Radware Cloud WAF Service Reviews

I am using Radware Cloud WAF and have been using it for the last five years. Recently, I considered deploying Radware Discovery API. I have taken a proof of concept of Radware Discovery and plan to onboard it in the next one or two months. 

Additionally, it is essential for reducing DDoS attacks within my organization.

We have had a very good experience with Radware Cloud. It has significantly reduced attacks on our applications. All our critical applications are onboarded to Radware, which uses AI to automatically learn behavior patterns and refine security policies. 

It also provides comprehensive protection against the top ten web application security risks. Importantly, we have not experienced any zero-day attacks because Radware Cloud offers protection against emerging threats. The Emergency Response Team is very active, and I consistently receive excellent responses from them.

It's a very comprehensive and user-friendly solution. It's easy to implement and integrate. We also have found it's easy to reach support if we need help.

The solution has helped us enhance our cyber security posture. It's good for data protection. We've been able to protect our public-facing infrastructure.

We haven't had any incidents or compromises in the entire three years we've used Radware.

The Cloud WAF Service blocks unknown threats and attacks effectively.

The analytics are very good.

The API discovery feature is very helpful, and end-to-end API protection is useful. Everything is encrypted to ensure effective protection. We get Layer 7 protection from it.

The API discovery is a very useful feature. It is easy to use. A few months before, I did a demo to learn more. We can see which APIs are being used or not. It helps us discover and remove unused APIs. In our case, we found 20 APIs that were not used by the team.

We use the CDN features. It's pretty easy to use the combination of CDN and Cloud WAF. It helps your Radware Cloud connect with the nearest server or the Redware server. We have multiple servers worldwide, so this is useful for us.

Integration is very easy. Sometimes, we have 10 to 15 applications hosted on the cloud. It's very easy to add applications. It's not complicated.

From the Radware cloud, it's integrated with our SOC. All the logs are received by the SOC.

An area of improvement is the visibility at the attack level. Management often asks for detailed reporting on attacks such as botnet and zero-day attacks, including the number of attacks within a month, week, or day. Improving dashboard capabilities to provide this information clearly for management is crucial.

They need to improve their reporting. We need to present our management with reports and we need better options for reporting. They don't want lengthy reports. They need something that is one to two pages and includes everything - a more high-level document with the most important information.

I have been using Radware Cloud WAF for the last five years.

I give the stability a score of 9.5 out of ten. I have never encountered downtime, maintenance-related issues, or latency. As a network and cybersecurity specialist, this provides me with peace of mind.

The scalability is fine. We haven't faced any issues.

The support provided by Radware's Emergency Response Team is excellent. They respond promptly to any queries or concerns raised via the hardware portal according to SLA expectations. The responses are satisfactory. Although I have not required much support in the past five years, whenever I did, I received answers to my queries.

Positive

I did not use a different solution previously.

The initial setup was straightforward. We onboarded critical applications in a prioritized manner, starting with the most critical and gradually moving to the others. The setup process was smooth, and we were able to get visibility from the applications post-onboarding.

I am not involved in purchasing or negotiating pricing, as this is done by our material team. My role is to recommend the products we need. The material team discusses with partners and determines the appropriate pricing.

I rate the overall solution a nine out of ten. By not giving a perfect score, I recognize that there is room for improvement, which is crucial for fostering development. It is essential for Radware to continue improving and researching advancements needed to enhance customer experience.

We are a Data Center company with a lot of internal applications and customers. Our primary use case is to protect all internal applications hosted on Public Cloud with Radware Cloud WAF. This protection is crucial for safeguarding our customers' applications from external threats and ensuring high availability and security.

The most important aspect of Radware Cloud WAF is that it is over the cloud, offering a comprehensive solution that includes WAF, API protection, bots, and Layer 7 DDoS. This combination efficiently blocks a large number of unknown threats and ensures high security and uptime for our internal applications as well as our customers' applications, making it a revenue-generating tool. Cloud WAF provides excellent analytical dashboards that allow us to report, track, and resolve many issues quickly.

The reporting features could be more intuitive with more real-time monitoring, which would help make faster decisions. While false positives have reduced by 35%, more granular control can simplify it for new users. The initial complexity should be reduced to make it simpler for new customers. Furthermore, support staff needs to be more proactive so that issues can be resolved at lower levels without escalation.

