Radware Cloud WAF Service Reviews

Our company infrastructure is supported in AWS, and we use Cloud WAF to protect most of our applications, including mobile apps, our main website, and other business-related apps. 

We have many applications in the AWS cloud, including API gateways and balancers, so the backend is made up of all our apps and network load balancer. We use the solution as a frontend protection tool, and the integration is simple, uncomplicated, and works fine.  

The most significant benefit of using Cloud WAF is the robust protection it provides, particularly against Layer 7 attacks. We've been protected against attacks on our website, and in the case of one DDoS attack, Radware supported us in detecting the attack behavior and blocking the threat. The block took five to ten minutes, we configured the solution to account for the specific behavior of the attack, and we re-established our website. 

The product significantly reduced our false positives, as we previously had many. We had more false positives just after the implementation, but following some reconfiguration and changing some features with the help of Radware's implementation team, the tool works fine. We only have a few false positives; we've seen a reduction of around 80%.  

Cloud WAF helps to free up our IT staff for other projects and saves us significant time. I manage the solution and log into the console around once a week; it takes very little time to configure. The tool doesn't require continuous supervision, just infrequent configuration changes, five times a month.  

Geo-blocking is one of the most valuable features we use the most; most of our users are in North, Central, and South America, so we use geo-blocking to block access from other countries.

In our experience, Cloud WAF effectively prevents unknown threats and attacks. We have received reports of attacks in the past, but the product successfully blocked them. In a few instances, we contacted Radware support for assistance in blocking specific attacks. Despite experiencing around three incidents over the past four years, we are satisfied with the solution's performance and have not encountered any further issues.  

The solution's automated analytics for looking at events works great, as it has a model that can analyze the traffic and respond to an attack. We can also configure the tool to block or allow specific traffic based on the analytics.

We receive many reports from our security team of IPs flagged by our security tools, such as Palo Alto. I cannot add the file containing the IPs to get them blocked; instead, I have to contact Radware support and open a ticket for them to do it. I need to be able to block flagged IPs myself, as it currently takes more time to open a ticket, contact the support team, and wait four to six hours for a response. I want to be able to upload a file with 2,000-3,000 IPs in the console and then apply and save the configuration.

We've been using the solution for four to five years. 

The solution is highly stable; we never had a direct issue with the tool in four years, so it's very solid. 

The solution is highly scalable; we can apply multiple servers and add applications to Radware almost immediately. 

We have contacted support on multiple occasions, and they are excellent, though it depends upon the case. If we have a P1 issue, we can contact support by calling them directly, which takes up to 15 minutes. For non-critical regular tickets, these can take between four and six hours, which is good. If we have multiple issues, we can enter a Zoom call with support, and they will help us to block malicious traffic, for example. I rate them nine out of ten.

Positive

The initial setup was very straightforward, and we implemented with a team of three or four staff. The product doesn't require any maintenance on our side; we sometimes receive emails informing us Radware will carry out maintenance, but it never affects the company.

We are based in El Salvador and don't have a direct license with Radware; we purchase the license through resellers. The pricing is reasonable, as I managed an Akamai product in a previous position, and Cloud WAF is competitively priced.

I rate the solution nine out of ten. 

Radware is very valuable to our business, the deployment is simple, and it only took a couple of weeks to see that value. 

My advice to others considering the solution is that it's a good tool. Regarding security, it's an excellent and feature-rich product that can protect your website, is easy to configure, and has strong support. The Radware technical support staff are very experienced and knowledgeable about their product. We can also generate periodic reports, and Cloud WAF is a great solution that will help improve your work.

We use the solution to protect our environment against attacks.

I am satisfied with its ability to block unknown threats and attacks.

The Radware Cloud WAF Service is beneficial to our organization because it allows us to unify protection across cloud-based locations and have centralized control over it. Additionally, implementation of the solution is relatively straightforward if the web application is not overly complex.

I think we still need to analyze exactly how much the solution has helped reduce false positives. However, the estimate doesn't have as many false positives. The solution provides accurate signatures for most of the operating systems, and protections. I believe it is quite effective in reducing false positives as we can filter, we have detailed security reviews with the policy security reviews from the previous year and prior day implementation with the experts from Radware. The policies that are set are quite good and there are not as many false positives. We have seen around a 20 percent reduction in the number of false positives.

When the solution works flawlessly it frees up around ten percent of our IT people's time to work on other areas.

Compared to other solutions, the protection against the tax provided by Radware Cloud WAF Service is the same except we now have fewer false positives.

Radware Cloud WAF Service has several valuable features, with good support and a user-friendly GUI. There are some advanced rules that can be useful for reconfiguring complex applications, though not always. Advanced tools are also available.

