Quttera's Cloud-Based Web Application Firewall (WAF) filters all incoming traffic to your website or application. Provided as a part of the ThreatSign! Website Anti-Malware platform Quttera's WAF blocks malicious visitors and requests like SQL injections, XSS, and other application-layer attacks as well as unknown (zero-day) threats.

A traditional firewall is application-agnostic. It filters traffic based on origin, protocol, and well-known patterns. Increasingly, though, attackers go after vulnerabilities in applications and content management systems. A conventional firewall won't recognize those threats. A WAF knows about application-specific attacks and stops them from getting through.

Tens of thousands of websites are hacked every day, many of them belonging to small businesses. Websites are popular targets because they're exposed to outside access and they offer a chance to cheat all the people who visit the sites. Strong protection is necessary to keep a website safe from the constant barrage of attacks.

Quttera's unique threat detection technology powers WAF traffic filtering rules, which are maintained by a dedicated team of seasoned security professionals. Our scanners are continually crawling the web and scanning millions of URLs for malware each month, and we use the information on detected threats and potentially suspicious activity to update the protection of our entire customer community immediately.

Quttera WAF proactively secures your website from cyber attacks. It monitors all incoming traffic and analyzes the requests before passing them on to your site. It filters out the traffic from known malicious resources and continuously adapts to the evolving threats to identify new, suspicious requests. Quttera WAF is a managed service that protects from application layer attacks.

We offer two easy deployment options. Endpoint WAF is installed next to the protected website, using a PHP hook on the website host. DNS WAF runs on our WAF server, receiving and filtering all requests before they reach your Web server. Each of these options has advantages, depending on your needs.

Quttera Website Firewall | How it works

Endpoint WAF requires local installation, but it benefits from its inside position. It can directly view the website environment and configuration settings. It can see all the websites on the server, and it sees application parameters in exactly the way the Web applications do. All traffic goes through the WAF, with no way to bypass it.

DNS WAF requires no installation, only a change in DNS settings so that our server receives all traffic sent to your IP addresses. Traffic which is flagged as malicious never reaches your server. Our infrastructure stops it from going any further. In addition to stopping hostile packets, this will mitigate many kinds of DoS attacks. Our infrastructure is certified ISO 27001 compliant. Adding HTTP filtering to block attempts to bypass the WAF is strongly recommended.

In either configuration, Quttera WAF complements the toolset of the vital defenses provided by the THREATSIGN! Website Anti-Malware platform to ensure all-around protection for your website.

Quttera WAF protects against a wide range of application security threats including:

  • OWASP Top 10
  • Virtual Patching
  • Security Misconfiguration
  • Shell Code
  • XML External Entities
  • Vulnerability Exploit
  • Brute Force protection
  • Bots (any kind of agent filtering)
  • Traffic blacklisted by geolocation
  • Uploading of malicious files
  • Cross-site scripting (XSS)
  • Injection, including SQL, CRLF, HTML, and HTTP header
  • Generic Attack

Quttera Website Firewall | Cyber Attack Protection

To protect against today's constantly evolving web-based attacks, a global ruleset is continuously updated with Quttera's threats intelligence database crowd-sourced from a worldwide network. Flexible, level-based configuration of the rules allows detailed customization according to your specific security needs. The default ruleset can be further adjusted by applying customer-level (e.g., domain-specific) rules and whitelisting based on parameters such as IP, URL, geo-data, REGEX, severity level, etc.

Quttera Website Firewall | Protection Rules

You can't always patch applications as soon as their vulnerabilities are known. Quttera WAF provides additional protection with virtual patching, also known as external patching or just-in-time patching. A virtual patch is a WAF rule that mitigates a specific vulnerability, even if the publisher hasn't issued a patch or it hasn't been installed. The code running in your application isn't modified.

We deploy the patch to the WAF as soon as it's available, so that you're immediately protected without having to stop and update your software. You should still keep your software up to date, but virtual patching closes the window of vulnerability and lets you schedule updates more conveniently. You get reduced risk and less downtime.

Quttera Website Firewall | WAF Configuration

  • Threat Intelligence from Quttera Labs & Heuristic engine
  • Alert only when there is a real threat
  • Updated when a new/unknown threat is detected

Quttera Website Firewall | WAF Update

Current version of the Endpoint WAF supports any web server running PHP. We plan to support other environments in later releases.

Get started »


Quttera Offers Free, Simple SSL Management for ThreatSign Usersn | Quttera

Blog: Quttera Offers Free, Simple SSL Management for ThreatSign Users

These days, maintaining an SSL certificate without letting it lapse is vital. The Quttera ThreatSign DNS WAF protects you against a broad range of threats and offers you free SSL management.

READ MORE

Using Quttera Web Malware Scanner Plugin to Clear WordPress Malware | Quttera

Blog: Using Quttera Web Malware Scanner Plugin to Clear WordPress Malware

The popularity of WordPress also makes it a target for attacks. Here’s how you can detect and clear WordPress malware with the Quttera Web Malware Scanner plugin.

READ MORE

Q1 2020 Quttera Web Application Firewall Statistics
 | Quttera

Blog: Q1 2020 Quttera Web Application Firewall Statistics

The Quttera Web Application Firewall guards your site against many kinds of cyberattacks, including ones that haven’t been seen yet. Here’s a look at Quttera’s Q1 2020 WAF statistics.

READ MORE



© 2021 Quttera Ltd. All rights reserved.