We have several web applications in various environments. Some are hosted on-prem or Azure and others are hosted at different locations or by business partners. Cloud WAF provides centralized control over the security of those web applications.
CISO at a financial services firm with 1,001-5,000 employees
The interface is easy to use, and the solution protects us from OWASP Top Ten threats
Pros and Cons
- "Cloud WAF's interface is easy to use and protects us from OWASP Top Ten threats. Our dev team do QA checks on applications before they go live, but Cloud WAF creates an additional security layer on our website."
- "They've changed their process for call logging. I suppose it's fine, but I used to be able to send emails in. They could also build up more local resiliency here in South Africa. They're working on that, so it isn't much of an issue now."
What is our primary use case?
How has it helped my organization?
Cloud WAF protects us against all DDoS attacks, improving our resiliency and security. It has multiple security feature sets we use, such as OWASP Top Ten Protection. Radware lets us switch assets quite quickly. It fronts web applications, so we can redirect the traffic to a different page if the backend web application goes down. For instance, if we have an outage in our web form, we can redirect that from the Radware side to an Azure website instead of giving the user a "Page cannot be displayed."
Cloud WAF gives us greater visibility. We sometimes get calls from clients who say they're getting an error. We can use Cloud WAF to discover the error generated and troubleshoot any bad behavior. Radware flagged some attacks from China where an attacker attempted to capture traffic. If you go look at the raw code coming in, you can see some suspicious characters being injected into legitimate traffic.
I can't say if our false positives decreased because we previously had no WAF protection. Information was stored in the IPS signatures or IAS logs, but we weren't ingesting those to look for anything interesting. Cloud WAF has given us more visibility than we had before.
Our only integration is pulling the telemetry out into our scene. We use the API to pull the data in. The only other integration piece, if you want to call it that, is using the generic error that they present to a client to troubleshoot client experience problems. We don't integrate much aside from those two.
I can't say that we saved time because we weren't using anything before Radware, but we don't spend much time configuring the solution. They're doing a lot of analytics in the background. We followed a process before we onboarded Radware where we put the solution in Learning Mode to see if there was anything interesting or any default conflict changes we needed to make. We mostly left it alone after that.
It would likely take us around 15 to 20 percent more time to support the infrastructure ourselves. We would need a human to install updates and patches, but Radware manages all of that.
What is most valuable?
DDoS protection was the critical feature we wanted when we decided to go with Radware. The company faced many DDoS attacks at the time, and we didn't have a solution. It's not the only reason we chose Cloud WAF. We do use it for other use cases.
Cloud WAF's interface is easy to use and protects us from OWASP Top Ten threats. Our dev team do QA checks on applications before they go live, but Cloud WAF creates an additional security layer on our website.
The solution protects against multiple threat types. We see SQL injection attacks and DDoS probes constantly. Attackers attempt multiple queries and enumeration attacks against our applications. We previously had a basic firewall with an IPS feature set, but it wasn't providing the same level of protection we get from the WAF.
CloudWAF matches things automatically and identifies any threats. It seems to be doing its job. We sometimes have strange code-related behavior. When our developers write some poorly written code, it generates events in Cloud WAF. It's generally effective at detecting. We had an issue with a misconfigured rule where it blocked legitimate traffic. Overall, we haven't had many issues with it in the last three years. We leave it alone.
What needs improvement?
They've changed their process for call logging. I suppose it's fine, but I used to be able to send emails in. They could also build up more local resiliency here in South Africa. They're working on that, so it isn't much of an issue now.
Buyer's Guide
Radware Cloud WAF Service
December 2024
Learn what your peers think about Radware Cloud WAF Service. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
For how long have I used the solution?
We have used Cloud WAF for about three years.
What do I think about the stability of the solution?
Cloud WAF is a highly stable product. We have only had two outages in four years. One was an update that they pushed out, and the other was a problem with the DDoS mitigation.
What do I think about the scalability of the solution?
We only have about 15 websites, but Radware can scale because it's a cloud service. We've probably seen around 100,000 to 200,000 simultaneous users, and we're pushing more and more people through to it. Our clients vary in size, but the bulk of our business consists of small and medium-sized retailers.
How are customer service and support?
I rate Radware support an eight out of ten. I recommend buying the extended support, which we didn't purchase when we first signed up. We see a noticeable benefit from extended support in terms of response times.
How would you rate customer service and support?
Positive
How was the initial setup?
Setting up Cloud WAF was straightforward, and Radware helped us when needed. Deploying everything took around a week, but we're a risk-averse company. We took our time before sending all the traffic through. We started with a few low-hanging fruit websites because we didn't know the tech, so it took us two months. The business stakeholders said we needed to test it with the less-critical websites for two months to ensure we had no issues. After that, we onboarded the main website.
My team deployed it. Cloud WAF is a hosted environment in two POPs in South Africa, and we buy the service. The service flows from there through to websites that sit on-premises or in other locations. After deployment, we don't need to do much on there. We only need to investigate events if we see something. Maintenance includes adding and removing users from the console due to company turnover. We also change certificates when they expire.
What was our ROI?
Calculating the return on investment is hard, but we've reduced our risks. When we implemented Radware, South Africa was facing a wave of DDoS attacks that primarily targeted financial services, but we weren't concerned because we had DDoS protection.
