Cloud WAF: Overview and Benefits

Nesh (Steven Puddephatt) Senior Solutions Engineer @ GlobalDots
6 Min read

Enterprises face daily cyber-threats which can cause revenue loss and damage to their reputation. To protect themselves against malicious actors, they employ various cyber-security measures, one of which is web application firewall (WAF).

The area of Web Application security is a growing concern for enterprise organizations. Half of all attacks are directed at web applications and that rate is increasing.

Reduce your AWS costs by over 50%

Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.

Reduce your AWS costs 
by over 50%

Factors such as the rise of cloud computing, use of open source technologies, the increase in data processing requirements, complexity of web applications and an increase in the overall sophistication level of attackers has led to an extremely challenging environment for IT security leadership.

What is a web application firewall (WAF)?

A regular web application firewall (WAF) provides security by operating through an application or service, blocking service calls, inputs and outputs that do not meet the policy of a firewall, i.e. set of rules to a HTTP conversation. WAFs do not require modification of application source code.

The rules to blocking an attack can be customized depending on the role in protecting websites that WAFs need to have. This is considered an evolving information security technology. It’s more powerful than a standard network firewall, or a regular intrusion detection system.

WAF is a filter that sits in front of your application inspecting incoming traffic for potential threats and malicious activity. It is one of the most common means of protecting against attacks at the application layer.

WAFs have usually been deployed as an app sitting in organization’s data center. However, with the rising complexity of IT infrastructure and cyber-threats, on-premises WAF are starting to lag behind.

As companies continue to rapidly transition to the cloud and customers are demanding more agility, these WAFs are not sufficient in protecting against attacks on the edge of the network, because they reside deep within the network itself.

To solve this security issue, enterprises have started to adopt cloud-based web application firewalls to mitigate malicious traffic.

Difference between on-premises and clouad-based WAF

The fundamental difference between the regular, on-premises, WAF and cloud-based WAF is how they’re deployed. An on-prem WAF runs either in your data center, or potentially as a virtual machine within your infrastructure-as-a-service (IaaS) cloud presence. It’s then managed by your internal technical staff, accessed through LAN and VPN when outside the local area network. A cloud WAF is provided as software as a service (SaaS) and accessed through a web interface or mobile app.

Additionally, a cloud WAF is far less complex to deploy and integrate with existing security solutions. Cloud-based WAFs are often managed by a SaaS provider and easily scale. This makes them a more appealing solution for smaller organizations that lack the internal resources to support their own security operations centers (SOCs) but still must meet requirements such as the General Data Protection Regulation. The access to an experienced SOC to offload WAF tuning is imperative as well.

Cloud WAF benefits

Protecting the processing and transmission of critical information through Web applications while complying with government and industry regulations can be a complex, labor-intensive undertaking. But given the dramatic rise in the scale and severity of web attacks over the recent years, every company that relies on a Web application needs to rethink their security model if it doesn’t offer a comprehensive application security strategy.

To provide more extensive website protection, WAFs are deployed in the cloud or in corporate De-Militarized Zones (DMZs). They can perform SSL termination to conduct deep inspection of applications traffic at layer 7. The WAFs go beyond matching signatures, analyzing application behavior and detecting deviations from baselines of acceptable behavior.

Cloud-based WAFs in an IaaS deployment can be deployed as a software appliance or virtual machine. The WAF can also be deployed as an extension of an existing CDN, providing WAF-as-a-Service, with no need to deploy hardware or software. This service is typically set up by changing your DNS records to point to WAF cloud services, which will in turn proxy back to your actual web properties.

Cloud-based WAFs are:

  • elastic
  • scalable
  • fast
  • easy to set-up
  • offered as pay-as-you-grow service
  • sharing back reports

WAFS have advanced detection capabilities that protect against major attacks, including the OWASP Top 10. For example, they protect against attacks that bypass traditional firewalls such as:

  • SQL injection attacks, which manipulate data input to inject SQL code directly into a web server’s input stream and is then passed directly to the database. This code could retrieve sensitive data directly from the database.
  • Cross-site Scripting (XSS) attacks inject malicious scripts that do not properly encode the input. The scripts would be executed by the client browser.

