AWS WAF Reviews

We are an AWS service provider and we use the solution for the cloud and to provide service to other users.

The stability of AWS WAF is valuable.

The cost management has room for improvement.

I have been using the solution for eight years.

I give the stability a ten out of ten.

I give the scalability a nine out of ten.

The technical support is helpful.

The price is average.

I give the solution a ten out of ten.

The solution is a public cloud platform and we have millions of users.

It's all about the security of the cloud system.

It has improved our organization a lot because before we were having problems with access management. Things have gotten better using this product. It's protecting the files. It has been the best step for us.

We are no longer having problems with unauthorized access, where somebody breaches the system or comprises documents. Nothing like that has happened over the past year that we have been using this product. We're doing well and I believe we will continue to do well with this product.

Staff productivity has been high since we started using it. It has saved 80 to 90 percent of their time in some cases.

The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system. These are the best.

I would like them to fortify the system more. In every software platform there are issues or bugs, even though presently, there aren't many known and it is running without problems.

They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats. It's better for the system if the platform is more proactive in detecting threats immediately, so that technicians or people on the security team will know that a threat is coming in.

It's stable, it's a strong system. The stability is going to be even better because they're still trying to improve on it, and they bringing out more features.

Scalability is one of the features. It has to be scalable to be able to effectively secure the system.

Amazon Web Services has very good technical support. Whenever you encounter a problem you just call the support team. You'll be able to walk them through the problem and then they'll solve it.

Our company didn't have structured security controls before this. We were encountering a lot of problems when it came to security, protection of the documents and system. They restructured the whole system. This is the platform that was recommended to us. Since we started using it, it has been great.

The initial setup was rather complex.

Most of the time we try to use a consultant for deployment. Our experience with them has been good. They know their jobs. They try to incorporate more features, teach us how to do things. It's a learning process and they're always there to make sure that we understand the stuff. They get things going.

It's an annual subscription. There are no additional fees beyond the standard licensing.

Everybody handles their own platform differently. Some people love what they have but haven't necessarily experienced anything else. This platform is a good one. If you have your own platform and you think it's better, that's fine. But get a taste of this one, try it and see how it feels in terms of security.

Security has always been a problem and it will always be a problem. There's no security platform or software that is 100 percent. We don't know when a Zero-day will happen. Hackers are everywhere, they are creating things and innovating every day. As far as I am concerned right now, the platform is good. It's doing its job.

I rate the solution at six out of ten. I don't want to give them 100 percent because sometimes things happen.

We use the product for the protection of our public-facing web applications. 

We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS. 

We have issues with reporting, troubleshooting, and analytics. AWS WAF needs to bring costs down. 

I have been working with the solution for 18 months. 

AWS WAF is stable. 

The solution is scalable. 

We use Amazon enterprise support. It is good but expensive. 

We used Cloudflare and Palo Alto before. We chose AWS WAF since it integrates with native services. 

The tool's setup is complex but it is easy after installation. 

I would rate AWS WAF's pricing a seven out of ten. 

I would rate AWS WAF a seven out of ten. 

At the moment, it's just myself working with AWS WAF in my company, and our use case for it is normal, or what you would expect from a Web Application Firewall. That includes basic DoS blocking and malicious IP address blocking. It's not a big thing for us, and just takes care of our baseline security.

As a basic WAF, it's better than having nothing. So if you need something simple out of the box with default features, AWS WAF is good.

I think there's a lot wrong with AWS WAF. Here are the two main areas where I think it could be improved:

Blocking: We don't have much control over blocking, because the WAF is managed by AWS. What happens is that they will put down the rules on their side and we don't have proper visibility on that. So we'll have to track down the issues and see what is wrong or not. For example, with IP address blocking, it's difficult to find out which IPs are getting blocked. If we managed our own WAF completely, we wouldn't have this kind of problem. Right now, this aspect is half managed by us, and half managed by AWS. Because of this, I think it would be far more helpful to us if we went for our own tool instead.

