within 24 hours for common vulnerabilities.
The attack protection strategies of WAF are automatically updated in the cloud and then uniformly distributed globally in just seconds.
WAF boasts a proprietary AI+ rules-based bot and crawler management module that can differentiate between friendly and malicious bots and crawlers and utilize corresponding management strategies such as letting through the traffic of search engine bots and blocking the traffic of malicious item information crawlers. This feature reduces resource consumption, information leakage and business competition caused by malicious bots and crawlers while ensuring the normal operations of friendly ones (such as search engine bots and advertising programs). Learn more.
WAF supports the identification of many types of known bot and crawler behaviors, including but not limited to feed fetching, advertising, screenshotting, search engine crawling, website monitoring, link querying, utility crawling, vulnerability scanning, virus killing, web crawling and speed testing.
It can intelligently identify undisclosed and malicious crawler programs and crawler traffic with exceptions by using AI technology to model and learn business traffic characteristics, normal human access behaviors and bot access behaviors.
The bot behavior identification rules of WAF can be customized based on the referer characteristics, UA characteristics, request rate, number of times, parameters, path characteristics, IP range, etc.
Bot behaviors and blocking details can be classified and displayed graphically to provide a basis for bot management decision-making.
Strategies for "monitoring", "blocking" and "letting through" can be flexibly configured.
DNS hijacking attacks can cause serious damage to your business and brand reputation. With the aid of Tencent's numerous terminal detection points and powerful cloud-based data analysis capabilities, WAF performs nationwide DNS verification on domain names submitted by the customer to detect and display the hijacking conditions of the protected domain names in various regions, helping eliminate business risks caused by DNS hijacking.
Attacks such as web attacks and system vulnerability exploits operate the backend database, resulting in the leakage of sensitive data like user identity and contact information stored in the database. For data thefts, WAF provides pre-, mid-, and post-event strategies:
Pre-event: WAF hides server information such as response codes and database error messages and identifies and blocks hacking scans to prevent footprinting and vulnerability detecting by hackers and increase the difficulty of hacking.
Mid-event: WAF detects and blocks hacking and intrusive behaviors such as SQL injections and web shell uploads to prevent the database from being further intruded on by hackers.
Post-event: WAF features custom information leakage protection rules that automatically enable data replacement strategies for detected data thefts, i.e., replacing and hiding sensitive data (such as phone numbers and ID card numbers) in the attack response transmission to prevent the data from being acquired by hackers.
WAF comes with time-tested CC attack protection algorithms, which intelligently and efficiently filter out spam access requests by blocking numerous malicious requests at layer-4 and layer-7. This effectively defends against CC attacks, protects business data from malicious crawling and guarantees the stability of normal business access.
CC attacks can be identified based on access frequency and criteria.
Strategies for "access blocking" or "human-machine recognition" can be enabled.
The punishment duration can be customized.
After WAF is deployed for a website, the core webpages can be cached to the cloud and the webpages in the cache can be published instead to implement webpage substitution. After the deployment, any changes to webpage content will be published only after they are synced to the cloud-based cache in WAF, ensuring that the updates of the protected webpages are controllable and reliable:
If the real server is tampered with due to attacks, the content published is still that of the normal webpages in the cache, which prevents the tampering event from spreading.
During sensitive periods, the content published can be locked as that of the webpages in the cache, intensifying protection against tampering during sensitive periods.
WAF offers a simplified cloud-based web application firewall protection and management experience. In addition, it allows the flexible configuration of protection strategies, making it easy to meet the defense needs of special businesses.
Custom defense rules: Web attack protection measures can be configured according to refined custom defense rules that are based on IPs, URL paths, referers and POST parameters.
Region-specific blocking: WAF supports extensive region-based blocking that blocklists all access requests from a specific region such as a province or country
Protection mode: The "blocking mode" or "observation mode" can be chosen based on your actual business protection needs.
Business offerings are often subject to DDoS attack threats. For abrupt high-volume DDoS attacks, WAF provides the function to access Tencent Cloud's Anti-DDoS system with one click, which synchronously covers core regions and seamlessly integrates with hundreds of gigabytes of protection packets to hide real servers and defend against massive DDoS attacks.
Anti-DDoS Advanced offers 2 Gbps of free basic protection bandwidth that can meet the daily needs of enterprise users for secure business operations.
WAF takes advantage of Tencent Cloud's platforms to guarantee the availability of business traffic.
WAF clusters can be deployed in multiple regions with their loads distributed globally to avoid single points of failure.
A highly available elastic scaling architecture is used among nodes, which can quickly migrate and restore data in case of faults and scale the protection capabilities on demand.
The protective cluster resources for different users are isolated to eliminate the potential interplay among business protection services.
WAF protects business data from being intruded on, tampered with and stolen and filters out all kinds of attack and spam traffic, supporting the normal and stable operations of core Internet+ businesses.
It eliminates the negative impact of various issues caused by malicious bots, such as copyright infringements, malicious SEO, data crawling and leakage and spam traffic.
It features high availability and elastic scalability based on business size and reduces protection costs.
WAF intelligently filters out attacks and spam access requests by malicious crawlers to ensure smooth business access in various high-concurrence scenarios such as flash-sales and marketing campaigns.
It eliminates the negative impact of various issues such as competing price comparison, inventory query and malicious SEO caused by malicious bots and crawlers to ensure the effectiveness of marketing strategies.
It features high availability and elastic scalability based on business size and reduces protection costs.
WAF effectively detects and identifies access requests with exceptions such as web intrusions, database comparison and DNS hijacking to protect user information from leakage.
It identifies and manages the behaviors of bot programs and assists with the anti-crawler management strategies of financial organizations to help prevent financial information from being crawled on and protect financial strategies from leakage.
WAF protects the content of government service websites (such as those for governmental affairs, healthcare, education, social security and taxation) from being hacked and tampered with. It also prevents the intrusion and theft of civic data and ensures the availability of civic services.
WAF protects corporate portals from intrusions, trojans and tampering to avoid economic losses and brand image damage caused by website security incidents.
Its hardware-free and OPS-free characteristics help enterprises reduce security-related labor costs.
Tencent Cloud Web Application Firewall is pay-as-you-go with a daily billing cycle. No advanced payment is required. The bill is generated daily according to the QPS peak and billing tier. View more>>