Try our new research platform with insights from 80,000+ expert users
Engineera5be - PeerSpot reviewer
Engineer at a tech vendor with 501-1,000 employees
Real User
Integrates well with our existing AWS solution, but the UI is lacking
Pros and Cons
  • "It's simple, easy to use."
  • "The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on."

What is our primary use case?

We use it to protect our backend services.

How has it helped my organization?

Because it integrates with the existing AWS solution, we get a lot of support without having to do much extra work. It has helped increase staff productivity and has probably saved at least one engineer, not having to have an engineer on staff for it.

What is most valuable?

  • It's simple, easy to use.
  • Integration.

What needs improvement?

The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on. Also, more fine-tuning would be convenient.

Buyer's Guide
AWS WAF
January 2025
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
830,526 professionals have used our research since 2012.

What do I think about the stability of the solution?

We haven't had any problems with it.

What do I think about the scalability of the solution?

We haven't run into any scale issues at the moment.

How are customer service and support?

AWS, in general, has good support.

Which solution did I use previously and why did I switch?

We were using just the built-in Amazon intrusion detection stuff. Then we decided to go for an actual full-blown WAF. We weren't using any actual WAF before. WAF is a general solution that we knew that we needed. It's a standard security measure.

How was the initial setup?

It was relatively simple, for the integration.

What's my experience with pricing, setup cost, and licensing?

There are different scale options available for WAF.

What other advice do I have?

The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it.

We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up.

I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

PeerSpot user
Rich text editor
    reviewer1275378 - PeerSpot reviewer
    Principal Consultant at a tech services company with 10,001+ employees
    Consultant
    Scales according to our requirements, but the interface needs some additional functionality
    Pros and Cons
    • "The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
    • "I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps."

    What is our primary use case?

    We are a technical services company and this is one of the solutions that we have helped implement for our clients. We stopped using AWS about six months ago and as such, we are not currently using the AWS Web Application Firewall.

    What is most valuable?

    The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements.

    What needs improvement?

    I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps.

    What do I think about the stability of the solution?

    The stability is good. From our experience, I've felt very happy with all of the AWS components in terms of stability. They work fine and have met our requirements.

    What do I think about the scalability of the solution?

    The scalability of this solution is very good.

    How are customer service and technical support?

    I am really happy with the AWS customer support, although I have not needed to contact them for this solution.

    Which solution did I use previously and why did I switch?

    We have changed solutions because the choice of product depends on the customer's preferences and requirements. When I am working on a contract, I am required to use whatever they ask me to. If I already have the experience then I apply it. Otherwise, I learn what I need to, which sometimes involves taking training courses.

    What other advice do I have?

    My advice for anybody who is implementing this solution is not to simply look it up on Google before starting to use it. I would suggest taking some training courses, start to understand how it works internally, and then begin using it.

    Overall, it is a good product and it generally fits well for my purposes.

    I would rate this solution a seven out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

    PeerSpot user
    Rich text editor
      Buyer's Guide
      AWS WAF
      January 2025
      Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
      830,526 professionals have used our research since 2012.
      reviewer1410801 - PeerSpot reviewer
      President at a tech services company with 1-10 employees
      Real User
      It is a scalable, stable solution but needs simpler setup and pricing schemes.
      Pros and Cons
      • "Its best feature is that it is on the cloud and does not require local hardware resources."
      • "The pricing model is complicated."
      • "The setup is complicated."

      What is our primary use case?

      My whole business is cloud cost management. What I do is help people manage expenses. That encompasses everything from cleaning up software as a service subscriptions to optimizing AWS. My use cases for AWS WAF have to do with cloud research only.  

      What is most valuable?

      The best part about it is that it is a cloud solution.  

      What needs improvement?

      The complexity of deploying turnkey solutions could be simplified.  

      They actually have too many different things that you can tinker with and too many different ways to do the same thing. It may be helpful if the product were to be more directed and if it used best practices with technical and non-technical users in mind.  

      For how long have I used the solution?

      We have been using WAF (Web Application Firewall) for six months.  

      What do I think about the stability of the solution?

