New AI-powered attack explanations

Enterprise WAF.
Powered by AI.

Block attacks, tune rules, and protect every site you own — all from one simple dashboard. Set up in minutes, not weeks.

Try Now Watch the product
Local team, local support Minutes to protected Transparent & auditable

Overview

Last 24h · shop.example.com
Attacks over time
All traffic, allowed and blocked, across the selected window
All Allowed Blocked
Live threat feed
Blocked requests, most recent first
Live
  1. shop.example.com
    POST/login?id=1' OR 1=1--
    US185.244.12.9
    Crit
  2. shop.example.com
    GET/admin/.env
    RU45.79.11.2
    High
  3. api.example.com
    POST/api/search {"q":"<script>..."}
    CN104.28.9.11
    High
  4. portal.acme.io
    GET/wp-login.php
    NL51.143.22.8
    Med
  5. shop.example.com
    POST/checkout/../../etc/passwd
    BR177.54.148.9
    Crit
View all logs →

Everything your team asks for, in one console

Every request logged Complete audit trail Role-based access Secure sign-in 24/7 monitoring
Global attack surface

Attacks come from everywhere.
Blocked before they reach you.

Scanners, bots, credential-stuffers, exploit probes — hitting your sites from every corner of the internet. CyWAF inspects each one and drops the bad ones at the edge. Nothing reaches your origin unless you'd want it to.

  • Attack origin detected
  • Request inspected
  • Origin protected
The platform

Six capabilities that make CyWAF different.

A full-stack application-security platform — not a single-purpose tool. Each pillar works standalone and they compound when used together.

Multi-Site Protection

Every site you protect runs in its own isolated zone. A misconfigured rule on one site cannot touch any other — true per-site isolation, managed from one console.

Proven Attack Blocker

The full OWASP Core Rule Set plus our own CyRules managed rules — SQL injection, cross-site scripting, remote code execution, scanners, and more — on with one click. New rules are live on your sites the day they ship. Pin a version, or stay on the latest.

AI Threat Detection

Our AI engine scores every request for attack probability — catching disguised payloads, brand-new variants, and zero-day attacks that rule-based protection alone would miss.

Real-Time Analytics

Every request, every blocked attack, every rule trigger — searchable, filterable, with charts for traffic patterns, geo, and top offenders. Ready for forensics or the boardroom.

Visual Rule Builder

Build protection rules by picking conditions from dropdowns — no code needed. Advanced users get an expert mode for fine-grained control. Group, reorder, enable, disable — business-specific protection in minutes.

Instant Rule Changes

Rule changes take effect immediately — no restarts, no deploys, no downtime. Ship a rule change during an incident and watch it enforce in seconds.

The AI layer

Beyond signatures.
Learn what your attackers look like.

CyWAF uses a purpose-built AI engine trained on real-world web attack patterns. Every request gets a probability score, and a built-in AI assistant turns technical alerts into plain-English explanations your whole team can read.

  • Catches novel attacks Zero-days, disguised payloads, and new variants that signature-only tools miss.
  • Confidence-scored findings Every flagged request carries an attack-probability score and a preview of the payload.
  • Human-readable explanations An AI assistant translates technical rule references into why it matters and what to do.

Live detection in action

POST /api/search Host: shop.example.com Content-Type: application/json { "q": "1' UNION SELECT password FROM users--" }
0.94
SQL injection attempt detected
Confidence 94% · Clear match on known attack patterns
LLM Explanation
This request attempted a SQL injection through the q parameter — a classic attempt to pull password data from the users table. Both our signature rules and the AI engine flagged it — blocked with high confidence.
Per-class distribution

Not just a verdict.
A shape.

Every request is scored against every attack class our AI recognizes — not a binary block/allow. The radar shows the engine's certainty and its second-guesses, so you can tune thresholds per class instead of one global dial.

  • Driver class — what the decision is about
  • Secondary signal — worth watching
  • Background noise — safe to ignore

Class distribution

POST /api/search · 2 ms ago

AI · 0.94
Time-to-protected: minutes

From DNS change to blocked attacks, fast.

Three steps. No kernel modules, no sidecars, no weeks of tuning.

1

Point your DNS

Add your site. Update your DNS to route through CyWAF. TLS terminates at the edge; your origin sees only clean traffic.

2

Enable protection

Turn on attack protection with one click. Enable AI detection. Add IP reputation feeds. Set rate limits that make sense for your app.

3

Watch threats get blocked

The dashboard lights up. Review every blocked attack with full context, tune rules on the fly, and ship custom rules in seconds.

Custom rules

Visual builder for teams.
Expert mode for power users.

Defend against attacks specific to your stack — your endpoints, your business logic, your quirks. Pick conditions from dropdowns or drop into expert mode for fine-grained control. Either way, the same engine enforces them.

  • Group rules, reorder priority, enable/disable without deleting
  • Rate limits by IP, path, method, header, or any combination
  • Path-scoped file extension blocks — block .php only in /uploads/
  • Reusable IP groups with built-in threat intelligence feeds
When REQUEST_URI matches /admin/*
AND REMOTE_IP not in office_ips
AND METHOD in POST, PUT, DELETE
Then block severity: HIGH 
# Block unauthorized writes to admin
rule "unauthorized-admin-write" {
    when path starts_with "/admin/"
     and remote_ip not_in office_ips
     and method in (POST, PUT, DELETE)
    then block, severity: HIGH, log
}
Multi-site protection

One dashboard.
Every site.
Zero cross-contamination.

