Managed WAF as a Service
Always-Optimized Protection
from Fortra Managed WAF
Web applications are a critical part of your business and vital to how customers interact with you. Unfortunately, web apps also give attackers another gateway into your critical assets and data.
A fully optimized WAF:
1. Protects users and sensitive data
2. Keeps your applications online
3. Protects entry to
your network
4. Exceeds compliance requirements
While other WAF have features that can deliver these outcomes, most organizations do not have the internal team capacity to ensure they are configured and fine-tuned regularly to ensure optimal security. Fortra Managed WAF provides both the technology and web security team to maximize WAF optimization and protection while minimizing false positives.
Realize the Full Potential
of Enterprise-Grade WAF Features
OWASP & CWE coverage
Protection against exploits for the OWASP top 10 and the CWE top 25 most dangerous software weaknesses through a combination of negative security signatures and positive security profiles.
DDoS protection
Abnormally high volumes of traffic (L7) are redirected and absorbed by the largest public cloud providers to mitigate even the most extreme-scale DDoS attacks. CAPTCHA and silent challenges leave legitimate users unhindered.
Client-side protection
Protect your users and exceed new PCI DSS 4.0 requirements with industry-leading controls that eliminate both reflected and inline (stored) cross-site scripting (XSS) attacks.
API protection
Protect exposed APIs from application and DDoS attacks with targeted policies informed by automated API discovery and mapping.
Zero-day emerging threat detection
Our global threat research team delivers a broad signature set allowing capture of zero-days and targeted virtual patches for emerging threat proof of concept exploits.
Rule and behavior-based detection
Session anomaly detection, usage-based application machine learning detections combine with a huge signature set to provide defense from attacks on web applications.
Credential attack protection
Secure your web apps from brute force attacks and exploitation using stolen credentials, including credential stuffing attacks.
BOT management
Protect against automated attacks and unwanted data scraping bots including session anomaly detection, challenge, and CAPTCHA actions.
Virtual patching
Critical vulnerabilities must be patched within 15 days. Bridge this gap with managed virtual patching for over 100 leading applications, ensuring continuous protection between patch cycles.
Dynamic trust-based policies
Trust scores are dynamically assigned to each connection based on Fortra’s threat intelligence and the behavior of the source connection to minimize false positives and maximize protections.
Auto scaling and high availability setup
Flexible deployment options let you choose the best way to implement our virtual web application firewall for any environment.
Application delivery controls
Leverage features including virtual hosts, load balancing, caching and acceleration to simplify operations and improve network performance.
Additional WAF controls
Our managed WAF as a service provides a full set of features, including end-to-end encryption, rate limiting, data masking, connection throttling, and more.
Managed WAF Services
Delivered from Web Security Experts
Security profile configuration
This collection of user-defined settings validates traffic before forwarding. This includes policies, caching, acceleration, load balancing, and HTTP request throttling, as well as system parameters like network interfaces, IP addresses, and failover configurations.
False positive resolution
Web security experts will resolve identified or reported false positives, fine tuning policies to minimize the risk of false positives while optimizing protections. Backed by a 15-minute response SLA to reported false positives.
Ongoing management and tuning
Regular syncs with our web security experts and your application owners ensures WAF security profiles are continuously optimized, kept ready for new releases, and updated with the latest protections.
24/7 SOC support
Our SOC’s web security analysts are available 24/7 to assist with queries and requests related to your WAF deployments, configurations, and general UI support.
Managed deployment
Alert Logic’s project management team works with our technical experts and your team to ensure a rapid and hassle-free deployment in any environment.
Where Human Expertise Meets Machine Learning and Automated Intelligence
Fortra Managed WAF harnesses the power of machine learning to craft tailored traffic profiles for each customer. Security experts refine these profiles to ensure precise, site-specific protection for websites and APIs. The process includes rigorous testing in detect mode to fine-tune configurations, resulting in a high-fidelity security profile. This approach delivers effective protection by blocking malicious traffic while ensuring seamless access for legitimate users and bots. With Fortra Managed WAF, customers benefit from a proven, adaptable solution designed to meet their unique security needs.
Live threat intelligence enables dynamic connection trust scoring systems, applying heightened scrutiny to IP addresses actively used by threat actors or those previously involved in targeting other Fortra customers.
The Fortra Threat Intelligence Advantage
To stay ahead of the ever-changing threat landscape, Fortra Threat Intelligence integrates insights and data from tens of thousands of global customers across its portfolio. This enables us to monitor the progression of tactics employed by malicious actors, compile a comprehensive repository of active threats and campaigns, and develop research-based security policies and controls. These include virtual patches, signature updates, and attacker source IPs, which are automatically delivered to our customers, ensuring robust protection against threats targeting web applications and APIs.
Behavioral-based content is leveraged to detect, monitor for, and block more unusual attacks that web application firewalls with more specific signatures will miss.
Complete WAF Setup & Management
From installation, deployment through to configuration, our experts ensure your managed WAF is ready to block threats against your critical web applications.
Our analysts fine-tune your WAF by monitoring your web app traffic, allow-listing valid requests and data, and building a policy that blocks malicious web traffic and other undesired activity.
As new threats emerge and your apps and portfolio change, our security analysts will update your policies as needed or required. Our services eliminate the steep learning curve and associated staffing costs that come with managing a WAF internally.
Traditional & Behavior-based Threat Detection
Essential Compliance Coverage
Ensure compliance with PCI DSS 4.0 6.4.1, 6.4.2, 6.4.3, and 11.6.1, as well as other compliance mandates. PCI DSS penetration testing often involves both internal and external network assessments to identify vulnerabilities and exploit potential attack vectors targeting web applications. Cloud-based web application firewalls may be bypassed, potentially failing to meet these compliance standards.
WAF Resources
Enhance Your Native SaaS and Serverless Security with a WAF
Blog
Prevent DDoS Attacks in Real Time with On-Demand Protection
Blog
Client-Side Risks Under PCI DSS 4.0: What You Need to Know
Blog