      WAF is very stable.  

      What do I think about the scalability of the solution?

      I believe WAF is very scalable.  

      We have only two staff in our organization who are using AWS WAF.  

      How are customer service and technical support?

      Technical support is more-or-less fair. That is where most technical support falls these days.  

      How was the initial setup?

      The initial setup is really sorta complex. That is something which could probably be made easier.  

      What's my experience with pricing, setup cost, and licensing?

      The licensing costs are variable. For me, it is under a hundred dollars a month.  

      The range of your costs with Amazon Web Services is going to be different depending on a lot of factors. It can go as low as actually being free all the way up to millions of dollars. It depends on the organization and how the service is used.  

      What other advice do I have?

      On a scale of one to ten where one is the worst and ten is the best, I would rate this product as a seven-out-of-ten. A change in the pricing structure that favors the client and simplification is something they would have to do to improve to make that score closer to a ten.  

      Which deployment model are you using for this solution?

      Public Cloud
      Disclosure: I am a real user, and this review is based on my own experience and opinions.

      PeerSpot user
      Rich text editor
        it_user753234 - PeerSpot reviewer
        IT Governance at PeerSpot
        Real User
        Redirects any threats and attacks and protects our code
        Pros and Cons
        • "The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
        • "It's a bit difficult to apply the right rules for the right security."

        What is our primary use case?

        Our primary use case is to protect our internal web solution. We use it to have an internal application for our customers. We are an SME worldwide company, so we have some internal website solutions architects that use this as an internal portal to the internet. We apply a WAF front to our web application.

        What is most valuable?

        The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats. It's important to protect the code against the threats on the internet. It redirects any threat, any attack, to a Fail2ban mechanism.

        What needs improvement?

        Sometimes it's a bit difficult to check the rules because when you apply a rule, sometimes it's too much and we need to rewrite the rules and make compromises on the rules because it will block too many things. It's a bit difficult to apply the right rules for the right security.

        For how long have I used the solution?

        We have used AWS WAF for around a year. 

        How are customer service and technical support?

        Their support is very good. We have an enterprise agreement with Amazon.

        How was the initial setup?

        I don't remember there being any problems with the setup.

        What other advice do I have?

        I think AWS WAF is a great solution. You can define big and a bit smaller architectures and scale out architecture as you need, due to the edge location. Its features are very amazing. 

        I would definitely recommend AWS WAF. I asked my security director to move from our internal WAF to the AWS WAF because we can make global unique WAF services for our on-premise web servers and also our AWS web servers with one common rule and one common authority to manage these rules

        I would rate AWS WAF an eight out of ten.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.

        PeerSpot user
        Rich text editor
          reviewer1230804 - PeerSpot reviewer
          Principal Cloud Architect at a tech services company with 51-200 employees
          Real User
          Beneficial cloud service, flexible on-demand features, but requires better security
          Pros and Cons
          • "The most valuable features of AWS WAF are its cloud-native and on-demand."
          • "The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."

          What is our primary use case?

          We use AWS WAF to prevent cyberattacks, such as SQL Injection attacks and cross-site scripting attacks. The end users' traffic has more threats and the web application gives good support.

          What is most valuable?

          The most valuable features of AWS WAF are its cloud-native and on-demand.

          Any customer can leverage AWS WAF immediately, it has a basic set of rules that are available.

          What needs improvement?

          The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure.

          For how long have I used the solution?

          I have been using AWS WAF for approximately four years.

          What do I think about the stability of the solution?

          This is a very stable solution.

          What do I think about the scalability of the solution?

          AWS WAF is scalable.

          We have approximately five customers using this solution.

          How are customer service and support?

          The technical support is very good. They are responsive and knowledgeable, they have always come back with a resolution or a workaround to help us.

          How was the initial setup?

          The initial setup took approximately 15 mins, it is easy.

          What about the implementation team?

          We have a team that does the support for the solution.

          What's my experience with pricing, setup cost, and licensing?

          AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage.

          What other advice do I have?

          The first version of AWS WAF was not mature but the second version is very mature.

