Sold by: Check Point Software Technologies
Deployed on AWS
Check Point CloudGuard WAFaaS is an AI-driven, fully managed web application firewall that provides advanced security for applications and APIs. It delivers real-time protection against zero-day threats, OWASP Top 10 vulnerabilities, DDoS attacks, and more, ensuring high availability, AWS security compliance, and uninterrupted service.
CloudGuard WAFaaS integrates seamlessly with AWS services, including Amazon Route 53, AWS WAF, AWS Shield, AWS API Gateway, Amazon CloudFront, and AWS Lambda, enabling automated threat prevention with minimal operational overhead.
4.4
Overview
Check Point CloudGuard WAF-as-a-Service (WAFaaS) for AWS simplifies web application security by eliminating the complexity of traditional WAF solutions. Easily deployable via AWS Marketplace, it provides automated API discovery, schema validation, and real-time security updates to minimize misconfigurations and unauthorized data exposure.
Designed for cloud-native agility, CloudGuard WAFaaS integrates directly with AWS CI/CD pipelines and Infrastructure-as-Code (IaC) frameworks such as AWS CloudFormation and Terraform. This allows security teams to embed protection into their AWS development workflows without slowing down innovation. It prevents cyber threats, including zero-day attacks, OWASP Top 10 vulnerabilities, bot-driven exploits, and large-scale DDoS attacks, ensuring uninterrupted service availability and security compliance.
CloudGuard WAFaaS delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security.
CloudGuard WAFaaS is available in premium and advanced packages (Advanced package does not include API Discovery and Zero-day file security).
ADVANCED PACKAGE: The Advanced package provides core protection features, including:
- AI-based zero-day prevention: Detects and blocks unknown threats before they exploit vulnerabilities.
- Intrusion Prevention System (IPS): Shields against OWASP Top 10 attacks with over 2,800 Web CVEs.
- AI-driven contextual analysis: Ensures precise threat detection with minimal false positives.
- Advanced DDoS mitigation: Protects applications from overload attacks while keeping services accessible.
- Rate limiting: Controls traffic flow based on IP address and XFF (limited to 5 rules).
- Bot prevention: Detects and blocks automated threats.
- Snort 3.0 signature enforcement: Provides deep packet inspection for enhanced security.
- Includes 3 months of full logs retention (based on the fair usage policy).
PREMIUM PACKAGE: The Premium package includes all Advanced Package features and adds:
- Real-time API discovery & governance: Monitors API traffic for sensitive data exposure and compliance.
- Auto-generated Swagger schema validation: Ensures API security by enforcing structure and access controls.
- Unlimited rate limiting: Expands traffic control beyond IP-based limits, including JWT, cookies, and headers.
- Zero-day file security: Blocks malicious uploads and emerging threats.
- Includes 6 months of full logs retention (based on the fair usage policy).
Highlights
- ZERO-DAY PREVENTION: CloudGuard WAFaaS has demonstrated prevention of zero-day exploits across a wide spectrum of security events, including log4shell, text4shell, and MOVEit, all in real-time.
- DEPLOYED WITHIN MINUTES: CloudGuard WAFaaS delivers a non-agent Web application Firewall, deployable within minutes. Only a one-time DNS configuration is necessary for CloudGuard to start routing traffic securely to applications in the cloud.
- PREVENT DDoS AND AUTOMATED ATTACKS: CloudGuard WAFaaS provides real-time detection and automatic mitigation protection against Distributed Denial of Service (DDoS) attacks and bot-driven assaults.
