Case Study: Wallarm achieves real-time API threat detection and lower costs with ClickHouse Cloud

How Wallarm’s API security platform relies on ClickHouse Cloud to detect and block attacks

Wallarm, an API security platform founded in 2016, needed a faster way to detect and stop attacks in real time as its customers’ API traffic grew and its monitoring shifted from single requests to session-level behavior. Its earlier Cassandra-based setup was too slow for real-time security, and even a self-hosted ClickHouse deployment, while faster, was costly, underutilized, and difficult to manage at scale.

By moving to **ClickHouse Cloud**, Wallarm gained the real-time analytics needed for API Sessions while reducing operational burden and improving privacy controls. The migration included phased onboarding, async inserts, and shorter retention windows, and it delivered near-instant session loading instead of up to 40 seconds previously. Wallarm also expects costs to drop from more than **$300,000 per year** on self-hosted infrastructure to around **$100,000** with ClickHouse Cloud, while giving engineers more time to build product features.

Wallarm

Slava Yudanov

VP of Engineering