WAF for Kubernetes
Wallarm Cloud Native WAF automates application protection. Installed directly on an NGINX Ingress controller. In Kubernetes clusters Wallarm protects containerized applications, microservices, and APIs in private and public clouds.
Easy deployment in Kubernetes
  • Deploys as instrumented Kubernetes communities Ingress Controller or NGINX Plus Ingress Controller
  • Installs as a sidecar Docker container within Kubernetes pods
  • Supports Google GKE, Amazon EKS, and Azure AKS or Kubernetes in private cloud
  • Deploy and manage with Spinnaker. Monitor with Prometheus
  • Licensing model which allows dynamic deployment of nodes and Kubernetes clusters
Protect Cloud Native Apps
  • Secures a variety of API protocols including JSON, XML, SOAP, and others
  • XSS, XXE, SQL Injections, RCE and other OWASP Top 10 threats protection
  • Brute-force attacks, dirbusting, and account takeover (ATO)
  • Application abuse and logic bombs
  • Bots
No Manual Rule Configuration
  • Eliminate false positives without tuning
  • 90% of customers use Wallarm Kubernetes WAF in blocking mode
  • Signature-free rules are created automatically and customized for every application
Wallarm WAF for Kubernetes
Integrates with Kubernetes infrastructure

Stronger Native Security for Kubernetes

Provide and support stronger native security for Kubernetes infrastructure with Wallarm. Wallarm’s node for Kubernetes natively deploys with an Ingress controller to provide API security and L7 protections for distributed applications. The management of the Wallarm image is performed with a standard Helm Package Manager or by using kubectl. To install the Wallarm-instrumented controller, you can add it from an existing HELM repository. Full deployment instructions are available at the documentation portal.

Monitoring with Prometheus

Wallarm natively integrates with Prometheus for streamlined monitoring of the APIs and their security. The service is monitored by collectd; information on the number of requests, number of attacks, number of blocked attacks and a variety of error conditions can be exported in JSON format or directly into Prometheus.

Security in CNCF Community

With protected microservices, attack mitigation, and DevOps-friendly post analytics, Wallarm brings true security and ease-of-use to the centerpiece projects of LF and CNCF communities.

API and Integrations

Full open API:

Operational controlsData retrieval

Out-of-the-box integrations:




Certified environments

Public clouds:




Private / Hybrid clouds:

VMmware VMDocker / Kubernetes
The environment is very dynamic, and there are a lot of applications and APIs to protect, so we needed a solution that is automated, self-tuning, and centrally managed.
We tried to use mod_security, but there was a lot of pain with the complicated rules / signatures and non-stop false positives.
Wallarm was able to profile the normal operation the web infrastructure and identify the application-layer (L7) DDoS attack.
Запрос на бесплатное тестирование
Спасибо за ваш интерес. Мы свяжемся с Вами в скором времени.
Меня интересует:
Available Resources