Our web application firewall is an innovative protection system that detects and blocks attacks including the OWASP Top 10, WASC, layer 7 DDoS, and zero-day attacks with pinpoint accuracy. It ensures continuous security for applications, APIs, users, and infrastructure while supporting compliance with security standards including PCI DSS.
Threat landscape
Solution
Ensure quick start and rapid uptake
Thanks to a large number of delivery and deployment options, our WAF can be quickly and easily deployed on any infrastructure, for applications of any type and level of complexity.
Use cases
Get all-around, all-the-time protection
PT AF is more than just an ordinary tool in your IT security infrastructure. State-of-the-art technologies and integrations, such as with PT Application Inspector, provide comprehensive and continuous protection for your apps (even ones with continuous development cycles), users, and infrastructure.
Watch video about PT AF
Why PT AF
Benefit from maximum security with a minimum of fuss
Powerful features, including machine learning, ensure unmatched web security—while extensive automation makes administration more hands-off than ever before.
Deployment options
Hardware appliance
A physical server running PT Application Firewall is installed on the client premises. The following modes are supported: inline (transparent proxy, reverse proxy, L2 network bridge), monitoring, and autonomous.
Virtual appliance
The WAF virtual appliance is deployed on the client's dedicated virtual infrastructure (such as VMware vSphere). Modes are the same as listed for the hardware appliance.
Cloud: private, public (Microsoft Azure), or hybrid
Modes are the same as listed for the hardware appliance. Deployment of our web app firewall in a Microsoft Azure public cloud takes literally one click from Azure Marketplace.
SaaS: administration by Positive Technologies or the client
If you are unable to install and maintain high-load systems of your own, or simply desire more flexible pricing—such as paying just for traffic actually used or for the period of time most convenient for you—consider the software as a service (SaaS) model as a way to avoid the upfront costs of an on-premise solution.
PT AF is hosted on Positive Technologies infrastructure, which is responsible for the following tasks: analyzing traffic, generating reports, handling and storing security incidents, and managing product configuration. You simply direct your traffic to us, we process it, and the processed traffic is returned to you via the Internet.
IaaS: client or MSS provider
Our WAF can be deployed under the infrastructure as a service (IaaS) model at your company or at a third party (such as an MSS provider). Unlike the SaaS option, in this case traffic is analyzed only on systems owned by you or the third party, in accordance with the Positive Technologies data handling policy. Positive Technologies infrastructure is used to generate reports, process and store security incidents, and manage product configuration.
Stay compliant with major standards
PT AF helps to ensure compliance with PCI DSS and other international, national, industry, and corporate security standards.
Sberbank Non-Government Pension Fund (Sberbank NPF) began use of PT Application Inspector to analyze application code and deployed PT AF to defend its services:"Thanks to the comprehensive solution provided by Positive Technologies, we have maintained our fast go-to-market pace for new services. In doing so, we have also succeeded in setting up an effective collaboration process between the development and security teams plus ensuring exceptional security for our existing and in-development applications."