The automated analytics of the solution is beneficial for examining events. We can traverse security events, extract the necessary information, and search for specific ones.

If the applications are not too complex, integrating the solution with other systems and applications in our environment is easy. However, if they have custom services ports and other components beyond the HCT protocols, then we may have a problem.

The connection between the front and back ends could be improved. The connection is not always accurate, and there are occasional bugs. Radware should consider introducing more advanced tools than the larger ones, as well as providing use cases within the documentation for more advanced rules such as client certificate authentication.

I have been using the solution for seven months.

The solution is stable.

The technical support is responsive.

Neutral

We previously used on-prem solutions and switched to Radware Cloud WAF Service because of the cloud capabilities.

The initial setup is straightforward as long as the applications do not have any custom ports and more services or applications are relatively basic and exposed on the outside without additional services.

A full deployment with security policies and complete implementation requires around three weeks.

I am the one who can operate everything on the cloud, but we need to obtain signatures from a number of people in order to change the IP addresses. The deployment requires one person from the IT security team and five or more people from the business side.

The return on investment is satisfactory and has stabilized at this point.

The price is a bulk average.

I give the solution an eight out of ten.

The solution's time to value is average. Sometimes bugs arise and take longer than expected, and sometimes everything goes smoothly. I would say the ratio is 50/50. When everything goes smoothly with the integration the value is seen immediately.

The solution has been deployed across multiple locations in six different countries.

It has required some maintenance a few times but not much.

We have 30 people using the solution.

I would recommend the solution; however, it is always beneficial to have a proof of concept first. You should go through the demo to ensure the solution fits their environment.

We are a company that specializes in loyalty programs for airlines and retail businesses. Our website allows customers to log in and check their loyalty program points, redeem them for flights or other items, and purchase additional points or life miles. As this is a sensitive website that is subject to many attacks, we implemented Radware Cloud WAF Service to protect it.

The solution is deployed on the cloud. We use AWS, but the web application firewall is on Radware infrastructure.

The Radware Cloud WAF Service is an excellent solution for blocking unknown threats and attacks. We have follow-up meetings with our team every other month, and we receive a summary of all the threats the solution blocked. The metrics are very positive. Without this service, we would certainly be in trouble, as we experience a large number of attacks. The solution is very specific in identifying the region from which the attack originates, as well as the type of attack, such as mail service or SQL injection. It also provides details on how the attack was blocked.

The primary advantage of Radware Cloud WAF Service is that we can be confident that the website will not be vulnerable or that our client's accounts will not be compromised. Therefore, it is highly beneficial for us.

We have very few false positives; it is very rare. In the two and a half years I have been with the organization, there has only been one false positive. This occurred when an authentic IP from Colombia attempted to log into the website and was blocked by the WAF.

The solution definitely freed up our IT teams for other projects, as we no longer have to manage the WAF ourselves. With Radware taking care of the WAF deployment in our Amazon infrastructure, our IT personnel who would have otherwise been working on managing our application firewall can now be assigned to other projects. The solution helped save 30 hours a week.

I particularly appreciate the low administrative burden of this solution, as well as the excellent monitoring tools. I can easily view blocked requests and malicious activity in a summary dashboard without needing to intervene. The solution works well independently.

Radware does not have much online training available to help customers get the most out of this solution. For example, we do not know how to integrate the solution with other tools or take advantage of the analytics that it offers. Radware could improve access to this knowledge by providing short training sessions so that customers can benefit more from their work.

I have been using Radware Cloud WAF Service for two and a half years. 

The solution is highly reliable; we have never experienced any outages.

The scalability is completely transparent for us. For instance, on Black Friday, we experience an increase in traffic on our website, yet we don't notice anything because Radware automatically scales, so we don't need to take any action. Therefore, it is very efficient at scaling.

From a financial perspective, we have definitely reduced fraud. This has been a return on investment, as we are no longer losing money compensating customers for fraud. I cannot provide an estimated amount, but we have a team in the company dedicated to preventing fraud. There has definitely been a return on the investment.

It is slow for us to get a quote, which is something that could be improved by the sales or commercial team. However, I believe the prices are fair. We pay for each application we add to the protection, as well as for each additional website. We currently have three licenses and are satisfied with them.

We always compare Radware Cloud WAF Service to the Amazon web application firewall. We have found that Radware Cloud WAF Service is a better solution for us as it is specialized and managed, so we do not need to spend time configuring or managing the solution.

I give the solution a ten out of ten.

We do not use the solution for integrating with other applications. The only other solution is the Cloud WAF Bot Manager, which is another product from the same company. We can access it from the same account using the same credentials. I can access both dashboards, the WAF and Bot Manager, but we do not integrate them with anything else.