We don't need a dedicated person to manage it. It's a hands-off service that alerts us if they pick up something. They do lots of additional monitoring for us, like if there is trouble on the back end and any of our sites go down. That frees us up a lot.
Our company started with nothing, so we realized instant value from the service. It starts providing protection immediately, and the assets that Cloud WAF protects need 100 percent uptime. We lose money if our sites go down because clients can't complete transactions.
What's my experience with pricing, setup cost, and licensing?
I think Cloud WAF is fairly priced, but the pricing model is a bit weird. It's modular. You buy Radware WAF, but DDoS and bot protection are bolt-on features. I would prefer to buy it as one complete package because bundles are usually cheaper than three standalone products.
Which other solutions did I evaluate?
We also looked at Cloudflare. Radware stood out because we are in South Africa, and the rest of the world is far away. The latency is too high if we host anything in Europe, so we needed something based in our country.
Otherwise, we would need our own infrastructure. We would have to buy three devices and support that. Radware was the only vendor with a presence in our country, which made the decision easy.
What other advice do I have?
I rate Radware Cloud WAF Service a nine out of ten. We're pleased with the solution. If you plan to implement Cloud WAF, my advice for Radware and any cloud service is to know your SLA. Radware offers many extra services in its SLA on top of standard services. The SLA is an insurance policy if you need to call someone to check on things. Radware support has been incredibly responsive. Their monitoring team has gone above and beyond. They notify us when our websites fail, but they don't need to.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Enhance web security with superior bot protection and automated learning
Pros and Cons
- "The most valuable features of Radware Cloud WAF Service include its automation and learning capabilities for protection, as well as its superior bot mitigation."
- "Radware needs to improve the certificate renewal process for customers who want to be secured with HTTPS."
What is our primary use case?
The primary use case for Radware Cloud WAF Service is DDoS protection and web application firewalls. My clients use it for these purposes as they want to be protected by a web application firewall against attacks on their websites.
What is most valuable?
The most valuable features of Radware Cloud WAF Service include its automation and learning capabilities for protection, as well as its superior bot mitigation. The precise negative security on the web application firewall is also noteworthy. Additionally, the onboarding process is smooth, allowing customers the unique ability to use the web application firewall on the cloud.
What needs improvement?
Radware needs to improve the certificate renewal process for customers who want to be secured with HTTPS. Some other web application firewalls have a mechanism that allows automatic certificate uploads, which Radware could adopt.
Also, improvements could be made to be more precise on the negative security perspective.
For how long have I used the solution?
I have been using Radware Cloud WAF Service for about two years.
What do I think about the stability of the solution?
Radware Cloud WAF Service is very stable, with no experienced downtime on Radware's part. I give it a stability rating of eight out of ten.
What do I think about the scalability of the solution?
Radware Cloud WAF Service is quite scalable, with a rating of eight out of ten.
How are customer service and support?
The technical support for Radware Cloud WAF Service is excellent. They are knowledgeable, speak the technical language, respond quickly, and work collaboratively to overcome challenges. I rate the customer service nine out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward, involving adding an A record in the customer's infrastructure and ensuring the right certificate is in place.
What's my experience with pricing, setup cost, and licensing?
Radware Cloud WAF Service pricing falls on the pricier side with a rating of seven out of ten. It may not have helped reduce the total cost of ownership.
Which other solutions did I evaluate?
I evaluated other solutions like Incapsula, Impreva, and F5 before choosing Radware.
What other advice do I have?
I advise conducting a POC to ensure that Radware Cloud WAF Service meets specific needs in terms of maintenance and understanding. It takes complex tasks, like web application firewall functions, and simplifies them for customer ease.
I rate the overall solution eight to eight and a half out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Last updated: Nov 21, 2024
Flag as inappropriateBuyer's Guide
Radware Cloud WAF Service
December 2024
Learn what your peers think about Radware Cloud WAF Service. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Security analyst at a financial services firm with 1,001-5,000 employees
We benefit from improved security and visibility
Pros and Cons
- "I like that Cloud WAF provides me with lots of information. All the events and all the possible attacks appear in front of you, and false positives appear through different channels."
- "Cloud WAF's management portal lacks many indicators, and the interface could be more user-friendly. It should provide more detailed information on events, possible solutions, and what each event means. While it does give you the event and block part, it doesn't give you a solution. Let's say, for example, someone wants to go into an SQL injection and find a possible solution other than the blocking part, there are no details. It would be good to have possible solutions or the ability to create an automated report to send to the developers in the portal."
What is our primary use case?
The bank uses different channels, such as mobile banking, Internet banking, and Creditnet, and we adopted Cloud WAF to prevent blockages and attacks. We have passed the policy review stage and are ready to begin blocking. Right now, we are in reporting mode and heading to the blocking stage.
How has it helped my organization?
The bank has benefited from improved security and visibility. Two months ago, there was scouting at a national level in Bolivia from Brazil, and it was difficult to find. Cloud WAF gave us that visibility, and as soon as we had a bit of suspicion, we started to block things, mostly traffic. That has benefited us a lot, especially in having more peace of mind and visibility of events and possible attacks.
The network team started with RadWare Alteon, and after that, they began to consider WAF and Cloud WaF. After a month of putting together infrastructure and having clarity, we have already begun to notice the benefit of visibility.
