Connect with us

Hi, what are you looking for?


Application Security

Qualys Launches Web Application Firewall Beta for AWS

Qualys, a provider of cloud-based security and compliance solutions, announced that starting tomorrow, a beta version of its new Web Application Firewall (WAF) will be available for Amazon Web Services (AWS) users.

Qualys, a provider of cloud-based security and compliance solutions, announced that starting tomorrow, a beta version of its new Web Application Firewall (WAF) will be available for Amazon Web Services (AWS) users.

With the new offering, Amazon EC2 customers can launch WAF appliances from an Amazon Machine Image (AMI) and gain real-time defense of their websites and applications running in the cloud, protecting them against attack, the company said.

Additionally, on September 1, Qualys plans to make a VMware virtual image of the WAF offering available to protect web applications residing in on premise datacenters.

Qualys Logo“WAFs work by shielding web sites by applying a set of rules to HTTP conversations to prevent them from being attacked,” Qualys explained. “However, WAF technology is costly and complex to apply because these rules need to be customized to the applications, and they must be updated often to cover changes to the applications and to address new and emerging threats. As a result, many organizations cannot afford to deploy WAFs, or they can only deploy them on a select number of mission critical web properties.”

“It can be challenging for companies to use WAFs because initial costs are high compared with other technologies,” said Phil Hochmuth, program manager, security products, IDC. “They can also be expensive to maintain because once they are deployed, they must be carefully monitored and maintained by skilled web application security specialists or developers. This can be challenging to manage, and lead to configuration mistakes.”

Delivered as part of the QualysGuard Cloud Platform, the new QualysGuard WAF is designed to provide:

• Real-time application defense, blocking attacks against websites as they happen.

• Application hardening, minimizing application attack surfaces by providing a shield around coding defects, application framework flaws, web server bugs and loose configurations.

Advertisement. Scroll to continue reading.

• Low-cost, automated service maintained and updated by Qualys’ security experts providing new defenses and features transparently to users and site visitors.

• Various deployment options for distributed WAF protection points managed through a common, central policy administration and reporting interface with APIs for integration.

According to Qualys, customers using its WAF solution will be able to benefit from:

• Always up-to-date rules.

• Immediate rules deployment on all WAFs connected to QualysGuard.

• Maximum efficiency as rules are strengthened with security events from all WAF customers.

Qualys is demonstrating the new offering at Black Hat USA this week in Las Vegas.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.