tencent cloud

Security OPS teams are overwhelmed by ever-increasing zero-day vulnerabilities. Relying on Tencent's top threat intelligence capabilities, WAF actively detects and promptly identifies high-risk web vulnerabilities and zero-day vulnerabilities and generates protection rules accordingly. Protected users can use WAF to combat emergent and zero-day vulnerabilities without performing any operations, safeguarding websites from ever-emerging web vulnerabilities.

• Tencent's professional security team offers 24/7 response services for such vulnerabilities.
• Patches will be made available within 12 hours after identification for high-risk vulnerabilities and within 24 hours for common vulnerabilities.
• The attack protection strategies of WAF are automatically updated in the cloud and then uniformly distributed globally in just seconds.

WAF boasts a proprietary rules-based bot and crawler management module that can differentiate between friendly and malicious bots and crawlers and utilize corresponding management strategies such as letting through the traffic of search engine bots and blocking the traffic of malicious item information crawlers. This feature reduces resource consumption, information leakage and business competition caused by malicious bots and crawlers while ensuring the normal operations of friendly ones (such as search engine bots and advertising programs). Learn more.

• WAF supports the identification of many types of known bot and crawler behaviors, including but not limited to feed fetching, advertising, screenshotting, search engine crawling, website monitoring, link querying, utility crawling, vulnerability scanning, virus killing, web crawling and speed testing.
• It can intelligently identify undisclosed and malicious crawler programs and crawler traffic with exceptions by using AI technology to model and learn business traffic characteristics, normal human access behaviors and bot access behaviors.
• The bot behavior identification rules of WAF can be customized based on the referer characteristics, UA characteristics, request rate, number of times, parameters, path characteristics, IP range, etc.
• Bot behaviors and blocking details can be classified and displayed graphically to provide a basis for bot management decision-making.
• Strategies for "monitoring", "blocking" and "letting through" can be flexibly configured.

Attacks such as web attacks and system vulnerability exploits operate the backend database, resulting in the leakage of sensitive data like user identity and contact information stored in the database. For data thefts, WAF provides pre-, mid-, and post-event strategies:

• Pre-event: WAF hides server information such as response codes and database error messages and identifies and blocks hacking scans to prevent footprinting and vulnerability detecting by hackers and increase the difficulty of hacking.
• Mid-event: WAF detects and blocks hacking and intrusive behaviors such as SQL injections and web shell uploads to prevent the database from being further intruded on by hackers.
• Post-event: WAF features custom information leakage protection rules that automatically enable data replacement strategies for detected data thefts, i.e., replacing and hiding sensitive data (such as phone numbers and ID card numbers) in the attack response transmission to prevent the data from being acquired by hackers.

WAF comes with time-tested CC attack protection algorithms, which intelligently and efficiently filter out spam access requests by blocking numerous malicious requests at layer-4 and layer-7. This effectively defends against CC attacks, protects business data from malicious crawling and guarantees the stability of normal business access.

• CC attacks can be identified based on access frequency and criteria.
  Strategies for "access blocking" or "human-machine recognition" can be enabled.
• The punishment duration can be customized.

After WAF is deployed for a website, the core webpages can be cached to the cloud and the webpages in the cache can be published instead to implement webpage substitution. After the deployment, any changes to webpage content will be published only after they are synced to the cloud-based cache in WAF, ensuring that the updates of the protected webpages are controllable and reliable:

• If the real server is tampered with due to attacks, the content published is still that of the normal webpages in the cache, which prevents the tampering event from spreading.
• During sensitive periods, the content published can be locked as that of the webpages in the cache, intensifying protection against tampering during sensitive periods.

WAF offers a simplified cloud-based web application firewall protection and management experience. In addition, it allows the flexible configuration of protection strategies, making it easy to meet the defense needs of special businesses.

• Custom defense rules: Web attack protection measures can be configured according to refined custom defense rules that are based on IPs, URL paths, referers and POST parameters.
• Region-specific blocking: WAF supports extensive region-based blocking that blocklists all access requests from a specific region such as a province or country
• Protection mode: The "blocking mode" or "observation mode" can be chosen based on your actual business protection needs.

Business offerings are often subject to DDoS attack threats. For abrupt high-volume DDoS attacks, WAF provides the function to access Tencent Cloud's Anti-DDoS system with one click, which synchronously covers core regions and seamlessly integrates with hundreds of gigabytes of protection packets to hide real servers and defend against massive DDoS attacks.

Anti-DDoS Advanced offers 2 Gbps of free basic protection bandwidth that can meet the daily needs of enterprise users for secure business operations.

WAF takes advantage of Tencent Cloud's platforms to guarantee the availability of business traffic.

WAF clusters can be deployed in multiple regions with their loads distributed globally to avoid single points of failure.

A highly available elastic scaling architecture is used among nodes, which can quickly migrate and restore data in case of faults and scale the protection capabilities on demand.

The protective cluster resources for different users are isolated to eliminate the potential interplay among business protection services.