AWS WAF Reviews

At the moment, it's just myself working with AWS WAF in my company, and our use case for it is normal, or what you would expect from a Web Application Firewall. That includes basic DoS blocking and malicious IP address blocking. It's not a big thing for us, and just takes care of our baseline security.

As a basic WAF, it's better than having nothing. So if you need something simple out of the box with default features, AWS WAF is good.

I think there's a lot wrong with AWS WAF. Here are the two main areas where I think it could be improved:

Blocking: We don't have much control over blocking, because the WAF is managed by AWS. What happens is that they will put down the rules on their side and we don't have proper visibility on that. So we'll have to track down the issues and see what is wrong or not. For example, with IP address blocking, it's difficult to find out which IPs are getting blocked. If we managed our own WAF completely, we wouldn't have this kind of problem. Right now, this aspect is half managed by us, and half managed by AWS. Because of this, I think it would be far more helpful to us if we went for our own tool instead.

Automation: As in, a lot of separate blocks if something goes wrong. For example, every company will have their own rules for automation, in terms of their goals for the product. Like, "I want my WAF to do this. I want my WAF to do that." But that's the kind of thing that I think we will only see when we do some POCs with our clients. 

I have been working with AWS WAF for around one year now. 

The performance has been good, even though it could be better. At any rate, the WAF has not caused any lag on our side.

It is scalable in my experience, but the lack of features doesn't take it very far in terms of actual usage. Eventually, customers will move away from it. If there's no one interested in managing the WAF, that's fine, then customers may keep using it. But for us, we are not planning to scale it out further.

AWS technical support is good.

Neutral

The setup is easy and nothing serious. You don't have to do a lot to get set up with it. Compared to other WAFs out there, I think AWS WAF is very simple, especially since most of it is managed by AWS.

We haven't needed anyone from AWS to help us with the deployment or implementation. It's all me at this point.

It's less cost and easy to setup

There are multiple other options which we could have gone for, but it depends on the budget, typically. I am especially interested in a WAF which has serious support for automation and more complex configuration options.

For people who don't have any WAF currently, and who just need something basic, it's not a bad idea to go with AWS WAF for starters. But if you are someone who is looking for a fully-fledged and self-managed WAF, you should look elsewhere for a better tool. You should certainly not stick with AWS WAF if you are serious about managing your security and mitigating your risks.

Overall, I would recommend AWS WAF to others, but only under the conditions I have mentioned. If you have the budget and the resources, however, go for something else.

I would rate AWS WAF a five out of ten.

While I cannot say for certain, I believe that we are using the latest version. 

I like the scalability, as it provides platform, infrastructure and software as a service. These are the best features. When it comes to the API Gateway, such as Amazon Web Application Framework, the web application will be protected by all industry standard security aspects. We are talking about encryption, firewalls, SSL and TLS. Basically, all web exploit policies and rules will be applied, so that one's web or mobile app can be highly secured.

In terms of hosting the instances, the solution takes care of all necessary scaling to ensure that the application load is balanced. The horizontal or vertical scaling can be automatically removed. As such, AWS provides many services and features. 

The pricing should be more affordable, especially as it pertains to small clients. 

While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex. These could stand improvement and bring down my rating of the product. 

Customer support should also be improved. 

I have been using AWS WAF for around two years. 

The solution is stable. 

The solution is scalable. 

While it can vary according to the service involved, installation, configuration and navigation are, broadly speaking, complex. 

The solution could be more cost-efficient for small customers. 

The solution may be expensive for smaller customers and vendors, although it would be recommended for large ones who can afford it. 

Our organization has only a few years, consisting of the internal team, who are making use of the solution. 

I rate AWS WAF as a six out of ten. 

The regular use case is basically for blocking or giving access to different vendors to different domains. We also use it for managing and identifying the attacks and new rules that we should implement for our public domains to tune up the application firewall or tool, whatever makes more sense for us.

We're using it through the web console and API. We're just using the managed service.

Our organization is launching a lot of betas. We are creating a lot of new different systems for different customers. AWS WAF helps us a lot to make sure that the right customer gets the right access to the system.

The access instruction feature is the most valuable. This is what we use the most.

It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful.

It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one.

Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.

I have been using AWS WAF for about six months.

Stability-wise, it works as expected.

I definitely see places where it can be more designed to scale. In addition to amazon resources, there is some stuff from other vendors that we wanted to protect. WAF was not a solution for us because we don't have a way to integrate with those things. That was the biggest challenge that we faced. In terms of the number of users, our end users could be in the thousands.

It is okay.

It was okay. We went for the cloud formation, and our deployments happen probably every week.

Everything is managed through cloud formation. After implementation, three or four hours a week are required for maintenance.

