Properly go through the documentation and reference examples. Understand your use cases and apply the correct rules for the solution. AWS support can assist with setup and implementation. I rate the overall solution as nine out of ten.
AWS DevOps SRE/Infrastructure Engineer at YES!Delft
Real User
Top 20
2024-10-30T13:18:00Z
Oct 30, 2024
I recommend AWS WAF version two to any organization because it's a great tool for managing security and reducing administrative overhead. I would rate it an eight out of ten.
Before using AWS WAF for the first time, it is important to consider where your infrastructure is hosted and where you want to implement the firewall. If you are already on AWS, AWS WAF would naturally be a suitable choice. Determine the level of security required based on your application's domain, such as financial applications needing more stringent security measures. Select appropriate rules for your use case, considering both conventional web rules and AWS Shield for critical applications. Additionally, after setting up AWS WAF, conduct thorough testing using vulnerability scanners like ThoughtSpot, Acunetix, or Nessus to ensure the effectiveness of your setup. For beginners with around six months to a year of AWS experience, learning to use AWS WAF shouldn't be too difficult. However, integrating it with web applications across different cloud platforms might pose some challenges. Overall, experienced AWS users should find it manageable, while beginners may need some time to get used to it. Overall, I would rate AWS WAF as a seven out of ten.
All our infrastructure is on AWS. My organization has been using AWS for the last eight years. Mid-size companies use ALB. We also use AWS Shield. Sometimes, we get alerts from AWS Shield. Our internal tools also send us alerts. We're completely on AWS. We do not integrate it with any other tool. Overall, I rate the product an eight out of ten.
Integrating AWS WAF with other AWS services in our infrastructure is fairly easy. There are different tools through which we can do it. AWS WAF is a fairly easy solution. Users need to build a few rules by themselves based on the vulnerability attack within the application. Overall, I rate the solution a nine out of ten.
IT Project Manager at Rajiv Gandhi Cancer Institute In India
Real User
Top 10
2023-12-27T03:59:21Z
Dec 27, 2023
I recommend Fortinet, as it is one of the best products, be it the virtual firewalls or the on-premises setup. If one wants to look for the on-premises setup, one must buy the hardware box. I rate the overall tool a ten out of ten.
When we faced a DDoS attack before, we were not able to find the logs to identify the source of the attack. People who want to use the solution must have a basic knowledge about different attacks. Using the solution is easier if we know how the attacks happen. Overall, I rate the product a ten out of ten.
Overall, I would rate the solution an eight out of ten. I would recommend that understanding how the rules work exactly and finding patterns based on those rules is the most important thing in AWS WAF. It's quite easy to deploy at first, but afterward, it's essential to know how to handle it properly. Enabling the managed tools of AWS can sometimes block legitimate requests too. So, it's important to understand the type of requests you want to allow and how to configure the rules accordingly. It's quite an interesting aspect of AWS WAF.
AWS WAF has been releasing the product on a test-case basis. It's always good to take precautionary methods for the production website. If everything goes fine, do work in your staging and UAT, not in the production part. The aforementioned details are the precautionary methods we have to follow. Overall, I rate the solution a ten out of ten.
I would advise someone considering AWS WAF to start with testing on AWS but be cautious of data transfer costs, especially if the project is longer than four months because that is when the additional cost appears. You should assess if it's suitable for your specific use case and make sure to test it before committing to avoid unexpected expenses when moving to the cloud. Overall, I would rate the solution a six out of ten.
Security implmentation engineer at a security firm with 51-200 employees
Real User
Top 5
2023-06-20T14:18:00Z
Jun 20, 2023
We have decided to use Cloudflare to integrate with AWS, and most of our issues have been resolved. I would recommend the solution. However, it depends on the customer’s data confidentiality. If there are confidential data on the servers, they should not be on the cloud. They can use the cloud solution if the data is normal and not critical. Overall, I rate the product a seven out of ten.
I would say that I think it's easy to use, easy to deploy, and has all the basic WAF features. It has no advanced features like bot mitigation or DDoS protection built-in. If it had bot mitigation or advanced security filter patching features, I would probably give it a higher rating, like a nine. On a scale from one to ten, I would give AWS WAF a seven.
