What to Look for in a WAF (Recorded live at the Comprehensive Cybersecurity Event)

Not all WAFs are created equal, and most companies are asking the wrong questions. This episode was recorded live at a special event hosted by GlobalDots and CloudFlare, focused on WAF for SaaS and cloud-native security. We spoke with Moshe Weis (CISO, Aqua Security) and Eran Gutman (VP IT & Security, Pixellot) about what truly matters when evaluating WAF solutions — from visibility and false positives to automation, business context, and real-world readiness. Short interviews. Deep takeaways.

This transcript was generated automatically by AI. If you find any mistakes, please email us.

Tomer: In cloud security, the threats are evolving, but so are the misconceptions. Hello everyone, you're listening to Cloud Next, your go-to source for Cloud innovation and leaders' insight brought to you by Global Dots. Welcome to a special short on the ground edition of Cloud Next. I'm Tomer Molfudsen and this episode was recorded live at a closed event hosted by GlobalDots and Cloudflare, focused on one of the hottest topics in modern cloud security, WAF or SaaS and cloud native environments. We sat down for two quick but powerful conversations with people who truly know the space. Moshe Weiss, CISO at Aquasecurity and and Eran Gutman, VP of IT and Security at Pixellot. Short Talks Deep takeaways let's dive in. As someone who knows this space from the inside, what do you think are the most important things to consider when evaluating a WAF solution?

Moshe Weis: Okay, so really I think it comes down to a few different types of features that WAFs provide for the organization. So number one, first and foremost, anything related to what I like to call negative security, being able to black out the objective bad, and then you have the whole area of positive security. So it's not sufficient to just block out the objective bad. You need to also know what you're protecting. You have to understand your applications and based on that you need to create your rule sets for what you want to allow. Because we know that any zero day can easily bypass the negative security modules on waf. So we have the negative security, we have the positive security and then we had everything that has to do with, you know, DDoS or application DDoS, prevention, anything that's to do with flow control. So again there's the objective bad, what's considered a DDoS attack or a volumetric attack which needs to be blocked, or bot classification and protection. And there's also the positive flow control that I know what my application can consume and I want to be able to provide the maximum parameters for that. So I think those three areas pretty much sum up what I would be looking for in a waf.

Tomer: While Moshe focuses on the layered technical capabilities a WAF should offer, Rand Gutman brings a different perspective, emphasizing the importance of visibility and the real time understanding before diving into remediation.

Eran Gutman: First of all, I think the most important thing is visualization. So we need to know what happened, how it happened, from when it happened. So when we got all the visualization then we go into the next level. So the next level is to try to remediate it. Sometimes you have to, you're doing automatic remediation. Sometimes you have to think about the purpose and the process. But eventually you are remediate and you prevent non attack or a dedicated tag on your site or something like that.

Tomer: What's a common mistake you see companies make when it comes to securing cloud native applications? And what should they do differently?

Eran Gutman: I think the most current mistake is to look on the small picture and not all the overall picture. Because cloud security, it's a name but you need all the ecosystem so you need to identify the resources from one side. You need to identify your client or customer, your feature, sometimes your feature maybe look like best practice vulnerabilities and there are not vulnerabilities. This is the one side, that's the other thing. Look over the overall picture. So you need to have visibility of all. You don't use only the cloud security tools, you must have other tools that integrate it. Like let's say the secure code code sometimes because all the problem because you are develop, because you have developed the thing and you came from the code to the production to you understand all the process. Of course the the most thing is to understand the business need. So when you take advisor or integrated some companies they need to understand the business, the value of the business, the way the business work before taking any consumption or other things to remediate security things.

Tomer: While Iran stresses the need to see the bigger picture, the full ecosystem, the business logic and the development process. Moshe Vais takes it a step further pointing to a critical gap in security teams themselves. The lack of modern cloud native expertise.

Moshe Weis: So when it comes to securing cloud native applications, Cloud native applications are different in nature than what we call legacy workloads due to the fact that their lifecycle spans over everything from developers to runtime operations. And that's how cloud native differs and technology is different. We don't use static endpoints, we don't use static IPs. We kind of lost our control in the infrastructure level. And I think that the main mistake that companies make is not having the technological know how in the security staff to be able to secure that. And therefore I believe that security teams need to be more knowledgeable in the DevSecOps and the modern CICD areas. And they need to be able to onboard a proper security tool that understands the cloud native applications both from a runtime perspective, from a shift left perspective and from a posture management perspective when.

Tomer: Dealing with WAF or broader security tools. Where do you think automation brings the most value and where do you still rely on people to get it right?

