Sold by: Cyber Security Cloud
Deployed on AWS
Cyber Security Cloud Managed Rules are designed to mitigate and minimize vulnerabilities, including all those on OWASP API Security Top 10 Threats list. By using our rulesets, you can start protecting your API Gateway right away with a low false-positive rate and a higher defense capability.
3.5
Overview
This product is for new AWS WAF. Cyber Security Cloud Managed Rules are compiled in a comprehensive package to mitigate and minimize vulnerabilities, including the most serious OWASP API Security/Serverless Top 10 Threats. With the API Gateway/Serverless ruleset, you can start protecting your Amazon API Gateway and Serverless environment right away with a low false-positive rate and a higher defense capability.
Included are a lot of managed rules targeting common vulnerabilities such as code injection techniques (SQLi, NoSQLi, OScommandi, etc), XML External Entity attacks, Server Side Request Forgery, XSS, directory traversal and Malicious Bots rulesets.
Highlights
- Can build a more secure API Gateway and Serverless environment immediately
- Designed to have the defense capability needed to protect your API Gateway and Serverless, with a low false-positive rate
- Minimizes OWASP API Security/Serverless Top 10 threats
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Charge per month in each available region (pro-rated by the hour) | $25.00 |
Charge per million requests in each available region | $1.20 |
Vendor refund policy
Non-Refundable
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
For issues related specifically to Cyber Security Cloud Managed Rules, you can contact support offered by Cyber Security Cloud by email.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Cyber Security Cloud
By Fortinet Inc.
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
OWASP Threat Coverage
Managed rules designed to mitigate OWASP API Security and Serverless Top 10 threats
Code Injection Prevention
Rules targeting code injection techniques including SQLi, NoSQLi, and OS command injection attacks
Advanced Attack Detection
Detection capabilities for XML External Entity attacks, Server Side Request Forgery, XSS, directory traversal, and malicious bot identification
AWS WAF Integration
Managed rules compiled for AWS WAF integration with API Gateway and Serverless environments
False Positive Optimization
Ruleset engineered to maintain low false-positive rates while providing comprehensive defense capability
OWASP Top 10 Protection Coverage
Comprehensive ruleset protecting against all OWASP Top 10 web application threats including SQL Injection, Cross Site Scripting, General and Known Exploits, Malicious Bots, and Common Vulnerabilities and Exposures (CVE)
Threat Intelligence Updates
Regular updates from FortiGuard Labs to include latest threat information and security signatures
Configurable Response Actions
Rules can be configured to log, alert, and/or block detected threats
FortiWeb Security Signatures
Rulesets based on FortiWeb web application firewall security service signatures
AWS WAF Integration
Managed rule group compatible with AWS WAF for web application firewall deployment across multiple web ACLs and regions
OWASP Top 10 Attack Protection
Provides protection against web attacks including SQL injection, cross-site scripting (XSS), command injection, NoSQL injection, path traversal, and predictable resource exploitation.
Managed Rule Updates
Rules are written, managed and regularly updated by F5's security specialists to ensure protection against evolving threats without requiring manual intervention.
AWS WAF Integration
Rules can be attached to AWS WAF instances for immediate deployment and protection enhancement.
Automated Threat Detection
Utilizes security expertise to identify and mitigate vulnerabilities that are part of the OWASP Top 10 attack vectors.
Pay-as-You-Go Licensing Model
Rules are licensed on a consumption-based pricing structure where usage determines costs.
Standard contract
No
No
No
Customer reviews
Lokesh Arora
Security guardrails have protected web and AI workflows but rules need more flexibility and accuracy
Reviewed on Apr 15, 2026
Review from a verified AWS customer
What is our primary use case?
Our main use case for Cyber Security Cloud Managed Rules is mostly web application because it protects the front end and also with the CDN we are using it, so it protects the CDN exposed applications as well.