I have been using Radware Cloud WAF for four years.

There has been downtime only once in the last year. Otherwise, the product has been stable.

Since it's a Cloud WAF, it is always scalable. We can subscribe to more applications and protections as needed.

We have ERT premium support with a five-minute SLA, and the service has been reliable. We have additional support from Radware management. The quality of support is excellent, and we haven't faced any major issues.

Positive

Previously, I used to work with F5 WAF in my earlier company, not the current one.

The initial setup was complex and took a long time to complete.

We used a dedicated team for deployment as we wanted to train our team thoroughly.

Radware Cloud WAF has helped reduce false positives and efforts, which in turn, improved the total cost of ownership by freeing up time to focus on other projects.

Pricing could be more competitive, especially for smaller customers. However, the technical excellence of the product balances out the pricing aspect.

Earlier, I used F5 WAF in a different company.

Overall, I would rate Cloud WAF nine out of ten. 

Despite its initial complexity, the product is a one-stop shop for our cloud security needs. It integrates well with applications, simplifying protection and operations. 

I recommend Radware can make further improvements in pricing and simplifying initial use for new customers.

The core use cases for Radware Cloud WAF Service are web application firewall functionality, DDoS protection, and protection against zero-day vulnerability and emerging threats.

The most valuable aspect of Radware Cloud WAF Service is that it supports mode detection and provides email alerts on sudden alert spikes and early warnings. The most advanced feature is the DDoS protection and the way this web handles DDoS attacks, as I am currently working in the SOC team and managing the Radware administration part.

Regarding zero-day attacks, Radware Cloud WAF Service helps us actively receive early warnings, and we raise those to the relevant teams. The services related to zero-day attacks and threat intelligence are very effective.

The dashboard of Radware Cloud WAF Service could be more interactive and user-friendly. While implementing it for the first time, it requires core technical knowledge, and without that knowledge, implementation can be quite challenging. However, the support from Radware is excellent when support cases are raised.

I have been using Radware Cloud WAF Service for three and a half years in my career after joining my current organization.

Regarding stability, I have not experienced any lagging, crashing, or downtime in my experience with Radware Cloud WAF Service.

Radware Cloud WAF Service is scalable; once we set up the entire service and it is up to date, we can onboard as many applications as our license allows.

I have contacted Radware's technical support many times, and their quality is very good as we receive timely support according to the case priority. Their engineers are skilled and capable enough to resolve issues quickly.

Positive

I have used alternatives to Radware Cloud WAF Service, specifically Akamai Web Service, which is a very popular service. One of its disadvantages is that it does not support custom ports like Radware does.

The entire process of onboarding the application for the first time with Radware Cloud WAF Service requires core technical knowledge, but with the support of Radware, it becomes much easier.

The pricing of Radware Cloud WAF Service is lower compared to Akamai, and while the price in the industry is acceptable, it is not too expensive.

The combination of negative and behavioral-based positive security models provided by Radware Cloud WAF Service is very important for my organization's security strategy, as the main purpose of Radware WAF is security.

Regarding maintenance, we receive quarterly reports, which are sufficient.

On a scale of 1-10, I rate Radware Cloud WAF Service an 8.

In my organization, we are focused on using various security measures to protect against threats, particularly those related to bots. The key product we have employed is Radware Cloud WAF Service, which primarily provides DDoS protection. This service helps us block large-scale attacks aimed at exploiting network vulnerabilities and other weaknesses in our applications.

Additionally, we utilize the Radware Cloud WAF Service to safeguard our websites and application APIs from threats like SQL injection and other malicious activities, employing various authentication methods for enhanced security. I am also working on learning about bot management, as I have been assigned a task in this area. So far, I have been studying behavioral analysis and detection methods that can identify and block malicious bots effectively.

I have worked with the API feature of Radware Cloud WAF Service and have experience with the GraphQL endpoint. While I haven't worked on advanced web attacks, I am familiar with common ones. As many applications heavily rely on APIs, it's obvious for attackers to target them. The WAF provides mobile and web app backend security for protection, and I have mainly used the bot detection and mitigation feature to detect and block malicious bot attacks.