We do have greater visibility of false positives, but we understand that RadWare cannot make the change. It depends more on internal processes to validate false positives. It does provide support by detecting them, and then we need to coordinate internally. For example, we noticed many false positives in SQL injection—around 60 to 70 percent of the false positives were there—so we already have a basis for mitigating them in other channels.
Cloud WAF has freed up our IT staff's time, saving us around 40 percent. For example, because we have visibility on the network level, we do not have to figure things out. If an event occurs in some SIEM or an attack occurs, we can act quickly to prevent the attack and loss of information or economic impact.
From my side, it is a little easier to automatically see these events, show the teams, and coordinate this whole issue rather than spending time investigating, checking logs, and seeing those types of elements on servers, in the DMZ, or in the same application.
What is most valuable?
I like that Cloud WAF provides me with lots of information. All the events and all the possible attacks appear in front of you, and false positives appear through different channels. The solution's automated analytics are excellent. I have several events that appear automatically.
The blocking part seems good. Since I'm just starting on the team, I don't know much about the tool. I'm discovering all its features right now, and they showed me some video tutorials.
We haven't seen any issues with integrating Cloud WAF at the same level of product. For example, we haven't had any problems integrating it with Alteon. I don't have direct experience integrating it with firewalls or other tools, but based on what others are saying, there haven't been any compatibility issues with other applications the bank uses.
What needs improvement?
Cloud WAF's management portal lacks many indicators, and the interface could be more user-friendly. It should provide more detailed information on events, possible solutions, and what each event means. While it does give you the event and block part, it doesn't give you a solution. Let's say, for example, someone wants to go into an SQL injection and find a possible solution other than the blocking part, there are no details. It would be good to have possible solutions or the ability to create an automated report to send to the developers in the portal.
Also, they should offer more Spanish-language tutorial videos. There is only one tutorial in Spanish, which is difficult for us as Latin American customers.
For how long have I used the solution?
I've been using RadWare Cloud WAF for about two to three months.
What do I think about the stability of the solution?
Cloud WAF is very stable. We haven’t had any problems at the portal, tool, or service levels.
What do I think about the scalability of the solution?
We are just starting to figure out Cloud WAF's potential, but we already want to increase the usage in our company.
How are customer service and support?
I rate Radware support eight out of 10. I have seen a lot of willingness from their side to help us, but you need to open the ticket and look for the details in English, and most support is in English, so explaining issues to them is challenging.
How would you rate customer service and support?
Positive
What was our ROI?
The biggest return on investment comes from improved security and avoiding information losses or DDoS attacks. We gain security and the certainty that we will always be operational. The number of attacks has been reduced, and there is a contingency area here that measures the indicators, including the TCO. It's hard to tell, but it looks like approximately 30 to 40 percent.
What other advice do I have?
I rate Radware Cloud WAF eight out of 10. The interface could be a little more detailed. It would be great if Cloud WAF could provide us with alternative solutions to pass along to the developers, infrastructure, security, and all the teams involved in critical events. For example, you have no alternatives if you have a crisis that can be attended to this week or in the next two weeks. You can only block it or not, making things a bit more complicated.
I don't know the tool well yet, but from what I have seen it could be improved by simplifying the team coordination. Also, the categorization could be better because there are only four or five categories: injection, vulnerabilities, etc. If we had more details and options it would benefit us a lot.
I recommend future users learn a little about the tool before using it and have training. It is extensive, so it's critical to know about the events. This tool opened my eyes. We were not covered through all the protocols, we weren’t really safe, this tool gave me a much-needed security.
Foreign Language: (Spanish)
Nos beneficiamos de una mayor seguridad y visibilidad.
¿Cuánto tiempo lleva usando esta solución?
He estado usando RadWare Cloud WAF durante aproximadamente dos o tres meses.
¿Cuál es su principal caso de uso de esta solución? (Incluya detalles sobre su entorno).
El banco utiliza diferentes canales, como banca móvil, banca por Internet y Credinet, adoptamos Cloud WAF para evitar bloqueos y ataques. Hemos pasado la etapa de revisión de políticas y estamos listos para comenzar a bloquear. En este momento, estamos en modo de informe y nos dirigimos a la etapa de bloqueo.
Comparta cómo Radware Cloud WAF Service ha mejorado su organización. Si no fue así, explique por qué.
El banco se ha beneficiado de una mayor seguridad y visibilidad. Hace dos meses hubo scouting a nivel nacional en Bolivia desde Brasil y fue difícil de encontrar. Cloud WAF nos dio esa visibilidad y tan pronto como tuvimos un poco de sospecha, comenzamos a bloquear cosas, principalmente tráfico. Eso nos ha beneficiado mucho, sobre todo en tener más tranquilidad y visibilidad de eventos y posibles ataques.
El equipo de redes comenzó con RadWare Alteon y después de eso, comenzaron a considerar WAF y Cloud WaF. Después de un mes de armar la infraestructura y tener claridad, comenzamos a notar el beneficio de la visibilidad.
Tenemos una mayor visibilidad de los falsos positivos, pero entendemos que el cambio no depende de RadWare. Depende más de procesos internos para validar los falsos positivos. Brinda apoyo al detectarlos y luego necesitamos coordinarnos internamente. Por ejemplo, notamos muchos falsos positivos en la inyección SQL (alrededor del 60 al 70 por ciento de los falsos positivos estaban allí), por lo que ya tenemos una base para mitigarlos en otros canales.
