Radware Cloud WAF Service Reviews

We provide our clients with Cloud WAF Service, which enables us to detect and report web shell attacks against their servers. 

The main benefit is that all traffic is shifted by the cloud service, which exists outside the customer's infrastructure. It's highly efficient. Many customers have problems inside the infrastructure that must be efficiently detected. With Cloud WAF we can notify our client when an attack is outside and detect when a web shell script is already running on the server. This information helps the client understand what's happening with the web shell.

We've reduced many false positives using Cloud WAF Service. The learning period is helpful. Radware sends a policy with a lot of information that helps the customer observe and design their policies to eliminate false positives.

Cloud WAF saves us a lot of time because we face many strong attacks. It helps us modify the back end and implement some policies to prevent more attacks.

The best feature is the SQL injection signatures, and another is the DDoS protection. Radware is more efficient than other solutions. It handles unknown threats very well. We face many bad requests with malware that are expensive to remedy. Radware's service center in the cloud helps a lot. 

Radware's bot manager can be improved because it's very complicated to implement for apps. Radware could also add alerts by WhatsApp or Telegram. It only sends notifications via email or SMS.

We have had issues with Cloud WAF one or two times, but the service works fine most of the time.

Cloud WAF scales very well. 

I rate Radware support nine out of 10. They have a simple platform for opening tickets, and they respond quickly. 

Our previous solution was hard to install, but Cloud WAF is straightforward because it's cloud-based. You add the certificate for the business and point it to the IP. Deployment is very fast. It takes 30 minutes to an hour.  Cloud WAF requires some maintenance when a customer changes their website or programs. We need to adjust the policies.

I rate Radware Cloud WAF Service eight out of 10. It is the best solution for stopping DDoS attacks. 

After a security breach on one of our web applications, we transitioned to a cloud-based web application firewall solution. We chose Radware Cloud WAF Service to protect our critical web applications.

I would rate Radware Cloud WAF Service's ability to block unknown threats and attacks as nine out of ten.

Radware Cloud WAF Service initially operated in a learning mode for the first week after deployment, gathering data. Once it switched to action mode, we began to experience the service's full benefits.

Cloud WAF has helped reduce our false positives by 20 percent.

We have implemented Cloud WAF in conjunction with Alteon, and we are currently integrating a bot manager and web application DDoS protection. The integration was easy because we were accompanied by Radware.

Cloud WAF has helped free up our IT team for other projects.

The most valuable feature of Radware Cloud WAF Service is the visibility into attacks that are being cut off instantly.

It would be ideal if Radware could offer a bundled package that includes Cloud WAF, web DDoS protection, bot manager, and Alteon for a more comprehensive security solution.

I have been using Radware Cloud WAF Service for two and a half years.

Radware Cloud WAF Service is scalable.

Radware Cloud WAF Service met our scaling requirements.

The technical support is great. I have nothing bad to say about them.

Positive

The initial deployment process went smoothly and was completed in three weeks by a five-person team consisting of two representatives from our organization and three from Radware.

The pricing is fair. We pay for what we need.

After evaluating Radware Cloud WAF Service against other options and confirming its leading position in Gartner's Magic Quadrant for Web Application Firewalls, we chose it for our web security needs.

I would rate Radware Cloud WAF Service nine out of ten.

No maintenance is required on our end.

Radware Cloud WAF Service does what is expected and reduces the number of attacks on our web applications.

We are a company that specializes in loyalty programs for airlines and retail businesses. Our website allows customers to log in and check their loyalty program points, redeem them for flights or other items, and purchase additional points or life miles. As this is a sensitive website that is subject to many attacks, we implemented Radware Cloud WAF Service to protect it.

The solution is deployed on the cloud. We use AWS, but the web application firewall is on Radware infrastructure.

The Radware Cloud WAF Service is an excellent solution for blocking unknown threats and attacks. We have follow-up meetings with our team every other month, and we receive a summary of all the threats the solution blocked. The metrics are very positive. Without this service, we would certainly be in trouble, as we experience a large number of attacks. The solution is very specific in identifying the region from which the attack originates, as well as the type of attack, such as mail service or SQL injection. It also provides details on how the attack was blocked.

The primary advantage of Radware Cloud WAF Service is that we can be confident that the website will not be vulnerable or that our client's accounts will not be compromised. Therefore, it is highly beneficial for us.

We have very few false positives; it is very rare. In the two and a half years I have been with the organization, there has only been one false positive. This occurred when an authentic IP from Colombia attempted to log into the website and was blocked by the WAF.