I definitely recommend not only AWS. I also recommend Azure as an option. We have the integration with Office and the entire portfolio. The cloud, in general, it's a new thing to consider. For example, you have this GDPR with data in Europe. However, in the case of most of the clouds, you can select your regions and you have some control. I'd rate the solution nine out of ten. There are a huge amount of products. I'm not saying it's a bad or a good thing. However, it can be quite confusing. There are VPC, EC2, and other instances, and there are a lot of other services that you can use like Macie, where you can filter sensitive information. There are a lot of tools that require hands-on and new capabilities. For me, being at the beginning of this journey for cloud migration, I've been mostly quite happy with the results.
I've been using a mix of AWS products, including AWS WAF. I'm satisfied with AWS WAF, and I've had no issues with it. I can't really find fault in the product. It's a good product. We have hundreds of AWS WAF users within our company. We also have plans of increasing the number of users of the product. The advice I would give to people who want to start using AWS WAF is that it's a good option if they're migrating to the cloud. It can take up a lot of legacy systems, e.g. it's scalable. Most of my customers are on the cloud, and for anyone who's struggling, it would be good to start anytime. Start small and scale, rather than just going fully onto the cloud. Users need to pay for the product license. My rating for AWS WAF is eight out of ten.
Cloud architect at a tech vendor with 1-10 employees
Real User
2021-12-29T19:02:00Z
Dec 29, 2021
Overall, this is a good product and I recommend it. My advice for anybody who is just getting started with it is to follow the instructions. I would rate this solution an eight out of ten.
Principal Cloud Architect at a tech services company with 51-200 employees
Real User
2021-12-28T09:57:00Z
Dec 28, 2021
The first version of AWS WAF was not mature but the second version is very mature. I would recommend this solution to others because instead of choosing a third-party solution which will take time, and you will have to be in negotiations. It is good to start with AWS WAF for their minimal primary security firewall to save their workload. AWS WAF is available on-demand from day one. I rate AWS WAF a seven out of ten.
Engineer at a renewables & environment company with 501-1,000 employees
Real User
Top 5
2021-12-20T10:49:00Z
Dec 20, 2021
For people who don't have any WAF currently, and who just need something basic, it's not a bad idea to go with AWS WAF for starters. But if you are someone who is looking for a fully-fledged and self-managed WAF, you should look elsewhere for a better tool. You should certainly not stick with AWS WAF if you are serious about managing your security and mitigating your risks. Overall, I would recommend AWS WAF to others, but only under the conditions I have mentioned. If you have the budget and the resources, however, go for something else. I would rate AWS WAF a five out of ten.
Solution Architect at a non-profit with 10,001+ employees
Real User
2021-08-11T08:17:07Z
Aug 11, 2021
The solution may be expensive for smaller customers and vendors, although it would be recommended for large ones who can afford it. Our organization has only a few years, consisting of the internal team, who are making use of the solution. I rate AWS WAF as a six out of ten.
Jefe subdepartamento Operaciones at a government with 10,001+ employees
Real User
2021-04-17T22:54:27Z
Apr 17, 2021
I'm just a customer and an end-user. I don't have a business relationship or partnership with AWS. I have pretty good experience in AWS. I have a certificate in AWS. I'd rate the solution at a ten out of ten. We've been extremely satisfied with the solution.
AWS Security Specialist at a tech services company with 501-1,000 employees
Real User
2021-03-09T19:44:53Z
Mar 9, 2021
The product does not require any maintenance. You need to ensure how you consider your rules. You have to make sure that all of your considerations for your protection are done really well. Do regular updates to improve on the different threats and intrusion. I would recommend the product because it is very flexible and you are able to use it with multiple services within AWS. I would rate AWS WAF a solid ten out of ten.
I won't recommend it at the moment because I don't have a full picture to recommend it or say that it is bad or good. I'll probably just keep testing and go with it for probably another six months or a year, and then I can probably recommend it or not. Other vendors are also providing solutions for D-DOS protection and WAF. It would be nice to see something outside the box for AWS WAF to make it compete with other vendors. I would rate AWS WAF a seven out of ten. It does what it is supposed to do, probably not in the best way and not in the best UI, but it works. We like the pricing part, but management is the thing that we don't love the most. If things keep improving, we're definitely going to scale with AWS WAF.
President at a tech services company with 1-10 employees
Real User
2020-09-13T07:02:26Z
Sep 13, 2020
On a scale of one to ten where one is the worst and ten is the best, I would rate this product as a seven-out-of-ten. A change in the pricing structure that favors the client and simplification is something they would have to do to improve to make that score closer to a ten.
