Sold by: Check Point Software Technologies
Deployed on AWS
Check Point CloudGuard WAFaaS is an AI-driven, fully managed web application firewall that provides advanced security for applications and APIs. It delivers real-time protection against zero-day threats, OWASP Top 10 vulnerabilities, DDoS attacks, and more, ensuring high availability, AWS security compliance, and uninterrupted service.
CloudGuard WAFaaS integrates seamlessly with AWS services, including Amazon Route 53, AWS WAF, AWS Shield, AWS API Gateway, Amazon CloudFront, and AWS Lambda, enabling automated threat prevention with minimal operational overhead.
4.4
Overview
Check Point CloudGuard WAF-as-a-Service (WAFaaS) for AWS simplifies web application security by eliminating the complexity of traditional WAF solutions. Easily deployable via AWS Marketplace, it provides automated API discovery, schema validation, and real-time security updates to minimize misconfigurations and unauthorized data exposure.
Designed for cloud-native agility, CloudGuard WAFaaS integrates directly with AWS CI/CD pipelines and Infrastructure-as-Code (IaC) frameworks such as AWS CloudFormation and Terraform. This allows security teams to embed protection into their AWS development workflows without slowing down innovation. It prevents cyber threats, including zero-day attacks, OWASP Top 10 vulnerabilities, bot-driven exploits, and large-scale DDoS attacks, ensuring uninterrupted service availability and security compliance.
CloudGuard WAFaaS delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security.
CloudGuard WAFaaS is available in premium and advanced packages (Advanced package does not include API Discovery and Zero-day file security).
ADVANCED PACKAGE: The Advanced package provides core protection features, including:
- AI-based zero-day prevention: Detects and blocks unknown threats before they exploit vulnerabilities.
- Intrusion Prevention System (IPS): Shields against OWASP Top 10 attacks with over 2,800 Web CVEs.
- AI-driven contextual analysis: Ensures precise threat detection with minimal false positives.
- Advanced DDoS mitigation: Protects applications from overload attacks while keeping services accessible.
- Rate limiting: Controls traffic flow based on IP address and XFF (limited to 5 rules).
- Bot prevention: Detects and blocks automated threats.
- Snort 3.0 signature enforcement: Provides deep packet inspection for enhanced security.
- Includes 3 months of full logs retention (based on the fair usage policy).
PREMIUM PACKAGE: The Premium package includes all Advanced Package features and adds:
- Real-time API discovery & governance: Monitors API traffic for sensitive data exposure and compliance.
- Auto-generated Swagger schema validation: Ensures API security by enforcing structure and access controls.
- Unlimited rate limiting: Expands traffic control beyond IP-based limits, including JWT, cookies, and headers.
- Zero-day file security: Blocks malicious uploads and emerging threats.
- Includes 6 months of full logs retention (based on the fair usage policy).
Highlights
- ZERO-DAY PREVENTION: CloudGuard WAFaaS has demonstrated prevention of zero-day exploits across a wide spectrum of security events, including log4shell, text4shell, and MOVEit, all in real-time.
- DEPLOYED WITHIN MINUTES: CloudGuard WAFaaS delivers a non-agent Web application Firewall, deployable within minutes. Only a one-time DNS configuration is necessary for CloudGuard to start routing traffic securely to applications in the cloud.
- PREVENT DDoS AND AUTOMATED ATTACKS: CloudGuard WAFaaS provides real-time detection and automatic mitigation protection against Distributed Denial of Service (DDoS) attacks and bot-driven assaults.
Details
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
SaaS Premium - Up to 10M Req / Month | CloudGuard WAF-as-a-Service Premium | $1,800.00 |
SaaS Premium - Up to 20M Req / Month | CloudGuard WAF-as-a-Service Premium | $2,240.00 |
SaaS Premium - Up to 30M Req / Month | CloudGuard WAF-as-a-Service Premium | $2,680.00 |
SaaS Premium - Up to 40 Req / Month | CloudGuard WAF-as-a-Service Premium | $3,120.00 |
SaaS Advanced - Up to 10M Req / Month | CloudGuard WAF-as-a-Service Advanced | $1,500.00 |
SaaS Advanced - Up to 20M Req / Month | CloudGuard WAF-as-a-Service Advanced | $1,880.00 |
SaaS Advanced - Up to 30M Req / Month | CloudGuard WAF-as-a-Service Advanced | $2,260.00 |
SaaS Advanced - Up to 40M Req / Month | CloudGuard WAF-as-a-Service Advanced | $2,640.00 |
Additional pricing options: Custom sizing Req / Month | CloudGuard WAF-as-a-Service: Custom sizing | $100,000.00 |
Vendor refund policy
No Refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Check Point CloudGuard Network Security is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and a built-in security management server
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Are you looking for an automated Web Application Firewall (WAF) with precise prevention and no management overheads? CloudGuard WAF delivers AI-enabled Web Application and API protection.