The solution definitely freed up our IT teams for other projects, as we no longer have to manage the WAF ourselves. With Radware taking care of the WAF deployment in our Amazon infrastructure, our IT personnel who would have otherwise been working on managing our application firewall can now be assigned to other projects. The solution helped save 30 hours a week.

I particularly appreciate the low administrative burden of this solution, as well as the excellent monitoring tools. I can easily view blocked requests and malicious activity in a summary dashboard without needing to intervene. The solution works well independently.

Radware does not have much online training available to help customers get the most out of this solution. For example, we do not know how to integrate the solution with other tools or take advantage of the analytics that it offers. Radware could improve access to this knowledge by providing short training sessions so that customers can benefit more from their work.

I have been using Radware Cloud WAF Service for two and a half years. 

The solution is highly reliable; we have never experienced any outages.

The scalability is completely transparent for us. For instance, on Black Friday, we experience an increase in traffic on our website, yet we don't notice anything because Radware automatically scales, so we don't need to take any action. Therefore, it is very efficient at scaling.

From a financial perspective, we have definitely reduced fraud. This has been a return on investment, as we are no longer losing money compensating customers for fraud. I cannot provide an estimated amount, but we have a team in the company dedicated to preventing fraud. There has definitely been a return on the investment.

It is slow for us to get a quote, which is something that could be improved by the sales or commercial team. However, I believe the prices are fair. We pay for each application we add to the protection, as well as for each additional website. We currently have three licenses and are satisfied with them.

We always compare Radware Cloud WAF Service to the Amazon web application firewall. We have found that Radware Cloud WAF Service is a better solution for us as it is specialized and managed, so we do not need to spend time configuring or managing the solution.

I give the solution a ten out of ten.

We do not use the solution for integrating with other applications. The only other solution is the Cloud WAF Bot Manager, which is another product from the same company. We can access it from the same account using the same credentials. I can access both dashboards, the WAF and Bot Manager, but we do not integrate them with anything else.

The solution has not been implemented in multiple locations. Most of the traffic comes from Latin America and the United States. I do not have an exact figure for the number of end users that access our website, however, I can estimate that it is in the hundreds of thousands per day.

We have never performed any maintenance from our end.

We need to understand how the solution is priced, as our company has one main website, but sometimes there are other products with different URLs and websites, so we must pay for each one. My advice to customers is to understand how this is priced so they can plan accordingly.

We use Radware to protect our applications and the portals that we share with our clients and business partners.

Among the improvements to our organization is that we are calmer regarding the use of the applications that we publish. Radware gives us a level of confidence that assures us that, if there is an attack, we have a tool that will protect us and that will block suspicious behavior.

Cloud WAF Service has also helped us reduce false positives. I don't have the exact data on how much they have decreased, but once we enter the portal we can see network connections that have an unknown IP and we can scan and block applications automatically from countries in which we do not have clients.

It has also helped save time for our IT team. We don't dedicate so much time to the threats, but we directly review the reports. We have saved about 30 percent in time invested.

One of the most valuable features we have found in the solution is protection against attacks from botnet networks and the requests that these remote networks can generate that are blocked from our servers. That frees us from having to deal with that traffic.

Cloud WAF Service has also been useful for us in terms of blocking threats because it automatically detects them, detects behavior patterns that have a threat pattern, and directly blocks them. Without making any changes or decisions, we automatically have protection.

Also, regarding the classification of events, the solution does productive work in detecting the logs where there could be threats to our applications, and that is quite useful.

We have had difficulties with the configuration of rules when it comes to allowing connections and having a list of IPs that are authorized to use a specific service. We have not been able to make a whitelist work.

For example, if we want to publish services to a limited number of providers and we only want those providers to connect, we need to forward those requests to the Radware support team and they apply them, but it takes some time. It seems to me that this long process would be faster if the configuration could exist directly in the portal. That would make things easier.

We are in our third year of use of Radware Cloud WAF Service.

We have only had one network outage which happened a while ago. Fortunately, it was short and we were quickly back in business.

We have plans to increase the use of Radware in our enterprise. There are a couple of applications that are going to be added.

The technical support is very good.

Positive

We did not have a previous solution. It was a fairly quick decision to go with Radware. It was chosen because Cisco offered a package of security solutions in which Radware was included.

The initial setup was pretty easy. An engineer from Radware helped us. We scheduled a meeting, discussed the changes that we had to make internally at the DNS level, and that's it. The engineer who helped us was assigned by Radware and we had a pretty good experience with him. On our side it required two people, our system administrator and security analyst.

The programming process and our first use of the solution were quite successful. It was deployed with a set of default rules and policies in a short amount of time, and these gave a certain level of protection for our applications. When we started using it, we understood its features and potential.