Principal Engineer at a tech services company with 51-200 employees
Real User
2020-08-05T06:59:31Z
Aug 5, 2020
On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a seven or an eight. I do not like to give it a solid rating as of now because we are still in the process of implementing it. Once we have completed the implementation, we will be able to give you a proper answer. As recent as two weeks we were still considering ManageEngine, but we did finally decide in our comparisons that it cannot provide all of the features that we are looking for.
We're using the latest version of the solution. When customers tend to use multi-cloud vendors and multi-cloud environments, they want solid security protection. That's where the third party comes into the purchase. If any customer is specific to some cloud like AWS or Azure, we won't recommend third party. We'll try to use AWS's own specific services so that it's smarter cost-wise and flexibility wise, so it adds value to the customer. However, when things go to a multi-cloud environment or a hybrid cloud architecture, that's when the third party comes into the picture. I would recommend this solution to companies who are looking for cloud solutions with firewall flexibility. AWS is very user-friendly and largely inexpensive, however, if an organization has the budget, there are lots of great products out there that do largely the same thing. I'd rate the solution eight out of ten.
I think AWS WAF is a great solution. You can define big and a bit smaller architectures and scale out architecture as you need, due to the edge location. Its features are very amazing. I would definitely recommend AWS WAF. I asked my security director to move from our internal WAF to the AWS WAF because we can make global unique WAF services for our on-premise web servers and also our AWS web servers with one common rule and one common authority to manage these rules I would rate AWS WAF an eight out of ten.
Principal Consultant at a tech services company with 10,001+ employees
Consultant
2020-02-05T08:05:09Z
Feb 5, 2020
My advice for anybody who is implementing this solution is not to simply look it up on Google before starting to use it. I would suggest taking some training courses, start to understand how it works internally, and then begin using it. Overall, it is a good product and it generally fits well for my purposes. I would rate this solution a seven out of ten.
Manager, IT Infrastructure & Information Security at flyadeal
Real User
2019-12-05T11:14:00Z
Dec 5, 2019
The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products. I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva. I would rate this product a seven out of 10.
Head of Digital Product Office at a energy/utilities company with 10,001+ employees
Real User
2019-09-08T09:50:00Z
Sep 8, 2019
We use the public cloud deployment model. We use the Amazon cloud. From a technology perspective, Amazon is very simple. It requires, in order for it to run effectively, quite a mature cloud-based culture within your organization, however. My advice to others would be to get their operating model internally right before going ahead with the implementation. I would rate the solution nine out of ten.
Advisory and IT Transformation Consultant at Services dot cloud
Real User
Top 20
2019-09-05T16:30:00Z
Sep 5, 2019
We use the public cloud deployment model. I use everything AWS. I need it to work for me, and it does. I hope that the solution continues to improve, but for me, it's perfect right now. For those considering implementing the solution, I would advise that they understand how networks work because sometimes they can be quite complex. Many architects do not understand the basic concepts of networking. I would recommend the solution. I would rate it nine out of ten.
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
My advice is "go for it, use it." In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.
Everybody handles their own platform differently. Some people love what they have but haven't necessarily experienced anything else. This platform is a good one. If you have your own platform and you think it's better, that's fine. But get a taste of this one, try it and see how it feels in terms of security. Security has always been a problem and it will always be a problem. There's no security platform or software that is 100 percent. We don't know when a Zero-day will happen. Hackers are everywhere, they are creating things and innovating every day. As far as I am concerned right now, the platform is good. It's doing its job. I rate the solution at six out of ten. I don't want to give them 100 percent because sometimes things happen.
Developer at a tech services company with 1-10 employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
It's pretty good, as long as the pricing matches your budget. I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.
The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it. We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up. I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.
AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.
You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web...
Properly go through the documentation and reference examples. Understand your use cases and apply the correct rules for the solution. AWS support can assist with setup and implementation. I rate the overall solution as nine out of ten.
I recommend AWS WAF version two to any organization because it's a great tool for managing security and reducing administrative overhead. I would rate it an eight out of ten.
I rate the overall solution a six out of ten.
