Radware Web Application Firewall (WAF)
- intelligent security for web applications
Radware AppWall Web Application Security Solutions
Today there is a growing trend for security in organizations, which in turn face a growing threat landscape, accelerating digital transformation, and a shortage of information security professionals and their expertise.
Radware enables secure digital interactions between users and enterprise applications and APIs with its “Web Aplication Firewall”.
Largest customers worldwide
Recognized leader in its field
Radware Partners
Protection from web application vulnerabilities
Web application firewalls can be purchased now.
-
Protecting web applications from hacking and vulnerability exploitation
-
Full OWASP TOP 10 protection and more
-
Positive security model automatically blocks malicious activity
-
Flexible deployment options as a managed cloud server, virtual appliance, Kubernetes WAF or integrated with cloud ADC.
Radware's Application Protection Solution
Why WAF? Need maximum security for web applications!
A negative security model is the standard for most WAF technologies and services, which block known attacks using known signatures and rules. But this cannot provide full OWASP protection as well as zero-day protection.
What is needed is a positive security model that examines and determines which activities are legitimate traffic, blocking unauthorized access or activities that are not allowed. This unique defense against zero-day attacks and unknown vulnerabilities to provide a high level of protection and minimal false positives.
Negative security model
- Standard for most cloud WAF services and technologies.
- Blocks known attacks with signatures and rules.
- Cannot protect against 0-day attacks.
Network Security Subscriptions:
Threat Prevention
Threat Prevention Subscription provides the following:
— Protection against viruses, spyware (C&C) and vulnerabilities (IPS);
- Built-in external dynamic lists (External Dynamic Lists), which you can use to protect your network from malicious hosts;
- Ability to identify infected hosts that are trying to connect to malicious domains (DNS Sinkhole) based on locally loaded DNS signatures.
URL Filtering
URL Filtering Subscription provides the ability to control Internet access by categories, blacklists and whitelists of sites, and allows you to control how users interact with online content based on dynamic URL categories. This subscription also helps prevent credential theft by controlling which sites users can submit their corporate credentials to.
As part of this subscription, it is possible to configure access to the PAN-DB public cloud or the PAN-DB private cloud to retrieve site categories.
DNS Security
URL Filtering Subscription provides the ability to control Internet access by categories, blacklists and whitelists of sites, and allows you to control how users interact with online content based on dynamic URL categories. This subscription also helps prevent credential theft by controlling which sites users can submit their corporate credentials to.
As part of this subscription, it is possible to configure access to the PAN-DB public cloud or the PAN-DB private cloud to retrieve site categories.
WildFire
WildFire Subscription provides enhanced 0-day and previously unknown malware detection (sandboxing) for organizations that require immediate threat detection, frequent WildFire signature updates, enhanced support for parsed file types (APK, PDF, Microsoft Office, and Java applets), as well as the ability to upload files using the WildFire API. A WildFire subscription is also required if your NGFWs will send files for analysis to the local WF-500
IoT Security
IoT Security Subscription and Serviceprovides IoT infrastructure monitoring and security. A subscription is purchased for each firewall. The IoT Security service includes the following features:
— Detection and monitoring of IoT devices without the need for signatures;
— Identification of threats, risks and anomalies of IoT devices;
— Application of security policies on the ITU for various devices using the Device-ID qualifier.
GlobalProtect
GlobalProtect Subscription gives you access to VPN mobile apps and advanced VPN features. Without this subscription, you can deploy GlobalProtect portals and gateways for remote access. The following features are available with a GlobalProtect subscription:
— HIP checks and related content updates;
— GlobalProtect mobile applications for iOS and Android;
— IPv6 connections;
— Clientless GlobalProtect VPN;
— Device quarantine at the GlobalProtect client level when malicious traffic is detected.
SD-WAN
SD-WAN Subscription provides intelligent and dynamic traffic routing path selection in addition to existing PAN-OS threat protection. The SD-WAN implementation is managed by Panorama and includes the following features:
— Centralized configuration management;
— Automatic creation of VPN topology;
— Traffic distribution;
— Monitoring and troubleshooting.
Virtual Systems
Virtual Systems License is required to enable support for multiple virtual systems in the ITU PA-3200. In addition, you need to purchase a virtual systems license if you want to increase the number of virtual systems beyond those enabled by default for the PA-5200 and PA-7000 series (the base number varies by platform).
The PA-800, PA-220, and VM-Series firewalls do not support virtual systems.
Positive Security Model
- Examines and determines what activities are normal and legitimate.
- Blocks unauthorized access or abnormal activities.
- Protects against 0-day attacks and exploitation of unknown vulnerabilities.
Network Security Subscriptions:
Threat Prevention
Threat Prevention Subscription provides the following:
— Protection against viruses, spyware (C&C) and vulnerabilities (IPS);
- Built-in external dynamic lists (External Dynamic Lists), which you can use to protect your network from malicious hosts;
- Ability to identify infected hosts that are trying to connect to malicious domains (DNS Sinkhole) based on locally loaded DNS signatures.
URL Filtering
URL Filtering Subscription provides the ability to control Internet access by categories, blacklists and whitelists of sites, and allows you to control how users interact with online content based on dynamic URL categories. This subscription also helps prevent credential theft by controlling which sites users can submit their corporate credentials to.
As part of this subscription, it is possible to configure access to the PAN-DB public cloud or the PAN-DB private cloud to retrieve site categories.
DNS Security
URL Filtering Subscription provides the ability to control Internet access by categories, blacklists and whitelists of sites, and allows you to control how users interact with online content based on dynamic URL categories. This subscription also helps prevent credential theft by controlling which sites users can submit their corporate credentials to.
As part of this subscription, it is possible to configure access to the PAN-DB public cloud or the PAN-DB private cloud to retrieve site categories.
WildFire
WildFire Subscription provides enhanced 0-day and previously unknown malware detection (sandboxing) for organizations that require immediate threat detection, frequent WildFire signature updates, enhanced support for parsed file types (APK, PDF, Microsoft Office, and Java applets), as well as the ability to upload files using the WildFire API. A WildFire subscription is also required if your NGFWs will send files for analysis to the local WF-500
IoT Security
IoT Security Subscription and Serviceprovides IoT infrastructure monitoring and security. A subscription is purchased for each firewall. The IoT Security service includes the following features:
— Detection and monitoring of IoT devices without the need for signatures;
— Identification of threats, risks and anomalies of IoT devices;
— Application of security policies on the ITU for various devices using the Device-ID qualifier.
GlobalProtect
GlobalProtect Subscription gives you access to VPN mobile apps and advanced VPN features. Without this subscription, you can deploy GlobalProtect portals and gateways for remote access. The following features are available with a GlobalProtect subscription:
— HIP checks and related content updates;
— GlobalProtect mobile applications for iOS and Android;
— IPv6 connections;
— Clientless GlobalProtect VPN;
— Device quarantine at the GlobalProtect client level when malicious traffic is detected.
SD-WAN
SD-WAN Subscription provides intelligent and dynamic traffic routing path selection in addition to existing PAN-OS threat protection. The SD-WAN implementation is managed by Panorama and includes the following features:
— Centralized configuration management;
— Automatic creation of VPN topology;
— Traffic distribution;
— Monitoring and troubleshooting.
Virtual Systems
Virtual Systems License is required to enable support for multiple virtual systems in the ITU PA-3200. In addition, you need to purchase a virtual systems license if you want to increase the number of virtual systems beyond those enabled by default for the PA-5200 and PA-7000 series (the base number varies by platform).
The PA-800, PA-220, and VM-Series firewalls do not support virtual systems.
