Topwalk-WAF - 拓尔思天行网安

Home

Products

Network security

Topwalk-FW

Topwalk-TBG

Topwalk-ACG

Topwalk-IPS

Topwalk-IDS

Topwalk-VSS

Topwalk-ADD

Topwalk-INP

Topwalk-LB

Topwalk-ATMS

Topwalk-ASG
Cross Domain Solutions

Topwalk-GAP

Topwalk-FGAP

Topwalk-UIS

Topwalk-BOP

Topwalk-BSSP
Data Security

Topwalk-PPCP

Topwalk-WAF
Security management

Topwalk-PDS

Topwalk-GAS

Topwalk-DAS

Topwalk-LAS

Topwalk-IBMS

Solutions

Services

Company

CN 

Topwalk-WAF

Topwalk Web Application Firewall (Topwalk-WAF) is based on signature-based protection, integrating six major security engines including intelligent semantic analysis, machine learning, active defense, threat intelligence, and intrusion prevention to build an in-depth defense system of "active + passive". It not only protects Internet-facing Web applications but can also be deployed in front of internal Web application servers to prevent internal threats through access control and business audit, comprehensively improving Web application protection capabilities.

Home > Data Security > Topwalk-WAF

Core Values

Situation Monitoring

The system has a built-in situation analysis module. Without linking with monitoring devices, it can visually analyze traffic events and attack events, support drilling down into key information, and display it in a large-screen format.

Web Attack Defense

With a built-in fine-grained signature database, it can effectively block OWASP TOP10 attack behaviors, fully covering major security threats to Web applications. It supports customizing rules based on specific attack fields and executing corresponding processing for potential attacks through signature matching.

Business Security Protection

Provides specialized reinforcement capabilities for application businesses, equipping various applications with multi-layer detection and defense modules such as brute-force attack protection, weak password detection, session security protection, CGI protection, human-machine identification, and access sequence control to ensure business security.

DDoS Protection

Has professional-level DDoS protection capabilities, capable of effectively detecting and cleaning DDoS attacks. For common DDoS attack types on the Internet, it provides multiple protection templates to effectively block attacks and ensure the safe and stable operation of servers.

Product Advantages

Intelligent Semantic and Machine Learning Protection

Adopts intelligent semantic analysis algorithms to realize context-based attack detection, improving protection rate while reducing false positive rate;

The machine learning system learns normal traffic data of protected assets, counts all sites, URLs, and request parameters, builds normal models and generates protection strategies to detect and protect abnormal traffic outside the models.

BOT Protection, API Security, Scan Trap, and Honeypot Protection

- Through verification codes, dynamic tokens, and intelligent rate limiting technologies, it effectively resists various automated attacks and transaction fraud, preventing black industry from damaging internal networks and online businesses, and ensuring business operation and user data security;

- Can identify security attacks targeting APIs and provide real-time protection;

- Identifies and captures scanning behaviors based on hidden traps, actively intercepts hacker attacks, and defends against malicious scanning;

- Integrates a lightweight honeypot system, which can accurately capture attack behaviors and conduct traceability analysis of attackers through disguise, data entrapment, threat data analysis and other capabilities.

Threat Intelligence Defense and Intelligent Blocking Protection

By connecting to threat intelligence databases, combined with algorithm models such as intelligent fusion, sequential matching, and weighted matching, it aggregates multi-source threat intelligence data, and achieves real-time protection based on threat intelligence through high-frequency update interaction with intelligence sources;

From two dimensions of attack frequency and hazard level, it adopts a unique intelligent blocking algorithm to effectively defend against high-frequency attack behaviors.

Bypass Mirror Active Defense

For complex and critical network boundaries, serial deployment or topology changes may trigger single-point failure risks. Traditional bypass detection solutions require manual adjustment of firewall rules to block threats, resulting in insufficient protection agility and timeliness. The system supports active defense in bypass mirror mode, perfectly solving the shortcomings of protection capabilities and timeliness of traditional solutions.

IPv4/IPv6 Dual-Stack Protection

Supports deployment in pure IPv4, pure IPv6, and mixed IPv4/IPv6 environments, helping customers smoothly complete the business transformation from IPv4 to IPv6.

Application Scenarios

As core network business systems, Web applications have high stability requirements and diverse needs for security product deployment modes. Topwalk-WAF can be highly integrated with customers' network architectures, supporting multiple protection methods such as mirror monitoring, mirror blocking, transparent flow, transparent proxy, and reverse proxy, meeting customers' security management requirements.