We performed a comparison between AWS WAF and Barracuda WAF-as-a-Service based on real PeerSpot user reviews.
Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What I like best about AWS WAF is that it's a simple tool, so I could understand the basics of AWS WAF in two to three hours."
"The product's initial setup phase was very simple."
"The access instruction feature is the most valuable. This is what we use the most."
"We can host any DB or application on the solution."
"The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"AWS WAF is something that someone from a cloud background or cloud security background leverages. If they want to natively use a solution in the cloud, AWS WAF comes in handy. It's very useful for that, and the way we can fine-tune the WAF rules is also nice."
"The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match."
"AWS has flexibility in terms of WAF rules."
"The solution can be used for threat prevention or as a cloud-to-cloud backup system"
"I like its ability to identify known attacks, including DDOS attacks. It's valuable because software must be able to stop known attacks. Application attacks are evolving all the time. When it comes to software-as-a-service, we need to have software that knows about all the latest attacks. It should also protect against major unknown attacks."
"The most valuable features of the solution are it is plug and play, has automated policies, a simple configuration, and is easy to create rules."
"The product's bot protection feature is valuable for our company."
"It provides an ease of policy management."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"It will be helpful if the product recommends rules that we can implement."
"They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats."
"In a future release of this solution, I would like to see additional management features to make things simpler."
"The solution's pricing could be improved."
"The product should improve the DDoS-related features."
"We don't have much control over blocking, because the WAF is managed by AWS."
"It's a very specific solution that is only requested for a customer's web code or their global IT policy."
"We found it a bit slow when accessing it through the web browser. The URL also exposed the user name and the hashed password. When I log into my Barracuda WAF user portal, I could see the username and the hashed password on the URL itself. So, it is not very secure, and it is important to take that off."
"The solution can improve by bundling Security Operation Center (SOC) with the WAF-as-a-Service, it would provide a lot more value to customers."
"The stability of the product is an area of concern where improvements are required."
"One significant area for improvement in Barracuda WAF-as-a-Service lies in its market positioning and pricing strategy."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Barracuda WAF-as-a-Service is ranked 29th in Web Application Firewall (WAF) with 5 reviews. AWS WAF is rated 8.0, while Barracuda WAF-as-a-Service is rated 7.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Barracuda WAF-as-a-Service writes "Easy to install platform with valuable policy management features ". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Fortinet FortiWeb, whereas Barracuda WAF-as-a-Service is most compared with Cloudflare Web Application Firewall. See our AWS WAF vs. Barracuda WAF-as-a-Service report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.