Zero-day attacks can be particularly challenging because they exploit vulnerabilities that are not yet known to the software vendor. However, certain solutions can effectively address these threats. One of the key benefits of Radware Cloud WAF Service is its ability to detect potential vulnerabilities before they can be exploited by attackers.

Currently, there is a growing trend towards using machine learning and AI models, which can provide proactive defenses against zero-day vulnerabilities. As we know, a zero-day vulnerability can pose significant risks to any organization or system. One concept that is crucial in this context is behavior-based analysis and detection. This involves analyzing incoming suspicious requests to identify patterns that do not align with normal behavior. When such anomalies are detected, the system can alert administrators to take appropriate action. Another important feature is virtual patching. This technique can block known vulnerabilities at the edge, even before an official patch is released by the vendor. This proactive approach helps mitigate risks while waiting for a formal solution.

Source blocking is a method we employ in our organization to block incoming requests from specific sources based on the type of traffic. This approach helps us effectively identify and filter out malicious or unwanted traffic. By recognizing certain requests as malicious, we can prevent them from reaching our systems. We have blocked specific IP ranges, known malicious URLs, and other sources based on geographical locations, depending on our organization's needs. To strengthen our defenses, we use various filters tailored to our requirements, along with threat intelligence feeds and behavioral patterns. Overall, source blocking plays a crucial role in preventing attacks and enhancing our security posture, especially against brute force attacks originating from known malicious IPs.

Radware Bot Manager, a security tool that helps identify and manage bot traffic and malicious bot attacks, is important for organizations that face heavy traffic loads. Bot Manager helps reduce bot attacks and secure us from threats. I have experience with behavior analytics, custom rules, and the bot detection engine, which focuses on identifying malicious bots and securing APIs from automated abuse.

What I appreciate most about Radware Cloud WAF Service is that it includes all the aspects that an organization wants to run smoothly, such as overall configuration and real-time protection methods, customization of rule creation, fast deployment, and vital visibility in environment maintenance. Its maintenance cost is very low unlike others, and the real-time dashboards show us who is attacking and what types of attacks are happening in our environment or any endpoints or devices being targeted.

I appreciate the real-time protection part, especially against SQL injection and Zero-Day exploits. Radware Cloud WAF Service is beneficial for detecting Zero-Day vulnerabilities before they are exploited by attackers. With a focus on machine learning and AI models, it offers proactive defenses against these vulnerabilities. The WAF utilizes behavior-based analysis to identify anomalous requests and can virtually block known vulnerabilities at the edge before vendor patches are released.

In some cases, if the configuration of rules is too strict or complex, there might be a possibility that genuine traffic gets blocked or considered a false positive. The complexity can be lowered to improve the understanding for users or customers.

I have been using Radware Cloud WAF Service for nearly one year.

I have contacted the customer support of Radware and generally received responses within the scheduled framework, ensuring that my tasks are completed on time. I am quite satisfied with their customer support.

Positive

The initial deployment involves a specific set of stages that are quite transparent. There are several steps we typically encounter during this process. While I wouldn't describe the configuration as overly complex, I would categorize it as moderate in difficulty. I would rate it as moderate. It’s not too challenging, but it does require some attention.

I would rate Radware Cloud WAF Service a nine out of ten.

Since many of our businesses are on this application and web applications, we have a huge environment. There are more than hundreds of applications that we have. We are using it for WAF-based production, for bot and for DDoS protection.

The interface is quite concise and clear, and it is easy to navigate. I have worked with other WAFs, however, Radware Cloud WAF Service is quite easy to navigate compared to others. 

I have never had a problem with the application or any websites. Many threats are getting blocked here. Since I joined this organization and had the opportunity to compare early deployment statistics with current ones, we can see that many threats have been blocked, resulting in a very good return on investment.

With Bot Manager, we get many detections which are actually blocked, especially related to application headers. Malicious user agents are something that we get frequently and it has been blocking the majority of the threats, almost about 97-98% of threats are blocked, almost to 99% itself.

Our first line of defense for our web applications, especially on the cloud, is Radware Cloud WAF Service. Whatever comes through, including reconnaissance attempts, different types of targeted attacks, targeted threat vectors and many APT groups targeting our environment, they are getting blocked in the recon phase itself thanks to the Bot Manager.