Details
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
SaaS Premium - Up to 10M Req / Month | CloudGuard WAF-as-a-Service Premium | $1,800.00 |
SaaS Premium - Up to 20M Req / Month | CloudGuard WAF-as-a-Service Premium | $2,240.00 |
SaaS Premium - Up to 30M Req / Month | CloudGuard WAF-as-a-Service Premium | $2,680.00 |
SaaS Premium - Up to 40 Req / Month | CloudGuard WAF-as-a-Service Premium | $3,120.00 |
SaaS Advanced - Up to 10M Req / Month | CloudGuard WAF-as-a-Service Advanced | $1,500.00 |
SaaS Advanced - Up to 20M Req / Month | CloudGuard WAF-as-a-Service Advanced | $1,880.00 |
SaaS Advanced - Up to 30M Req / Month | CloudGuard WAF-as-a-Service Advanced | $2,260.00 |
SaaS Advanced - Up to 40M Req / Month | CloudGuard WAF-as-a-Service Advanced | $2,640.00 |
Additional pricing options: Custom sizing Req / Month | CloudGuard WAF-as-a-Service: Custom sizing | $100,000.00 |
Vendor refund policy
No Refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and a built-in security management server
Check Point CloudGuard WAF-as-a-Service (WAFaaS) is an AI-based WAF solution delivering the highest protection against known and zero-day threats through advanced AI and IPS signatures. CloudGuard WAFaaS provides multiple layers of protection: rate limiting, AI engines, IPS signatures, zero-day file security, bot protection. CloudGuard WAFaaS delivers a non-agent WAF, deployable within minutes, and adds advanced DDoS mitigation. Traffic is seamlessly routed through Check Point servers, which automatically issue SSL certificates.
As your organization expands its web applications, generative AI tools, and APIs, the attack surface grows, increasing exposure to sophisticated cyber threats. Check Point WAF for AWS is a prevention-first, AI-powered web application firewall (WAF) solution designed to deliver robust web application, generative and agentic AI, and API security without compromising efficiency or ease of management.
Customer reviews
BintuFatimah T P.
Robust AI-Driven Security with Room for UI Enhancement
Reviewed on Apr 14, 2026
Review provided by G2
What do you like best about the product?
I like Check Point CloudGuard WAF for its ability to combine intelligent automation with strong visibility, making it a reliable solution for securing cloud applications while reducing operational overhead. It balances advanced security capabilities with usability and scalability effectively, which is great for both security operations and compliance-focused teams. It also integrates well with broader security and cloud ecosystems, which enhances visibility, monitoring, and incident response. The AI-driven protection, excellent visibility, and scalability for cloud environments are strong points, making it a solution I recommend for strengthening application security.
What do you dislike about the product?
I think there are a few areas where Check Point CloudGuard WAF could be improved. I would appreciate more guided onboarding and configuration support. Also, an enhanced UI/UX for policy management and log analysis would be beneficial. I'd like to see greater flexibility in custom rule creation and deeper integration with SIEM and GRC platforms. Expanded documentation and real-world use cases would also be helpful, along with better cost transparency and scalability options. While the setup was moderately easy, there is a learning curve during initial configuration, and the documentation and guidance could improve.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to secure cloud-hosted apps, handle web threats, reduce false positives, improve traffic visibility, simplify multi-cloud security, support compliance, and lower operational overhead.
jawher s.
Effortless Cloud Security with Automated Protection
Reviewed on Apr 08, 2026
Review provided by G2
What do you like best about the product?
I like how Check Point CloudGuard WAF delivers strong automated threat prevention with minimal tuning, making cloud app protection feel both powerful and effortless. I also really appreciate how seamlessly CloudGuard WAF integrates with cloud-native workflows, applying protections automatically as new services spin up so security never slows down development. It's great how CloudGuard automatically applies security policies to every new cloud resource as it's created, so nothing ever launches unprotected and you don't have to slow down development to keep things secure.
What do you dislike about the product?
CloudGuard WAF could improve by making advanced configuration and log analysis faster and less cumbersome. It would benefit from clearer, more intuitive advanced settings and a faster, more searchable log viewer that makes deep dive investigation less time-consuming.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect cloud applications by detecting, blocking, and mitigating web attacks. It solves the headache of constantly monitoring web defenses by automatically blocking threats like OWASP Top 10, bot attacks, and zero-day exploits, making protection feel both powerful and effortless.
Sachin-Yadav
AI-driven protection has reduced attack impact and now secures web apps and APIs in real time
Reviewed on Apr 07, 2026
Review provided by PeerSpot
What is our primary use case?
I use Check Point CloudGuard WAF for web application and API protection. I can provide a scenario where I used Check Point CloudGuard WAF to defend against an SQL injection attack on a web app. It detects query patterns via machine learning and then blocks requests instantly without needing any rule writing.
What is most valuable?