A specific example of how we have used Cyber Security Cloud Managed Rules to protect our web applications or CDN is that we have a proper dashboard of all attacks that were attempted on those exposed URLs at the application level and we have clear visibility. Whenever there is some type of IP which is trying to DDoS our domain, then it gets automatically blocked and we have configured alerts as well. We do get a consolidated report weekly and monthly that shows a lot of hits, what the IP was, and that it was automatically blocked.
We also have AI workload, so it is important to consider that in our main use case for Cyber Security Cloud Managed Rules. We are catering to that in our workflow and trying to manage it so that even our AI workflows do not have prompt injections or, if we are having agents, we do not get man-in-the-middle attacks with the prompts.
What is most valuable?
The best feature that Cyber Security Cloud Managed Rules offers in my experience is the ability to roll it out in a dry run, which would be a useful way of testing things without impacting real user traffic. After implementing the rules, I would need good observability to get an idea of how effective they are and what I should change to make them better.
Cyber Security Cloud Managed Rules has positively impacted our organization because we are a tech company, so we always prefer to get security first. This is a big thing when it comes to exposing any domain. We would want to ensure that we have secure guardrails around it, and whenever we roll it out, we properly ensure that there was a design doc, there was a review, and make sure that it was behind those security gates to avoid any issues after go-live. It is a proper process that we follow to ensure that no new application sneaks through and before go-live, all these checks are done.
What needs improvement?
Sometimes false positives do come across, and we have incidents where people who are actually trying to access are getting blocked out, which is how I think Cyber Security Cloud Managed Rules can be improved. It is getting better, but sometimes these cases do happen. I would imagine the opposite is also true where there are certain cases where attackers are able to sneak through. For example, we have been using AI workloads and in that, certain times we have had issues where prompt injection can cause problems. We would to incorporate this in all the workflows where we are using AI as well, so possibly more stringent rules around that would be beneficial.
Cyber Security Cloud Managed Rules does the job, and if you have it configured in the correct way as per your requirements, such as IP sets or SQL injection, you are able to get a basic cover, but the workloads are evolving, and I would like to see more flexibility around those rules so that I can make better use of them. Because use cases are increasing, I would to play around with the rules a bit more so that I can say with certainty that my workloads are secure and ingress traffic is secure. That would help me, so I would give a better rating if that can happen.
Cyber Security Cloud Managed Rules are generally stable in my experience, but if a new attack vector rises or if something new comes up, they are not very adaptable, which is my feeling and experience. I would say they are stable, but not very versatile.
For how long have I used the solution?
We have been using Cyber Security Cloud Managed Rules for a good few years because I have always worked in AWS . We use AWS WAF and generally at that level, we are protecting all our resources from DDoS and other kinds of attacks, so there are managed rules inside WAF that we use. We also use Fastly , and with Fastly , we get Signal Sciences as a tool, which is a next-gen WAF that can be used to protect against any cross-site scripting or SQL injection and other kinds of attacks.
What do I think about the stability of the solution?
Cyber Security Cloud Managed Rules are generally stable in my experience, but if a new attack vector rises or if something new comes up, they are not very adaptable, which is my feeling and experience. I would say they are stable, but not very versatile.
What do I think about the scalability of the solution?
I think Cyber Security Cloud Managed Rules are quite scalable, and in terms of the traffic we are getting, they are able to filter out any issues or if it is coming from sources that we do not intend them coming from. They are quite stable and scalable in that sense.
How are customer service and support?
Which solution did I use previously and why did I switch?
I have not used any other solution before Cyber Security Cloud Managed Rules other than WAF and WAF rules. It has always been that.
Before choosing Cyber Security Cloud Managed Rules, I have always used WAF as a web application firewall and at the network level, we have a network firewall. That is how it has been. At the API Gateway level also we have WAF and even if we expose it via a load balancer, we use WAF. No matter how we expose to the internet, it has always been WAF in the forefront. WAF rules are the thing we have always used.
What was our ROI?
I would say time saved is a big metric as a return on investment with Cyber Security Cloud Managed Rules because we are not always looking for things manually or stopping attacks manually. This is helpful because we have automated WAF rules, so they obviously come to the forefront and help protect us against any of the attacks. That is a time save. We have alerts configured if there is an issue. We do not have to manually go and find out about those issues; we usually get an idea of what is going on. A big benefit would be time save, which in engineering can be converted to money saved as well.