Moshe Weis: I Think that automation can primarily benefit the reduced time of being operational, ready to implement blocking mode on your waf. And this is simply because one of the main pain points of wafs that we have today is being able to fine tune the system by with the false positive and true negative ratio, which is always the hardest part of operationalizing the waf. And I think that automation can go ahead and be able to assist with creating the fine tuned and granular rules that on one hand will not block false positives and on the other hand will give enough value that it actually block attacks. I think that the human factor is needed because we all know that automation alone, even with the assistance of AI is just not there yet. And it definitely needs the oversight to be able to know what we're actually blocking in production.

Tomer: While Moshe drills into the operational challenge of false positives and the role of fine tuned automation, Ran Gutman takes a broader view, framing automation as an unstoppable shift, a revolution that security leaders must embrace.

Eran Gutman: So the world go into automation, we call it today AI, tomorrow we'll carry something else. But the automation is coming, so you need to be reliable on automation. It should be reliable. It should understand the behavior of the process of the service that you are delivering. And I think we'll go over there. So somehow on the future we don't do the paper just to check if there is no false positive and things like that. Especially not to do the work, the manual work. But I think the world is going to there and you need to align, audit and hug it and join the revolution.

Tomer: If you can't beat them, join them.

Moshe Weis: Right?

Eran Gutman: Yes, of course.

Tomer: Thank you very much for your time and your insights.

Eran Gutman: Thank you.

Tomer: Enjoy the event.

Eran Gutman: Thank you.

Moshe Weis: Thank you very much.

Tomer: There you go folks. Two perspectives, one clear message. WAF is no longer just about blocking threats. It's about visibility, context and knowing what not to block. Thanks again to Moshe Weiss and Aran Gutman for sharing their thoughts and to everyone who joined us at the event. Until next time, stay secure, stay curious. Ask Global DOTS.

Ganesh: This episode was produced and edited by Daniel Ohana and Thoma Morvenson. Sound editing and mix by Bren Russell I'm Ganesh the Awesome and if you're ready to deep dive and start transforming the way you approach cloud practices and cybersecurity strategies, then the team and myself at Global Dots are at your disposal. We are cloud innovation hunters and we search the globe looking for the future tech solutions so we can bring them to you. We've been doing it for over 20 years. It's what we do. And if I don't say so myself, we do it pretty well. So have a word with the experts, don't be shy, and remember that conversations are always for free.

Related Content

  • SAST vs DAST vs IAST: Application Security Testing Explained
    Web Security
    SAST vs DAST vs IAST: Application Security Testing Explained

    A great majority of security flaws are introduced during development, but most aren’t found until much later, when they’re costlier to fix. That delay is precisely why application security testing (AKA AppSec testing) needs to occur early, frequently, and at multiple layers. SAST, DAST, and IAST are designed to do just that. But too often, […]

  • Application Security Frameworks: A Practical Guide to OWASP SAMM, ASVS, and More
    Web Security
    Application Security Frameworks: A Practical Guide to OWASP SAMM, ASVS, and More

    As teams ship faster in cloud-native environments, the attack surface grows just as quickly. This makes application security a moving target. Yet most AppSec programs still feel like patchwork. Teams rely on ad hoc policies, chase compliance, or struggle to scale controls across the SDLC. Application security frameworks change that. They give you a structure […]

  • Application Security Posture Management (ASPM): A Complete Guide
    Web Security
    Application Security Posture Management (ASPM): A Complete Guide

    Too many tools and alerts can overwhelm your team with excessive noise. A survey of 500 CISOs found they manage 49 AppSec tools on average, with 95 percent deploying 20 or more just to cover basics. In Q4 2024, 178 organizations logged 101 million findings in 90 days, and only 2-5 percent needed urgent action. […]

  • Application Security Best Practices: A Lifecycle Approach for Modern Teams
    Web Security
    Application Security Best Practices: A Lifecycle Approach for Modern Teams

    Application security isn’t just a developer’s concern or a security team’s checklist anymore. It’s a full-spectrum challenge that cuts across the software lifecycle, from the code you write to the containers you deploy to the pipelines and people in between. In 2024 alone, researchers flagged over 40,000 software vulnerabilities, most of which were inherited through […]

  • Weak Defences: The Most Hackable Sports Passwords
    Web Security
    Weak Defences: The Most Hackable Sports Passwords

    We get it. Thinking of another password that you haven’t used before can be frustrating – especially when we have to change or update our passwords so regularly. But while it might be tempting to use your favourite sports teams and clubs as passwords, it’s a risky move for your cyber security.  Using unique passwords […]