They can work more on the documentation part. The documentation I found is quite vague. There can be more practical examples, and since we are a paid customer, they can give us arranged training. They can arrange sessions or trainings regarding using Radware Cloud WAF Service and what further things we can do. I recently learned about source blocking, so training or sessions can be organized, along with improving documentation with practical examples.

I have been using it for two and a half years since joining the new company. The company has been using the solution for quite a long time.

In the last two and a half years, I have not seen any kind of lags or issues.

Scalability is good. Our organization is quite big, so we keep on adding applications behind it. I never found an issue with lagging or non-working components due to scaling limitations. The solution is providing scalability in all aspects.

The speed and quality was good. We got a good quick turnaround time, especially in cases where we were actually under attacks and wanted blocking to work as soon as possible.

Positive

In my previous company, I have worked with other WAFs, including the F5 WAF and the cloud native WAF. I have also worked with Akamai. I found Radware Cloud WAF Service to be better compared to others.

The initial setup was quite easy. I moved around, did some R&D on my own, and it was easy to navigate.There are clear and concise filters that I can apply. Everything was on the screen. Whatever I wanted to try or do was available on the screen. I could move around in the console and try all kinds of experiments. It was quite easy and user-friendly.

Since I joined this organization and had the opportunity to compare early deployment statistics with current ones, we can see that many threats have been blocked, resulting in a very good return on investment.

Pricing is something that is decided by the top management. I am more of an operations person.

We do not use the CDN services.

I have not used the API Discovery completely, however, I have checked out the API security that comes under the WAF part, specifically the threat detection part that we are focused on. I am hearing about source blocking for the first time, which would be helpful as we would not have to manually block it.

We are using the DDoS protection and it has been blocking many DDoS attacks that we have observed. Many times when traffic slips through our DDoS protection pipelines, they are definitely getting blocked by Radware Cloud WAF Service, including anomalous rate limiting.

It took me about a week to learn the system, as I am a quick learner. There is no required maintenance as it is already taken care of by Radware. We get notifications regarding maintenance upgrades and everything, mainly for the IP blocking parts.

On a scale of one to ten, I rate this solution a nine.

We are in the post-implementation phase of using Radware Cloud WAF Service right now, but we have been using a Radware solution for about six years in our company.

Right now, we are working on transitioning our systems to the cloud. We have just obtained the license and are currently testing the system as part of the implementation process. This started back in January of this year, and we are approaching one year of use. While we are in the post-implementation phase, our corporate structure has a lot of approval processes that require multiple steps. Because of this, we can't fully transition to the protection capabilities of Cloud WAF just yet. However, we are actively using and testing it, and we are taking note of all the results.

Our company works in banking, and every day we face malicious and suspicious requests incoming to our site. Radware Cloud WAF Service is helping protect against these threats effectively. When we were using physical hardware, it would become overloaded and go down, making it impossible to protect our site. Radware Cloud WAF Service protects all of the backend applications and services by defending against malicious and suspicious requests.

Automated analytics are easy to use. When we were using manual detection, it was difficult to detect certain traffic patterns. The automatic detection is very effective.

Radware Cloud WAF Service reduces false positives compared to our previous on-premises system. After implementing Radware Cloud WAF Service, I observed the alerts and noticed a significant reduction in false positive blocking. It has more advanced capabilities, including header request searching.

We have integrated it only with Splunk so far, and it's easy to integrate.

Bot Manager's configuration is straightforward. We input IP addresses, local IPs, and configure log sending to Splunk.

The interface is really cool, especially with the dark theme. It looks clean and organized, which I appreciate. It's not complicated at all.

Support is prompt and efficient. The response to our support tickets has been quick, and I'm really happy with that. Overall, I'm glad with my experience so far.

It is easy to use for me. I've already been working with the hardware and the portal for two years now. I know where everything is, so I find it easy.

They might need to add more integrations. Adding AI-based search capabilities would be beneficial, allowing us to search for the origins of bot attacks by country. The behavioral analysis could be made more efficient. While Bot Manager has many of these features already, there is room for further enhancement.

It is stable.

It is scalable. 

The support team responds quickly to our tickets, and I am very satisfied with their service.

Positive

The Radware deployment process was straightforward and easy to install. Our company has many approvals and processes, so it took over two weeks.

