Best cloud firewall | TechRadar

If your business uses any web applications, they’re most likely connected to the internet round the clock. This makes them vulnerable to a variety of hacking attempts such as XSS (Cross Site Scripting) and DDoS (Distributed Denial of Service). 

You can reduce the risk of data theft and downtime by using a cloud-based firewall to protect your website and apps. This means the firewall will continue running even if you’re on-site server goes down.

In this guide you’ll discover some of the very best cloud firewalls on the market today, each of which can be setup easily with your own set of custom rules. 

1. CloudFlare WAF

An attack against one is an attack against all with CloudFlare’s advanced firewall rules

Free tier

Customizable rules

Some report delays

CloudFlare is a company that provides content delivery services, DDoS mitigation, Internet security and distributed domain name server providers. It was founded in 2009.

The solution monitors the internet on a regular basis for any new updates such as attacks and vulnerabilities. Anything that is considered a threat to the majority of their clients automatically have WAF (Web application Firewalls) rules enabled. These will protect all internet properties. Constant updates ensure that CloudFlare’s protection is in place at all times.

Cloudflare deals with a huge number of requests every hour with the solution identifying and blocking new threats. Due to their large customer base, the platform is able to rely on a collective intelligence when it comes to eradicating threats. This means that when one customer creates a new WAF rule, CloudFlare decides whether it applies to all other domains on their network.

CloudFlare has a free tier. This includes unmetered mitigation of DDoS, global CDN, shared SSL certificate and 3 page rules. Additional rules can be purchased through CloudFlare’s dashboard.

The ‘Pro’ package is $20 (£15.55) per month which includes Web application Firewall (WAF) with CloudFlare rulesets, mobile optimizations with Polish and 20 page rules.

For $200 (£155.54) per month, the ‘Business’ plan comes with WAF with 25 custom rulesets, 50 page rules and custom SSL certificate upload. 

The ‘Enterprise’ tier includes 24/7 enterprise grade phone, chat and email support, 100 page rules, named solution and customer success engineers.

Some users have reported delays with analytics and log systems.

2. Amazon Web Services WAF

Amazon have outdone themselves with their simple to use firewall

Easy to use

Free tier

Minimal setup

Amazon Web Services is part of It provides on-demand cloud computing platforms to individuals and businesses. As part of this subscription, users have access to AWS WAF

AWS WAF is a web application firewall which protects web applications from threats which could compromise their security or consume resources. The solution itself is straight forward and easy to use. 

Users can create custom made rules designed to block common attack patterns such as cross-site scripting. The solution has a full featured API which allows users to automate the creation, deployment and maintenance of all rules in use.

AWS WAF works by charging you for each new rule you create. You are not charged a set price every month but you do have to be subscribed to Amazon Web Services to access this feature.

Amazon Web Services include a 12 month fully featured free trial.

3. Sophos XG Firewall

Sophos UTM offers the best of British in cloud security

Multiple security features

30-day free trial

Some UI issues

Sophos is a British security software and hardware company. It develops products for communication endpoint, encryption, network security and unified threat management.

Sophos XG Firewall is a unified threat manager which also acts as a firewall. It also acts as application security and wireless gateway.

Users can manage settings from Sophos’ ‘Control Center’. From here subscribers  can access the utilities dashboard. This allows you to view your network, users and applications. You can also add Sophos ‘iView’. This provides centralized reporting across multiple firewalls.

The XG Firewall management interface gives users an overview on features such as traffic insights, system statistics and firewall rules.

Sophos offers users a 30-day free trial. This includes IPS, ATP, Sandboxing, Dual AV, Web and App Control, Anti-phishing and Web Application Firewall. Subscribers need to contact Sophos directly to receive a quote.

Some commentators have complained the UI is not intuitive and cannot be customized.

Akamai Kona Site Defender

4. Akamai Kona Site Defender

Double up your protection with Akamai’s firewall and DDoS circumvention

Built-in DDoS protection

Intuitive dashboard

Full product information not on site

Akamai Technologies is a content delivery network and cloud service provider. It was founded in 1998.

Akamai Kona Site Defender integrates DDoS protection with its web application firewall. DDoS services identify and neutralize threats from IP addresses by using a scale system from 1 to 10. These scores are based on the IP addresses ability to source suspicious traffic. Scores are then used to allow, alert or block based on the severity of the score. Users can also customize settings so they can choose which IP addresses they want blocked.

The web application firewall inspects individual traffic. Any malicious attacks are eradicated. This tool only works against web-based attacks.

Users can use the management dashboard to access information such as reports and attack rates. The utility requires very little customization.

Subscribers will need to contact Akamai directly in order to start their free trial and to get a quote.

Online commentators have said they regret more information about the product isn’t available on Akamai’s website.

5. Incapsula

Incapsula is a digital swiss army knife of security tools

Free trial

Multiple security features

Not competitively priced

Incapsula is a cloud-based application delivery platform. It provides web application security, DDoS mitigation, content caching, application delivery and load balancing through a global content delivery network.

Incapsula Web Application Firewall works as a gateway for all traffic coming to your online services. It filters out malicious visitors and requests such as SQL injections and XSS attacks.

The solution uses several layers of security policies to identify threats. These are maintained by a security team. Incapsula uses attack information from their network to provide protection for their users.

Incapsula has 25 data centers around the world which ensures 24/7 monitoring.

The ‘Pro’ package is $59 (£45.89) per site per month which includes bad bot protection, good bot management, web application firewall, PCI DSS compliance and custom security rules.

The ‘Business’ plan is $299 (£232.58) per site per month with extras such as application layer DDoS protection and 10-second mitigation guarantee.

Users interested in either the ‘Enterprise’ package or a free trial will have to contact Incapsula directly for more information.

Online commentators have noted that Incapsula is not as competitively priced as other firewall applications.

Top Image Credit:  Ganapathy / Wikimedia 

Be the first to comment

Leave a Reply

Your email address will not be published.