RED Security. Web Application Protection Service

Main article: Firewall

2025: Availability by SaaS Model

RED Security announced on August 5, 2025, the expansion of the Web Application Firewall (WAF) service. It is now available in various delivery models.

RED Security analysts note that the increase in the number, intensity and complexity of attacks on web applications contributes to the active growth of the application-tier firewall (WAF) market. According to forecasts, by 2026 its volume will reach 7.2 billion rubles. In this regard, the company is expanding the capabilities of its own RED Security WAF service. Now, in addition to supplying technology in the form of a managed cybersecurity service, the company offers it in the Software as a Service model.

The SaaS model makes the WAF service available to companies seeking autonomy in cybersecurity management, while the MSS model is suitable for those who prefer to delegate tasks to RED Security experts. Both models use technologies that meet Russian standards and provide protection in the face of the growing complexity of cyber threats.

The increase in the number and complexity of attacks on web applications confirms the need to implement solutions to protect against these threats. However, it should be borne in mind that the needs of organizations can vary greatly depending on the industry and scale. Therefore, we strive to ensure that the RED Security WAF service can flexibly adapt to any customer requests, - said Roman Ivanchenko, Head of Web Application Protection at RED Security.

Customers using RED Security WAF using the SaaS model will be able to independently configure filtering rules and connect new applications within the tariff. This provides complete control over security settings and the ability to customize private rules for detecting and repelling cyber attacks, taking into account the specific needs of the organization.

In addition, the RED Security WAF service now offers customers a choice of the technological basis from the technologies of several vendors that are included in. This Register of Russian Software Ministry of Digital Development allows you to choose a solution that optimally meets the needs and preferences of organizations of any area of ​ ​ activity.

RED Security WAF protects companies' web applications from intruders, ensuring that targeted and massive cyberattacks are detected and fended off at the L7 level. To do this, the service analyzes the flow of requests to protected services and blocks those of them that are illegitimate. RED Security WAF supports high-load applications, processing over 1000 requests per second, and allows you to implement dedicated installations for large customers. In the first six months of 2024, the service blocked over 11.5 million requests with signs of web attacks, of which over 8.7 million security events were highly critical and could lead to theft or substitution of confidential data.

2024: Web Application Protection Service Introduction

MTS RED on February 13, 2024 brought to the market a web application protection service. It is distinguished by the ability to support high-load applications (over 1000 requests per second) and implement dedicated WAF installations for large customers. And the use together with the MTS RED: Anti-DDoS service allows you to comprehensively protect the company's infrastructure and web applications.

According to to data international studies, over 25% of all INFORMATION SECURITY incidents in organizations are associated attacks with web applications. MTS RED analysts note that the increase in the number, intensity and complexity of attacks on web applications contributes to the active growth firewalls of the application tier market (WAF) and the emergence of new players and security tools in this segment.

"MTS RED. Web Application Protection Service "protects web applications from targeted and massive cyberattacks at the L7 level. Attacks on web applications and services are aimed at gaining attackers unauthorized access to confidential data of the company, their theft and substitution, as well as access to critical business processes. Such attacks affect both commercial organizations - owners of online stores, financial web applications, media, social networks and other resources, as well as government agencies operating state information systems, databases and other socially significant web resources.

Шаблон:Quote 'author=said Mikhail Gorshilin, head of protection for MTS RED web applications.

The service is provided on the basis Russian of the solution included in, and register of domestic software has the necessary certificates for work government organizations. The FSTEC service provides configuration of rules for processing requests for protected web applications and 24-hour monitoring and response to incidents.

To protect web applications, the flow of requests to protected services and applications is analyzed and all illegitimate requests are blocked. The MTS RED Analysis and Protection Center promptly informs the customer's information security specialists through the mail service or personal account about the most critical incidents. In the personal account of the service, full reporting is available on all blocked requests online, as well as for any selected period.

Depending on the tasks and resources of the customer, the service provides various levels of protection, from basic to advanced. The selection takes into account the amount of load on the application, its complexity, the number of protected applications and the necessary functionality. However, 24-hour monitoring and incident response are provided at any level.

MTS RED experts recommend that companies build layered protection of their web resources in order to protect themselves from various attack vectors. To this end, a comprehensive service has been implemented to protect web applications from L7 (WAF) attacks - attacks through application vulnerabilities, deface, hacking - and L3-L4 (Anti-DDoS) - DDoS attacks.