Overview:
In today’s economy, your digital business must be secure and available … all the time. But your network and applications are under constant attack, making it difficult to ensure that data is secure and online revenues are protected.
Cisco Secure Web Application Firewall (WAF) and bot protection defends your online presence and ensures that website, mobile applications, and APIs are secure, protected, and “always on.”
Advanced WAF and bot management solutions ensure reliable, secure delivery of web and mobile applications while minimizing costs by enabling security policies to easily be deployed across multicloud environments. Advanced bot management uses machine learning and adaptive security to accurately distinguish good bots from malicious bots, ensuring that your network and applications are available to legitimate users.
With business moving online and to the cloud, advanced WAF and bot solutions protect websites, applications, and APIs from attack and ensures that your organization is open for business.
Specifications:
WAFs protect websites from application vulnerability exploits like SQL injection, cross-site scripting (XSS), cross-site request forgery, session hijacking, and other web attacks. WAFs typically feature basic bot mitigation capabilities that block bots based only on IPs and fingerprinting.
Unfortunately, most WAFs often fall short when facing advanced, automated threats. Sophisticated next-gen bots mimic human behavior and often go undetected, abusing open-source tools or generating multiple violations in different sessions.
Against today’s sophisticated threats, standard WAF solutions just don’t get the job done.
| Security Capability |
Bot Manager |
Traditional WAFS |
WAF + Bot |
| Protection from simple bots |
Yes |
Yes |
Yes |
| Fingerprinting of malicious devices |
Yes |
Yes |
Yes |
| Mitigation of dynamic IP and headless browser attacks |
Yes |
Limited |
Yes |
| Detection of sophisticated bot attacks |
Yes |
No |
Yes |
| Risk of blocking legitimate users (false positives) |
Very low |
High |
Very Low |
| Collective bot intelligence (IPs, fingerprints, behavioral patterns) |
Yes |
No |
Yes |
| Customized actions against suspicious bot types |
Yes |
No |
Yes |
| Protection for OWASP Top 10 vulnerabilities |
No |
Yes |
Yes |
| Protection from API vulnerabilities |
Limited |
Yes |
Yes |
| Protection for Layer 7 denial of service (DoS) |
Limited |
Yes |
Yes |
| HTTP traffic inspection |
No |
Yes |
Yes |
| Masking of sensitive data |
No |
Yes |
Yes |
| Compliance with HIPAA, PCI |
Limited |
Yes |
Yes |
| Integration with DevOps |
No |
Yes |
Yes |
| Blocking of malicious sources at the network level – access control list (ACL) |
No |
Yes |
Yes |
Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.
Documentation:
Download the Cisco Secure DDoS Protection (PDF).
