NGINX App Protect Reviews

Vendor: F5

4.2 out of 5

22 reviews
95% willing to recommend

What is NGINX App Protect?

NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

Get the NGINX App Protect Buyer's Guide and find out what your peers are saying about NGINX App Protect, Cloudflare, Prisma Cloud by Palo Alto Networks and more!

NGINX App Protect is the #4 ranked solution in API Security Solutions, #16 ranked solution in top Web Application Firewalls, and #21 ranked solution in Container Security Solutions. PeerSpot users give NGINX App Protect an average rating of 8.4 out of 10. NGINX App Protect is most commonly compared to Cloudflare: NGINX App Protect vs Cloudflare. NGINX App Protect is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.

Helped 814,763 peers since 2012

Featured reviews

Tomaz Sobczak

Security System Engineer at Ascomp S.A.

NGINX App Protect is easier to automate and configure, or manage from an API. This is good for securing applications. However, it's not suitable for more complex tasks. NGINX App Protect positively impacted performance changes. There's a cache or it works like a proxy, so it can speed up…

Read full review

Saurav Kumar

Senior security architecture at National Payment Corporation Of India

NGINX App Protect secures our company's application, and it has helped me a lot, considering that we have critical infrastructure in India where we see how lots of attacks come onto our organization's servers. The tool offers protection against multiple threats present in India's IT ecosystem. The tool helps our company to make our payments secure, meaning it has the ability to provide a secure payment environment in India. Speaking about the improvements in our company's application performance since implementing NGINX App Protect, the gRPC support for the solution is very low. My company is not getting any proper documentation on how to deploy gRPC over NGINX App Protect. I recommend the product to those who plan to use it. People can use the product as their company's base server, WAF, or for its proxy manager, depending on the business requirements. My company follows PCI DSS compliance because we operate in a payment-related industry. Right now, my company follows all the standards, so we comply with all the requirements and policies. I rate the tool an eight out of ten.

Read full review

MariosChristodoulou

Chief Information Officer at F.P. eSafe Solutions LTD

The solution is easy to deploy. Its scalability and integration capabilities depend on its performance and the extent to which you want to integrate it into your development process. It doesn't necessarily cost more money beyond the initial setup. You need to identify the placement. You must understand your application. Lastly, you should assess which NGINX features are suitable for the functionality you wish to implement. This initial phase involves analysis. Following the analysis, you proceed to the test deployment stage. Subsequently, you enter alert mode and finally enable NGINX App Protect. It's a simple deployment. A single engineer can do the job.

Read full review

NGINX App Protect mindshare

Product category:

As of November 2024, the mindshare of NGINX App Protect in the Web Application Firewall (WAF) category stands at 2.2%, down from 2.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Web Application Firewall (WAF)

Key learnings from peers

Last updated Sep 16, 2024

Valuable Features

NGINX App Protect's valuable features include flexibility, automation capabilities, and container-based solutions. Users appreciate the command-line interface, complete control over HTTP sessions, traffic and security management, reverse proxy, and open-source nature. Strong security features like WAF, bot protection, OWASP certification, and auto-learning are highlighted. Users also value policies adaptable to various technologies, effective API connectivity, and robust analytics. Easy deployment and effective communication between teams enhance its utility further.

"There's a cache, or it works like a proxy, so it can speed up applications."
"The tool is not complex and is very user-friendly."
"The tool's most valuable feature is the OWASP certification. Additionally, the tool's ability to enforce strong passwords and OTP within minutes is impressive. With its analytics and recommendations, it is a very good solution."

Room for Improvement

NGINX App Protect needs more flexible configuration and profiling capabilities. Automation for setting policies, better high throughput, improved bug fix rate, and more robust scaling are needed. The license model is problematic, becoming costly quickly. Users desire integrated virus scanning and WebSocket inspection, enhanced vulnerability scanning, updated DoS attack signatures, better UI, and superior technical support. Integration with diverse networks and clear documentation are also areas for enhancement.

"It doesn't have more advanced features like no false-positive security, which you can configure in Advanced WAF."
"The product's price is high, making it an area of concern where improvements are required. The tool's licensing model is also not good."
"The solution needs to be improved in the e-commerce portal."

