Cisco Secure Cloud WAF Protection Service Plans

Data Sheet

Available Languages

Download Options

  • PDF
    (858.4 KB)
    View with Adobe Reader on a variety of devices
Updated:August 27, 2024

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (858.4 KB)
    View with Adobe Reader on a variety of devices
Updated:August 27, 2024
 

 

Cloud Application Protection Service Plans. 3

Add-Ons. 4

Secure Cloud Web Application Firewall (WAF) Protection provides intelligent AI-powered security capabilities alongside advanced automation and industry-leading security services provided by Radware’s[1] industry-recognized Emergency Response Team (ERT).

The service is offered in three convenient service plans. Each plan is designed to meet different security needs and risk exposures and to provide different levels of managed services.

Cloud Application Protection Service Plans

Essentials Plan

The Essentials plan offers industry benchmark protection with additional unique features and capabilities. It includes Cisco® Cloud WAF, API protection, zero-day attack protection, Basic bot protection, and 1Gbps of network DDoS protection, and an industry-leading Service Level Agreement (SLA).

Advantage Plan

Cisco’s Advanced plan takes application security to the next level by offering advanced protection capabilities that provide protection from more sophisticated and unknown attacks. The plan includes, on top of the Essentials plan, Cisco Advanced WAF with its path access protection engine that protects against more sophisticated unknown and zero-day attacks, AI-based Correlation Engine (Source Blocking), 10Gbps of network DDoS Protection, as well as JS supply chain mapping, monitoring, and attack detection for client-side protection. It also includes Radware’s ERT Active Attackers Feed (EAAF) intelligence feed and support for onboarding and policy reviewing.

Premier Plan

The Premier plan provides a comprehensive security blanket for your entire application environment. From client-side to server-side and everything in between. This plan includes everything in the Advantage plan in addition to Bot Manager, behavioral-based multi-layered detection and mitigation, automated API discovery and API security policy generation, and client-side protection enforcement.

 

Cisco Cloud WAF Protection Service

 

Essentials

Advantage

Premier

Web Application Firewall (WAF)

ü

ü

ü

API Protection

ü

ü

ü

Basic Bot Protection

ü

ü

ü

Advanced Rules

ü

ü

ü

Rate Limit

ü

ü

ü

Access Control & IP Geo Rules

ü

ü

ü

Reporting & Analytics

ü

ü

ü

DDoS Protection

1Gbps

10Gbps

10Gbps

Standard Support

ü

ü

ü

Advanced Support

û

ü

ü

Advanced WAF (Path Access Protection and Al-based Correlation Engine)

û

ü

ü

ERT Active Attackers Feed (EAAF)

û

ü

ü

Client Side Protection – Detection

û

ü

ü

Client Side Protection – Mitigation

û

û

ü

API Discovery

û

û

ü

Bot Manager

û

û

ü

Web DDoS Protection

Add-on

Add-on

Add-on

Load Balancer as a Service*

Failover

Basic

Advanced

DNS as a Service

Add-on

Add-on

Add-on

PCI DSS 4 Compliance Extension

û

Add-on

Add-on

Data Retention

30 Days

60 Days

90 Days

Unlimited DDoS

Add-on

Add-on

Add-on

CDN

Add-on

Add-on

Add-on

Premium Support

Add-on

Add-on

Add-on

Add-Ons

Web DDoS Protection

Industry-leading application-layer (L7) protection against DDoS attacks, based on advanced machine-learning-based behavioral detection that distinguishes between legitimate and malicious traffic, and automatically generates granular signatures in real-time to protect against zero-day attacks. With hybrid, always-on, and on-demand cloud DDoS service deployment options, Cloud Web DDoS Protection provides best-in-class security against a wide variety of threats, including HTTP Floods, HTTP bombs, low-and-slow assaults, Brute Force attacks, and disruptive web DDoS Tsunamis.

Emergency Response Team (ERT) Premier Managed Service

For organizations lacking in-house cybersecurity expertise or those who need to reduce security overheads, Cisco offers ERT Premier managed services through it OEM partner Radware:

      10-minute response SLA via “Hot-line” access

      On-demand emergency response attack mitigation

      Designated Customer Success Manager

      Post-attack forensics and recommendations

      Periodic security status reports

      Priority service case handling

      Policy tuning and application security insights

      Access logs

      NoKey – SSL/TLS certificate private key storage service through HSM integration

Content Delivery Network

For enterprises that wish to combine website delivery with web application security, Secure Cloud WAF offers a content delivery network (CDN) solution integrated directly into our application protection portal.  The CDN solution, which is based on the Amazon CloudFront CDN, provides a massive and globally distributed footprint, enhanced performance, and DevOps-friendly usability.

