Wallarm® : DevOps-friendly WAF with Built-in Vulnerability Scanner

Ivan Novikov, CEO
When it comes to software development, today, most enterprises have turned to Continuous Integration and Continuous Deployment (CI/CD) practices for building internal as well as revenue-generating applications. As effective as it may be for quicker iterations that address customer requirements, CI/CD has considerably broken down the security processes. “With CI/CD, applications are not shrink-wrapped software anymore, but have become a service,” says Ivan Novikov, CEO, Wallarm. “And to protect this service, security and test automation needs to become a continuous service as well.” On the other hand, security teams don’t have the required time or expertise in place to manually adjust security rules and test the releases every time for possible security vulnerabilities. Simply put, in the current scenario “application development is adaptive, but legacy security tools are not,” Novikov adds. This is where Wallarm comes in.

Wallarm provides a next generation adaptive Web Application Firewall (WAF) and vulnerability scanner, which is ideal for fast-changing web application environments. Through advanced machine learning capabilities that monitor real-time traffic, Wallarm’s WAF identifies attacks and potential vulnerabilities that may affect the web application or API. Our service is automated, provides low rate of false-positives and operates at the speed of the load-balancer, which enables high levels of security without impeding application performance and operation,” explains Novikov.

Developers can easily install Wallarm Nodes (agents) within their existing environment to monitor and filter incoming web traffic round-the-clock. Each node is equipped to block malicious requests and send traffic metrics to Wallarm Cloud, which employs machine learning to continuously update and redefine its block rule set. “With our cloud service, customers draw in knowledge collected from security attacks from anywhere across the web and safely verify that the protected application is not vulnerable,” states Novikov.

Wallarm introduced hybrid approach making it possible to use machine learning at cloud scale but keep traffic at customer infrastructure. Only impersonal metrics and malicious requests go into the Wallarm Cloud; no sensitive or personally identifiable data are uploaded. The scanner in the Wallarm Cloud inspects applications for vulnerabilities and verifies detected attacks for possible data breaches.”

Our service is automated, provides low rate of false-positives and operates at the speed of load-balancer, which enables high levels of security without impeding application performance and operation

Once vulnerabilities are detected, Wallarm describes them in a language understandable to software developers and suggests appropriate correction recommendations from a specialized knowledge database.

As a next generation security tool, Wallarm integrates in NGINX load balancer to effectively solve scalability challenges and uses machine learning to continuously generate security rules. “Our solution generates on-the-fly security rules based on derived application logic, payload parameters, and cloud intelligence,” explains Novikov. “Every potential problem is checked via a vulnerability test before alerting a human administrator.”

A number of companies rely on Wallarm to detect anomalies and block attacks without latency. In one instance, Acronis, an enterprise backup solution, was looking for a solution to analyse traffic for its APIs and applications and figure out which attacks might be dangerous. Another company - NASDAQ-listed QIWI chose Wallarm for its DevOps-ready and high performing model. “They liked the idea about continuous security checks and made them a part of the security playbook,” asserts Novikov. Wallarm was deeply integrated into the default stack, which allowed QIWI to easily apply protection to all their projects.

As enterprises opt for automated security solutions that require minimum human intervention as possible, Novikov believes that the demand for advanced solutions like that of Wallarm’s will continue to increase. When it comes to that, Wallarm looks poised to achieve new heights in web application security by employing newer technologies to empower more clients.


Menlo Park, CA

Ivan Novikov, CEO

Delivers next generation WAF and continuous vulnerability scanning in the web application layer, designed to help innovative cloud companies to bring in agile actionable security into their CI/CD DevOps environment