Check Point CloudGuard WAF offers various capabilities including AI-based threat prevention, API security, DDoS protection at multi-layer, L3 and L7 protection, bot protection, behavioral analysis, and fingerprinting.
AI-based threat prevention stands out for me because instead of relying on static signatures that have been added in the cloud, it uses behavioral baselines. For example, if I'm using an application with behavioral application capabilities, it provides me high security using AI-based threat prevention. Behavioral learning mode has been divided into various phases. The first phase is the learning mode where it automatically learns. Whenever I onboard any app, it observes the traffic for a short duration or builds a statistical model for that application, and no manual training is required. In phase two, enforcement mode, any new request is evaluated against known attack patterns via machine learning.
Real-time response is really helpful when onboarding any application with Check Point CloudGuard WAF . When we onboard any application, it creates a statistical model of that application, and according to that, it observes known attack patterns, then blocks them instantly, providing another layer of security.
Check Point CloudGuard WAF has really reduced the headache of IT engineers and has helped me in security through machine learning.
What needs improvement?
Check Point CloudGuard WAF can be improved in several ways. We have faced slowness issues in our network after onboarding it on any application. The cost can be higher than traditional WAF solutions, and its heavy reliance on AI also means we have less manual control. Maximum work is done via AI, so that can be reduced.
The cost can be decreased, and regarding manual controls, I just wanted to say that relying directly on AI is not good for our environment because AI is copying our data.
According to other traditional OEMs, we experience a few issues with pricing. The pricing is high compared to other vendors, and I have already mentioned the high reliance on AI, which can be a concern.
Customer support can be improved because we have to reach out to the distributors for support. That could be directly controlled by the OEM.
For how long have I used the solution?
I have been using Check Point CloudGuard WAF for more than a year.
What do I think about the stability of the solution?
Check Point CloudGuard WAF is really stable.
What do I think about the scalability of the solution?
Its scalability is strongly stable. It allows cloud-native elastic scaling and is delivered via SaaS and a deployment agent.
The performance of Check Point CloudGuard WAF has improved compared to other traditional OEMs, and it is easy to use due to AI and machine learning. Management is also straightforward, but it can be improved for new users by providing specific training.
Which solution did I use previously and why did I switch?
I was not using any solution previously. Check Point CloudGuard WAF is my first solution.
What was our ROI?
It has saved me time.
What's my experience with pricing, setup cost, and licensing?
Pricing is a little bit high compared to other OEMs, and the setup cost was handled by a partner.
Which other solutions did I evaluate?
I have not evaluated any other options.
What other advice do I have?
I want to strongly advise this product to other users. Not because of pricing—while the pricing is a little high, the level of security provided is much more critical. I would rate this product an 8.
Munyaradzi Allan N.
AI-Powered Security with a Price Tag
Reviewed on Mar 29, 2026
Review provided by G2
What do you like best about the product?
I really appreciate Check Point CloudGuard WAF as it stands out as a modern, AI-driven web application and API protection platform that does far more than traditional WAFs. I like its prevention-first approach using contextual AI and machine-learning models to detect new and unknown threats before they are documented, which is especially appealing for organizations that prioritize true zero-day resilience. It addresses multiple modern security issues that traditional WAFs struggle with.
What do you dislike about the product?
the pricing is high, many companies might not benefit from this
What problems is the product solving and how is that benefiting you?
I find Check Point CloudGuard WAF prevents zero-day attacks before they're known, addressing multiple modern security challenges traditional WAFs struggle with.
Yosra M.
Centralized Protection with Seamless Cloud Integration
Reviewed on Mar 26, 2026
Review provided by G2
What do you like best about the product?
I like most about Check Point CloudGuard WAF is its seamless integration with cloud environments and the ability to enforce consistent security policies across multiple platforms through a single console. It also provides strong centralized protection and cloud-native integration. The initial setup was relatively simple thanks to the cloud-native integration and automated policy template.
What do you dislike about the product?
One area that could be improved is the initial setup and policy tuning, which can feel complex and time-consuming, especially for teams without deep prior experience with Check Point's ecosystem.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect our cloud-native applications from web attacks, centralize security policy management, automate defense, and solve the challenge of securing distributed cloud applications with unified visibility, automated threat prevention, and simplified compliance management.