We are kind of doing a POC comparison to see what works best. Pricing-wise, AWS is one of the most attractive ones. It is fairly cheap, and we like the pricing part. We're trying to see what makes more sense operation-wise, license-wise, and pricing-wise.

I won't recommend it at the moment because I don't have a full picture to recommend it or say that it is bad or good. I'll probably just keep testing and go with it for probably another six months or a year, and then I can probably recommend it or not. 

Other vendors are also providing solutions for D-DOS protection and WAF. It would be nice to see something outside the box for AWS WAF to make it compete with other vendors.

I would rate AWS WAF a seven out of ten. It does what it is supposed to do, probably not in the best way and not in the best UI, but it works. We like the pricing part, but management is the thing that we don't love the most. If things keep improving, we're definitely going to scale with AWS WAF.

We primarily use the solution for its rich insights to improve customer experience.

The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match.

The AI functionality and the machine learning are very good.

The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively.

The solution is very stable.

The solution is extremely scalable.

We have Amazon managed services, and, as part of our agreement, we have the lower end of that managed service. The solution is not a business-critical system for us, so we have a four hour SLA for resolution. That's pretty good. We're very satisfied with technical support.

Previous to this solution, we used Microsoft Azure.

Amazon allows you to provision more services once you have the initial platform in place. Using Amazon Marketplace, it's so simple to provide additional services and functionality so it allows you to grow the capability of the platform with very little integration into other systems because it's all built into the marketplace. With Azure, it's only capable of some products and they don't have APIs available to integrate as well as Amazon does. 

The initial setup was straightforward. Deployment took about three months. For the setup of the platform, we had six people. For the maintenance of the platform, we now have three people maintaining it.

We brought Amazon on to set everything up for us. They made implementation very easy. 

We use the public cloud deployment model. We use the Amazon cloud.

From a technology perspective, Amazon is very simple. It requires, in order for it to run effectively, quite a mature cloud-based culture within your organization, however. My advice to others would be to get their operating model internally right before going ahead with the implementation.

I would rate the solution nine out of ten.

We use the solution for filtering traffic. We do not want our developers to use unnecessary websites. So, we filter the websites using the tool.

All the features are good. AWS Lambda and S3 are valuable tools. We have to use these tools when we build applications.

The cost must be reduced.

I have been using the solution for a year. I use the latest version.

The tool’s stability is very good. It is better than GCP.

The tool’s scalability is good. We have almost 20 users.

The support is helpful.

Positive

We also use GCP.

The initial setup is very easy. Everything is on the cloud. The deployment takes one full day.

We deploy the product in-house. We need one senior solution architect and one junior solution architect to deploy the tool. We have a team of analysts for experiments. We need only one person to maintain the solution.

The product is expensive.

We use almost 40 services. Overall, I rate the product an eight out of ten.

We use the solution for our applications. We have deployed multiple applications on the AWS platform. We use the tool to provide additional security to our applications.

The product’s availability, ease of configuration, and documentation are valuable.

The product has fewer features. It didn’t fulfill all our requirements when we installed it. It is getting better now, though. The product must provide more features.

I have been using the solution for a few years.

I rate the product’s stability a nine out of ten.

The product is highly scalable and highly available. I rate the scalability a nine out of ten. We have deployed three applications. We have two administrators for our infrastructure. The number of users varies according to our customers. We provide the user interface to our customers.

The technical support team is good. The support persons provide prompt responses. They are always available and provide solutions to our queries.

Positive

The setup is very easy. We have proper documentation, so we have no issues. We have deployed the tool for additional security. It is a cloud solution. We need two members from the cloud infrastructure team and eight from the application support team for the deployment and maintenance of the tool.

We deploy the tool ourselves.

The solution provides an additional layer of security.

The solution is affordable.

If a company needs an additional layer of security, it can use AWS WAF. I recommend the product to others. Overall, I rate the product a ten out of ten.

We use AWS WAF to protect internet system applications. 

The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections. 

We should be able to do proper whitelisting. 

I have been working with the solution for four years. 

AWS WAF is stable. 

My company has more than 10,000 users. The tool is scalable. 

AWS WAF's tech support is not complicated. 

Positive

AWS WAF's deployment is easy. 

We have seen ROI with the tool's use.

AWS WAF has reasonable pricing. 

You need to consider the use cases before implementing the solution. I rate it a ten out of ten. 

One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services.

I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy.

I have been using the solution for almost a decade.

AWS WAF is stable. 

The solution is scalable.

The initial setup was easy.

Our in-house engineers implemented the solution. They are already familiar with AWS and hold AWS certifications.

Overall, I rate the solution an eight out of ten.