Our SOC team with ten people works with this solution. Our company has two teams working on security systems with three levels of engineers. I am a level two engineer handling configuration and monitoring. The level three engineers manage major updates and have comprehensive knowledge of the system.

We conducted POC testing with three systems: Akamai, Imperva, and Radware Cloud WAF Service. We only tested Imperva and Radware because Akamai did not meet our bank corporation's policies regarding reseller companies. Imperva had too many issues.

The Imperva cloud solution was located in Hong Kong, which was too far from Mongolia and caused internet connectivity issues. After testing it, we were not satisfied. We then tested Radware Cloud WAF Service and found it easier to use, particularly since we were already using Radware Bot Manager in the cloud.

Currently, we are not using the API discovery feature as we are in the pre-implementation phase of API protection. We are focusing on getting Radware Cloud WAF Service into production first. After that, we plan to implement additional features such as API security and customer security.

In Mongolia, we do not have a CDN and are currently using Akamai CDN. The situation in Mongolia is restricted and somewhat complicated.

I would recommend this solution. Radware is the largest company in the security solutions industry. They have many prototypes and numerous integrations. This is an important aspect of the purchasing process. Another key point is their support; they provide a quick response to your inquiries. Their service is easy to use. With Radware's cloud solutions, they cover all aspects of security effectively. They are able to provide comprehensive coverage for your needs.

I would rate Radware Cloud WAF Service an eight out of ten.

Our primary use case is defense against DDoS. We are using Radware Cloud WAF and load balancer solutions. We use it for our cloud infrastructure and various applications focusing on various security aspects.

It integrates seamlessly with our infrastructure, allowing us to manage DDoS attacks and load balancing efficiently.

The ability to easily handle configurations and the user-friendly nature of the solution make it accessible for various team members, including L1 and L2 users.

The load balancer is very good for DR purposes. Previously, our client had issues with DR, but it is no longer an issue. We can directly move from primary to secondary.

Radware Bot Manager has been very useful. If any user tries to save a password on a mobile or a browser, it blocks that. We can see all the details about the traffic and port requests.

API integration and documentation need to be improved. There should be more detailed documentation for API usage, rate limiting, CNAME, and DDoS functions. A lot of articles need to be added to their portal.

Additionally, enhancing the capabilities for bypass functions where users can manage URLs more flexibly, including the use of wildcard characters, would be beneficial.

We have been working with Radware Cloud WAF Service for a minimum of 18 months.

There have generally been no stability issues.

Radware Cloud WAF is scalable and accommodates our growing needs effectively.

We get proper solutions from them. The salesperson and other support resources have been good at providing solutions. I would rate their technical support an eight out of ten. 

Positive

I have used F5 which is a physical WAF solution. We switched to Radware Cloud WAF for its cloud-oriented capabilities and user-friendly interface, although the F5 solution was effective too.

Radware provides only three URLs for whitelisting, whereas F5 supports multiple URLs for whitelisting. Radware is also more complicated for customers when it comes to bypassing.

The initial setup of Radware Cloud WAF is straightforward, allowing for easy configuration and integration within our existing infrastructure.

It does not require maintenance from our side. We just have to ensure that we have the correct licenses. They inform us of any maintenance window in advance.

We get good direct support from Pankaj at Radware. He has helped us with the implementation and understanding of Radware solutions. In case of any issues, I can ping him and get more information or resolution.

It has saved us time and money.

I am not directly involved in pricing and setup cost discussions, but it seems that Radware offers a more cost-effective solution compared to F5. It is considered a good value for our budget.

Overall, I would rate Radware Cloud WAF as nine out of ten. It is a reliable solution with effective security features, though there are areas for improvement, particularly in API integration and documentation.

The use case is protection for all  web applications. This includes the applications we serve via critical workloads. We are utilizing Radware Cloud WAF Service for this protection.

In addition to protecting our production environment, we also implement Layer 7 protections, DDoS protections, and other security measures. We have established a detailed level of protection for all of our applications.

I am satisfied with Radware Cloud WAF Service's ability to block unknown threats and attacks, as the moment we enable protection for specific applications, it starts working. For instance, we receive results indicating whether there's any unusual activity. This system operates like Software as a Service (SaaS). You don't have to worry about the underlying algorithms or the conditions that need to be applied. It's essentially a plug-and-play solution, making it easy to use.