Cloud WAF ha liberado tiempo de nuestro personal de TI, ahorrándonos alrededor del 40 por ciento. Por ejemplo, como tenemos visibilidad a nivel de red, no tenemos que resolver las cosas desde cero. Si ocurre algún evento en algún SIEM o se produce un ataque, podemos actuar rápidamente para evitar el ataque y la pérdida de información o impacto económico.
Por mi parte, es un poco más fácil ver estos eventos de manera automatizada, mostrarselos a los equipos y coordinar todo este asunto en lugar de perder tiempo investigando, revisando registros y buscando ese tipo de elementos en los servidores, en la DMZ o en la misma aplicación.
¿Qué características le han parecido más valiosas y por qué?
Me gusta que Cloud WAF me proporciona mucha información. Todos los eventos y todos los posibles ataques aparecen frente a ti, y aparecen falsos positivos a través de diferentes canales. Los análisis automatizados de la solución son excelentes. Tengo varios eventos que aparecen automáticamente.
La parte del bloqueo me parece buena. Como recién estoy comenzando en el equipo, no sé mucho sobre la herramienta. Estoy descubriendo todas sus características ahora mismo y me mostraron algunos videotutoriales.
No hemos visto ningún problema con la integración de Cloud WAF con otras soluciones de RadWare. Por ejemplo, no hemos tenido ningún problema para integrarlo con Alteon. No tengo experiencia directa en su integración con firewalls u otras herramientas, pero según lo que dicen otros, no ha habido ningún problema de compatibilidad con otras aplicaciones que utiliza el banco.
¿En qué áreas se podría mejorar el producto o servicio?
¿Qué características adicionales deberían incluirse en la próxima versión?
El portal de gestión de Cloud WAF carece de muchos indicadores y la interfaz podría ser más fácil de usar. Debería proporcionar información más detallada sobre los eventos, las posibles soluciones y lo que significa cada evento. Si te brinda la parte de evento y bloqueo, pero no te brinda una solución. Por ejemplo, si alguien quiere realizar una inyección SQL y encontrar una posible solución distinta a la parte de bloqueo, no puede ya que no existen detalles. Sería bueno tener posibles soluciones o la capacidad de crear un informe automatizado para enviarlo a los desarrolladores en el portal.
Además, deberían ofrecer más videos tutoriales en español. Sólo hay un tutorial en español, lo cual es difícil para nosotros como clientes latinoamericanos.
Alternativas y consejos:
¿Utilizó anteriormente una solución diferente? De ser así, ¿por qué la cambió?
Antes de elegir, ¿evaluaste otras opciones? ¿De ser asi, cuales?
¿Tiene algún comentario o consejo adicional sobre esta solución?
Califico a Radware Cloud WAF con ocho sobre 10. La interfaz podría ser un poco más detallada. Sería fantástico si Cloud WAF pudiera brindarnos soluciones alternativas para transmitirlas a los desarrolladores, la infraestructura, la seguridad y todos los equipos involucrados en eventos críticos. Por ejemplo, no tienes alternativas si tienes una crisis que puede ser atendida esta semana o en las próximas dos semanas. Sólo tienes dos opciones: bloquear o no bloquear, lo que complica un poco las cosas.
Aún no conozco bien la herramienta, pero por lo que he visto se podría mejorar simplificando la coordinación del equipo. Además la categorización podría ser mejor porque solo hay cuatro o cinco categorías: inyección, vulnerabilidades, etc. Si tuviéramos más detalles y opciones nos beneficiaría mucho.
Recomiendo a futuros usuarios conocer un poco la herramienta antes de utilizarla y capacitarse. Es extensa, por lo que es fundamental conocer los eventos. Esta herramienta me abrió los ojos. No estábamos cubiertos ante todos los protocolos, no estábamos realmente seguros, esta herramienta nos brindó una seguridad muy necesaria.
Rendimiento
¿Cuáles son sus impresiones sobre la escalabilidad de esta solución?
Apenas estamos empezando a descubrir el potencial de Cloud WAF, pero ya queremos aumentar su uso en nuestra empresa.
¿Cuáles son sus impresiones sobre la estabilidad de esta solución?
Cloud WAF es muy estable. No hemos tenido ningún problema a nivel de portal, herramienta o servicio.
¿Cuál es su retorno de la inversión?
El mayor retorno de la inversión es la mejora en seguridad y el poder evitar pérdidas de información o ataques DDoS. Ganamos seguridad y la certeza de que siempre estaremos operativos. Se ha reducido el número de ataques, aquí existe un área de contingencia que mide los indicadores, incluyendo el TCO. Es difícil saberlo, pero parece que se ha reducido aproximadamente entre el 30 y el 40 por ciento.
Configuración y soporte
¿Lo implementó a través de un equipo de proveedores o uno interno? Si se trata de un equipo de proveedores, ¿cómo calificaría su nivel de experiencia?
Cuéntanos tu experiencia con el servicio de soporte al cliente.
Califico el soporte de Radware con ocho de 10. He visto mucha disposición de su parte para ayudarnos, pero es necesario abrir el ticket y buscar los detalles en inglés, y la mayor parte del soporte es en inglés, a veces explicar el problema es un reto.