ROI

Users report a good ROI from NGINX App Protect, especially during the Covid pandemic when remote work required secure app deployment. Some found it too early to determine ROI, being in the testing phase. It is noted for being cost-effective, enhancing network security, and integrating easily with CICD pipelines. One entity invested $40,000 and expects a $30,000 return in eight months while saving time.

Pricing

NGINX App Protect's pricing is generally high, averaging around $40,000 annually, but it varies based on architecture decisions and use case. Some users find the cost reasonable, especially compared to competitors like Imperva, with annual fees ranging from $3,000 to $400,000. Licensing is subscription-based, with terms of one, three, or five years, and typically involves no additional fees. The price is influenced by customer-specific factors.

"The product's price is high."
"NGINX App Protect is expensive."
"The price of NGINX App Protect is not much different from the products that fall under the leader category of Gartner Magic Quadrant."

Popular Use Cases

Organizations primarily use NGINX App Protect for protecting web applications, including internet banking, mobile applications, and public APIs. It serves as a web application firewall, load balancer, and for scaling between private and public clouds. Users appreciate its role in securing externally-facing applications, integrating into deployment pipelines, and offering features like logs and reports. It is also employed in Kubernetes and OpenShift environments, and considered for API gateway functionalities.

Service and Support

Customer service and support of NGINX App Protect are generally good, but responses can be slow or require escalation. Some users find the support helpful, knowledgeable, and responsive, while others experience delays or lack technical expertise. The support quality has improved, though some users feel it can be costly or less effective than other vendors. Users in specific regions rely on their own knowledge due to lack of local support.

Deployment

Initial setup of NGINX App Protect varies across experiences. Some users found it simple, while others faced challenges with security certificates and complex configurations. Time to deploy ranged from days to months, depending on app variety and complexity. Familiarity with the system affected ease, and some needed automation, command lines, or created policies from scratch. Support tools and documentation quality impacted the process, resulting in mixed ease of implementation and deployment duration.

Scalability

NGINX App Protect is often scalable yet faces limitations with traffic handling, policy design, and deployment time. Various users suggested that scaling can require replacing the hardware. Configuration management can be demanding and lacks centralization. Licensing options cater to different client needs. Several users reported a good experience with scalability, while others found it challenging in specific scenarios. Frequent users include IT staff, developers, and large enterprises.

Stability

NGINX App Protect is very stable, with users highlighting its reliability and consistent performance. Many favor its stability over Imperva. It effectively handles high transaction volumes and has good stability when used with Ingress Controller. Some mention areas for improvement, such as HTML5 availability, rating its stability around 8 to 8.5 out of 10. Stability is praised, noting it remains operational once set up and is lightweight and fast.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our NGINX App Protect Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

20%

Financial Services Firm

13%

Manufacturing Company

Energy/Utilities Company

Retailer

Healthcare Company

Comms Service Provider

Educational Organization

Government

Real Estate/Law Firm

Insurance Company

University

Non Profit

Media Company

Construction Company

Hospitality Company

Legal Firm

Wholesaler/Distributor

Transportation Company

Performing Arts

Logistics Company

Pharma/Biotech Company

Compare NGINX App Protect with alternative products

Learn more about NGINX App Protect

Integrating security controls directly into the development automation pipeline
Applying and managing security for modern and distributed application environments such as containers and microservices
Providing the right level of security controls without impacting release and go-to-market velocity
Complying with security and regulatory requirements

NGINX App Protect offers:

Expanded security beyond basic signatures to ensure adequate controls
F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
Confidently run in “blocking” mode in production with proven F5 expertise
High‑confidence signatures for extremely low false positives
Increases visibility, integrating with third‑party analytics solutions
Integrates security and WAF natively into the CI/CD pipeline
Deploys as a lightweight software package that is agnostic of underlying infrastructure
Facilitates declarative policies for “security as code” and integration with DevOps tools
Decreases developer burden and provides feedback loop for quick security remediation
Accelerates time to market and reduces costs with DevSecOps‑automated security

NGINX App Protect was previously known as NGINX WAF, NGINX Web Application Firewall.