diff --git a/doc/topics/web_application_firewall/index.md b/doc/topics/web_application_firewall/index.md
index 5ce7c0779bbe165b1cda27d7219234bcf7b91a86..83b3bfb1cef8f8d0ff20a7d9fd9d266335b2fc4f 100644
--- a/doc/topics/web_application_firewall/index.md
+++ b/doc/topics/web_application_firewall/index.md
@@ -1,5 +1,5 @@
 ---
-stage: Defend
+stage: Protect
 group: Container Security
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
@@ -15,19 +15,14 @@ much more.
 
 ## Overview
 
-GitLab provides a WAF out of the box after Ingress is deployed.
-All you need to do is deploy your application along with a service
-and Ingress resource.
+GitLab provides a WAF out of the box after Ingress is deployed. All you need to do is deploy your
+application along with a service and Ingress resource. In GitLab's [Ingress](../../user/clusters/applications.md#ingress)
+deployment, the [ModSecurity](https://modsecurity.org/)
+module is loaded into Ingress-NGINX by default and monitors the traffic going to the applications
+which have an Ingress. The ModSecurity module runs with the [OWASP Core Rule Set (CRS)](https://coreruleset.org/)
+by default. The OWASP CRS detects and logs a wide range of common attacks.
 
-In GitLab's [Ingress](../../user/clusters/applications.md#ingress) deployment, the [ModSecurity](https://modsecurity.org/) module is loaded
-into Ingress-NGINX by default and monitors the traffic going to the
-applications which have an Ingress.
-
-The ModSecurity module runs with the [OWASP Core Rule Set (CRS)](https://coreruleset.org/) by default. The OWASP CRS will detect and log a wide range of common attacks.
-
-NOTE: **Note:**
-The WAF is deployed in "Detection-only mode" by default and will only log attack
-attempts.
+By default, the WAF is deployed in Detection-only mode and only logs attack attempts.
 
 ## Requirements
 
@@ -98,5 +93,5 @@ It is good to have a basic knowledge of the following:
 
 ## Roadmap
 
-More information on the direction of the WAF can be
-found in [Product Vision - Defend](https://about.gitlab.com/direction/defend/#waf)
+You can find more information on the product direction of the WAF in
+[Category Direction - Web Application Firewall](https://about.gitlab.com/direction/protect/web_application_firewall/).
diff --git a/doc/topics/web_application_firewall/quick_start_guide.md b/doc/topics/web_application_firewall/quick_start_guide.md
index 971250cd526a44d768ee4f497e06a3994cf8b539..a0d59d2cbc5b69a997a6000c6df860cd4e36d3f1 100644
--- a/doc/topics/web_application_firewall/quick_start_guide.md
+++ b/doc/topics/web_application_firewall/quick_start_guide.md
@@ -1,5 +1,5 @@
 ---
-stage: Defend
+stage: Protect
 group: Container Security
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
@@ -17,7 +17,7 @@ These instructions will also work for a self-managed GitLab instance. However, y
 need to ensure your own [runners are configured](../../ci/runners/README.md) and
 [Google OAuth is enabled](../../integration/google.md).
 
-**Note**: GitLab's Web Application Firewall is deployed with [Ingress](../../user/clusters/applications.md#ingress),
+GitLab's Web Application Firewall is deployed with [Ingress](../../user/clusters/applications.md#ingress),
 so it will be available to your applications no matter how you deploy them to Kubernetes.
 
 ## Configuring your Google account
@@ -252,7 +252,7 @@ You can now see the benefits of a using a Web Application Firewall.
 ModSecurity and the OWASP Core Rule Set, offer many more benefits.
 You can explore them in more detail:
 
-- [GitLab Defend Vision](https://about.gitlab.com/direction/defend/#waf)
+- [Category Direction - Web Application Firewall](https://about.gitlab.com/direction/protect/web_application_firewall/)
 - [ModSecurity](https://www.modsecurity.org/)
 - [OWASP Core Rule Set](https://github.com/coreruleset/coreruleset/)
 - [AutoDevOps](../autodevops/index.md)
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index 9e7f98dd4fc6dab5fb43b72f5feb0bc10477e211..011833b9a7f73116033b7c0a24ef3f6167ceb2b7 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -1,6 +1,6 @@
 ---
 type: reference, howto
-stage: Defend
+stage: Protect
 group: Container Security
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
diff --git a/doc/user/application_security/threat_monitoring/index.md b/doc/user/application_security/threat_monitoring/index.md
index 391666a077ec1b835a1a14c42cdf8a26f77db0c6..f85d4f0140cd0dec0b2679069cabb7944f9c6c49 100644
--- a/doc/user/application_security/threat_monitoring/index.md
+++ b/doc/user/application_security/threat_monitoring/index.md
@@ -1,6 +1,6 @@
 ---
 type: reference, howto
-stage: Defend
+stage: Protect
 group: Container Security
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
diff --git a/doc/user/project/clusters/securing.md b/doc/user/project/clusters/securing.md
index bed01ff4d586a69819216146a3a7bc8d278ded62..2d2dce275d2a786d89667797ae4092b7f896589a 100644
--- a/doc/user/project/clusters/securing.md
+++ b/doc/user/project/clusters/securing.md
@@ -1,5 +1,5 @@
 ---
-stage: Defend
+stage: Protect
 group: Container Security
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---