Each site you protect runs in its own isolated protection zone. Settings, rules, and logs stay completely separate — so a rule change or false positive on one site never touches any of the others.

  • Isolated rule sets, isolated configs, isolated logs
  • Per-domain snapshots — revert a bad config in one click
  • Clone a known-good config to a new domain instantly
  • Role-based access — different domains, different permissions
shop.example.com
Base onAI on
api.example.com
Base onCustom rules: 14
portal.acme.io
Base onRate 8
www.example.com
Base onAI on
admin.acme.io
Base onIP gate
static.cdn.co
Base onExt block
6 domains protected All healthy · 0 incidents
625+
OWASP Core Rule Set + CyRules managed rules — live the day they're published
Tunable
Per-site balance — speed vs coverage, detect vs prevent
Seconds
Rule changes apply without redeploys
< 10 min
From DNS change to first blocked attack
Built for teams

Governance your auditor will love.

Every setting change, every rule edit, every login — logged and replayable. The compliance answers are waiting in the dashboard.

Immutable Audit Log

Every change in the console — who, what, when, before/after — recorded for SOC 2, ISO 27001, internal governance.

Settings History

Browse or revert any configuration change with before/after snapshots. "What changed last Tuesday?" answered in seconds.

Team Permissions

Invite teammates and scope permissions per site. Security team sees logs, dev team edits rules, execs see the dashboard.

Secure Sign-In

Modern sign-in with optional multi-factor and single sign-on (SSO). No default admin accounts, no insecure defaults.

Config Snapshots

Point-in-time snapshots of each site's full protection setup. Roll back a bad change, or clone a known-good setup to a new site.

Notification Center

In-app alerts for security events and config changes. Stay informed without living in the dashboard.

Sensitive Data Redaction

Tokens, passwords, and personal data are automatically redacted in logs. Privacy-safe by default.

Account Protection

Built-in account lockout on failed sign-in attempts. We protect your apps from attackers — and we protect the console from them too.

Developer experience

Infrastructure-as-code,
not infrastructure-as-clickops.

Every console capability has a REST endpoint. Every service ships as a container. Every deployment has Kubernetes manifests. Your protection setup belongs in version control, and CyWAF makes that easy.

  • Full REST API — every resource under /api/v1/, versioned and stable.
  • Docker-nativedocker compose up from zero to protected.
  • Kubernetes manifests shipped in the repo — scale horizontally on any cloud or on-prem.
  • No vendor lock-in — built on open, proven technologies. Your data and rules are yours, in standard formats.
Read the docs
Terminal — CyWAF REST API
# Create a custom rate-limit rule via the API $ curl -X POST https://cywaf.example.com/api/v1/rate-limit-rules \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "domain": "api.example.com", "match": { "path": "/login", "method": "POST" }, "limit": 10, "window_seconds": 60, "action": "block" }' # Response — rule is live on all edges in < 1s { "id": "rl_2x9K", "status": "active", "applied_to": ["edge-1", "edge-2", "edge-3"], "update_time_ms": 187 }
Why trust CyWAF

No obscure magic. No vendor lock-in.

Reviewable foundations, continuous security scanning, and clear visibility into every request we protect.

Open foundations
  • Built on reviewable technologies
  • Industry-standard attack signatures
  • No secret sauce
  • Continuously updated
Continuous security
  • Automated vulnerability scans
  • Dependency auditing
  • Secret-leak detection
  • Fast update cadence
Privacy & compliance
  • Complete audit trail
  • Role-based access
  • Per-site data isolation
No lock-in
  • Clean REST API
  • Standard log formats
  • Open integration points
  • Your data, your control
Automated vulnerability scans · Dependency auditing · Secret-leak detection · Responsible disclosure
CyWAF vs other vendors

Global-grade protection, without the global-vendor friction.

The capabilities you expect from a major WAF — paired with local engineering support, flexible deployment, and pricing that actually fits MENA budgets.

Capability
CyWAF
Other vendors
Local support teamPeople who know your stack
Engineers in your timezone · response in hours
Global queue · tiered escalation · days to reply
Data residencyWhere your traffic logs live
Stays in your region · MENA-hosted option
Ships across borders by default
DeploymentHow it runs in your environment
Self-host, cloud, or hybrid
Vendor cloud only · one shape fits all
OWASP Core Rule SetIndustry-standard signatures
Same day as OWASP publishes · plus CyRules managed set
On vendor cadence · weeks behind
AI attack explanationsUnderstand every blocked request
Built-in · plain-language reasoning per request
Premium add-on or unavailable
Custom rule authoringWrite rules that fit your app
Visual builder + expert mode · included in every plan
Enterprise-tier only · limited expressiveness
PricingWhat you'll actually pay
Flat · region-priced · predictable bill
USD-pegged · per-request fees · surprise overages
Vendor lock-inCan you leave if you need to
Standard SecRule syntax · logs in open formats
Proprietary formats · data tied to their cloud
OnboardingFrom signup to protecting traffic
Minutes · direct help from the team that builds it
Weeks of procurement · docs-first rollout
Generalized comparison based on publicly available pricing, documentation, and customer feedback from major global WAF vendors. Your mileage may vary — we're happy to walk through a side-by-side for your specific stack.

Ready when you are.

Protect your first site in under 10 minutes. Talk to us to get set up for your organization.

Try Now