Web Security

Managed Web Security Report: Q3 2020

Learn about the latest cyber threat trends and what you can do to protect your business.

Download the report
Web Application FirewallSecurity Application Manager (SAM)Dual WAF ModeAccess Control RulesRate Limiting RulesManaged RulesCustom WAF RulesSIEM IntegrationSecurity DashboardRest APIBot Manager

Security that moves as fast as your business.

Verizon Media Web Security is comprehensive protection for your applications and data. Our innovative security technology reduces your time to mitigate threats, enabling you to predict the impact of change management so you can take action to stop advanced threats at the edge before they’re able to reach critical web infrastructure. Protect your users, business and reputation. This is where you start.

Web Application Firewall

Our web application firewall (WAF) shields your business—and your reputation—from the latest in application-layer attacks. It protects your website and apps from a range of sophisticated attacks, including cross-site scripting (XSS), SQL injection (SQLi), large-scale distributed denial of service (DDoS), and more, so your business remains available and online at all times.

Security Application Manager (SAM)

Get a high-level view of all your web applications and the rules that are activated. SAM enables you to define and enforce granular WAF rules by a specific domain with the power to share configurations across your entire application ecosystem, saving you time and improving your time to protection and accuracy.

Dual WAF Mode

Maximize protection while increasing productivity. Dual WAF mode lets you analyze rule changes against production traffic without disabling your production WAF. Dual WAF mode enables faster, more accurate deployment of security rules with zero WAF downtime. You never have to leave your web application exposed while you test.

Access Control Rules

Enforce access control to your web application based on request parameters. Create a deny/allow access list (ACL) from a group of request variables such as IP, geo, ASN, User-Agent and referer. The ACR controls who can and cannot access the web application. It also provides the ability to create a custom list of bad actors that should be denied across all your web applications using the WAF.

Rate Limiting Rules

Protect your application layer and API endpoints against DDoS attacks. Configure rate thresholds and enforce security based on rates of request. With faster, configurable propagation, more accurate targeting and a flexible penalty box that allows for temporary blacklisting of threats based on URL, you can mitigate data breaches and downtime, which can cripple your business.

Managed Rules

Get state-of-the-art protection based on industry standards such as generic, application-specific and proprietary rules kept up to date by our security experts monitoring the web 24 x 7. Managed rules are configured to maximize detection and minimize false positives to optimize the performance of your website.

Custom WAF Rules

Define security logic on your terms. Create simple or complex WAF security rules via matching multiple combinations of request network data, header, URL, cookie and body. This provides added flexibility for threat identification that allows you to target malicious traffic with minimal impact to legitimate traffic. Custom threat identification combined with rapid testing and deployment enables you to quickly address long-term and zero-day vulnerabilities.

SIEM Integration

Know more nearly instantly. Our WAF delivers log data in near real time to your SIEM for further analysis. The extensibility and flexibility of our WAF data enables you to tailor alerts, create workflow and processes so you can make better-informed security decisions that protect your business and the user experience.

Security Dashboard

Get a better understanding of threats. We provide visualizations of historical data showing the variety, frequency and severity of malicious traffic with detailed information about the attack types against your site. Because it’s easier to mitigate threats when you can see them.


Manage WAF configurations via REST API to programmatically perform security automation. Easily extract raw WAF logs for additional analysis.

Bot Manager––Enterprise

The threat landscape is continually evolving. Your security measures should as well. Bot Manager is powered by artificial intelligence and machine learning to accurately determine in real time if an application request is from a fraudulent source, and if so, mitigate it. Bot Manager automatically adapts to maintain full efficacy even as attackers evolve and change their tactics to help protect you today and tomorrow.



Manage your account or get tools and information.

More info