Radware Cloud WAF Service Reviews

I am using Radware Cloud WAF and have been using it for the last five years. Recently, I considered deploying Radware Discovery API. I have taken a proof of concept of Radware Discovery and plan to onboard it in the next one or two months. 

Additionally, it is essential for reducing DDoS attacks within my organization.

We have had a very good experience with Radware Cloud. It has significantly reduced attacks on our applications. All our critical applications are onboarded to Radware, which uses AI to automatically learn behavior patterns and refine security policies. 

It also provides comprehensive protection against the top ten web application security risks. Importantly, we have not experienced any zero-day attacks because Radware Cloud offers protection against emerging threats. The Emergency Response Team is very active, and I consistently receive excellent responses from them.

It's a very comprehensive and user-friendly solution. It's easy to implement and integrate. We also have found it's easy to reach support if we need help.

The solution has helped us enhance our cyber security posture. It's good for data protection. We've been able to protect our public-facing infrastructure.

We haven't had any incidents or compromises in the entire three years we've used Radware.

The Cloud WAF Service blocks unknown threats and attacks effectively.

The analytics are very good.

The API discovery feature is very helpful, and end-to-end API protection is useful. Everything is encrypted to ensure effective protection. We get Layer 7 protection from it.

The API discovery is a very useful feature. It is easy to use. A few months before, I did a demo to learn more. We can see which APIs are being used or not. It helps us discover and remove unused APIs. In our case, we found 20 APIs that were not used by the team.

We use the CDN features. It's pretty easy to use the combination of CDN and Cloud WAF. It helps your Radware Cloud connect with the nearest server or the Redware server. We have multiple servers worldwide, so this is useful for us.

Integration is very easy. Sometimes, we have 10 to 15 applications hosted on the cloud. It's very easy to add applications. It's not complicated.

From the Radware cloud, it's integrated with our SOC. All the logs are received by the SOC.

We are a data center company that hosts a variety of applications for our customers. We use these applications for two purposes: internal protection and external customer protection. Currently, all of our internal applications are hosted on the cloud and are safeguarded by the Cloud WAF service. Our customers also use the Cloud WAF service to protect their applications from external threats. 

We aim to provide our customers with 99.99 percent infrastructure availability and 99.95 percent service uptime. When we guarantee availability and security, we must ensure we have the strongest security measures in your environment. That is the highest priority for the company.

We've deployed Radware for various applications in our environment. We have also successfully used it in heterogeneous customer environments without any issues. We have some internet-facing applications like SAP and Oracle. Our company has custom Java-based and .NET-based applications. The clients' ERP environments may also be vulnerable because they are the company's heart. We deploy and host many ERP environments and protect them against external attacks.

Radware Cloud WAF Service's ability to block unknown threats and attacks is useful. Radware Cloud WAF Service's best feature is its ability to protect against and log a wide range of unknown threats as part of its offerings.

I can confidently say that Radware Cloud WAF Service serves as a comprehensive solution for both our current and prospective customers, generating revenue for us. This service guarantees high uptime and availability of all our business applications while reducing overall operational complexity.

Automated event analytics are effective. We have automated event monitoring, which provides us with excellent analytical dashboards that help us identify any issues. These dashboards report, track, monitor, and ultimately resolve the issues. Therefore, the mitigation process is highly effective when utilizing these analytical dashboards.

We implemented API protection as a security measure, which includes an API discovery feature. This feature helps protect APIs from attacks, making it a valuable aspect of Radware Cloud WAF Service.

The API discovery feature provides outstanding end-to-end API protection. APIs play a crucial role in applications, often requiring extensive investigation. Having automated discovery and protection against external threats makes this feature even more exceptional.

API discovery is a user-friendly feature that comes with an automated algorithm. The algorithm detects APIs and generates tailored security policies to identify and log any real-time API FOCA attacks. This makes it an outstanding feature. Additionally, Radware repair protection can access the automated algorithm to discover APIs and create personalized security policies that can detect and prevent API worker attacks in real-time.

