DDoS Protection

CloudGuard WAF SaaS delivers built-in, always-on Distributed Denial of Service (DDoS) protection. It natively defends against high-volume and stealthy attacks across network and application layers without requiring separate DDoS services, appliances, or manual setup.

This protection is available for CloudGuard WAF SaaS. It is not available with other local (Gateway, Agent) editions of the product.

How It Works

  1. Global Edge Defense: Traffic is analyzed and scrubbed at globally distributed PoPs - blocking large-scale attacks before they reach your infrastructure.

  2. Traffic Profiling & Learning: During the first 3–7 days, the DDoS Protection Engine baselines normal traffic.

  3. Automatic Prevention: Once baseline is created, the DDoS Protection Engine starts blocking anomalies in real time. No setup is needed.

  4. Multi-Layer Mitigation:

    • Layer 3/4: Blocks SYN floods, reflection/amplification attacks, DNS floods.

    • Layer 7: Detects HTTP floods and stealth attacks via behavior-based AI.

  5. IP reputation: By leveraging threat intelligence identify and block traffic from malicious IP addresses known to be involved in DDoS attacks or reconnaissance activities.

  6. Health-Aware Detection: Adaptive thresholds ensure mitigation only activates when service health is at risk - reducing false positives and avoiding performance degradation.

  7. 24/7 Expert Monitoring: The DDoS Response Team (DRT) is automatically alerted to DDoS events and proactively supports mitigation efforts.

The DDoS Dashboard

The DDoS dashboard is populated when an attack happens and gives security teams live visibility and control of attack details. As needed, upon attack, you will also be contacted by our DRT team.

Example Scenario

An attacker launches a sophisticated HTTP/2 flood on your login API.

  • CloudGuard WAF SaaS detects anomalies against your traffic baseline.

  • Edge PoPs begin filtering out malicious sessions.

  • DDoS mitigation activates without affecting real users.

  • The dashboard shows the attack timeline, response actions, and forensic logs.

  • The DRT monitors and notifies your team if escalation is needed.

Related:

Rate LimitAnti-Bot

Last updated

Was this helpful?