Automation: As in, a lot of separate blocks if something goes wrong. For example, every company will have their own rules for automation, in terms of their goals for the product. Like, "I want my WAF to do this. I want my WAF to do that." But that's the kind of thing that I think we will only see when we do some POCs with our clients. 

I have been working with AWS WAF for around one year now. 

The performance has been good, even though it could be better. At any rate, the WAF has not caused any lag on our side.

It is scalable in my experience, but the lack of features doesn't take it very far in terms of actual usage. Eventually, customers will move away from it. If there's no one interested in managing the WAF, that's fine, then customers may keep using it. But for us, we are not planning to scale it out further.

AWS technical support is good.

Neutral

The setup is easy and nothing serious. You don't have to do a lot to get set up with it. Compared to other WAFs out there, I think AWS WAF is very simple, especially since most of it is managed by AWS.

We haven't needed anyone from AWS to help us with the deployment or implementation. It's all me at this point.

It's less cost and easy to setup

There are multiple other options which we could have gone for, but it depends on the budget, typically. I am especially interested in a WAF which has serious support for automation and more complex configuration options.

For people who don't have any WAF currently, and who just need something basic, it's not a bad idea to go with AWS WAF for starters. But if you are someone who is looking for a fully-fledged and self-managed WAF, you should look elsewhere for a better tool. You should certainly not stick with AWS WAF if you are serious about managing your security and mitigating your risks.

Overall, I would recommend AWS WAF to others, but only under the conditions I have mentioned. If you have the budget and the resources, however, go for something else.

I would rate AWS WAF a five out of ten.

It is our web application firewall.

We do have a lot of external applications which are exposed to the internet and WAF provides protection for them. We haven't seen a decrease in the mean time to respond to threats because it has caught everything.

The solution has also increased staff productivity by as much as 50 percent.

The most valuable feature is the way it blocks threats to external applications.

In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications.

We haven't had any problems with the stability at all.

Up to now, the scalability has been good.

I haven't had to use technical support yet.

Our previous solution was also a WAF but it was not a scalable environment like the cloud is. Everybody is moving to the cloud. We were stuck on an appliance in our data center and we decided to move. We went with this solution because of the stability and quick response.

The setup was a bit complex because our environment is a bit different. It was tough but it was good in the end.

We used a consultant for the deployment and it was a great experience with them.

There are no costs in addition to the standard licensing fees.

My advice is "go for it, use it."

In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.

A primary use case example is when a customer from the cloud wants to expose his applications to the internet. We make sure that the clients, the applications, whatever they're trying to export, are public but that it's not going directly public. We make a backup, for instance, to protect the sellers and applications from security checks, etc. 

There are two models. One is, you can use the free services which you can download from the AWS website. There is also a paid version, where you can go for individual vendors, like Impala, Fortinet, and different vendors, which helps you to attain the top end web application security. It helps them to update the security patches, etc.

AWS has flexibility in terms of WAF rules. Users can choose from using a free service, which you can do from your own end, or a third-party vendor if you want to as well by choosing a paid version. WAF rules can be managed either by your own self or you can go for a third party.

The best thing with the solution is there is no hard and fast route and when I go for AWS. It's not a monopoly environment.

There isn't room for improvement per se. the cloud is constantly evolving and changing however, so we'll see what the future brings.

When users choose the free service, there isn't great support available to them. This is because, when it comes to any issues, due to the fact that it says that when the rules are defined by the users, it becomes their responsibility. When there are any problems or threats, which don't get mitigated or the threat is not being properly managed, since the rules are owned by the user, they take responsibility for everything. It would be helpful if AWS could take a bit of responsibility here and help users understand where things went wrong.

Support wise, I don't think they are that good compared to individual vendors. When it comes to vendors, it becomes their product, and being a product owner, they take more responsibility and ownership of issues. AWS doesn't do that at all.

I've been using the solution for two and a half years.

The solution is quite stable. We haven't run into bugs or glitches. It's reliable. You don't see any downtime.