What other advice do I have?
In terms of how I use dry run mode and observability with the managed rules, we implement it in a count mode. We will only not block any traffic, but just get a count and get an idea of how the rule would work. Observability-wise, generally in Fastly CDN, we do get a dashboard of how the traffic is getting served. If there is some kind of suspicious IPs or any IP set which is coming from a certain country which we do not want the traffic coming from, then it gets blocked. We have proper visibility.
I think the AI space is something really big right now, so I would to see some improvements around those lines.
I am not one hundred percent sure if we purchased Cyber Security Cloud Managed Rules through the AWS Marketplace . We may have, but I have not looked into that.
I have not been involved in the pricing, setup cost, and licensing phase for Cyber Security Cloud Managed Rules. It usually comes via procurement, so I am not involved in the licensing side of things because I am mostly technical and I am someone who implements things. I have not come across looking at the pricing, licensing, or setup cost.
I would give Cyber Security Cloud Managed Rules an overall rating of seven.
Rohit Racharla
Managed rules have protected our APIs and AI chatbot and now need better automation and insights
Reviewed on Apr 14, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Cyber Security Cloud Managed Rules is for the API Gateway and for OWASP security.
I am integrating these WAF rules with the API Gateway and CloudFront to ensure security from cybersecurity issues, minimizing vulnerabilities and mitigating threats from hackers, including the OWASP top 10 web application threat lists. I have configured it for our front end and for the API Gateway.
I am using Cyber Security Cloud Managed Rules for our GenAI applications, specifically for the chatbot I have recently created, which helps tremendously and prevents hackers' exploits in our application.
What is most valuable?
The best features that Cyber Security Cloud Managed Rules offers include low false positive rates, bot detection, zero-day threats, real-time authentication, and real-time threat intelligence.
In my day-to-day work, I find the malicious bot detection feature of Cyber Security Cloud Managed Rules to be the most valuable.
Cyber Security Cloud Managed Rules has positively impacted my organization by reducing the manual WAF management by fifty percent and accelerating the automated updates and improvement in threat intelligence.
What needs improvement?
Cyber Security Cloud Managed Rules can be improved by automating the responses, enhancing visibility, providing deeper insights, integrating with DevOps and SecOps, and facilitating real-time analysis.
For how long have I used the solution?
I have been using Cyber Security Cloud Managed Rules for the last one year.
What do I think about the stability of the solution?
Cyber Security Cloud Managed Rules is stable; I have been using it for the last two years without encountering any major issues.
What do I think about the scalability of the solution?
Cyber Security Cloud Managed Rules is totally scalable by automatically and elastically adjusting to traffic demands without any manual intervention, supporting horizontal scaling while reducing the operational burden, which is important for my application use case.
How are customer service and support?
I have not had the chance to connect with customer support until now.
Which solution did I use previously and why did I switch?
I have not used any other solution, and I am continuing with this cybersecurity option.
How was the initial setup?
The experience with pricing, setup cost, and licensing for Cyber Security Cloud Managed Rules is straightforward. I have a dedicated team that takes care of this, and I am not much involved in those activities. I provide them with my requirements, and they provide solutions accordingly.
What was our ROI?
I have seen a return on investment; it has saved money from hackers who demand bounties for application breaches. Regarding time, it is directly taken from the AWS Marketplace , meaning not much time is needed for configuration.
What's my experience with pricing, setup cost, and licensing?
I have four years of experience in financial matters related to pricing, setup cost, and licensing.
What other advice do I have?
I surely recommend using Cyber Security Cloud Managed Rules for AI applications because, as a cloud engineer and operations engineer, I feel more comfortable using these cybersecurity managed rules without any issues in real-time.
I do not have any additional thoughts about Cyber Security Cloud Managed Rules at the moment, but if I encounter something while developing more agentic AI applications in the future, I hope to find something helpful for improving the cybersecurity managed rules. I have provided this review with a rating of seven.