WAF Protection

Users with CloudGuard accounts created in the Infinity Portal can see which of their assets are protected by Check Point WAF. On the Protected Assets page, WAF Mode column, the asset has one of these indications:

  • Prevent - WAF protects the asset

  • Detect - WAF only shows the risk

  • Disabled - WAF is disabled

The Detect and Disabled indications do not impact the risk score of the assets.

With WAF protection, CloudGuard:

  • Identifies assets protected by CloudGuard WAF and the configured WAF mode.

  • Reduces the risk score if the asset has the Prevent indication.

    Note - CloudGuard reduces the risk score only if all public network paths to the asset pass through WAF.

  • Considers the CVEs and Toxic Combinations with the security domain of Vulnerabilities as less severe.

CloudGuard supports SaaS deployment and Gateway deployment of WAF on AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. EC2Closed Amazon EC2 - A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon data centers. instances. It identifies protected AWS EC2 instances, ECSClosed Amazon Elastic Container Service (ECS) - a fully managed container orchestration service that helps you deploy, manage, and scale Docker containers running applications, services, and batch processes. services, and Auto Scaling Groups. For these assets protected by WAF, CloudGuard can better identify the network topology visualized in the Context Graph (see Asset Details).

Note - CloudGuard WAF is not available for users with accounts created in the Dome9 portal.

One of the ERM dashboard widgets shows the impact of WAF on exposed assets.

For more information, see the CloudGuard WAF documentation.