Penta Security’s Cloudbric Rule Set validated by Tolly Group to have a superior performance over competitors

Tolly Group report, Cloudbric Rule Set, True-positive rate, 91.53%

Penta Security, a leading cyber security company and provider of web application security in the Asia-Pacific region, stated that Penta Security’s Cloudbric Rule Set exhibited superior performance compared to Rule Sets provided by other vendors, as indicated in the recently published report by the Tolly Group.

The Tolly Group is an independent 3rd-party IT testing, validation, and analysis organization, renowned for its global standards and credibility in testing various network equipment and IT solutions.

In February 2024, Cloudbric Rule Set and competing Rule Sets were tested against 413 types of attack traffic targeting OWASP Top 10 Web Vulnerabilities such as SQL Injection, Cross-Site Scripting, Command Injection, SSI Injection, File Upload, Directory Traversal, and Local File Inclusion (LFI), under the supervision of Kevin Tolly, the founder and CEO of the Tolly Group. Cloudbric Rule Set demonstrated outstanding performance compared to its competitors, achieving a true-positive rate of 91.53%.

Kevin Tolly said, “As the amount of incoming traffic increases, the accuracy of security rules becomes increasingly important. It was surprising to see that Cloudbric Rule Set had a significantly higher true-positive rate compared to other products with 50~68% of true-positive rate against various types of attacks of OWASP Top 10 Web Vulnerabilities.” He also mentioned, “We were able to glimpse not only the expertise of Penta Security but also their consideration for users’ convenience and needs. Through this Rule Set, a high-level of security can be achieved even without the help of security experts.”

Penta Security currently provides four types of Cloudbric Rule Sets on the AWS Marketplace, each specializing in a specific area of security, all of which have passed the Foundational Technical Review (FTR) by AWS, validating its performance and functionality. In addition to the Cloudbric Rule Sets, Penta Security also provides Cloudbric WMS (WAF Managed Service), an AWS WAF managed service that provides increased efficiency in the use of AWS WAF and stable level of security by providing an optimized WAF security rule in accordance with the unique environment of the user.


About Penta Security

A global leader in web, data, and IoT security with 27 years of expertise in powering secured connections, Penta Security is the top cybersecurity vendor in Asia, as recognized by Frost & Sullivan. Its web application firewall, WAPPLES, has been the market leader in the Korean market for 16 consecutive years since 2009, and later dominated the entire Asia-Pacific region by obtaining the largest market share since 2016. Since then, it has gained a presence in Europe, the Middle East, and North America. For more visit For partnerships email