Before using AWS WAF for the first time, it is important to consider where your infrastructure is hosted and where you want to implement the firewall. If you are already on AWS, AWS WAF would naturally be a suitable choice. Determine the level of security required based on your application's domain, such as financial applications needing more stringent security measures. Select appropriate rules for your use case, considering both conventional web rules and AWS Shield for critical applications. Additionally, after setting up AWS WAF, conduct thorough testing using vulnerability scanners like ThoughtSpot, Acunetix, or Nessus to ensure the effectiveness of your setup. For beginners with around six months to a year of AWS experience, learning to use AWS WAF shouldn't be too difficult. However, integrating it with web applications across different cloud platforms might pose some challenges. Overall, experienced AWS users should find it manageable, while beginners may need some time to get used to it. Overall, I would rate AWS WAF as a seven out of ten.
All our infrastructure is on AWS. My organization has been using AWS for the last eight years. Mid-size companies use ALB. We also use AWS Shield. Sometimes, we get alerts from AWS Shield. Our internal tools also send us alerts. We're completely on AWS. We do not integrate it with any other tool. Overall, I rate the product an eight out of ten.
Integrating AWS WAF with other AWS services in our infrastructure is fairly easy. There are different tools through which we can do it. AWS WAF is a fairly easy solution. Users need to build a few rules by themselves based on the vulnerability attack within the application. Overall, I rate the solution a nine out of ten.
I recommend Fortinet, as it is one of the best products, be it the virtual firewalls or the on-premises setup. If one wants to look for the on-premises setup, one must buy the hardware box. I rate the overall tool a ten out of ten.
Overall, I rate AWS WAF a nine out of ten.
You need to consider the use cases before implementing the solution. I rate it a ten out of ten.
When we faced a DDoS attack before, we were not able to find the logs to identify the source of the attack. People who want to use the solution must have a basic knowledge about different attacks. Using the solution is easier if we know how the attacks happen. Overall, I rate the product a ten out of ten.
Overall, I would rate the solution an eight out of ten. I would recommend that understanding how the rules work exactly and finding patterns based on those rules is the most important thing in AWS WAF. It's quite easy to deploy at first, but afterward, it's essential to know how to handle it properly. Enabling the managed tools of AWS can sometimes block legitimate requests too. So, it's important to understand the type of requests you want to allow and how to configure the rules accordingly. It's quite an interesting aspect of AWS WAF.
AWS WAF has been releasing the product on a test-case basis. It's always good to take precautionary methods for the production website. If everything goes fine, do work in your staging and UAT, not in the production part. The aforementioned details are the precautionary methods we have to follow. Overall, I rate the solution a ten out of ten.
I would advise someone considering AWS WAF to start with testing on AWS but be cautious of data transfer costs, especially if the project is longer than four months because that is when the additional cost appears. You should assess if it's suitable for your specific use case and make sure to test it before committing to avoid unexpected expenses when moving to the cloud. Overall, I would rate the solution a six out of ten.
We have decided to use Cloudflare to integrate with AWS, and most of our issues have been resolved. I would recommend the solution. However, it depends on the customer’s data confidentiality. If there are confidential data on the servers, they should not be on the cloud. They can use the cloud solution if the data is normal and not critical. Overall, I rate the product a seven out of ten.
Overall, I rate the solution an eight out of ten.
I use the latest version of the solution. I have used Oracle and Azure too. Overall, I rate the solution a five out of ten.
I give the solution a ten out of ten. The solution is a public cloud platform and we have millions of users.
Overall, I'd rate it a seven out of ten because it's not automated and it's a bit complicated to implement or deploy the solution.
I recommend the solution for protecting web applications. I rate the solution a ten out of ten.
I would say that I think it's easy to use, easy to deploy, and has all the basic WAF features. It has no advanced features like bot mitigation or DDoS protection built-in. If it had bot mitigation or advanced security filter patching features, I would probably give it a higher rating, like a nine. On a scale from one to ten, I would give AWS WAF a seven.
I definitely recommend not only AWS. I also recommend Azure as an option. We have the integration with Office and the entire portfolio. The cloud, in general, it's a new thing to consider. For example, you have this GDPR with data in Europe. However, in the case of most of the clouds, you can select your regions and you have some control. I'd rate the solution nine out of ten. There are a huge amount of products. I'm not saying it's a bad or a good thing. However, it can be quite confusing. There are VPC, EC2, and other instances, and there are a lot of other services that you can use like Macie, where you can filter sensitive information. There are a lot of tools that require hands-on and new capabilities. For me, being at the beginning of this journey for cloud migration, I've been mostly quite happy with the results.
My advice to others is they should give AWS WAF a try. It works well, secures the applications, and it improves them against attacks.