Customer reviews
Yosra M.
Centralized Protection with Seamless Cloud Integration
Reviewed on Mar 26, 2026
Review provided by G2
What do you like best about the product?
I like most about Check Point CloudGuard WAF is its seamless integration with cloud environments and the ability to enforce consistent security policies across multiple platforms through a single console. It also provides strong centralized protection and cloud-native integration. The initial setup was relatively simple thanks to the cloud-native integration and automated policy template.
What do you dislike about the product?
One area that could be improved is the initial setup and policy tuning, which can feel complex and time-consuming, especially for teams without deep prior experience with Check Point's ecosystem.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect our cloud-native applications from web attacks, centralize security policy management, automate defense, and solve the challenge of securing distributed cloud applications with unified visibility, automated threat prevention, and simplified compliance management.
Jawher S.
Centralized Security with a Learning Curve
Reviewed on Mar 25, 2026
Review provided by G2
What do you like best about the product?
I like the single pane of glass management that Check Point CloudGuard WAF offers, providing consistent policies across all cloud environments. I appreciate how it enforces granular, context-aware security policies across multi-cloud, protecting my cloud-native applications from web exploits and bots. I also find its centralized security management across multi-cloud environments valuable, as it eliminates the complexity of maintaining disparate WAF solutions and stops sophisticated attacks like SQL injection and zero-day exploits. Additionally, I use it with SIEM platforms like Splunk for centralized logging and threat correlation, and I integrate it with CI/CD pipelines such as Jenkins to automate security policy deployment. Overall, it delivers powerful security.
What do you dislike about the product?
The setup and policy tuning have a steep learning curve, and the reporting dashboard could be more intuitive.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect my applications from web exploits and bots, centralize security across multi-cloud environments, and reduce manual effort for consistent compliance.
Nitin
Cloud protection has reduced manual effort and now improves web and API security operations
Reviewed on Mar 23, 2026
Review provided by PeerSpot
What is our primary use case?
Check Point CloudGuard WAF 's primary use is protecting web applications and APIs from application layer attacks in the cloud. I also use it to protect public-facing apps.
What is most valuable?
Check Point CloudGuard WAF offers the best features through its dual ML engine with attack-based and context-based capabilities. The dual engine directly reduces the operational load and improves detection quality for my team on a day-to-day basis.
Additionally, it allows for less policy tuning. Check Point CloudGuard WAF has positively impacted my organization by reducing my manual effort. It reduces up to 2x my operational effects, leading to lower false positives.
What needs improvement?
While Check Point CloudGuard WAF is a strong solution, it could be improved in a few areas such as simplifying and customizing the user interface and reporting database. Improving API security depth is also necessary.
For how long have I used the solution?
I have been using Check Point CloudGuard WAF for the last one year.
What do I think about the stability of the solution?
Check Point CloudGuard WAF is stable in my experience.
What do I think about the scalability of the solution?
Check Point CloudGuard WAF is highly scalable and designed for cloud-native environments.
How are customer service and support?
The customer support is really good. I would rate the customer support an eight on a scale of one to ten.
Which solution did I use previously and why did I switch?
Before Check Point CloudGuard WAF, we did not use any WAF solution.
What was our ROI?
I have seen a return on investment as it is a time-saver product.
What other advice do I have?
Check Point CloudGuard WAF delivers clear efficiency gains over traditional WAFs in three main areas: operations, accuracy, and cost optimization. I do utilize Check Point CloudGuard WAF alongside other Check Point products. We use Check Point firewalls, security gateway, and load balancer, and they work together with Check Point CloudGuard WAF in our environment. My advice for others looking into using Check Point CloudGuard WAF is to first validate the use case and plan the deployment architecture. I would rate this product a nine on a scale of one to ten.
Ricky Makkar
Cloud security has improved as we protect critical apps and APIs with adaptive threat prevention
Reviewed on Mar 06, 2026
Review from a verified AWS customer
What is our primary use case?
The major use case is providing application security and API security solutions to the organization. For example, our client was HYG, and they wanted to ensure their applications and API security gets fully secured, which is why I proposed Check Point CloudGuard WAF to their solution.
What is most valuable?
The biggest benefit from Check Point CloudGuard WAF that I saw is that it comes with one solution that completely outperforms its competitors. While there are other vendors such as Azure or AWS that provide their own WAF solution, that is comparatively not good enough. Check Point CloudGuard WAF prevents everything, their applications, their APIs, protecting them completely from DDoS attacks. It also has an AI feature that learns automatically from patterns, implying remediation to mitigate regular attacks on the network.
