Reblaze Reviews

The organization that I worked for is a very old organization. We had 30 years of experience with a lot of websites on many of different technologies, so we looked for a product that could handle the ten different technologies we had to support. We used it as a WAF, a web application firewall for all of our websites.

When you have a problem that you want to verify, what's important is the time that it takes you to actually find it. If it takes you more than few minutes, or it takes you an hour, or if you need to call their support to get answer, that can be problematic. If you can do it yourself, it means that it's easy. It saved us a couple of hours a week.

Before Reblaze, we worked with and used a number of products. We had one product for reverse proxy, one product for load-balancing, and another product as a web application firewall. We combined them all into one product, into the Reblaze platform. That helped reduce costs a lot. For example, we stopped using the F5 as a load balancer. We only had one F5, so by stopping use of it we ruled out the single-point-of-failure issue. And, of course, it saved us not only the direct cost of paying the vendor, but the cost of maintaining another environment as well, including eliminating backups, upgrades, etc. It saved us a lot of time and money. I worked for an educational institute so the pricing was different, but it saved us thousands of dollars a year.

The presentation of all the traffic, not just the blocked requests, helped our monitoring operations. Because we had very old platforms, the code was not written "by the book" and it was not, for example, HTTP-compliant. We wanted to roll out the solution very fast without false positives. Reblaze was a single, unified platform that helped us a lot in doing that.

We supported consumers and users at home and in schools, and when you work with end-users, the variety of their computers is amazing. Each one had a different browser, a different operating system. The combinations are infinite. Reblaze helped us to see the different combinations and it helped us to better understand which combinations we had a problem with. It helped us a lot to identify end-users' problems, whether it was a specific operating system or a specific combination of the operating system and browser version.

We didn't experience any major performance issues. The caching mechanism helped us a lot. It sent fewer requests to the front-end server and it cached all the static objects. It saved a lot of traffic into our network. It helped saved money by optimizing our server usage. We were able to use fewer resources on our side. It saved us about $15,000 to $20,000 a year in computing resources that we didn't need because we had the reverse proxy, the caching mechanism.

We used the platform as a CDN as well. We installed them outside our network so we could bring in only clean traffic, and only traffic for known static objects. It saved us a lot of traffic and we got only clean traffic. That meant we could use lower models of firewalls because the Reblaze WAF service blocked a lot of unnecessary traffic from coming into our network.

We use all aspects of it. We are using it for WAF and DDoS protection.

The response time to web-based attacks on things like credential stuffing is usually two minutes or less. So the response time is very good. For DDoS, they are able to scale and absorb fairly quickly. Usually, within three to five minutes, they have absorbed it and deflected it fully. I have tested this with unannounced tests.

The solution's presentation of all the traffic, not just the blocked requests, gives us a little deeper understanding of what the clients look like. It gives us fairly good fingerprinting on systems, what browsers they are using and the load geography. We have a pretty good indication of where everybody is coming from.

When we are troubleshooting an issue, sometimes they will have insight from the error messages that they receive from our infrastructure, in particular for the casino product. That message might say, "Hey, we are seeing that your systems are not handling the load. You may need to do this, this, or this." We have used them quite a bit to help troubleshoot the product.

I do not know how much, but it has definitely saved us on some infrastructure costs because, obviously, in any cloud environment you get charged for egress. Since they block out the malicious actors and unauthorized locations, that helps save us money. We do not have extended costs coming out of China, Russia, and other places.

We use it for blocking Layer 7 DDoS attacks. We also use it for managing box cracking and all activities; as a basic method for watching things. It's one of our tools for monitoring the activities on our website.

Reblaze has definitely saved us money. We have estimated that it saves up to €500,000 a year.

We are using it for Web Application Firewall, Layer 7 Firewall. It protects us from denial-of-service attacks, cross-site scripting, as well as injection attacks. 

It also has a good bot management system that informs us in advance about IP addresses that are not good for us, so we do not cater to their requests. It's like a Layer 7 defense for us.

The best thing about Reblaze, for us, is that it has been a game changer because previously, we were using Google's Web Application Firewall, but it wasn't up to the mark. 

First things first, it's pretty easy to look at the current state of affairs when it comes to the attack scenario and the attack surface of our website and applications. 

Second, the ease of writing rules is pretty standard because the Reblaze GUI helps us in creating and testing tools and even changing their hierarchy. For example, if we want to test a particular payload for a development service first and then for a SQL injection, we can easily change the priority of the rules in Reblaze. 

Third, the support we have received from the staff has been really, really good. I do not wish to name them, but yes, there are a few people who have supported us a lot because they have a Slack channel and dedicated personnel within that channel. If anything goes wrong and if Reblaze is the cause, they troubleshoot for us. 

So not just the technical bells and whistles within Reblaze, but the support from the staff has been really, really good.

All of the organizations where I implemented this product had a primary objective to safeguard the platform against undesirable traffic, including protection against DDoS attacks, filtering out phishing attempts, preventing SQL injection, and other types of intrusions.

The most significant impact came from the implementation of bot filtering and defenses against SQL injection and script injection in general. It stands out as the primary focus because, in contrast to DDoS attacks which, while devastating, are relatively infrequent, the continuous scanning of ports and persistent attempts to gain unauthorized access to the platform happen daily. This is where the solution excelled, offering finely tuned filtering capabilities for specific types of traffic and country-specific IP ranges. 

We use is as a WAF, defending all our internet business.

Our application is hosted in Amazon and their solution is cloud-based.

It gives me a worry-free environment; free of internet risk and cyber risk, so I'm free to do everything else.

Our primary use case for Reblaze is for WAF, DDOS prevention, and bot management. I had various deployments and therefore I have various usages.

When we had some unexplained behavior about our services, we approach the Reblaze team and they introduced us to the WAF. During installation we identified a malicious code or malicious IPs that affected our services. The moment they deployed WAF, it automatically differed from our main traffic and allow us to come back on track.

We use it for protection.

It helps us find malicious actors using and abusing our application. We are on a blockchain. There are users and spammers and scammers, people who are trying to steal a lot of money. The app helps us to understand if that is happening and to block them.

The solution's presentation of all the traffic, not just the blocked requests, helps us in our monitoring operations. It's not only for security purposes. We can understand if we have something that is bad, a behavioral anomaly on our app. It helps us understand abusers. Not everything is related directly to security. There are things that you cannot do if you don't have this on your web app. For example, we can see if someone is copying our data. There are endless opportunities.

Reblaze has saved us money by optimizing server usage and blocking malicious bots.