CloudGuard WAF-as-a-Service

Check Point CloudGuard Web Application Firewall-as-a-Service (WAFaaS) for AWS simplifies web application security by eliminating the complexity of traditional WAF solutions. Easily deployable via AWS Marketplace, it provides automated API discovery, schema validation, and real-time security updates to minimize misconfigurations and unauthorized data exposure.

Designed for cloud-native agility, CloudGuard WAFaaS integrates directly with AWS CI/CD pipelines and Infrastructure-as-Code (IaC) frameworks such as AWS CloudFormation and Terraform. This allows security teams to embed protection into their AWS development workflows without slowing down innovation. It prevents cyber threats, including zero-day attacks, OWASP Top 10 vulnerabilities, bot-driven exploits, and large-scale DDoS attacks, ensuring uninterrupted service availability and security compliance.

CloudGuard WAF-as-a-Service delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security.

CloudGuard WAF-as-a-Service is available in premium and advanced packages (Advanced package does not include API Discovery and Zero-day file security).

ADVANCED PACKAGE: The Advanced package provides core protection features, including:

• AI-based zero-day prevention: Detects and blocks unknown threats before they exploit vulnerabilities.

• Intrusion Prevention System (IPS): Shields against OWASP Top 10 attacks with over 2,800 Web CVEs.

• AI-driven contextual analysis: Ensures precise threat detection with minimal false positives.

• Advanced DDoS mitigation: Protects applications from overload attacks while keeping services accessible.

• Rate limiting: Controls traffic flow based on IP address and XFF (limited to 5 rules).

• Bot prevention: Detects and blocks automated threats.

• Snort 3.0 signature enforcement: Provides deep packet inspection for enhanced security.

• Includes 3 months of full logs retention (based on the fair usage policy).

PREMIUM PACKAGE: The Premium package includes all Advanced Package features and adds:

• Real-time API discovery & governance: Monitors API traffic for sensitive data exposure and compliance.

• Auto-generated Swagger schema validation: Ensures API security by enforcing structure and access controls.

• Unlimited rate limiting: Expands traffic control beyond IP-based limits, including JWT, cookies, and headers.

• Zero-day file security: Blocks malicious uploads and emerging threats.

• Includes 6 months of full logs retention (based on the fair usage policy).