¿Cómo calificaría esta solución en una escala del 1 al 10 en cuanto al servicio de soporte?
8.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Jun 30, 2024
Flag as inappropriateExecutive Director at a financial services firm with 10,001+ employees
Provides the first level of defense and useful insights, but lookback, integration, and API Discovery need a lot of work
Pros and Cons
- "It provides the first level of defense against external threats trying to come into the environment, but it's one of the many toolkits we use."
- "There is a lot more that is expected from Radware's automated analytics for looking at events. There needs to be more context of where protection is required these days."
What is our primary use case?
We have external facing sites that our clients use, and it's important that those are protected. It's a traditional use case. The end-users are the firm clients trying to come into the firm using firm applications. So, this is the external perimeter, and that's the typical use case.
How has it helped my organization?
It gives you more insights into what may be happening in your environment. It doesn't free up people's time, but it helps them add an additional data point so that they can be better informed. In that sense, it improves efficiency. When you are in the security mindset, you want to make sure you have the ability to gain as many insights as possible for a potential attack. The intent is never around freeing up time.
What is most valuable?
It provides the first level of defense against external threats trying to come into the environment, but it's one of the many toolkits we use.
What needs improvement?
I'm the global head of cybersecurity across all business lines with a prime focus on audit risk and compliance. I look at Radware in terms of the ability to do two things. One is being very well aware of what's happening in the industry and the threat landscape, and the relative to that is the right sizing of the product so that the product can identify those emerging threats in time and then block them. That's essentially what I'm expecting Radware to do. The ability to provide some insights into lookback is equally important, which means you found something today but that doesn't mean that it happened today. It could have happened many moons ago. That lookback is equally important. There is a lot more that is expected from Radware's automated analytics for looking at events. There needs to be more context of where protection is required these days.
I have used the API Discovery feature. It's relatively easy to use, but it pales to some of the tools that currently exist in the marketplace. They may be a little more sophisticated than what Radware provides. A lot of work needs to be done out there for the end-to-end API protection offered by the API Discovery feature. It's a good first step, but Radware isn't there yet. Similarly, in terms of integrating with other systems and applications in our environment, a lot more work needs to be done out there.
The visibility of API relative to data flow and contextual understanding of what that is for a business is extremely important, and APIs don't seem to cut it. The majority of the attacks take place in memory, so you need to make sure that there is close alignment around how you view that and draw conclusions based on that data. Right-sizing is based on the industry because some of them have the same set of APIs and the same set of structures from which you can easily draw context and draw conclusions in terms of what's happening.
For how long have I used the solution?
We've been using it for two years. It came to us with an acquisition.
What do I think about the stability of the solution?
They've had one odd outage. You can't have an outage in that business. They got to get a little better for enterprise-grade.
How are customer service and support?
They have been collaborative. They were eager to have the firm's business, so we received the kind of support we wanted, and that's fair. We have no complaints, and there is nothing that stands out of the ordinary. I'd rate them a seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
In an organization of our size, you don't have one single vendor. It's a layered defense model. You don't have one single product that you're heavily reliant on. From that perspective, Radware is a part of the ecosystem.
In terms of blocking unknown threats and attacks, Radware is at par with other firms. There is nothing extraordinary. The protection it provides is comparable. It isn't superior. It's amongst the top three or four, but it's definitely not number one.
How was the initial setup?
It required tuning to meet our requirements, but that's true for all products.
What about the implementation team?
It was implemented in-house. There were four people involved in its implementation.
What was our ROI?
The value proposition of a product is based on not just one feature set. It's based on the suite of features and the impact. It's no different than the value of a security guard outside the building. It's justified in case you have a major attack and it has been able to thwart that attack, but up until that point, you won't be able to say, "Hey, what is the true value that I'm getting out of this?"
What other advice do I have?
When you're getting this or any other solution, you need to look at three things.
- Is it fit for purpose? What are you getting it for, or does the solution meet the need?
- Is it going to add value and be a strategic partner going forward? Do you see it evolving with where the threat landscape is heading and where the market is heading? Do you see a relationship?
- Do they get it right? Are they aligned or in sync with the industry and with what the regulators are looking at? This one is generally missing in this case.
I've used CDN services offered by Radware in conjunction with Cloud WAF. Radware is in the same ballpark compared to the industry leaders, though some of the industry leaders are a little sophisticated in terms of features and offerings. However, there are certain areas towards which the industry isn't evolving, and Radware can obviously position itself so that it can succeed.
Overall, I'd rate Radware Cloud WAF Service a seven out of ten. There is a lot they can do. They're in a good position. They have their foot in the door. They need to just up their game.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Network & Security - Specialist at a manufacturing company with 1,001-5,000 employees
Comprehensive and user-friendly with an easy setup
Pros and Cons
- "Integration is very easy."
- "They need to improve their reporting."
What is our primary use case?
We use the solution for safeguarding web applications.
How has it helped my organization?
The solution has been very good at protecting our business. We have many critical applications on the cloud and we can't protect it without Radware.
What is most valuable?
It's a very comprehensive and user-friendly solution. It's easy to implement and integrate. We also have found it's easy to reach support if we need help.
The solution has helped us enhance our cyber security posture. It's good for data protection. We've been able to protect our public-facing infrastructure.