Considerations when choosing a WAF

Keep the following in mind when selecting a WAF to protect your web-facing applications—whether they reside in a traditional data center or in the cloud.

Network architecture and application infrastructure

Web application firewalls are designed to watch and respond to HTTP/S traffic. They are most often deployed as appliances in the line of traffic between the requester and the application server, inspecting requests and responses before forwarding them. Inline deployments tend to be most effective in actively blocking malicious traffic based on policies and rules that must be applied judiciously to avoid dropping legitimate traffic.

In this inline model, there are three specific methods that can be used to pass traffic:

  • reverse-proxy mod
  • router mode
  • bridge mode

Security effectivness and detection techniques

Today’s leading WAFs employ a combination of techniques to ensure accurate detection coverage that does not block legitimate traffic. Traditionally, the most widely used WAF configuration has been a negative security model, which allows all transactions except those that contain a threat/attack.

This is a great model for out-of-the-box protection, blocking commonly known threats, including Web injections, OWASP top 10, XSS and beyond.

In recent years, positive security models have become popular. This approach blocks all traffic, allowing only those transactions that are known to be valid and safe. The positive approach is based on strict content validation and statistical analysis. This can be more effective in preventing zero-day threats and vulnerability manipulation.

Performance. availability and reliability

Web application firewalls play an essential role in maximizing throughput and ensuring the high availability of the application(s) they protect. WAF capabilities should include features that address these factors directly:

  • caching copies of regularly requested content
  • automatic content compression
  • hardware-based SSL acceleration
  • load balancing web requests

PCI DSS compliance

Malicious attacks designed to steal sensitive credit card information are increasing, with more and more security breaches and data thefts occurring daily. The PCI DSS requirements have been revised in an attempt to prevent these types of attacks.

If your organization works with, processes, or stores sensitive credit card information, you must comply with PCI DSS requirements.

While you can adhere to PCI DSS standards by deploying a vulnerability scanner or a WAF, the most effective solution is to integrate the data from scanning technology with the attack-mitigation power of a WAF. The best WAFs can identify, isolate, and block sophisticated attacks without impacting legitimate application transactions.

Protection against application attacks

With the continued growth of multi-layered attacks, IT managers need a strong web application firewall solution. A good WAF ensures application security and availability by providing comprehensive geolocation attack protection from layer 7 DDoS, SQL injection, OWASP Top Ten application security risks, cross-site scripting, and zero- day web application attacks.

It also can prevent execution of fraudulent transactions, stop in-browser session hijacking, and secure AJAX applications and JSON payloads, but not all WAFs provide complete coverage in these areas.


A regular web application firewall (WAF) provides security by operating through an application or service, blocking service calls, inputs and outputs that do not meet the policy of a firewall. Cloud-based WAFs perform the same task, with the key difference that they’re deployed in the cloud or in corporate DMZs.

Compared to on-prem WAFs, cloud-based WAFs offer several crucial benefits like scalability, elasticity, ease of use and so on.

If you have any questions about how to effectively adopt the cloud-based WAF for your business, or how to optimize your cloud performance and reduce costs, contact us today to help you out with your performance and security needs.

Latest Articles

Webinar: Safer, Smarter – Cloud WAF 2.0 (Hebrew)

Cloud transformation is an opportunity to implement a WAF that fits your new, agile IT infrastructure. Appliance-based WAF, or a migrated one, is insufficient for 2021’s security challenges. However, many organizations are concerned that the current range of Cloud WAFs is insufficient for their needs. Starting today, this concern belongs in the past. In this […]

Dror Arie Head of Engineering @ GlobalDots
18th October, 2021

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

Unlock Your Cloud Potential