The solution has not been implemented in multiple locations. Most of the traffic comes from Latin America and the United States. I do not have an exact figure for the number of end users that access our website, however, I can estimate that it is in the hundreds of thousands per day.

We have never performed any maintenance from our end.

We need to understand how the solution is priced, as our company has one main website, but sometimes there are other products with different URLs and websites, so we must pay for each one. My advice to customers is to understand how this is priced so they can plan accordingly.

We have multiple use cases for Radware Cloud WAF Service. We use it to protect our voice domain, our banking solution, and any other applications that are open to the Internet. We use the same Radware WAF for our applications on AWS.

The effectiveness of Radware Cloud WAF Service in blocking unknown threats and attacks depends on the situation. Usually, when we deploy applications, we have everything planned in advance. In this case, we can simply log in to the portal and configure the WAF. However, if we are dealing with a repeated case or if we need to update a certificate, we can use automation to make the changes. In most cases, we do not need to make any changes to the WAF configuration. For example, if we need to block a specific IP address, we can create a template and apply it to all of our web applications. This allows us to use WAF for both web applications and API code.

Radware Cloud WAF Service's automated analytics for looking at events is good. We actually had something similar before, but this service gives us a better understanding of how we use WAF for different products. For example, DDoS protection is also included. This allows me to analyze which users are coming from which locations, what my status is, and if I have a SQL injection or something similar. There are a lot of features, so I definitely know my application better and can identify any security events that are happening on my web or application.

The end-to-end API protection offered by Radware Cloud WAF Service's API discovery feature is a good tool. However, it can only be effective if we understand the WAF portal concept and know what the tool does. Before we use the tool, we should read its documentation. Radware also has a universal university where we can learn more about how Radware works in a web application. This is helpful because different vendors have different ways of using the same application. I have been part of this learning experience and found it to be very helpful.

API Discovery is easy to use for those who are familiar with WAFs and APIs. However, we need to use a document to configure it, which is not a big deal.

Using Radware CDN services and Cloud WAF together is easy. However, it requires coordination between two different teams. The security team is responsible for CDN, while the development team is responsible for the application. If these teams communicate effectively, it is very easy to use the combined services. Even if the development team does not have experience with CDN, it is not difficult to learn. I have been part of both teams, and I can confirm that using Radware CDN services and Cloud WAF together is easy.

Radware Cloud WAF Service is user-friendly. It provides us with what we need and tells us where to click. Even if we are new to using it, we will not get lost or confused. Once we log in, we can simply click through the steps and understand what is happening. The application is easy to configure and does not require highly technical knowledge.

Radware Cloud WAF Service helped reduce the overhead on one team. In a previous product preview event, only two teams were configuring everything for the project team. However, now even the user developer can develop applications. They develop the application, put their endpoint, and go to Radware to create everything. The system management and network teams are no longer involved. This reduced the dependency on a team by 70 percent. Additionally, any individual team can now configure and use the service.

Radware Cloud WAF Service helped reduce our TCO by ten percent.

We noticed the time to value within two months of using Radware Cloud WAF Service.

Radware Cloud WAF Service is user-friendly and easy to deploy. All we need is our domain name, and we can easily configure it. I migrated from old products to new products using Radware Cloud WAF Service. Migration can be a complex process, but Radware makes it easy by providing a step-by-step guide. We can migrate one application at a time, or we can migrate multiple applications at once. Radware also provides an API that we can use to automate the migration process.

Radware Cloud WAF Service should provide SSL certificates for its hosting customers. Currently, customers must purchase an external certificate and upload it to their hardware. This is a major inconvenience, and I would like to see Radware offer a certificate solution.

The technical support has room for improvement.

I have been using Radware Cloud WAF Service for six months.

Radware Cloud WAF Service is stable.

Radware Cloud WAF Service is scalable. We have multiple teams but we are all on one cloud. We have approximately 50 people using Radware Cloud WAF Service.

Overall, the technical support team resolves our issues, but they take some time to understand the issues.

Neutral

We previously used Imperva Web Application Firewall, but it was too expensive. We switched to the Radware Cloud WAF Service, which is more affordable.

We did not use the automation with Imperva in the same way that we do with Radware Cloud.

The initial setup was straightforward. The deployment took one month because we wanted Radware to learn about our footprint. We started blocking after a month, once they developed an algorithm to understand how the application works and what the major use cases are. Initially, we were not in a blocking mode. We were just configuring everything and learning more about the application. We initially required six people because we were building the policies.

The implementation was completed in-house.

We are still in the early stages of using Radware Cloud WAF Service, but we have already seen a 10 percent return on investment due to a reduction in team dependency.

For the current market, the price for Radware Cloud WAF Service is exactly where we want it to be.

We are using two services, WAF and CDN, and we have a three-year contract for these services.