We haven't had any incidents or compromises in the entire three years we've used Radware.
The Cloud WAF Service blocks unknown threats and attacks effectively.
The analytics are very good.
The API discovery feature is very helpful, and end-to-end API protection is useful. Everything is encrypted to ensure effective protection. We get Layer 7 protection from it.
The API discovery is a very useful feature. It is easy to use. A few months before, I did a demo to learn more. We can see which APIs are being used or not. It helps us discover and remove unused APIs. In our case, we found 20 APIs that were not used by the team.
We use the CDN features. It's pretty easy to use the combination of CDN and Cloud WAF. It helps your Radware Cloud connect with the nearest server or the Redware server. We have multiple servers worldwide, so this is useful for us.
Integration is very easy. Sometimes, we have 10 to 15 applications hosted on the cloud. It's very easy to add applications. It's not complicated.
From the Radware cloud, it's integrated with our SOC. All the logs are received by the SOC.
What needs improvement?
They need to improve their reporting. We need to present our management with reports and we need better options for reporting. They don't want lengthy reports. They need something that is one to two pages and includes everything - a more high-level document with the most important information.
For how long have I used the solution?
I've been using the solution for the last three years.
What do I think about the stability of the solution?
The stability is very good. There is no crashing, and it's always easy to access.
What do I think about the scalability of the solution?
The scalability is fine. We haven't faced any issues.
How are customer service and support?
I've contacted technical support if there's something I don't understand. However, we haven't had any big challenges. Support is very good. If we raise a ticket, they reply.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not use a different solution previously.
How was the initial setup?
The initial deployment is easy. It's also easy to integrate various applications in the initial stage. We took about two to four months to add and enable multiple features.
After deployment there isn't really any maintenance needed. In the last two to three years, I haven't witnessed any downtime. If there are ever any issues, we get an email from Radware.
What's my experience with pricing, setup cost, and licensing?
I'm not a part of the purchasing team. I do not know about the costs or licensing.
What other advice do I have?
I'd rate the solution ten out of ten. I'm very happy with this product.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Jul 18, 2024
Flag as inappropriateIT Unit Chief at ATM - AUTORITAT DEL TRANSPORT METROPOLITA
A reliable, lightweight, and secure solution with excellent technical support
Pros and Cons
- "The solution requires very little maintenance; we install it, it works without any problems, is reliable, and we can almost forget about it."
- "The primary area for improvement is in issue detection and understanding whether a log is a false positive. It can sometimes be a challenge to take the data of a given security event and determine if it's a genuine threat using a Wiki etc."
What is our primary use case?
We use the solution to protect our main public application for transportation tickets. We have the product in the cloud set up before our infrastructure, so there is no need to integrate it as if it were an appliance etc.
How has it helped my organization?
Most importantly, the solution put our security team at ease. We previously had some other infrastructure to protect our servers, but having Radware in the cloud gives us confidence.
The tool helped free up our IT team for other projects and saved us significant time. It eased our workload, allowing us to work in other areas. Overall, the time savings are in the region of 10-15%.
Cloud WAF helped to reduce our false positives; we initially had a lot, but once we learned, we had very few. The solution reduced our false positives by about 80%.
What is most valuable?
The solution requires very little maintenance; we install it, it works without any problems, is reliable, and we can almost forget about it.
Radware Cloud WAF works very well to block unknown threats and attacks; we set up some products and infrastructure beyond the solution, and they aren't detecting any threats.
The tool's automated analytics work fine for looking at events; the fact is, we're preparing to renew our license for another three years.
What needs improvement?
The primary area for improvement is in issue detection and understanding whether a log is a false positive. It can sometimes be a challenge to take the data of a given security event and determine if it's a genuine threat using a Wiki etc.
Navigating to find specific options can sometimes be challenging, but we only do this occasionally; we primarily control the logs, so it's not particularly significant for us.
We had some issues with the initial implementation, especially around tuning the solution to avoid false positives.
For how long have I used the solution?
I've been using the solution for three to four years.
What do I think about the stability of the solution?
The solution was relatively unstable during the first year, and we encountered issues, but after that, it was very stable.
How are customer service and support?
The technical support is excellent; they ask questions, and on rare occasions, they haven't been able to help us. However, they looked into the issues on these occasions and provided a solution a few months later.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Radware Cloud WAF is the first WAF solution we've used.
How was the initial setup?
The initial setup was relatively complex; we had some DNS certificate issues, and the deployment took much longer than we expected. However, the second implementation was straightforward and much faster. We experienced DNS issues again, but we had the benefit of experience.
The initial deployment took a few weeks and was carried out by two staff members. We outsourced the solution's management to a civil security team of around ten members.
What was our ROI?
The product is excellent in terms of ROI because it has saved us a lot of time.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair; it's neither particularly cheap nor expensive.
What other advice do I have?
I rate the solution eight out of ten, and I recommend it.
We have seen time to value with Cloud WAF, and we saw this value after around three months. Once we tuned the application to avoid false positives, we started to see a return on our investment.
We don't currently use the API Discovery feature but plan to implement it soon.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Program Manager at a computer software company with 201-500 employees
Excels at blocking unknown threats and attacks, simplifies the process of identifying anomalies in network traffic, and offers a comprehensive range of benefits
Pros and Cons
- "The most valuable feature is the monitoring dashboard that we access through the portal."