Unlimited DDoS Protection

For enterprises that suffer from high-volume DDoS attacks where 1G or 10G of mitigation capacity is insufficient, Cisco offers unlimited protection with the industry’s top-rated DDoS protection solution. Defend your organization against today’s most advanced DDoS attacks – no matter their frequency or volume.

Talk to your Cisco sales representative about which plan best suits your organization’s security needs.

PCI DSS 4 Compliance

In addition to WAF and API protection against business logic attacks, which are necessary for PCI DSS 4 compliance and included in the Secure Cloud WAF Protection service plans, the PCI DSS 4 add-on offers extended, specific client-side protection controls as required by PCI DSS 4 Sections 6.4.3 and 11.6.1:

      The PCI DSS 4 add-on provides complete visibility of all third-party scripts running on the client side of your application, along with a detailed inventory of all scripts. This includes real-time activity tracking alerts and threat-level assessments, as well as information about the script, such as whether the scrip is authorized as well as details about the script source and destination domain.

      The add-on notifies the user of any attempts to manipulate HTTP headers, form and payment pages, and any attempts at DOM XSS.

Load Balancer as a Service

Load Balancer as a Service (LBaaS) complements cloud application protection services with improved SLA and scalability while maintaining high availability and protecting all origin sites. It provides Active/Active traffic and user load balancing between origin sites.

 

Cloud Application Protection Service

 

Essentials

Advantage

Premier

Failover (Active-Standby)

ü

ü

ü

Number of Active Real Servers (Origins)

1

8

8

Multi-port Support

û

ü

ü

Active-Active Load Balancing – Round Robin

û

ü

ü

IP-Based Persistency

û

ü

ü

URL-based Load Balancing

û

û

ü

Active-Active Load Balancing – Least Connection

û

û

ü

Cookie-Based Persistency

û

û

ü

DNS as a Service

DNS as a Service (DNSaaS) provides comprehensive Domain Name System (DNS) management, which is essential for the seamless functioning of all online applications. An integral component for any business that prioritizes application availability, security, and performance, investing in DNSaaS is more than just managing domain names; it’s about safeguarding your business’s digital presence and ensuring end users have a seamless experience. DNSaaS includes:

      A centralized management console with an easy-to-use interface for managing all DNS hosts, records, and health check configurations in one place.

      Customizable health checks for continuous monitoring of application sources status.

      Flexible record routing options for high availability based on Geo and Failover policies.

      Control over traffic distribution to specific resources or endpoints so end users can be served from the closest or most appropriate data center, improving latency and user experience.

      Real-time analytics that monitor the number of queries per hosted zone.

DNS-as-a-Service is offered in three distinct packages, each priced based on the number of hosted zones, the volume of monthly DNS queries, and the quantity of health check objects.

Managed Services Support Levels

 

Risk/Impact-based Priority

Essentials Support

Advantage Support

ERT Premier Service
(Add-On)

Response SLA

P1 (Phone)

40 Min

30 Min

10 Min

P1 (Ticket)

3 Hours

2 Hours

60 Min

P2

6 Hours

4 Hours

2 Hours

P3

16 Hours

12 Hours

4 Hours

P4

24 Hours

24 Hours

12 Hours

Ticket Updates

P1

48 Hours

48 Hours

24 Hours

P2

96 Hours

72 Hours

48 Hours

P3

120 Hours

96 Hours

72 Hours

P4

144 Hours

120 Hours

96 Hours

Managed Services

Certificate Management & Notifications

û

ü

ü

Onboarding & Policy Review

û

ü

ü

Post-attack Analysis

û

ü

ü

Chart Support

û

ü

ü

Access logs

û

û

ü

Quarterly Premium Security Report

û

û

ü

Annual Special Event Preparation

û

û

ü

Annual Attack Test (DDoS L3-7)

û

û

ü

Proactive Security Recommendations

û

û

ü

Security Configuration Review

û

6 Months

3 Months

Extended Monitoring

û

External Monitoring on Top 5 Apps

External Monitoring on
All Apps

NoKey- HSM Integration

û

û

ü

Limited Availability



[1] Cisco Secure WAF and Bot Protection solutions are sold by Cisco through its global OEM partnership with Radware.

Learn more