Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo; Representative Director, President and CEO: Toshihiro Koike; hereinafter referred to as "the Company"), a global security company, is pleased to announce the release of a new third-party managed rule, "Cyber Security Cloud Managed Rules - Protocol Enforcement by WafCharm-," for AWS WAF, provided by Amazon Web Services (AWS).

In recent years, with the advancement of cloud computing, many companies have introduced AWS WAF to protect their applications on AWS. However, when operating AWS WAF, even if existing rule sets are applied, it is still difficult to strike a balance between countering cyber attacks that are becoming more sophisticated and complex every day, and preventing normal access from being blocked due to false positives.

To solve this problem, we have developed "Cyber Security Cloud Managed Rules - Protocol Enforcement by WafCharm-," a managed rule that checks the appropriateness of communication protocols when accessing web applications and detects and blocks unauthorized access.

Our WAF automated operation service "WafCharm" and "CSC Managed Rules for AWS WAF", which has a cumulative total of more than 100 countries and regions using the service as of January 2025, are offered through AWS Marketplace and have already been adopted by more than 5,000 AWS users. With the release of these new Managed Rules, we will further strengthen our influence in the AWS WAF operation market by providing more advanced security functions to companies facing operational challenges with AWS WAF, further accelerating our business growth.

About "Cyber Security Cloud Managed Rules -Protocol Enforcement by WafCharm"
Unlike conventional approaches that rely on detecting clear attack patterns, "Cyber Security Cloud Managed Rules - Protocol Enforcement by WafCharm-" (hereinafter "Protocol Enforcement by WafCharm") adopts a new approach that determines whether access to web applications follows the correct protocol and detects and blocks unauthorized access.

For example, it detects unauthorized access that would be difficult to imagine using a normal web browser or legitimate application, such as entering a string into a parameter where a numeric value should be specified. This allows you to effectively detect and block attacks by malicious bots and malware using "Protocol Enforcement by WafCharm".

In addition, by broadly blocking such unauthorized access, companies can strengthen their security measures and respond to attacks that older application frameworks cannot cover.
Furthermore, since "Protocol Enforcement by WafCharm" employs detection logic that is completely different from conventional rule sets, it is expected that defensive performance will be further improved when used in conjunction with existing managed rules such as "HighSecurity OWASP Set," "API Gateway/Serverless," and the WAF automated operation service "WafCharm."

With this release, we are confident that we will see further growth in the AWS WAF operation market. With the expansion of the cloud security market and AWS Marketplace, we expect the demand for our solutions to continue to grow. In addition to our track record of implementation in over 5,000 companies to date, we will strive to further expand our customer base and improve the value we provide.

You can install "Cyber Security Cloud Managed Rules -Protocol Enforcement by WafCharm-" here: https://aws.amazon.com/marketplace/pp/prodview-g2dp6u5k5w5jo

■About the WAF automated operation service "WafCharm "
The WAF automation service "WafCharm" is a service that automates the operation of WAFs provided on public clouds. It is compatible with the three major cloud platforms: AWS, Azure, and Google Cloud.
By introducing WafCharm, you can automatically apply rules optimized for each individual environment. In addition, you can leave complex tasks such as customizing and adding rules to WafCharm, and the function of automatically updating the blacklist using WAF logs and our unique detection data eliminates the need for manual blacklist additions. You can configure and operate WAF even if you do not have in-house security personnel. In addition, 24/7 technical support is provided, so you can rest assured even in the unlikely event of a false positive or other problem.
WafCharm can significantly reduce the amount of work required to operate a public cloud WAF, contributing to the realization of efficient security management.

"WafCharm" service site: https://www.wafcharm.com/jp/

■ About Cyber Security Cloud, Inc.
Address: 13th floor, JR Tokyu Meguro Building, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo
Representative: Representative Director, President and CEO Toshihiro Koike
Established: August 2010
URL: https://www.cscloud.co.jp/