  • Solving Network Security Issues for Rapidly Growing Global Businesses
    Web Security
    Solving Network Security Issues for Rapidly Growing Global Businesses

    Introduction Ryohin Keikaku is a global manufacturing and retail company that handles everything from product planning to sales for products known as “Mujirushi-Ryohin” in Japan and “MUJI” overseas. To keep pace with its rapid expansion—adding 100 new stores annually in Japan—and its growing global presence, now spanning 225 locations across 20 countries, including 50 stores […]

  • Security Enables!: Rory Alsop, Head of Tesco Bank Information Security and Cyber Risk
    Cloud Security
    Security Enables!: Rory Alsop, Head of Tesco Bank Information Security and Cyber Risk

    Can security be more than a gatekeeper? Rory Alsop, Head of Information Security & Cyber Risk at Tesco Bank, reveals how integrating security into Agile workflows transforms it into a business enabler. He explores cloud migration challenges, managing supply chain risks, aligning with evolving global regulations, and using metrics to prioritize critical vulnerabilities. Rory also shares insights on fostering collaboration, improving operational resilience, and the role of the community in advancing cybersecurity practices.

  • The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era
    Web Security
    The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era

    What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]

  • Three Ways CISOs Can Combat Emerging Threats in 2025
    Web Security
    Three Ways CISOs Can Combat Emerging Threats in 2025

    73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

  • MVP to Production-Grade: How to Fix Scaling Bottlenecks Before They Break You
    DevOps & Cloud Management
    MVP to Production-Grade: How to Fix Scaling Bottlenecks Before They Break You

    This webinar & podcast are built for founders, CTOs, and VPs navigating the critical shift from MVP to production-grade infrastructure. Learn how to avoid scaling pitfalls, build resilient systems without over-hiring, and make the right decisions now to support rapid, sustainable growth. Join us to unlock practical strategies and real-world lessons from companies that have […]

  • MVP to Production-Grade: How to Fix Scaling Bottlenecks Before They Break You
    Automated Kubernetes Optimization
    MVP to Production-Grade: How to Fix Scaling Bottlenecks Before They Break You

    Scaling after Series A? This webinar-podcast hybrid is built for founders, CTOs & VPs ready to move beyond duct-tape infrastructure. Discover how Aquant tackled rapid growth, migrated from Heroku to AKS, and optimized observability and cost—without hiring an army. Plus: Git power tips from the King of Git himself, Nir Geier, that'll save your team hours each week. Watch now to avoid painful rebuilds later.

  • How to Secure AI Tools: Elad Schulman, CEO & Co-Founder @Lasso
    Cloud Security
    How to Secure AI Tools: Elad Schulman, CEO & Co-Founder @Lasso

    While AI budgets grow fast, security remains an afterthought. Elad Schulman, CEO of Lasso, joins us to explore the risks companies face when using AI tools—hallucinations, data leaks, and prompt injection attacks—and why securing LLMs must be part of every organization's strategy. As the founder of a company focused solely on AI security, Elad brings field-tested insights you won’t hear anywhere else.

  • Why C-Suite Executives Are Switching from VPNs to ZTNA
    Cloud Security
    Why C-Suite Executives Are Switching from VPNs to ZTNA

    Hybrid workforces and cloud-first strategies have exposed the cracks in VPNs. Designed for simpler times, these legacy tools now create more problems than they solve. They slow your team down, leave security gaps, and make scaling a headache. How do you secure remote access without these hurdles? The answer is Zero Trust Network Access (ZTNA). […]

  • Is Your Architecture Ready for Kafka? Yaniv Ben Hemo, CEO @Superstream
    Cloud Infrastructure Design
    Is Your Architecture Ready for Kafka? Yaniv Ben Hemo, CEO @Superstream

    When does your architecture outgrow REST APIs? Yaniv Ben Hemo, Co-Founder & CEO at Superstream, joins us to unpack what Kafka actually is, when you need it, and why it’s often misunderstood. From real-time user experience to scaling microservices and optimizing for cost—not just performance—this episode is a practical guide to understanding Kafka’s role in modern data strategy and how Superstream is helping companies get more from it.

Amplify Your Web Security

GlobalDots builds robust, cost-effective, and secure cloud infrastructures to help your business tap into the cloud’s agility and speed. GD’s customers enjoy a best-of-breed suite of tools and managed services fully customized to fit their ecosystems by our expert teams.

Discover GlobalDots’ services now

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services