The API discovery aided in the reduction of our overhead costs by around 20 percent. The APIs are protected in real-time, which enabled us to decrease operational complexity and costs significantly.

We provide data center services and offer both public and private cloud options to our customers. Our Radware Cloud WAF Service provides comprehensive protection against bots and APIs, safeguarding all the Internet-facing applications hosted on our platform. As a result of implementing this service, our organization has greatly benefited.

The Radware Cloud WAF Service has been instrumental in reducing our false positives by nearly 25 percent. This is due to its comprehensive API protection and bot offerings, which have reduced operational complexity. 

The cost of managing the overall solution decreased because we now require fewer personnel. With the tool's significant automation and numerous analytic dashboards, customers now feel more comfortable and have greater peace of mind than before.

I would rate the integration of Radware Cloud WAF Service a nine out of ten. This solution has user-friendly integration algorithms and features that make it easy to integrate with other applications. Once we become familiar with the product, the interfaces are straightforward to use. The software has an API, which enables different applications to communicate with each other, making it the best part of the solution. Therefore, API protection is included in the software, allowing applications to interact with each other seamlessly. Consequently, customers can feel more confident when using Radware Cloud WAF Service.

Radware Cloud WAF Service reduced the effort of our IT team, therefore, freeing up their time for other projects.

Radware Cloud WAF Service helped reduce our TCO because we can now offer this service to our customers. This has resulted in generating additional revenue, contributing to the overall cost savings.

After three months of implementing the Radware Cloud WAF Service and selecting the product, we began to see time to value.

The bank uses different channels, such as mobile banking, Internet banking, and Creditnet, and we adopted Cloud WAF to prevent blockages and attacks. We have passed the policy review stage and are ready to begin blocking. Right now, we are in reporting mode and heading to the blocking stage.

The bank has benefited from improved security and visibility. Two months ago, there was scouting at a national level in Bolivia from Brazil, and it was difficult to find. Cloud WAF gave us that visibility, and as soon as we had a bit of suspicion, we started to block things, mostly traffic. That has benefited us a lot, especially in having more peace of mind and visibility of events and possible attacks.

The network team started with RadWare Alteon, and after that, they began to consider WAF and Cloud WaF.  After a month of putting together infrastructure and having clarity, we have already begun to notice the benefit of visibility.

We do have greater visibility of false positives, but we understand that RadWare cannot make the change. It depends more on internal processes to validate false positives. It does provide support by detecting them, and then we need to coordinate internally. For example, we noticed many false positives in SQL injection—around 60 to 70 percent of the false positives were there—so we already have a basis for mitigating them in other channels. 

Cloud WAF has freed up our IT staff's time, saving us around 40 percent. For example, because we have visibility on the network level, we do not have to figure things out. If an event occurs in some SIEM or an attack occurs, we can act quickly to prevent the attack and loss of information or economic impact. 

From my side, it is a little easier to automatically see these events, show the teams, and coordinate this whole issue rather than spending time investigating, checking logs, and seeing those types of elements on servers, in the DMZ, or in the same application. 

We have been using this solution for a number of use cases. For example, we use it for SQL inspection, cross-site scripting. We also have load sharing and we create our own custom rules for our situation, based on our business. For instance, products, articles, and other parameters that we manage in our applications are packaged in Radware.

We also tested the Bot Manager for a month and it seemed quite useful, but due to a matter of project priorities, we could not implement it.

Radware Cloud WAF visibly improves our security posture and reduces the risks of an attack. It also helps us a lot in avoiding information leakage. These advantages are particularly true for us because the applications that we have protected are outsourced developments, they are not in-house. Radware helps us guarantee a level of security for our infrastructure such as our databases.

