bluesphere.jp

What It Is

BLUE Sphere is a “comprehensive security cloud WAF” service provided by Japan-based 株式会社アイロバ. Its core positioning is not as a standalone WAF, but as an integrated package combining cloud WAF, DDoS protection, and website defacement detection. It also automatically includes cyber security insurance in partnership with 三井住友海上, designed to cover risks related to web attacks and incident compensation.

Core Capabilities and Deployment

Its protection coverage is fairly broad. The materials explicitly list web attacks such as SQL injection, XSS, file uploads, Cookie Poisoning, directory traversal, and parameter tampering. It also supports multiple types of attacks including L3/L4/L7 DDoS, TCP SYN Flood, HTTP GET/POST Flood, and Slowloris, and includes reputation-based Bot Protection. Deployment is delivered as a cloud service: after applying, users mainly make DNS configuration changes, while BLUE Sphere engineers perform site-specific tuning afterward. SSL certificates can be prepared and renewed by the provider free of charge, or existing certificates can be imported, reducing the operational burden.

Compliance, Management, and Integrations

On compliance, the page states that it is PCI-DSS V3.1 compliant and supports OWASP Top10 2017, but it does not disclose ISO, SOC, or China MLPS-related certifications. Information about management and alerting is relatively limited. What can be confirmed is that experts continuously tune the service to improve legitimate detection rates while reducing missed detections and false positives, but there is no visible explanation of a console, reports, Webhooks, email/Slack alerts, or similar features. In terms of integrations, BLUE Sphere has partnerships or bundled/optional offerings with J-Stream CDNext CDN, Hitachi Systems GRED website defacement checking, and HeartCore CMS, making it well suited to the Japanese domestic web ecosystem.

Pricing, Pros, and Cons

Pricing is based on the total outbound data volume over a 3-month period, rather than peak bandwidth, and there is no limit on the number of registered domains or websites for the same company. The base fee includes the main services, but specific pricing is not publicly disclosed. Its strengths include packaged multi-layer protection, a relatively stable cost model, suitability for multi-site enterprises, and the added benefit of insurance. Its drawbacks are insufficient disclosure around pricing, SLA, alerting details, support tiers, and cross-border availability.

Who It Is For and Access from China

BLUE Sphere is better suited to Japanese corporate websites, e-commerce sites, CMS-based sites, multi-domain environments, and teams that want WAF tuning handled by experts. Access from China is not described in the materials, so it should be considered unknown. Payment methods are also not disclosed. If deploying in mainland China or serving users in China, key points to verify include network latency, DNS onboarding, compliance, and contract/payment arrangements. Comparable alternatives include Cloudflare, AWS WAF, Akamai, Imperva, as well as local options such as Alibaba Cloud WAF and Tencent Cloud WAF.