In terms of maintenance, there are changes and revisions that need to be made from time to time, mainly to check for false positives. Generally, only one person participates in that process.

We have seen return on investment through the level of reliability of the application and the optimal stability that it gives to our users.

In terms of TCO, it has not been an expense. More than anything, it has been a beneficial service that has reduced TCO by approximately 70 percent.

Radware Cloud WAF Service is a good option. It is a good tool that will definitely give you the protection you are looking for.

The most important lesson that Radware has taught me is that, as a service, it can relieve you of many application security tasks.

Foreign Language:(Spanish)

¿Cuál es nuestro caso de uso principal?

Usamos Radware para proteger nuestras aplicaciones y los portales que compartimos con nuestros clientes y socios comerciales.

¿Cómo ha ayudado a mi organización?

Entre las mejoras de nuestra organización está que estamos más tranquilos en cuanto al uso de las aplicaciones que publicamos. Radware nos da un nivel de confianza que nos asegura que si hay un ataque, tenemos una herramienta que nos protegerá y bloqueará comportamientos sospechosos.

Cloud WAF Service también nos ha ayudado a reducir los falsos positivos. No tengo los datos exactos de cuánto han disminuido, pero una vez que entramos en el portal podemos ver conexiones de red que tienen una IP desconocida y podemos escanear y bloquear aplicaciones automáticamente de países en los que no tenemos clientes.

También ha ayudado a ahorrar tiempo para nuestro equipo técnico. No dedicamos tanto tiempo a las amenazas, pero revisamos directamente los informes. Hemos ahorrado alrededor del 30 por ciento en el tiempo invertido.

¿Qué es lo más valioso?

Una de las características más valiosas que hemos encontrado en la solución es la protección contra ataques de redes botnet y las solicitudes que pueden generar estas redes remotas que son bloqueadas de nuestros servidores. Eso nos libera de tener que lidiar con ese tráfico.

Cloud WAF Service también nos ha resultado útil en términos de bloqueo de amenazas porque las detecta automáticamente, detecta patrones de comportamiento que tienen un patrón de amenaza y los bloquea directamente. Sin tener que hacer algún cambio o decisión, estamos protegidos automáticamente.

Además, en cuanto a la clasificación de eventos, la solución hace un trabajo productivo al detectar los logs donde podría haber amenazas a nuestras aplicaciones, y eso es bastante útil.

¿Qué necesita mejorar?

Hemos tenido dificultades con la configuración de reglas a la hora de permitir conexiones y tener una lista de IPs que están autorizadas para usar un servicio específico. No hemos podido hacer que una lista blanca funcione.

Por ejemplo, si queremos publicar servicios para un número limitado de proveedores y solo queremos que esos proveedores se conecten, debemos reenviar esas solicitudes al equipo de soporte de Radware y ellos las aplican, pero lleva algo de tiempo. Me parece que este largo proceso sería más rápido si la configuración pudiera existir directamente en el portal. Eso facilitaría las cosas.

¿Por cuánto tiempo he usado la solución?

Estamos en nuestro tercer año de uso del servicio Radware Cloud WAF.

¿Qué pienso sobre la estabilidad de la solución?

Solo hemos tenido una interrupción de la red que ocurrió hace un tiempo. Afortunadamente, fue breve y rápidamente volvimos a la normalidad.

¿Qué opino de la escalabilidad de la solución?

Tenemos planes para aumentar el uso de Radware en nuestra empresa. Hay un par de aplicaciones que se van a agregar.

¿Cómo son el servicio de atención al cliente y el soporte?

El soporte técnico es muy bueno.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo

¿Qué solución usé anteriormente y por qué cambié?

No teníamos una solución previa. Fue una decisión bastante rápida optar por Radware. Se eligió porque Cisco ofrecía un paquete de soluciones de seguridad en el que se incluía Radware.

¿Cómo fue la configuración inicial?

La configuración inicial fue bastante fácil. Un ingeniero de Radware nos ayudó. Programamos una reunión, discutimos los cambios que teníamos que hacer internamente a nivel de DNS y eso es todo. El ingeniero que nos ayudó fue asignado por Radware y tuvimos una experiencia bastante buena con él. Por nuestra parte, requería dos personas, nuestro administrador de sistemas y el analista de seguridad.

El proceso de programación y nuestro primer uso de la solución fueron bastante exitosos. Se implementó con un conjunto de reglas y políticas predeterminadas en un corto período de tiempo, y estas brindaron un cierto nivel de protección para nuestras aplicaciones. Cuando empezamos a usarlo, entendimos sus características y potencial.