I give Radware Cloud WAF Service an eight out of ten.

I recommend conducting a proof of concept before purchasing Radware Cloud WAF Service.

We have a couple of AWS customers where we are implementing this solution.

When we are talking about the WAF use case, we just like to save the request. Whatever request you are getting on the WAF side, you can block it according to the filter. If you have any vulnerability inside the request, that will be inspected. If it's not legitimate, then it will be stopped with the help of WAF.

The solution offers good protection. It's for the L7, actually. When you are trying to protect the L7, this is a good product.

There are templates you can try which is useful.

It's easy to implement. 

The solution scales quite well. 

The solution is stable and reliable.

Technical support has been helpful.

The integration part could be better. The visibility part could improve as well. In the market, everyone is moving towards the cloud. However, the patience is not good. When we are trying to find out some information, we are not getting what we need on time. They need to arrange some more use cases for their partners, for their customers to showcase their product and show exactly how it is working, how they're capturing the market, et cetera. Right now, they aren't showcasing what can be done, making it hard to sell. 

I've found it difficult to find good documentation for cloud deployments. 

We've been using the solution over the past year. We've used it for ten months.

The stability is quite good. I would rate it a four out of five in terms of stability. It is reliable. There are no bugs or glitches. 

It is a scalable product. We don't have any issues in that regard. I'd rate it four out of five. 

We have a few customers on the solution. We have one with 15,000 POC employees, and they are using it. There are also a couple of other POCs we are working on now.

Their support has been very good. We are quite pleased with their general capabilities. We tend to also handle issues that are at an L2 or L3. If we cannot handle the client requests, we may reach out to Radware for help. 

Positive

The initial setup is not overly complex. The entire process is easy to manage. 

For deployment, I don't need many people. We do have a team of ten to 15 people who are managing all the security features. I can assign one of them to take care of tasks as necessary. One person who is knowledgeable in WAF can handle the deployment part.

Implementation is a one-time thing. However, the processing of requests is ongoing. Today, a customer has a certain requirement to maintain their compliance, so they can go ahead with the initial set of rules. In the future, if they come across different kinds of compliance, they definitely need to create new rules. Therefore, it's an ongoing process. We cannot say that is a one-time process work for a week, and we've completed it. Basically, the initial implementation can get done in a week. Within a week, we will have to also collect the rule stage information from the customer, including any other requirements. Then, after that, it's ongoing tweaking. 

We tend to perform maintenance for clients. If a customer faces any challenges, they create a case with us, and we deal with it. 

We can handle the initial setup ourselves. 

From my side, there is only one resource deployed on the project. However, there are multiple people required to gather information. From the customer side, it will require them to share what rules should be implemented and we figure out how we will proceed and what requests we will get coming into the application server.

The solution is pretty pricey. It's not a cheap option. I'd rate it a three out of five in terms of affordability.

They do offer different types of licenses, according to your needs. 

I'm a Radware partner. 

We have the latest version implemented right now. 

I'd rate the solution eight out of ten.

I would recommend the solution to people.

The primary use case for Radware Cloud WAF Service is BDoS protection and web application firewalls. My clients use it for these purposes as they want to be protected by a web application firewall against attacks on their websites.

The most valuable features of Radware Cloud WAF Service include its automation and learning capabilities for protection, as well as its superior bot mitigation. The precise negative security on the web application firewall is also noteworthy. Additionally, the onboarding process is smooth, allowing customers the unique ability to use the web application firewall on the cloud.

Radware needs to improve the certificate renewal process for customers who want to be secured with HTTPS. Some other web application firewalls have a mechanism that allows automatic certificate uploads, which Radware could adopt. 

Also, improvements could be made to be more precise on the negative security perspective.

I have been using Radware Cloud WAF Service for about two years.

Radware Cloud WAF Service is very stable, with no experienced downtime on Radware's part. I give it a stability rating of eight out of ten.

Radware Cloud WAF Service is quite scalable, with a rating of eight out of ten.

The technical support for Radware Cloud WAF Service is excellent. They are knowledgeable, speak the technical language, respond quickly, and work collaboratively to overcome challenges. I rate the customer service nine out of ten.

Positive

The initial setup is straightforward, involving adding an A record in the customer's infrastructure and ensuring the right certificate is in place.

Radware Cloud WAF Service pricing falls on the pricier side with a rating of seven out of ten. It may not have helped reduce the total cost of ownership.

I evaluated other solutions like Incapsula, Impreva, and F5 before choosing Radware.

I advise conducting a POC to ensure that Radware Cloud WAF Service meets specific needs in terms of maintenance and understanding. It takes complex tasks, like web application firewall functions, and simplifies them for customer ease. 

I rate the overall solution eight to eight and a half out of ten.