Gcore launched Gcore WAAP, its end-to-end web application and API protection solution. Leveraging AI capabilities, Gcore WAAP integrates four products in one solution: web application firewall (WAF), application-layer DDoS protection, bot management, and API security, all managed through an intuitive user interface.
This comprehensive, multi-layered security solution protects digital assets across a wide range of verticals, including retail, financial services, healthcare, public sector, media and entertainment, and technology.
Gcore WAAP was developed following the company’s acquisition of the StackPath WAAP solution earlier this year, now enhanced with AI-driven features and integrated into Gcore’s trusted global edge platform with 180+ points of presence. This WAAP solution provides comprehensive protection for websites, applications, and APIs against evolving threats while also helping businesses meet industry standards, such as GDPR, PCI DSS, and ISO 27001, supporting data sovereignty and regulatory compliance.
Enterprise-level threat mitigation at the edge
Gcore WAAP continuously monitors and analyses web application and API traffic at the edge, mitigating threats before they reach protected resources. It automatically scales to maintain consistent protection without compromising web performance. With AI-driven threat detection, behavioural analysis, and machine learning, WAAP uses insights from Gcore’s edge platform to identify patterns of malicious activity. The solution addresses evolving threats, quickly adapting to new vulnerabilities and attack patterns to keep defences robust and up to date.
“With the launch of Gcore WAAP, companies can now manage web application and API protection from a single platform, leveraging advanced AI-driven features, and at a price that makes top-tier protection accessible to all,” commented Andre Reitenbach, CEO at Gcore. “Security does not have to be complicated and, with Gcore WAAP at the edge, we’ve made it easier than ever for our customers to protect their businesses and customers, wherever they are in the world.”
Summary of key product capabilities
- Web application firewall (WAF): Delivers robust protection against OWASP Top 10 threats and zero-day attacks. Highly configurable with custom and advanced rules, heuristics, and behavioural analytics to detect and block malicious traffic before vulnerabilities are exploited. Includes device-level fingerprinting for enhanced security.
- L7 DDoS protection: Mitigates application-layer DDoS attacks of any size with adaptive and behavioural protection. Monitors both regular IP and API traffic, using AI-based IP filtering, rate limiting, browser validation, and classification features to neutralise malicious traffic and maintain the availability of web applications.
- Bot management: Distinguishes between legitimate users, good bots, and malicious bots to protect against automated attacks and fraud. Uses behavioural analytics, JavaScript challenges, CAPTCHA detection, session management, and browser validation to defend against threats like scraping, credential stuffing, and brute-force attacks.
- API security: Leverages WAF and DDoS mitigation features to defend against targeted threats for enterprise-grade API discovery and protection. Employs proprietary ML-based IP filtering, AI-driven profiling with JA3 fingerprints, and heuristics-based behaviour adjustment to provide adaptive, robust defence against API vulnerabilities.
Gcore WAAP is a cloud-based solution ideal for both security professionals and those without technical expertise, offering out-of-the-box functionality or customisable configurations to meet specific requirements. With competitive pricing starting at just €55 per month, Gcore WAAP makes web application and API protection accessible to businesses of all sizes.