Cloud web application firewall by Qualys

Qualys unveiled its new QualysGuard WAF service for securing web applications.

The new service, delivered as part of the QualysGuard cloud platform and suite of integrated applications, provides protection against known and emerging web application threats. Additionally, the service provides increased web site performance through caching, compression and content optimization to subscribers anywhere in the world, affordably and with no equipment needed.

The service provides:

• Zero-footprint, low cost deployment. There is no hardware or software to install. Customers need only make a simple DNS change to benefit from the QualysGuard WAF’s cloud delivery and protection network.
• Ease of use, ease of maintenance. The cloud delivery model means that hardware and software updates are handled transparently throughout the globally available service. Qualys security experts keep rules up-to-date with current threats, while flexible policies let customers match the strength of defense to the value of the web asset.
• Real-time attack prevention. The service’s holistic approach to web application security combines an extensive database of security heuristics with IP reputation, geolocation awareness, traffic analysis, and protocol and user agent analysis. The result is real-time defense against known, unknown, and even highly customized attacks.
• Application Hardening and Virtual Patching. The QualysGuard WAF reduces the attack surface of vulnerable web applications, giving attackers a smaller and harder target. In addition, attacks against known-vulnerable servers, frameworks, and applications may be “virtually patched” with purpose-written rules, providing needed protection during long remediation cycles (for example, waiting for vendor updates or developing and testing in-house patches and configuration changes).
• Plugged information leaks. The service safeguards both requests and responses, protecting against the accidental disclosure of business-sensitive information and mitigating the risk of overly informative error pages intended for developers’ eyes only.
• Seamless integration with other QualysGuard services. QualysGuard’s integrated suite of applications allows WAF subscribers to leverage the insight and protection from QualysGuard Web Application Scanning (WAS) and QualysGuard Malware Detection.

“With the proliferation of cloud computing, web applications have become the soft belly of the Internet and the main target for attackers,” said Philippe Courtot, chairman and CEO for Qualys. “Until now, the cost and complexity of deploying WAFs and managing rules have made them inaccessible to most companies. Our forthcoming next generation WAF service will bring the power and cost-effectiveness of the cloud to enterprises of all sizes.”