En cuanto al mantenimiento, hay cambios y revisiones que deben realizarse de vez en cuando, principalmente para comprobar si hay falsos positivos. Generalmente, solo una persona participa en ese proceso.

¿Cuál fue nuestro Retorno de la Inversión?

Hemos visto el retorno de la inversión a través del nivel de confiabilidad de la aplicación y la estabilidad óptima que brinda a nuestros usuarios.

En términos de TCO, no ha sido un gasto. Más que nada, ha sido un servicio beneficioso que ha reducido el TCO en aproximadamente un 70 por ciento.

¿Qué otro consejo tengo?

Radware Cloud WAF Service es una buena opción. Es una buena herramienta que definitivamente te brindará la protección que buscas.

La lección más importante que me ha enseñado Radware es que, como servicio, puede liberarte de muchas tareas de seguridad de las aplicaciones.

The primary use case for Radware Cloud WAF Service is DDoS protection and web application firewalls. My clients use it for these purposes as they want to be protected by a web application firewall against attacks on their websites.

The most valuable features of Radware Cloud WAF Service include its automation and learning capabilities for protection, as well as its superior bot mitigation. The precise negative security on the web application firewall is also noteworthy. Additionally, the onboarding process is smooth, allowing customers the unique ability to use the web application firewall on the cloud.

Radware needs to improve the certificate renewal process for customers who want to be secured with HTTPS. Some other web application firewalls have a mechanism that allows automatic certificate uploads, which Radware could adopt. 

Also, improvements could be made to be more precise on the negative security perspective.

I have been using Radware Cloud WAF Service for about two years.

Radware Cloud WAF Service is very stable, with no experienced downtime on Radware's part. I give it a stability rating of eight out of ten.

Radware Cloud WAF Service is quite scalable, with a rating of eight out of ten.

The technical support for Radware Cloud WAF Service is excellent. They are knowledgeable, speak the technical language, respond quickly, and work collaboratively to overcome challenges. I rate the customer service nine out of ten.

Positive

The initial setup is straightforward, involving adding an A record in the customer's infrastructure and ensuring the right certificate is in place.

Radware Cloud WAF Service pricing falls on the pricier side with a rating of seven out of ten. It may not have helped reduce the total cost of ownership.

I evaluated other solutions like Incapsula, Impreva, and F5 before choosing Radware.

I advise conducting a POC to ensure that Radware Cloud WAF Service meets specific needs in terms of maintenance and understanding. It takes complex tasks, like web application firewall functions, and simplifies them for customer ease. 

I rate the overall solution eight to eight and a half out of ten.

We have external facing sites that our clients use, and it's important that those are protected. It's a traditional use case. The end-users are the firm clients trying to come into the firm using firm applications. So, this is the external perimeter, and that's the typical use case.

It gives you more insights into what may be happening in your environment. It doesn't free up people's time, but it helps them add an additional data point so that they can be better informed. In that sense, it improves efficiency. When you are in the security mindset, you want to make sure you have the ability to gain as many insights as possible for a potential attack. The intent is never around freeing up time.

It provides the first level of defense against external threats trying to come into the environment, but it's one of the many toolkits we use. 

I'm the global head of cybersecurity across all business lines with a prime focus on audit risk and compliance. I look at Radware in terms of the ability to do two things. One is being very well aware of what's happening in the industry and the threat landscape, and the relative to that is the right sizing of the product so that the product can identify those emerging threats in time and then block them. That's essentially what I'm expecting Radware to do. The ability to provide some insights into lookback is equally important, which means you found something today but that doesn't mean that it happened today. It could have happened many moons ago. That lookback is equally important. There is a lot more that is expected from Radware's automated analytics for looking at events. There needs to be more context of where protection is required these days.

I have used the API Discovery feature. It's relatively easy to use, but it pales to some of the tools that currently exist in the marketplace. They may be a little more sophisticated than what Radware provides. A lot of work needs to be done out there for the end-to-end API protection offered by the API Discovery feature. It's a good first step, but Radware isn't there yet. Similarly, in terms of integrating with other systems and applications in our environment, a lot more work needs to be done out there.

The visibility of API relative to data flow and contextual understanding of what that is for a business is extremely important, and APIs don't seem to cut it. The majority of the attacks take place in memory, so you need to make sure that there is close alignment around how you view that and draw conclusions based on that data. Right-sizing is based on the industry because some of them have the same set of APIs and the same set of structures from which you can easily draw context and draw conclusions in terms of what's happening.

We've been using it for two years. It came to us with an acquisition.

They've had one odd outage. You can't have an outage in that business. They got to get a little better for enterprise-grade.

