Web Application Firewall
Block attacks and patch web application vulnerabilities.
Industry-leading cloud service for scalable, simple and powerful protection of web applications
“We are excited that Qualys WAF will allow us to act quickly and respond to threats by using the one-click virtual patching feature to remediate active vulnerabilities.”
David Cook Chief Security Officer at Jive Software
Highlights
True, integrated web app security
Qualys gives you a single, interactive console for web application vulnerability detection (Qualys WAS) and protection (Qualys WAF) for seamless identification and mitigation of risks — for a dozen apps or thousands. Scan your web apps using WAS, and deploy virtual patches for confirmed vulnerabilities to WAF. You can manage it all from a centralized portal. Security teams can now secure their web apps without having to involve network security teams — lowering operational complexity and costs.
Cloud agility
With no special hardware to buy nor maintain, Qualys WAF’s virtual appliance can be deployed and scaled up quickly on premises using VMware, Hyper-V or Docker; and in public cloud platforms, such as AWS, Azure or Google Cloud Platform. Application traffic stays in your environment to minimize latency and maintain control. WAF continuously communicates with the Qualys Cloud Platform, tracking configuration changes and sending it the latest security events.
Full visibility into firewall operation
WAF gives you complete visibility into its data for continuous monitoring, risk assessments and remediation plans. A dashboard summarizes website traffic information and security event trends. Detailed threat information lets you assess severity and adjust security settings. Search for suspicious activity and drill down into threat data to gain actionable insights. WAF continuously indexes security events into your local Elastic search or Splunk clusters, making your data instantly discoverable.
Strong rules, flexible control
WAF protects your web apps using security policies backed by Qualys’ security intelligence, and one-click responses to security events. You can address your own security needs with simple, customizable and reusable policies and rules. Qualys’ out-of-the-box policies are designed for popular platforms such as WordPress, Joomla, Drupal, Outlook Web Application and Sharepoint. It also includes generic templates for unknown applications and frameworks.
Prevent breaches by blocking attacks on web server vulnerabilities
You can’t protect – nor defend yourself from – what you don’t know is in your network, like unapproved devices and unauthorized software. Qualys gives you full horizontal visibility of all hardware and software, scaling up to millions of assets – on premises, in cloud instances and mobile endpoints.
Benefit from native, deep integration between WAF and WAS
Empower security professionals to rapidly discover and mitigate critical security concerns. With the new ScanTrust feature, Qualys WAF combines with Qualys WAS to provide true visibility for your web applications: Detect with WAS, protect with WAF and get scalable scanning, false-positive reduction and one-click patching to web apps.
Simplify IT compliance
It’s easier than ever for employees to bypass their IT department and adopt web apps, a trend that generates significant security and compliance risks. Simultaneously, the quantity and complexity of government regulations, industry mandates and internal policies that impact InfoSec technologies and processes continues to grow. WAF can help you comply.
Visualize and report
You need an easy, intuitive way of understanding the security of all your web applications at once. WAF gives your security team complete visibility into its data for continuous monitoring, risk assessments and remediation paths. WAF tools for visualization and reporting include a graphics-rich dashboard, interactive insights and detailed information on each threat and ways to address it.
Powered by the Qualys Cloud Platform
Single-pane-of-glass UI
See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all of their IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.
Centralized & customized
Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption & strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.
Easy deployment
Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, no software to install, and no databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.
Scalable and extensible
Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved