Wallarm Subscription Plans¶
Wallarm is the only solution that unifies API discovery, risk management, real-time protection, and testing capabilities to protect your entire API portfolio in multi-cloud, cloud-native and on-premise environments. You can easily choose the set of functionality that best suits your needs.
Core subscription plans¶
Cloud Native WAAP - WAAP (Web Application & API Protection) subscription provides web applications and APIs with protection against common threats such as SQLi, XSS, brute force, etc. It supports all API protocols but does not cover some specific API threats.
WAAP + Advanced API Security. This bundle enhances general WAAP capabilities with comprehensive API Security tools to cover all OWASP API Top-10 threats.
Security Testing. This bundle helps you proactively uncover security vulnerabilities in your applications and APIs before attackers do.
| Feature | WAAP | WAAP + API Security | Security Testing |
|---|---|---|---|
| Real-time protection | |||
| DDoS protection (L7) | Yes | Yes | No |
| Geo/source filtering | Yes | Yes | No |
| IP reputation feeds | Yes | Yes | No |
| Attack stamps (SQLi, XSS, SSRF, etc.) | Yes | Yes | No |
| Customer defined signatures | Yes | Yes | No |
| Virtual patching | Yes | Yes | No |
| Brute force protection | Yes | Yes | No |
| Forced browsing protection | Yes | Yes | No |
| Distributed rate limiting | Yes | Yes | No |
| BOLA protection | Manual triggers | Automated protection | No |
| API Abuse Prevention (bot management) | No | Yes | No |
| Credential Stuffing Detection | No | Yes | No |
| API Specification Enforcement | No | Yes | No |
| GraphQL security policies | No | Yes | No |
| Enumeration attack protection | No | Yes | No |
| Mitigation controls | No | Yes | No |
| Security posture | |||
| API Attack Surface Management (AASM) | No | Yes | No |
| Vulnerability assessment | Yes | Yes | No |
| API Sessions | No | Yes | No |
| API Discovery | No | Yes | No |
| Sensitive data detection | No | Yes | No |
| Rogue API Detection (shadow, orphan zombie) | No | Yes | No |
| Security testing | |||
| Threat Replay Testing | No | Yes | Yes, with API Security |
| Schema-Based Security Testing | No | No | Yes |
| Additional options | |||
| Self-hosted Node deployment | All | All | No |
| Security Edge | No | No | No |
| Integrations | All | All | All |
| Number of users | Unlimited | Unlimited | Unlimited |
| SSO authentication | Yes | Yes | Yes |
| Role-based access control (RBAC) | Yes | Yes | Yes |
| Multi-tenant | Yes (by request) | Yes (by request) | Yes (by request) |
| Period of event storage | 6 month | 6 month | 6 month |
| Support | Standard/ Advanced/ Platinum | Standard/ Advanced/ Platinum | Standard/ Advanced/ Platinum |
To activate the subscription plan, contact sales@wallarm.com.
API Attack Surface¶
Relations to other plans
This subscription plan:
- Is included into Advanced API Security plan
- Can be added to Cloud Native WAAP plan
- Can be used alone (no other plans or filtering node required)
The API Attack Surface subscription plan provides a comprehensive view of publicly exposed APIs and related information with zero deployment and minimal configuration.
The subscription plan provides the API Attack Surface Management (AASM) product which includes:
To activate the subscription plan, do one of the following:
-
If you do not have Wallarm account yet, get pricing information and activate AASM on the Wallarm's official site here.
When activating, scanning of the used email's domain starts immediately while you negotiate sales team. After activation, you can add additional domains to the scope.
-
If you already have Wallarm account, contact sales@wallarm.com.
Security Edge (Paid Plan)¶
Relations to other plans
This subscription plan:
- Can be added to Cloud Native WAAP or Advanced API Security plan
- Cannot be used alone
The Security Edge subscription plan allows you to deploy the Wallarm node on the managed environment, eliminating the need for onsite installation and management.
With Wallarm handling node hosting and maintenance, you can focus on your core infrastructure while benefiting from robust traffic filtering, attack detection, and secure communication - all backed by Wallarm.
Available Security Edge deployments include:
To inquire about this subscription, please contact sales@wallarm.com.
Security Edge Free Tier¶
For smaller companies and educational purposes, Wallarm offers the option to create a Security Edge Free Tier account yourself. You can choose the Wallarm cloud that best suits your storage preferences:
The Security Edge Free Tier account allows:
-
Security Edge functionality, with some feature limitations.
-
Process up to 500 thousand requests per month with no limitation in time.
-
Access to the Wallarm platform as Advanced API Security, except for the following:
- Vulnerability assessment
- API Abuse Prevention
- Telemetry portal of Security Edge
- Multi-cloud Security Edge deployment
If a Free Tier account exceeds 100% of the monthly quota, your access to the Wallarm Console is disabled, along with all integrations. When reaching 200%, protection on your Wallarm nodes is disabled. These restrictions will be in effect until the first day of the next month.
To remove all restrictions, contact sales@wallarm.com.