They have been collaborative. They were eager to have the firm's business, so we received the kind of support we wanted, and that's fair. We have no complaints, and there is nothing that stands out of the ordinary. I'd rate them a seven out of ten.

Neutral

In an organization of our size, you don't have one single vendor. It's a layered defense model. You don't have one single product that you're heavily reliant on. From that perspective, Radware is a part of the ecosystem.

In terms of blocking unknown threats and attacks, Radware is at par with other firms. There is nothing extraordinary. The protection it provides is comparable. It isn't superior. It's amongst the top three or four, but it's definitely not number one.

It required tuning to meet our requirements, but that's true for all products.

It was implemented in-house. There were four people involved in its implementation.

The value proposition of a product is based on not just one feature set. It's based on the suite of features and the impact. It's no different than the value of a security guard outside the building. It's justified in case you have a major attack and it has been able to thwart that attack, but up until that point, you won't be able to say, "Hey, what is the true value that I'm getting out of this?"

When you're getting this or any other solution, you need to look at three things.

1. Is it fit for purpose? What are you getting it for, or does the solution meet the need?
2. Is it going to add value and be a strategic partner going forward? Do you see it evolving with where the threat landscape is heading and where the market is heading? Do you see a relationship?
3. Do they get it right? Are they aligned or in sync with the industry and with what the regulators are looking at? This one is generally missing in this case.

I've used CDN services offered by Radware in conjunction with Cloud WAF. Radware is in the same ballpark compared to the industry leaders, though some of the industry leaders are a little sophisticated in terms of features and offerings. However, there are certain areas towards which the industry isn't evolving, and Radware can obviously position itself so that it can succeed.

Overall, I'd rate Radware Cloud WAF Service a seven out of ten. There is a lot they can do. They're in a good position. They have their foot in the door. They need to just up their game.

We have a couple of AWS customers where we are implementing this solution.

When we are talking about the WAF use case, we just like to save the request. Whatever request you are getting on the WAF side, you can block it according to the filter. If you have any vulnerability inside the request, that will be inspected. If it's not legitimate, then it will be stopped with the help of WAF.

The solution offers good protection. It's for the L7, actually. When you are trying to protect the L7, this is a good product.

There are templates you can try which is useful.

It's easy to implement. 

The solution scales quite well. 

The solution is stable and reliable.

Technical support has been helpful.

The integration part could be better. The visibility part could improve as well. In the market, everyone is moving towards the cloud. However, the patience is not good. When we are trying to find out some information, we are not getting what we need on time. They need to arrange some more use cases for their partners, for their customers to showcase their product and show exactly how it is working, how they're capturing the market, et cetera. Right now, they aren't showcasing what can be done, making it hard to sell. 

I've found it difficult to find good documentation for cloud deployments. 

We've been using the solution over the past year. We've used it for ten months.

The stability is quite good. I would rate it a four out of five in terms of stability. It is reliable. There are no bugs or glitches. 

It is a scalable product. We don't have any issues in that regard. I'd rate it four out of five. 

We have a few customers on the solution. We have one with 15,000 POC employees, and they are using it. There are also a couple of other POCs we are working on now.

Their support has been very good. We are quite pleased with their general capabilities. We tend to also handle issues that are at an L2 or L3. If we cannot handle the client requests, we may reach out to Radware for help. 

Positive

The initial setup is not overly complex. The entire process is easy to manage. 

For deployment, I don't need many people. We do have a team of ten to 15 people who are managing all the security features. I can assign one of them to take care of tasks as necessary. One person who is knowledgeable in WAF can handle the deployment part.

Implementation is a one-time thing. However, the processing of requests is ongoing. Today, a customer has a certain requirement to maintain their compliance, so they can go ahead with the initial set of rules. In the future, if they come across different kinds of compliance, they definitely need to create new rules. Therefore, it's an ongoing process. We cannot say that is a one-time process work for a week, and we've completed it. Basically, the initial implementation can get done in a week. Within a week, we will have to also collect the rule stage information from the customer, including any other requirements. Then, after that, it's ongoing tweaking. 

We tend to perform maintenance for clients. If a customer faces any challenges, they create a case with us, and we deal with it. 

We can handle the initial setup ourselves. 

From my side, there is only one resource deployed on the project. However, there are multiple people required to gather information. From the customer side, it will require them to share what rules should be implemented and we figure out how we will proceed and what requests we will get coming into the application server.

The solution is pretty pricey. It's not a cheap option. I'd rate it a three out of five in terms of affordability.

They do offer different types of licenses, according to your needs. 

I'm a Radware partner. 

We have the latest version implemented right now. 

I'd rate the solution eight out of ten.

I would recommend the solution to people.