          I would recommend this solution to others because instead of choosing a third-party solution which will take time, and you will have to be in negotiations. It is good to start with AWS WAF for their minimal primary security firewall to save their workload. AWS WAF is available on-demand from day one.

          I rate AWS WAF a seven out of ten.

          Which deployment model are you using for this solution?

          Public Cloud
          Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

          PeerSpot user
          Rich text editor
            Develope2e0c - PeerSpot reviewer
            Developer at a tech services company with 1-10 employees
            Real User
            The customized billing is key for us
            Pros and Cons
            • "The customized billing is the most valuable feature."
            • "In a future release of this solution, I would like to see additional management features to make things simpler."

            What is our primary use case?

            Application security is our primary use case.

            What is most valuable?

            The customized billing is the most valuable feature.

            What needs improvement?

            In a future release of this solution, I would like to see additional management features to make things simpler.

            What other advice do I have?

            It's pretty good, as long as the pricing matches your budget.

            I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.

            PeerSpot user
            Rich text editor
              reviewer1234011 - PeerSpot reviewer
              Cloud architect at a tech vendor with 1-10 employees
              Real User
              Good integration with AWS services, and no installation is required
              Pros and Cons
              • "This is not a product that you need to install. You just use it."
              • "I would like to see it more tightly integrated with other AWS services."

              What is our primary use case?

              We use this product for our web application firewall. It is used for production services.

              I am not a direct customer but I have installed it for one of my clients.

              What is most valuable?

              The most valuable feature is that it is integrated with other AWS services.

              What needs improvement?

              I would like to see it more tightly integrated with other AWS services.

              For how long have I used the solution?

              I have been working intermittently with AWS WAF over the past two years.

              What do I think about the scalability of the solution?

              AWS WAF is extremely scalable.

              At this point, we don't have any plans to increase our usage of it.

              Which solution did I use previously and why did I switch?

              Prior to AWS WAF, I was using a Cisco web application firewall. However, when I started using AWS, I switched.

              How was the initial setup?

              This is not a product that you need to install. You just use it.

              The only people that need to work with it are those who configure it.

              What's my experience with pricing, setup cost, and licensing?

              You need an additional AWS subscription for this product if you are buying a managed tool.

              What other advice do I have?

              Overall, this is a good product and I recommend it. My advice for anybody who is just getting started with it is to follow the instructions.

              I would rate this solution an eight out of ten.

              Which deployment model are you using for this solution?

              Public Cloud

              If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

              Amazon Web Services (AWS)
              Disclosure: I am a real user, and this review is based on my own experience and opinions.

              PeerSpot user
              Rich text editor
                Founder4214 - PeerSpot reviewer
                Founder at a consultancy with 1-10 employees
                Consultant
                It is a one-click WAF with no effort needed, but we need more support as we go global
                Pros and Cons
                • "It is a one-click WAF with no effort needed."
                • "It is Amazon. Everything is scalable. It is beyond what we need."
                • "We need more support as we go global."

                What is our primary use case?

                The primary use case is application security.

                We are using the latest version.

                How has it helped my organization?

                It is a one-click WAF with no effort needed.

                What is most valuable?

                Protection and WAF.

                What needs improvement?

                We need more support as we go global.

                The UI could use improvement.

                What do I think about the stability of the solution?

                It is stable.

                What do I think about the scalability of the solution?

                It is Amazon. Everything is scalable. It is beyond what we need.

                How are customer service and technical support?

                We hardly received technical support on this product.

                How was the initial setup?

                It was super easy to set up. We did it with one click.

                Which other solutions did I evaluate?

                We chose this solution because it is cloud native Amazon.

                What other advice do I have?

                We have an above average security posture.

                Disclosure: I am a real user, and this review is based on my own experience and opinions.

                PeerSpot user
                Rich text editor
                  Buyer's Guide
                  Download our free AWS WAF Report and get advice and tips from experienced pros sharing their opinions.
                  Updated: January 2025
                  Buyer's Guide
                  Download our free AWS WAF Report and get advice and tips from experienced pros sharing their opinions.
                  ...
                  ...