- "The Cloud Portal has room for improvement."
What is our primary use case?
We use Radware Cloud WAF Service to monitor and protect against data packet applications from websites and web applications.
How has it helped my organization?
Radware Cloud WAF Service excels at blocking unknown threats and attacks. It achieves this by providing real-time threat monitoring and reporting across all devices and platforms within our network regardless of the system we're using.
Cloud WAF's automated analytics simplify the process of identifying anomalies in network traffic. This is achieved by analyzing events and correlating them with captured data packets. The WAF can capture data at all seven layers of the OSI model, ensuring comprehensive network flow analysis.
Cloud WAF provides effective end-to-end protection for APIs.
Using the API discovery feature is easy.
The CDN Service works together with its Cloud WAF to secure our applications. Since most threats target the application layer, we leverage the Radware API to monitor activity and receive reports for further analysis and protection. Using Radware CDN Service, and Cloud WAF together is easy.
It offers a comprehensive range of benefits. It provides detailed reporting on network security, allowing us to monitor traffic across all routes. The WAF can then identify and block malicious activity within shared traffic, forwarding only clean traffic to our organization. This proactive approach effectively defines and protects our systems from harmful attacks.
Cloud WAF has helped reduce the number of false positives we receive through fine-tuning by 90 percent.
Radware Cloud WAF is a Cloud platform, so it allows for easy integration with other systems in our environment.
It has helped free up around 60 percent of the time for our IT team to focus on other projects and has helped reduce our total cost of ownership.
The benefits of Radware Cloud WAF Service became readily apparent soon after implementation. We experienced this firsthand through the prompt support we received and the solutions provided to address our most critical security threats.
What is most valuable?
The most valuable feature is the monitoring dashboard that we access through the portal.
What needs improvement?
The Cloud Portal has room for improvement.
For how long have I used the solution?
I have been using Radware Cloud WAF Service for around five years.
What do I think about the stability of the solution?
I would rate the stability of Radware Cloud WAF Service ten out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of Radware Cloud WAF Service nine out of ten.
How are customer service and support?
Our experience with Radware support has been positive. Our partnership with them grants us access to privileged customer tools and the customer community. This allows us to utilize valuable resources such as blogs and troubleshooting guides, ensuring we can effectively address any issues that may arise.
How would you rate customer service and support?
Positive
How was the initial setup?
The implementation took three years to complete and we had three people involved.
What was our ROI?
We have seen around a 60 percent return on investment from Radware Cloud WAF Service.
What's my experience with pricing, setup cost, and licensing?
Radware Cloud WAF Service falls within a mid-range price bracket compared to other web application firewall solutions.
What other advice do I have?
I would rate Radware Cloud WAF Service ten out of ten.
We have around 500 customers utilizing the Radware Cloud WAF Service.
Radware provides a sufficient product that doesn't require maintenance from our end.
For comprehensive cloud and load balancing protection, I highly recommend Radware Cloud WAF Service to all organizations.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Last updated: May 16, 2024
Flag as inappropriateIT Security Director at a financial services firm with 1,001-5,000 employees
Helps protect against low and slow DDoS attacks and enabled us to reduce our security headcount
Pros and Cons
- "The isolation feature is the most important one because everything is going directly to Radware first and then it goes into our system. What we get is the filtered version of everything that would otherwise come directly to us."
- "The implementation was hit or miss for the first few months. They did some tweaking and, since then, there have been no problems."
What is our primary use case?
Our company does collections of debt and we have a number of public websites. We usually send emails or snail mail to the clients and they reach us through any of our three of our main sites. Because those sites are exposed to the internet, we use the web application firewall from Radware to protect them. It protects us from attacks like denial service, SQL injections, et cetera. It is an application-oriented firewall for everything that is exposed over the internet.
How has it helped my organization?
On the InfoSec side, it helps us to know who is trying to access our site but is not legitimate. The protection against low and slow DDoS attacks is helpful because they are another way that malicious actors try to get into our system.
Also, with Radware Cloud WAF, we have reduced our security headcount. Before we had it, we had to have at least one person going over all the elements of our firewall and fine-tune it against whatever attacks and elements were there. Now, that position is no longer needed because we can receive reports. We went from having almost daily conversations about elements that we were seeing in our firewall, to just presenting monthly reports of what we were protected against to senior management. We go in through Radware to the dashboard and get the information.
They do have an API for getting reports and we are in the middle of trying to get those reports automated. But, for the time being, everything is on the really nice and well-organized dashboard that we use for those executive reports. By the end of the month, we will actually have executive reports that go to our senior level.
Also, if Radware finds some sort of a legitimate attack, they actually call us, like a SOC would, and report it to us.
Another benefit is that it has reduced our false positives. Usually, we would have five to eight in a week. We're down to almost one a month. That's impressive. We were doing reactive fine-tuning, whereas this is more of an AI and machine-learning implementation, which is way better. Each of those false positives we used to have required between 10 minutes and almost an hour from us. In the worst-case scenario, we were putting in one hour daily on false positives, or 20 hours monthly.
What is most valuable?
The isolation feature is the most important one because everything is going directly to Radware first and then it goes into our system. What we get is the filtered version of everything that would otherwise come directly to us.