Since we're talking more about the cloud version of the web application firewall, it's highly scalable. When I say scaling, there is a concept called auto-scaling wherein which you can scale up and scale down according to your amount of traffic load. It's automated, so it's highly scalable, actually.

While any company can use AWS, we see a lot of medium-sized firms using this particular solution, as opposed to larger companies, as those have already their own vendors which are already in the on-premises data centers environment.

I would say from the support point of view, there should be more flexibility when it comes to when users have issues to be able to ask for their help. They need to try to go the extra mile and right now they just aren't doing that.

We've only used AWS for a few customers. Usually, we recommend a different solution. However, it depends on the client and the type of budget that they have. As one version of AWS is free, sometimes that is the only option.

The initial setup is not difficult. It's very straightforward.

Deployment is pretty quick and might take up to one and a half hours at most.

You don't need too many people for maintenance. If they are knowledgable enough, a single person can handle it with no problems. They're even able to do some scripting language to handle the deployment and can set up some automation protocols as well.

When it comes to maintenance, the real challenge comes into play for mitigation. You might need maybe we need four to five people, at a large organization.

There are two versions of the solution available, one of which is free, which is the version we use, so we don't pay for anything.

We're using the latest version of the solution.

When customers tend to use multi-cloud vendors and multi-cloud environments, they want solid security protection. That's where the third party comes into the purchase. If any customer is specific to some cloud like AWS or Azure, we won't recommend third party. We'll try to use AWS's own specific services so that it's smarter cost-wise and flexibility wise, so it adds value to the customer.

However, when things go to a multi-cloud environment or a hybrid cloud architecture, that's when the third party comes into the picture. 

I would recommend this solution to companies who are looking for cloud solutions with firewall flexibility. AWS is very user-friendly and largely inexpensive, however, if an organization has the budget, there are lots of great products out there that do largely the same thing.

I'd rate the solution eight out of ten.

We use this solution for online web applications.

The most valuable features are the geo-restriction denials and the web ACL.

I enjoy using it because it is very easy.

Also, it's quite efficient.

The service itself is fine. On the UI side, I would like it if they could bring back the conditions view which had geo match, IP sets and etc. When using WAF classic you could see this option on the left side of the console. Currently IP sets and regex strings is there but geo match does not seem to be included, not sure if geo matching is still supported.

I have been using AWS WAF for almost three years.

We are using the newest version of AWS WAF, which is Version 2.

It's a stable solution. I have not experienced any issues.

There are approximately 1,000 people who are using this solution on a daily basis.

It is easy to scale. Just ensure that you cover the relevant resources within it. You can cover multiple resources such as CDN or use them in your AOD.

It's quite scalable.

I have not contacted technical support.

I have always used AWS. It's been the focus for the last three years.

The initial setup was simple.

It took less than an hour to deploy.

The implementation was completed internally.

It's quite affordable. It's in the middle.

Everything is included with the usage that you take up when you implement the service.

The product does not require any maintenance. You need to ensure how you consider your rules. You have to make sure that all of your considerations for your protection are done really well. Do regular updates to improve on the different threats and intrusion.

I would recommend the product because it is very flexible and you are able to use it with multiple services within AWS.

I would rate AWS WAF a solid ten out of ten.

We use it to protect our backend services.

Because it integrates with the existing AWS solution, we get a lot of support without having to do much extra work. It has helped increase staff productivity and has probably saved at least one engineer, not having to have an engineer on staff for it.

• It's simple, easy to use.
• Integration.

The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on. Also, more fine-tuning would be convenient.

We haven't had any problems with it.

We haven't run into any scale issues at the moment.

AWS, in general, has good support.

We were using just the built-in Amazon intrusion detection stuff. Then we decided to go for an actual full-blown WAF. We weren't using any actual WAF before. WAF is a general solution that we knew that we needed. It's a standard security measure.

It was relatively simple, for the integration.

There are different scale options available for WAF.

The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it.

We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up.

I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.