The automated analytics of Radware Cloud WAF Service are quite effective. They inspect and remediate DDoS attacks quickly by monitoring any suspicious activity and reporting it, demonstrating the power of their deployed algorithms.

I use the CDN service offered by Radware together with Radware Cloud WAF Service, and I find it feasible because it provides faster responses for users accessing our applications, especially when it's caching configurations and monitoring protection simultaneously.

Radware Cloud WAF Service has saved me more than 30% of my time, as it's very easy to spin up any application with just a few clicks.

I receive reports every 30 days. The live metrics are visible on their dashboard, showing the current status of all applications and the number of hits, including false positives.

The automated source blocking features of Radware Cloud WAF Service have a proactive and holistic approach. It effectively protects applications with default methods for any sort of protection, though some of those methods generate false positives that we need to adjust based on our needs.

In terms of compliance, we are following GDPR, and to adhere to this compliance, we have chosen the required region to ensure all incoming traffic is treated accordingly. I find Radware Cloud WAF Service good with respect to my compliance needs, providing services in all required regions.

I really appreciate the DDoS protection that Radware Cloud WAF Service provides, especially because it reacted well to multiple DDoS attacks on my applications in the last couple of months without any signs of issues being reported.

Their Network Operation Center (NOC) is very proactive in monitoring the health status and metrics continuously. Whenever they identify an issue, they do not delay in informing me or my team, making them very proactive.

Radware Cloud WAF Service has helped reduce false positives, but we do experience some false positives, such as when certain URIs or headers are incorrectly flagged as malicious, and we need Radware to refine those to treat as genuine traffic, achieving about a 25% reduction in false positives.

There is an area for improvement in Radware Cloud WAF Service, specifically regarding the visibility of default algorithms or source blocking systems that create false positives, as it would help if customers could see these blocks to isolate problems quickly without needing to reach out for tech support. There are various blocking systems in place, including some default algorithms that can block a lot of content. Unfortunately, this can lead to false positives, making it difficult to determine whether an issue is being caused by Radware WAF or something else. As a customer, we can't see what's happening behind the scenes because it's a SaaS service. I would suggest that if there are any blocks, they should be clearly visible to us. This would allow us to isolate the problem and understand whether it's related to the WAF or another source. Currently, these blockings are not transparent; they remain hidden until we reach out to the tech support teams. Often, we only find out about the issues from them, which leaves us unaware of the problems as they aren't displayed in the portal. These behind-the-scenes elements should be available. I understand it would have read-only access. That's acceptable, but it should be visible so we can isolate issues quickly.

We have been using it for the last one and a half years.

The service is always available to us. I would rate the stability of Radware Cloud WAF Service as a nine out of ten, as we rarely experience downtime, bugs, or glitches.

I rate the scalability of Radware Cloud WAF Service as a seven out of ten, fitting well with our approximately 8,000 users.

I rate the technical support of Radware Cloud WAF Service as an eight out of ten.

Positive

I find the deployment of Radware Cloud WAF Service to be moderate in complexity, as it takes months to complete based upon requirement

More than 8,000 users work with Radware Cloud WAF Service. While it does require maintenance, it is not a concern for us since it's a SaaS service, meaning they maintain everything on the backend while we focus on uptime.

The pricing for Radware Cloud WAF Service is cost-efficient for us, especially since we have opted for a big bundle that includes not only the Cloud WAF but also Radware other products.

We did not assess any other vendor as we have been using Radware from the beginning and are already familiar with its features, knowing it is fully integrated with our requirements and custom ports for web applications. While comparing Radware Cloud WAF Service with other WAF solutions, the biggest advantage is its seamless integration with my environment, and their tech support and NOC support are better than several other WAF services.

The combination of negative and behavioral-based positive security models is important for my security strategy, and we have defined a ratio of 70% to 30%, where it properly blocks what we define, and false positives are adjusted for all applications.

I would recommend Radware Cloud WAF Service to other users because it offers excellent WAF protection services that work like a plug-and-play solution without needing to worry about algorithms. However, the deployment time could be a drawback.

Overall, I would rate Radware Cloud WAF Service an eight out of ten.