Overview
UBIKA (formerly DenyAll) is a European cybersecurity vendor offering Web Application and API Protection (WAAP) solutions. Founded in 2001 in France, UBIKA provides WAF technology with a strong focus on data sovereignty and European compliance requirements.
UBIKA Cloud Protector is their SaaS offering, hosted in OVHcloud's European data centers. This ensures data stays within the EU and is not subject to extraterritorial laws like the US Cloud Act—a significant differentiator for European organizations with strict data residency requirements.
The platform offers both WAF-as-a-Service (Cloud Protector) and deployable solutions (WAAP Cloud, WAAP Gateway) for organizations wanting more control. The unique workflow technology allows tailoring security policies to specific application needs while maintaining strong protection.
Ratings Breakdown
Key Features
EU Data Sovereignty
Hosted in OVHcloud European data centers, not subject to US Cloud Act or other extraterritorial laws.
Workflow Technology
Unique visual workflow design for security policies allows tailoring protection to specific application requirements.
API Protection
Advanced API security with JWT/OAuth support, JSON/XML filtering, and OpenAPI schema validation.
DDoS Protection
Network and application-layer DDoS mitigation with global caching and acceleration.
DevOps Integration
Infrastructure-as-Code support with REST API and gRPC (Appsecctl) for CI/CD pipeline integration.
Managed Security Services
Optional MSS with proactive monitoring, false positive management, and monthly security reporting.
Pros & Cons
Pros
-
European data sovereignty
French hosting with SecNumCloud certification ensures data stays in EU jurisdiction.
-
Strong compliance certifications
HDS (health data), SecNumCloud, ISO 27001, and GDPR support for regulated industries.
-
Flexible deployment
SaaS, cloud marketplace, or on-premises options to match infrastructure requirements.
-
20+ years experience
Established vendor with long track record in European enterprise security.
-
No long-term contracts
Month-to-month billing with ability to upgrade or cancel anytime.
Cons
-
Limited global presence
Strongest in European markets; fewer resources for other regions.
-
Smaller ecosystem
Less third-party integrations and community resources than larger vendors.
-
Complex product portfolio
Multiple product lines (Cloud Protector, WAAP Cloud, WAAP Gateway) can be confusing.
-
Less brand recognition
Lower awareness outside Europe compared to global cloud WAF providers.
Pricing
Pricing model: Subscription / Pay-as-you-go
Cloud Protector SaaS
Fully managed WAF-as-a-Service
- Cloud-based WAF
- DDoS protection
- EU data residency
- DNS-based deployment
- Standard support (8x5)
WAAP Cloud
Self-managed cloud deployment
- Full WAAP capabilities
- AWS/Azure marketplace
- API security
- DevOps integration
- Flexible deployment
Enterprise
Full platform with managed services
- Everything in WAAP Cloud
- Managed Security Services
- 24/7 support
- Monthly security reporting
- Custom integrations
Our Verdict
UBIKA Cloud Protector fills an important niche for European organizations requiring data sovereignty guarantees. The combination of proven WAF technology, French hosting, and SecNumCloud certification makes it compelling for regulated European industries.
The platform may lack the global reach and brand recognition of larger vendors, but for its target market—European enterprises with strict compliance requirements—UBIKA delivers genuine differentiation that US-based cloud WAFs cannot match.
Our verdict: Best choice for European organizations prioritizing data sovereignty and EU compliance, especially in regulated industries.
CVE Coverage
UBIKA WAAP can detect and block attacks matching 81K+ known CVEs based on its supported rule sets.
Coverage by Attack Type
Latest Blockable CVEs
| CVE | Severity |
|---|---|
| CVE-2026-4510 | MEDIUM |
| CVE-2026-4161 | MEDIUM |
| CVE-2026-4087 | MEDIUM |
| CVE-2026-4086 | MEDIUM |
| CVE-2026-4084 | MEDIUM |
| CVE-2026-4077 | MEDIUM |
| CVE-2026-4072 | MEDIUM |
| CVE-2026-4069 | MEDIUM |
| CVE-2026-4067 | MEDIUM |
| CVE-2026-4022 | MEDIUM |
Frequently Asked Questions
What makes UBIKA different from US-based cloud WAFs?
UBIKA's infrastructure is hosted entirely in France by OVHcloud, a European company. This means your data is not subject to the US Cloud Act or other extraterritorial laws that could compel US companies to disclose data. For organizations with strict EU data residency requirements, this is a meaningful legal and compliance difference.
What is SecNumCloud certification?
SecNumCloud is a French security certification issued by ANSSI (French National Cybersecurity Agency). It's the highest level of cloud security certification in France, required for hosting sensitive government data. UBIKA's OVHcloud hosting holds this certification.
Can UBIKA protect applications outside Europe?
Yes, UBIKA can protect applications hosted anywhere. However, traffic will route through their European infrastructure, which may add latency for users far from Europe. For global applications, verify performance requirements and consider their deployment architecture options.
Ready to try UBIKA WAAP?
Visit the website to learn more or request a demo.