# What is CloudGuard WAF? CloudGuard WAF is a fully automated Web Application & API Security solution. It is powered by a patented machine learning engine which continuously analyzes users' HTTP/S requests as they visit the website or API. The analysis includes the application structure and how users interact with the content in order to identify patterns and automatically stop and block malicious requests and bad actors. ## Main features of CloudGuard WAF * **Machine Learning-based Application Firewall** - stop application layer attacks, including OWASP Top 10, with very minimal tuning and no false positives. Pre-emptive (no software updates) protection for zero-days such as Log4Shell and Spring4Shell. * **HTTPS Traffic inspection** - SSL certificates and private keys can be stored locally or in public cloud secrets storage (AWS/Azure) * **Integration into modern environments** and workloads (public cloud & Kubernetes) and CI/CD workflows supporting [**AWS**](/getting-started/deploy-enforcement-point/gateway-virtual-machine/aws.md)**,** [**Azure**](/troubleshooting/waf-gateway-virtual-machine/azure.md)**,** [**VMWare**](/getting-started/deploy-enforcement-point/gateway-virtual-machine/vmware.md)**,** [**Kubernetes Ingress**](/getting-started/deploy-enforcement-point/kubernetes.md)**,** [**Docker**](/getting-started/deploy-enforcement-point/docker.md)**,** [**Linux Servers**](/getting-started/deploy-enforcement-point/linux.md)**, or** [**as a Service**](/getting-started/deploy-enforcement-point/waf-as-a-service-waf-saas.md)**.** * **Ease of ongoing management and maintenance** – Enterprise Grade SaaS Web UI, GraphQL API, and Infrastructure-as-code using Terraform ## Additional Security Engines * [**Anti-Bot** ](/additional-security-engines/anti-bot.md)- Identify and stop automated attacks before they negatively impact the bottom line or customer experience * [**API Protection**](/additional-security-engines/api-protection.md) - Automatically detect API usage and sensitive content to provide security via visibility. Stop malicious API access and abuse. Enforce the API schema provided by the user or automatically detected by CloudGuard WAF. * [**File Security**](/additional-security-engines/file-security.md) - prevents malicious files from being uploaded by utilizing Check Point's Threat Cloud. * [**Intrusion Prevention System (IPS)**](/additional-security-engines/intrusion-prevention-system-ips.md) - protections for over 2,800 WEB CVEs, based on Check Point award award-winning NSS-Certified IPS + Support for custom Snort 3.0 signatures. * [**Rate Limit**](/additional-security-engines/rate-limit.md) - Limit the number of requests to a matched URI within a configured time scope, according to the source identifier. * [**Snort Rules**](/additional-security-engines/snort-rules.md) - Enforce a set of Snort signatures in the same way regular IPS signatures are enforced. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://waf-doc.inext.checkpoint.com/what-is-cloudguard-waf.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.