CloudFence (WAF)

Patented WAF technology that makes it easy to stay protected. Analyse incoming traffic, detect suspicious activity and defend against malicious attacks.

Cloud Fence

Protect Your Site from 2,000 threat types in realtime.

Cloudfence is a cloud-based Web Application Firewall (WAF) that filters all requests sent to and from your webserver. Many hacking attempts start with malicious code or malware being sent to a web server disguised as a genuine, harmless request. Cloudfence detects these malicious requests and blocks them, allowing access to genuine users only and keeping your application safe.

Total Website Security

Cloudfence provides the strongest application security option on the market, offering protection from some of the most common methods of hacking currently used, including The Top 10 defined by Owasp. In the field of banking and ecommerce, a security breach can seriously damage your reputation and give customers cause for concern when providing their sensitive data. Thanks to the preventative nature of Cloudfence, attacks are shut down at the surface level, ensuring full data protection and allowing customers to shop online with confidence.

How It Works

  • 1
    Step 1: Intelligence

    The first step in acquiring the protection of Cloudfence is to migrate your services over to our secure servers. Cloudfence then works at the application layer to filter through all HTTP requests between users and the web server. By using intelligent AI and a series of complex algorithms, the monitored traffic is inspected, and certain behaviour patterns are remembered. Once a potential attack has been recognised and the distinct pattern has been learnt by the AI, a unique digital fingerprint is created and stored. This can then be used to identify similar threats in real-time, providing a truly adaptive form of cyber-security.

  • 2
    Step 2: Easy, Fast, Flexible

    Cloudfence offers a fully customisable security solution that can work to protect all web applications, regardless of their requirements. By creating and managing custom rulesets, our security team can guarantee that you are constantly given up-to-date protection. This dynamic functionality is essential to defend against the ever-growing list of hacking methods used. Additionally, by continually assessing your genuine traffic, these rulesets can be modified to ensure that legitimate users requests are not affected.

  • 3
    Step 3: Analytics

    It is estimated that roughly 50% of all user web traffic is made up of bots. These automated computers are often controlled by hackers with the purpose of scraping data, compromising security or stealing sensitive information under the guise of a genuine human user. With the use of bots being so prevalent, protecting your web application against them is essential. Cloudfence features state-of-the-art bot detection technology to distinguish between genuine user requests and bogus, automated requests that could potentially be a threat. By working at the application layer, Cloudfence protects the core application itself, providing a secure line of defence against all automated threats.

  • 4
    Step 4: Requests

    What separates a dedicated WAF like Cloudfence from a regular network firewall, is its ability to distinguish between genuine and fake user requests. SQL Injection, Cross-site scripting and hundreds of others popular hacking methods use targeted attacks disguised as real requests to access a web application. By filtering all requests and identifying bogus traffic, a dedicated WAF can keep your application secure while granting full access to genuine users.

CloudFence Protects From


The most common injections are SQL related, even though SQL is not the only language used. It entails injecting SQL language into, for instance, a web form.

Broken Authentication and Session Management

The simplest example involves a URL containing session identifiers, which one sends to a friend via email. If the server does not check a complementary element, the second person will be able to use the account of the first person as if he or she

Cross Site Scripting (XSS)

Often called XSS, those attacks are among the easiest ones to set up. The concept is formidably simple: to make a website process JavaScript where there should be none.

Insecure Direct Object References

It is common for a page on a website to include resources from another data frame of reference. This has to be done through the mediation of a secure access or a filtration, to avoid unauthorised resources being included.

Security Misconfiguration

This category is very large since it covers many subjects. Are services up to date? Well protected by strong enough passwords? Are configurations adjusted to prevent important information from being divulged or mistakenly accessible?

Sensitive Data Exposure

OWASP guidance on data encoding states that any sensitive data must be protected to avoid clear access, and no sensitive data should be accessible from the outside.

Missing Function Level Access Control

The basic idea is to never rely on security implemented on the client’s side; security and it’s mechanisms should be handled in a controlled environment i.e. on the server.

Cross-Site Request Forgery (CSRF)

This is a flaw that will affect web applications whose functionalities are known - such as adding a user account, changing a password, adding files to known systems such as WordPress. This technique requires an element of social engineering.

Using Components with Known Vulnerabilities

If using a component with known vulnerabilities in your environment, you must expect an attacker to use it. It is important to understand that software that is not known to be vulnerable right now may become vulnerable in the future.

Unvalidated redirects and forward

This category covers attacks that are led during redirects. Typically, 30x HTTP codes are used to redirect a user from a page to another, depending on some parameters. If the destination URL of the redirect is put as a parameter in the original page URL, then an attacker could modify this redirection by changing the URL which was put as a parameter.

Our Solutions

  • Cloud Web Application FireWall (CloudFence)
  • DDoS Protection (HostGuard)
  • AI Monitoring, Detection & Prevention
  • Global Distribution (CDN)
  • Safe DNS Management
  • Security Audits & PCI Compliance