For blocking unknown threats and attacks, it uses machine learning. It actually learns what is normal traffic from clients. Once we got the solution, they asked us to open all requests to do some type of machine learning to understand what normal traffic is. With other elements that Radware has in its arsenal, it can differentiate between normal, human traffic and bots or even DDoS attacks.
And we haven't had any false positives so far from the solution's automated analytics. On top of that, it's a very good tool because we can actually see the locations that traffic is coming from, and we can prohibit it from very specific areas of the world. One thing we have learned is how to optimize some of our code to make the application faster. The solution can react to attacks from different parts of the world and block them from entering our servers.
We also use the API Discovery feature and the analysis of the contents of the API is very good. Because we are PCI-certified, we usually use external penetration tests and obfuscation of malicious code through API, and what is discovered by Radware, and blocked, is very impressive. It won't allow any callbacks unless they are from our IP. It also offers VPN connectivity that we are testing, to provide end-to-end protection. What it comes down to is that no one reaches out to our server that is publicly exposed; that exposure is only to Radware. We like that.
It's easy to use the API Discovery, but you must know what you're doing. You just enable it but there are some elements that you need to provide to Radware. The only downside there is the learning process on the Radware side. You need to run it without any filters so it can actually see what normal traffic is and then it can apply the protection.
In terms of integrating Radware Cloud WAF Service with the other systems and applications, everything is API-connected so it was really easy. There is a testing period and, in one case, it took us 90 days, but in another, it was only two weeks. But it integrates really well with our systems.
What needs improvement?
There is a learning curve for the API for reporting. It is not as easy as other APIs.
Also, the implementation was hit or miss for the first few months. They did some tweaking and, since then, there have been no problems.
Another issue is that they don't go back into information beyond 90 days. We have to pull the information so we can have, let's say, a year of threats, attacks, and data to help us make decisions about providing more or fewer resources, depending on the year-long data.
For how long have I used the solution?
I have been using Radware Cloud WAF Service since 2019.
What do I think about the stability of the solution?
The stability is good. There was one instance of downtime but it was basically our systems.
What do I think about the scalability of the solution?
We haven't needed to scale, for the moment. But I know on their side that they have a huge number of denial-of-service attacks and we haven't had any feedback from our clients about not being able to reach our website. So the solution is working. I don't know how they scale it because, with a DDoS attack, if you don't know how to treat it, you will need to scale it so you can actually allow safe users into your system.
Our number of users is more than 5,000 with two locations. The number of people involved in the Cloud WAF project, on our team plus the networking team, is about 10.
How are customer service and support?
Tech support is ticket-based. We have a 24-hour SLA that they have committed to, but we are more into having communication directly with them. Even though they have the ticket system and ask us to create tickets, we usually reach out to our contacts and try to expedite support requests.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using Cisco Firepower as our main firewall, but that is not a web application firewall. We switched to Radware Cloud WAF because we evaluate our InfoSec roadmap every year. Based on the capabilities that Radware offered, and on recommendations from each year's pen test, and because we are trying to evolve our security to make it more mature, it was the decision that we took. It was a good one.
How was the initial setup?
The deployment is hybrid. There are elements that go to AWS and elements that go to our co-location services in Jacksonville. Eventually, everything is going to be exclusively cloud-based.
We are currently migrating everything to AWS. Setting things up, at that moment in time, was kind of hectic, but that was more because of our side. What Radware asked us to do was to redirect everything into our DNS, so it was fairly in terms of what their side needed. It was more an issue of understanding how we could tweak the solution on our side. With the planning included, it took less than a month.
In terms of maintenance, it mostly just works. But from time to time, based on the changes that we make to our web application code, we need to tweak some of the settings of the web application firewall.
What about the implementation team?
Everything was in-house and we had four people involved.
What was our ROI?
Imagine those 20 hours we used to spend on false positives multiplied by the employees' salaries and you have an ROI. I can't tell you if the ROI takes less than a year or two years, but this solution is one of our main layers of defense and it is a requirement for everything we do.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair. We compared Radware to others using industry reviews and Radware is at the top right now.
Which other solutions did I evaluate?
Radware Cloud WAF is way better than what we had. It's more self-sufficient. When we used the regular firewall, we were the ones trying to build up the different signatures and create some sort of access control list based on location. And there was no API filtering. It is a night and day change.
What other advice do I have?
My main advice would be to include the development team, because the adoption of really good API-based protection is going to happen by having really good communication with your development team. They actually consume some of the rules that we use to create those APIs, and they pass that to their machine-learning processes. That's what is going to customize the web application firewall for your environment.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Radware Cloud WAF Service Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Azure Front Door
F5 Advanced WAF
Fortinet FortiWeb
Imperva Web Application Firewall
Cloudflare Web Application Firewall
Imperva DDoS
Azure Web Application Firewall
Check Point CloudGuard WAF
Buyer's Guide
Download our free Radware Cloud WAF Service Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?
- What's right for me? Fortinet or Citrix?
- When evaluating Web Application Security, what aspect do you think is the most important to look for?
Hi, As to the comment regarding the pricing model - in 2023 our Cloud Application Protection services pricing model has been changed and simplified.
We now offer only three plans to choose from: Standard, Advanced, and Complete
Each plan is designed to cater to different cybersecurity needs and risk exposure, as well as different levels of managed services.
Please feel free to contact us to learn more