A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. WAFs can come in the form of software, an appliance, or delivered as-a-service. Policies can be customized to meet the unique needs of your web application or set of web applications. Although many WAFs require you update the policies regularly to address new vulnerabilities, advances in machine learning enable some WAFs to update automatically. This automation is becoming more critical as the threat landscape continues to grow in complexity and ambiguity.

WAF Deployment Modes:

• Cloud-based + Fully Managed as a Service—this is a great option if you require the fastest, most hassle-free way to get WAF in front of your apps (especially if you have limited in-house security/IT resources).
• Cloud-based + Self-Managed—get all the flexibility and security policy portability of the cloud while still retaining control of traffic management and security policy settings.
• Cloud-based + Auto-Provisioned—this is the easiest way to get started with a WAF in the cloud, deploying security policy in an easy, cost-effective way.
• On-premises Advanced WAF (virtual or hardware appliance)—this meets the most demanding deployment requires where flexibility, performance and more advanced security concerns are mission critical.