The API Discovery is also very good because the application is outsourced, which means that we don't have the code. API Discovery allowed me to discover precisely how to orchestrate the API so that I could see the results. Based on them, we were able to raise new cases. It's nice not to have that limitation. We are using API Discovery on a trial basis for one month, but I believe that if we enable it next year we will see a decrease in traffic and consumption.

In addition, it has helped reduce false positives by 30 percent. In the second year, the change hasn't been very noticeable because the cases that we started with in the previous year have already been configured and saved. In other words, we are increasing the system's capacity, fixing the rules, but we are not erasing the previous ones.

It has also helped free up the IT team because several risk points are automatically covered. For example, we have a SIEM to which we send the Radware logs and the integration with the SIEM, as well as sending these logs, was simple, a matter of five minutes. The logs that Radware sends are complete and we can create use cases based on our needs. I estimate it has saved 50 percent of my time.

We are a Data Center company with a lot of internal applications and customers. Our primary use case is to protect all internal applications hosted on Public Cloud with Radware Cloud WAF. This protection is crucial for safeguarding our customers' applications from external threats and ensuring high availability and security.

The most important aspect of Radware Cloud WAF is that it is over the cloud, offering a comprehensive solution that includes WAF, API protection, bots, and Layer 7 DDoS. This combination efficiently blocks a large number of unknown threats and ensures high security and uptime for our internal applications as well as our customers' applications, making it a revenue-generating tool. Cloud WAF provides excellent analytical dashboards that allow us to report, track, and resolve many issues quickly.

Initially, all our services were on-premises, but we decided to move many of them to the Azure cloud to make them accessible to our customers. However, we discovered that certain attacks were going undetected and the native tools in Azure cloud were inadequate for protecting against them. As a result, our expenses were increasing due to resource exhaustion. To address this issue, we consulted with our vendors and found a Cloud WAF hardware solution. Once we implemented Radware Cloud WAF Service and combined it with application controls, bot protection, and DDoS services, our expenses were reduced by 80 percent. This was a remarkable achievement.

I report every month on any incidents involving our public assets. One particular use case that I focus on is geo attacks, which help identify who is attempting to access these resources from locations outside of our Southeast US customer base. This helps reduce unnecessary noise. We also have private APIs that are only accessible to specific vendors, and it's important to secure them with an access list. Although it is a basic measure, it allows me to monitor who is attempting to access those resources. The unknown threat aspect of it is not a frequent occurrence.

Radware Cloud WAF Service provides excellent automated analytics for event analysis. Its visibility feature alone is a selling point for the product. When we initially invest in cloud services, it can be difficult to monitor activity. We only receive a bill indicating increased CPU and RAM usage. The analytics provided by Radware Cloud WAF Service has been extremely helpful in this regard.

Radware Cloud WAF Service has significantly reduced our Azure bill by filtering out unnecessary CPU, compute, and bandwidth usage on the front end. Previously, we experienced a lot of errors and serious issues due to APIs being exposed, and our developers could not always understand why these errors occurred. However, once we implemented Radware Cloud WAF Service, it significantly reduced the noise and eliminated malicious data. As a result, our developer logs now look good, and we can identify who is targeting us and their intentions through the provided metrics. It has been incredibly helpful from a management perspective as we can present them with dashboard metrics showing how the tool is blocking and protecting us. They appreciate this information.

Radware Cloud WAF Service has helped reduce our false positives by 90 percent.

We quickly recognized the value of the Radware Cloud WAF Service upon deployment. However, we needed to ensure that the business owners understood the changes being made. Upon activating the spot protection and geolocation service, we noticed a significant decrease in illegitimate traffic. Prior to the implementation, we were receiving an overwhelming amount of hits, averaging between 150,000 to 160,000 per hour on certain pages. Once the services were activated, this number decreased to only 2,000 to 3,000 hits per hour, indicating that a majority of the previous traffic was not legitimate. This allowed us to reduce our footprint in Azure and do so immediately. It is evident that the internet is filled with a vast amount of illegitimate traffic, with many individuals scanning for open services. The implementation of Radware Cloud WAF Service helped eliminate this issue within a day.

