Fortra Managed WAF

Additional Info

CompanyFortra™
Websitehttps://www.fortra.com/
Company size (employees)1,000 to 4,999
Headquarters RegionNorth America

Overview

Today, the indispensability of web applications to businesses is beyond question, given that a compromised web app directly affects customers, productivity, and profitability. Despite the widespread implementation of web application firewalls (WAFs), 60% of breaches in 2023 involved web apps (Verizon DBIR 2023). And a staggering 55% of organizations indicate safeguarding their web apps has grown increasingly challenging over the past two years (Trends in Modern Application Protection).

It’s clear that not only is an improved WAF solution essential, but also WAF management needs to be simplified. This is precisely where Fortra Managed WAF shines, as we eliminate the complexity associated with organizations’ managing their own WAF. Gone are the days when organizations are hindered by lacking a team with the requisite cybersecurity expertise or facing unfilled cybersecurity positions necessary to ensure their WAF provides comprehensive protection for both web applications and APIs. Web security specialists ensure Fortra Managed WAF is optimized from deployment to ongoing security policy management and configuration, so web apps are protected and available, safeguarding users, data, and networks against compromise.

With Fortra Managed WAF, numerous “hidden” costs associated with internal WAF management are effectively mitigated. These include the need to protect an evolving attack surface, access to pre-configured policies tailored to address over 10,000 vulnerabilities, fine tuning of bespoke policies, responsible false positive resolution, and security expertise to ensure prompt and precise decision-making. One of our customers who protects more than 120 sites with Fortra Managed WAF attests to its superior cost efficiency, estimating it to be tenfold more economical compared to an in-house WAF management strategy.

Key Capabilities / Features

The effectiveness of Fortra Managed WAF begins at installation and extends seamlessly through deployment and configuration. Our managed WAF service includes analysts continuously fine tuning your WAF, monitoring traffic, validating legitimate requests and data through allow-listing, and crafting policies to block malicious web traffic and thwart unwanted activities. In an era of ever-evolving threats and frequent changes to web applications, it's imperative that a WAF is continuously monitored and tuned with new rulesets or modifications to existing security profiles. 


Other key features include:  
- Adaptive Trust Policies: Dynamic rulesets increase scrutiny based on connection trust score  
- Advanced Threat Protection: Coverage beyond OWASP top 10 and CWE top 25 
- API Discovery and Protection: Reduces tool sprawl  and limits attack surface
- Application Delivery Controls: Includes virtual hosts, load balancing, caching, and acceleration  
- Bot Management: Blocks automated attacks and unwanted data scraping bots via session anomaly detection and CAPTCHA enforcement 
- Client-side protections: Prevent browser-based exploits and limit supply chain exposure
- Compliance Adherence: Meets WAF requirement for several compliance mandates (PCI DSS, HIPPA, GDPR) 
- Credential Attack Protection: Session anomaly detection for brute force and credential stuffing attacks 
- False Positive Resolution: Managed resolution of SOC identified, and customer reported false positives  
- Fully Featured WAF as a Service: End-to-end encryption, rate limiting, data masking, custom responses, content caching and connection throttling  
- Threat Intelligence: Leverages Fortra’s threat intelligence and third-party feeds 
- Virtual Patching: Managed creation and application for 100+ applications 
- Website DDoS Protection: Industrial strength DDoS mitigation at Layer 3, 4, and 7  
- Zero-day Emerging Threat Coverage: Threat team delivers broad signature set to capture zero-days and emerging threats 


How we are different

The global cybersecurity talent shortage poses a significant threat to organizations’ security posture, including WAF management. To ensure a WAF provides optimal protection, it must be actively managed by experts employing robust processes. Without such management, WAFs are prone to subpar protection, leaving organizations vulnerable to compromise. This challenge is resolved with Fortra Managed WAF, as we address resource gaps by supplementing a customer's IT and security operations with 24/7 security expertise. Through our managed approach, customers receive optimized, enterprise-grade security without the complexity or excessive costs associated with internal management. Web app security is not a destination you reach; it’s a constant journey, simplified with Fortra Managed WAF.


96% of organizations rely on web apps utilizing APIs, yet the majority of these APIs are unprotected. Traditional WAFs were not designed to safeguard APIs and typically offer rudimentary protection at best. Given the distinct nature of API interactions compared to end-user applications, specialized security Fortra Managed WAF addresses this need by providing tailored security solutions for APIs. Our WAF automatically identifies APIs and establishes endpoint rules based on the API specification file. Our comprehensive API protection encompasses positive endpoint policies that enforce adherence to the API specification, session anomaly detection, and anti-automation controls to mitigate volumetric and sequential attack patterns.


Fortra Managed WAF is powered by Fortra Threat Intelligence which uses active threat data from a broad security portfolio and a team of cross-discipline threat researchers to track the latest tactics, techniques, and active malicious actor IP addresses. This intelligence informs the security policies created by our security experts and can be consumed directly by the WAF through adaptive trust policy integration to apply increased restrictions and scrutiny based on source. This combination of intelligence-enabled policies, adaptive trust model, and emerging threat virtual patching blocks zero-day and emerging threat attacks.