Block attacks and virtually patch web application vulnerabilities.
Industry-leading cloud service for scalable, simple and powerful protection of web applications
We are excited that Qualys WAF will allow us to act quickly and respond to threats by using the one-click virtual patching feature to remediate active vulnerabilities.David Cook Chief Security Officer at Jive Software
You can’t protect – nor defend yourself from – what you don’t know is in your network, like unapproved devices and unauthorized software. Qualys gives you full horizontal visibility of all hardware and software, scaling up to millions of assets – on premises, in cloud instances and mobile endpoints.
With the new ScanTrust feature, Qualys WAF combines with Qualys WAS to provide true, integrated web application security: Detect with WAS, protect with WAF and get scalable scanning, false-positive reduction and one-click patching to web apps.
From a single console, use WAS to detect vulnerabilities in web apps, including mobile and IoT apps, and – with one click – mitigate them with WAF virtual patches
Leverage the creation of these virtual patch rules to fine-tune policies, remove false positives, and customize security rules
Avoid the redundancies and gaps that come with trying to glue separate, siloed solutions
Evaluate and create exceptions to web events to better prioritize and mitigate vulnerabilities by combining WAF rules and policies with WAS scan data
Integrate web app scan data via a rich, extensive set of APIs into other security and compliance systems, such as firewalls, and SIEM and ERM solutions
It’s easier than ever for employees to bypass their IT department and adopt web apps, a trend that generates significant security and compliance risks. Simultaneously, the quantity and complexity of government regulations, industry mandates and internal policies that impact InfoSec technologies and processes continues to grow. WAF can help you comply.
Address mandates such as PCI DSS 6.6 that require app firewalls
Comply with policies and regulations that prohibit access to certain web applications or information from particular locations by restricting access from specific countries or network address blocks
Prevent transmission of sensitive data by blocking users’ ability to upload or download content or files in unapproved or suspicious formats
You need an easy, intuitive way of understanding the security of all your web applications at once. WAF gives your security team complete visibility into its data for continuous monitoring, risk assessments and remediation paths. WAF tools for visualization and reporting include a graphics-rich dashboard, interactive insights and detailed information on each threat and ways to address it.
Spot unusual patterns in the dashboard, which shows summarized website traffic information and trends of WAF security events, including when they occurred and where they originated
Quickly assess severity and adjust your security settings for aggressive mitigation or to minimize false positives by leveraging detailed information on each threat detected by WAF
Use extensive filtering and dynamic search capabilities to identify suspicious activity, drill down into threat data and the Qualys KnowledgeBase, and gain actionable insights into the threat landscape