Radware offers a cloud, software, and hardware-based solution. It deals with all three platforms. 

1. They have a hardware device on which their software can be installed. We can manage all the load balancing with it. 

2. Similarly, for the Radware software, we can install the OVA file on our server and configure all the admin backend servers on it to perform services. 

3. In the cloud, we can use their API service to create a virtual platform for clients on which they can deploy and run their applications.

Cloud WAF blocks unknown threats and attacks. We have a monitoring tool, and security patches are released monthly. We can deploy these signatures on the WAF, which identifies threats based on IPs. There are multiple signatures for various attacks, like bot attacks, that we can monitor.

There is a forensic dashboard where we can identify real-time events, hits, and blocks. If there are genuine requests being blocked, we can deploy a custom page with a case number for users to resolve issues. For example, if a user triggers the Web Application Firewall (WAF) due to a misinterpreted service, they will see a blocking page with a case number. There's also an option to refine the WAF settings if it blocks a genuine request.

I also work with the API discovery feature in the Cloud solution. Once the API is enabled and the application vendor provides the API key, we can deploy our application. If the API is correct, it functions properly; otherwise, issues are highlighted on the dashboard. For example, cross-site scripting is blocked at the label level.

API discovery is straightforward to use. There is an option to add the API stream. If the API is correct, it will be processed; otherwise, the API service is blocked.

The dashboard provides multiple features and analytics tools to identify API issues. If there is a cost issue with an API, it can be identified, and we can report it.

It's not difficult to work with the API discovery feature because everything is reflected on the forensic dashboard. There's an option within the dashboard, under the security section, where you define the correct API. You can also identify and exclude specific APIs if needed. There's only one option to add to the API stream. If the API is correct, it will be processed; otherwise, it's blocked.

It's not difficult to identify API issues because when we define the API call, and it is incorrect or not valid, it won't sync with the vendor's application. They identify this and generate a blocking request, which helps us easily identify the issue.

We have several web applications in various environments. Some are hosted on-prem or Azure and others are hosted at different locations or by business partners. Cloud WAF provides centralized control over the security of those web applications.

Cloud WAF protects us against all DDoS attacks, improving our resiliency and security. It has multiple security feature sets we use, such as OWASP Top Ten Protection. Radware lets us switch assets quite quickly. It fronts web applications, so we can redirect the traffic to a different page if the backend web application goes down. For instance, if we have an outage in our web form, we can redirect that from the Radware side to an Azure website instead of giving the user a "Page cannot be displayed." 

Cloud WAF gives us greater visibility. We sometimes get calls from clients who say they're getting an error. We can use Cloud WAF to discover the error generated and troubleshoot any bad behavior. Radware flagged some attacks from China where an attacker attempted to capture traffic. If you go look at the raw code coming in, you can see some suspicious characters being injected into legitimate traffic.

I can't say if our false positives decreased because we previously had no WAF protection. Information was stored in the IPS signatures or IAS logs, but we weren't ingesting those to look for anything interesting. Cloud WAF has given us more visibility than we had before.

Our only integration is pulling the telemetry out into our scene. We use the API to pull the data in. The only other integration piece, if you want to call it that, is using the generic error that they present to a client to troubleshoot client experience problems. We don't integrate much aside from those two.

I can't say that we saved time because we weren't using anything before Radware, but we don't spend much time configuring the solution. They're doing a lot of analytics in the background. We followed a process before we onboarded Radware where we put the solution in Learning Mode to see if there was anything interesting or any default conflict changes we needed to make. We mostly left it alone after that. 

It would likely take us around 15 to 20 percent more time to support the infrastructure ourselves. We would need a human to install updates and patches, but Radware manages all of that.