Web Application Firewall

Traditional WAF core engines generally use a collection of regular expressions, which are prone to false negatives bypass and false positives and can result in operation problems. In contrast, Tencent Cloud WAF takes the lead to adopt AI+ rules-based dual engine detection technology to maximize detection and capture of known and unknown threats. It minimizes false positives and adapts to changing web applications.
With AI for threat prevention, rule-based dual engine, cross-validation and continuous learning, WAF can accurately and effectively identify and block various conventional, zero-day and new types of attacks.
There are chances that common semantic learning-based AI technologies for threat prevention may be bypassed by experienced hackers. However, the AI system of WAF is based on Tencent's proprietary probability map technology and trained with massive amounts of data of attacks and normal access requests to Tencent's business platforms, which is proven to significantly increase the ability to identify threats and adaptively protect constantly changing web applications.
By continuously learning the characteristics of high volumes of business data, WAF can automatically generate business-based personalized protection strategies to prevent false positives of special business access requests.

Leveraging Tencent's 20 years of experience in processing massive amounts of data and fighting against cybercriminals, Tencent Cloud has established an industry-leading big security data and threat intelligence platform, which contains detailed information about high numbers of botnets, global proxies, high anonymity proxies and tor proxies and billions of malicious IPs (for database comparison, brute force attacks, scans, etc.), vulnerabilities and crawlers. In addition, the platform includes great volumes of internet attack traceability data and domain name attack data.
By fully taking advantage of Tencent's big data-based threat intelligence capabilities, WAF can identify known and unknown attacks and threats on the internet as soon as they occur. It enables protected users to share threat intelligence, quickly detect intrusions to web businesses and dynamically adjust threat protection strategies to defend against various zero-day attacks and intrusions by cybercriminals.

Security OPS teams are overwhelmed by ever-increasing zero-day vulnerabilities. Relying on Tencent's top threat intelligence capabilities, WAF actively detects and promptly identifies high-risk web vulnerabilities and zero-day vulnerabilities and generates protection rules accordingly. Protected users can enjoy WAF's capabilities of protection against emergent and zero-day vulnerabilities without any operations required, keeping protected websites from ever-emerging web vulnerabilities.
Tencent's professional security team offers 24/7 response services for such vulnerabilities.
Patches will be made available within 12 hours after identification for high-risk vulnerabilities and 24 hours for common vulnerabilities.
The attack protection strategies of WAF are automatically updated in the cloud and then uniformly distributed globally in just seconds.

WAF boasts a proprietary AI+ rules-based bot and crawler management module which can differentiate between friendly and malicious bots and crawlers and take corresponding management strategies such as letting through the traffic of search engine bots and blocking the traffic of malicious item information crawlers. This feature reduces resource consumption, information leakage and business competition caused by malicious bots and crawlers on the one hand and ensures normal operations of friendly ones (such as search engine bots and advertising programs) on the other hand. Learn more
WAF supports the identification of many types of known bot and crawler behaviors, including but not limited to feed fetching, advertising, screenshotting, search engine crawling, website monitoring, link querying, utility crawling, vulnerability scanning, virus killing, web crawling and speed testing.
It can intelligently identify undisclosed and malicious crawler programs and exceptional crawler traffic by using AI technology to model and learn business traffic characteristics, normal human access behaviors and bot access behaviors.
The bot behavior identification rules of WAF can be customized based on referer characteristics, UA characteristics, request rate, number of times, parameters, path characteristics, IP range, etc.
Bot behaviors and blocking details can be classified and displayed graphically to provide a basis for bot management decision-making.
Strategies for "monitoring", "blocking" and "letting through" can be flexibly configured.

DNS hijacking attacks can cause serious damage to your business and brand reputation. With the aid of Tencent's high numbers of terminal detection points and powerful cloud-based data analysis capabilities, WAF performs nationwide DNS verification of domain names submitted by the customer to detect and display the hijacking conditions of the protected domain names in various regions, helping eliminating business risks caused by DNS hijacking.

Attacks such as web attacks and system vulnerability exploits operate the backend database, resulting in leakage of sensitive data like user identity and contact information stored in the database. For data thefts, WAF provides pre-, mid-, and post-event strategies:
Pre-event: WAF hides server information such as response codes and database error messages and identifies and blocks hacking scans to prevent footprinting and vulnerability detecting by hackers and increase the difficulty of hacking.
Mid-event: WAF detects and blocks hacking and intruding behaviors such as SQL injections and web shell uploads to prevent the database from being further intruded by hackers.
Post-event: WAF features custom information leakage protection rules that automatically enable data replacement strategy for detected data thefts, i.e., replacing and hiding sensitive data (such as phone number and ID card number) in the attack response transmission to prevent the data from being acquired by hackers.

WAF comes with time-tested CC attack protection algorithms, which intelligently and efficiently filter out spam access requests by blocking high numbers of malicious requests at layer 4 and layer 7. This effectively defends against CC attacks, protects business data from malicious crawling and guarantees the stability of normal business access.
CC attacks can be identified based on access frequency and criteria.
Strategy for "access blocking" or "human-machine recognition" can be enabled.
Punishment duration can be customized.

After WAF is deployed for a website, core webpages can be cached to the cloud and the webpages in the cache can be published instead, realizing the effect of webpage substitution. After the deployment, any changes to webpage content will be published only after they are synced to the cloud-based cache in WAF, ensuring that the updates of the protected webpages are controllable and reliable:
If the real server is tampered with due to attacks, the content published is still that of the normal webpages in the cache, which prevents the tampering event from spreading.
During sensitive periods, the content published can be locked as that of the webpages in the cache, intensifying protection against tampering for sensitive periods.

WAF offers a simplified cloud-based web application firewall protection and management experience. Plus, it allows flexible configuration of protection strategies, making it easy to meet the defense needs of special businesses.
Custom defense rules: Web attack protection measures can be configured according to refined custom defense rules that are based on IP, URL path, referer and POST parameters.
Region-specific blocking: WAF supports extensive region-based blocking that blacklists all access requests from a specific region such as a province or country.
Protection mode: ""Blocking mode"" or ""Observation mode"" can be chosen based on actual business protection needs.

Business offerings are often subject to DDoS attack threats. For abrupt high-volume DDoS attacks, WAF provides the function to access Tencent Cloud's Advanced Anti-DDoS system with one click, which synchronously covers core regions and seamless integrates with hundreds of gigabytes of protection packs to hide real servers and defend against massive DDoS attacks.
Advanced Anti-DDoS offers 2 Gbps of free basic protection bandwidth that can meet daily needs for secure business operations.

WAF takes advantage of Tencent Cloud's platforms to secure the realizability and availability of business traffic.
WAF clusters can be deployed in multiple regions with their loads distributed globally to avoid single points of failure.
A highly available elastic scaling architecture is used among nodes, which can quickly migrate and restore data in case of faults and scale the protection capabilities on demand.
The protective cluster resources for different users are isolated to eliminate the potential interplay among business protection services.