Breach reduction occurs when there is a compliance issue or vulnerability within the organization. Since Check Point CloudGuard WAF has the capability to learn itself, as it understands the patterns of risks and attacks, it auto-generates remediation plans by itself, thus effectively reducing breaches on this platform.
What needs improvement?
The negative side I see is that while most things about Check Point CloudGuard WAF are really good, there is some latency and performance issues, as it can be slow to log in, especially from different regions. The pricing is another concern, as it is on the higher side and more suitable for mid-level or large enterprises rather than small organizations.
The quality of the technical support team could be better; I rate them as okay, not excellent.
To improve support, response time needs attention, as it can be hard to connect with the team. First, one must speak to the level one team, then the case must be transferred to levels two or three, leading to delays due to multiple teams managing different issues. This process means the customer can face delays in getting the right assistance.
Latency and performance issues, friendlier pricing, and support are major concerns for improvement.
For how long have I used the solution?
I have been working with the products for approximately eight to ten months.
What do I think about the stability of the solution?
For stability, I would give it 8.5 points out of 10.
What do I think about the scalability of the solution?
Check Point CloudGuard WAF is easy to scale and does not present many challenges, making it very easy to scale without limitation.
How are customer service and support?
The quality of the technical support team could be better; I rate them as okay, not excellent.
How was the initial setup?
Deployment of Check Point CloudGuard WAF is easy, as it comes with different modes depending on the agent that needs to be installed. Overall, it is simple and not very complex.
What was our ROI?
I observe a good return on investment from the product, as investing in securing clients proves worthy. If a serious breach happens, the cost to fix it could be in the millions, so preventing it is always beneficial for your investment.
Which other solutions did I evaluate?
There are significant differences, as specifically for Check Point CloudGuard WAF, it outperforms competitors such as Cloudflare regarding accuracy and remediation. While Cloudflare is less expensive, it is not completely reliable. In contrast, Check Point CloudGuard WAF, despite being somewhat expensive, is completely reliable.
What other advice do I have?
I was working with Check Point CloudGuard WAF as a service provider, providing support to our clients from the Check Point CloudGuard WAF point.
When I assess the efficiency improvements provided by Check Point CloudGuard WAF compared to traditional WAF, I find that in traditional WAFs, we had to purchase a physical device or license from companies such as F5 or Cloudflare, which were really good in the market. However, since it has moved to the cloud, it completely goes virtual, meaning you don't have to buy or manage your own physical devices, making implementation really easy and very efficient with just a one-time purchase of the license from Check Point CloudGuard WAF.
Integration capability with existing systems was easy, as all vendors these days, such as Check Point, Fortinet, and Cisco, provide everything inbuilt. If you use the same vendor's firewall or EDR, it is easier to integrate their tool rather than purchasing from different vendors, which can become complex and challenging for engineers. When it is from the same vendor, managing different solutions is having only one platform to log in to.
Check Point CloudGuard WAF absolutely helps reduce the false positive rate, which is really very good, as the false positive rate is very low. The approximate false positive rate is one percent.
In assessing the solution for preemptively blocking zero-day attacks and detecting hidden anomalies, I find Check Point CloudGuard WAF amazing because it works on two engines: supervised and unsupervised. For zero-day attacks, it resolves issues immediately without waiting for another 24 hours or seven days.
I would rate the pricing at seven points, indicating it is expensive. I would rate this review overall as an 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Eric S.
Solid Protection with Machine Learning; Console Improvable
Reviewed on Mar 05, 2026
Review provided by G2
What do you like best about the product?
I greatly appreciate the machine learning engine of Check Point CloudGuard WAF for prevention, because it automates much of the complex work of rule management, drastically reducing false positives. I don't have to write custom rules from scratch and the policies adapt well to real traffic after the initial learning period. Additionally, I like the security policy updates that come from the cloud without me having to intervene manually. The preemptive bot protection is very effective, clearly distinguishing between good and malicious bots, and the automatic API discovery is convenient for mapping APIs and detecting unprotected endpoints. The unified console for policy management across different environments, cloud and on-prem, is very useful to avoid maintaining separate stacks.
What do you dislike about the product?
The management console could be improved; sometimes you have to click too many times to find specific information, and the logging system is not granular enough during troubleshooting. The documentation lacks concrete examples for real use cases, and more practical troubleshooting support would be helpful. Integration with Splunk requires writing custom parsing, and support for configuration as code has room for improvement.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard WAF manages false positives using machine learning, better protecting APIs and reducing bot traffic. It unifies management on cloud and on-premises, simplifying work compared to the past, but the management console has room for improvement.