I've been using a mix of AWS products, including AWS WAF. I'm satisfied with AWS WAF, and I've had no issues with it. I can't really find fault in the product. It's a good product. We have hundreds of AWS WAF users within our company. We also have plans of increasing the number of users of the product. The advice I would give to people who want to start using AWS WAF is that it's a good option if they're migrating to the cloud. It can take up a lot of legacy systems, e.g. it's scalable. Most of my customers are on the cloud, and for anyone who's struggling, it would be good to start anytime. Start small and scale, rather than just going fully onto the cloud. Users need to pay for the product license. My rating for AWS WAF is eight out of ten.
Overall, this is a good product and I recommend it. My advice for anybody who is just getting started with it is to follow the instructions. I would rate this solution an eight out of ten.
The first version of AWS WAF was not mature but the second version is very mature. I would recommend this solution to others because instead of choosing a third-party solution which will take time, and you will have to be in negotiations. It is good to start with AWS WAF for their minimal primary security firewall to save their workload. AWS WAF is available on-demand from day one. I rate AWS WAF a seven out of ten.
For people who don't have any WAF currently, and who just need something basic, it's not a bad idea to go with AWS WAF for starters. But if you are someone who is looking for a fully-fledged and self-managed WAF, you should look elsewhere for a better tool. You should certainly not stick with AWS WAF if you are serious about managing your security and mitigating your risks. Overall, I would recommend AWS WAF to others, but only under the conditions I have mentioned. If you have the budget and the resources, however, go for something else. I would rate AWS WAF a five out of ten.
The solution may be expensive for smaller customers and vendors, although it would be recommended for large ones who can afford it. Our organization has only a few years, consisting of the internal team, who are making use of the solution. I rate AWS WAF as a six out of ten.
I'm just a customer and an end-user. I don't have a business relationship or partnership with AWS. I have pretty good experience in AWS. I have a certificate in AWS. I'd rate the solution at a ten out of ten. We've been extremely satisfied with the solution.
The product does not require any maintenance. You need to ensure how you consider your rules. You have to make sure that all of your considerations for your protection are done really well. Do regular updates to improve on the different threats and intrusion. I would recommend the product because it is very flexible and you are able to use it with multiple services within AWS. I would rate AWS WAF a solid ten out of ten.
I won't recommend it at the moment because I don't have a full picture to recommend it or say that it is bad or good. I'll probably just keep testing and go with it for probably another six months or a year, and then I can probably recommend it or not. Other vendors are also providing solutions for D-DOS protection and WAF. It would be nice to see something outside the box for AWS WAF to make it compete with other vendors. I would rate AWS WAF a seven out of ten. It does what it is supposed to do, probably not in the best way and not in the best UI, but it works. We like the pricing part, but management is the thing that we don't love the most. If things keep improving, we're definitely going to scale with AWS WAF.
On a scale of one to ten where one is the worst and ten is the best, I would rate this product as a seven-out-of-ten. A change in the pricing structure that favors the client and simplification is something they would have to do to improve to make that score closer to a ten.
On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a seven or an eight. I do not like to give it a solid rating as of now because we are still in the process of implementing it. Once we have completed the implementation, we will be able to give you a proper answer. As recent as two weeks we were still considering ManageEngine, but we did finally decide in our comparisons that it cannot provide all of the features that we are looking for.
We're using the latest version of the solution. When customers tend to use multi-cloud vendors and multi-cloud environments, they want solid security protection. That's where the third party comes into the purchase. If any customer is specific to some cloud like AWS or Azure, we won't recommend third party. We'll try to use AWS's own specific services so that it's smarter cost-wise and flexibility wise, so it adds value to the customer. However, when things go to a multi-cloud environment or a hybrid cloud architecture, that's when the third party comes into the picture. I would recommend this solution to companies who are looking for cloud solutions with firewall flexibility. AWS is very user-friendly and largely inexpensive, however, if an organization has the budget, there are lots of great products out there that do largely the same thing. I'd rate the solution eight out of ten.
I think AWS WAF is a great solution. You can define big and a bit smaller architectures and scale out architecture as you need, due to the edge location. Its features are very amazing. I would definitely recommend AWS WAF. I asked my security director to move from our internal WAF to the AWS WAF because we can make global unique WAF services for our on-premise web servers and also our AWS web servers with one common rule and one common authority to manage these rules I would rate AWS WAF an eight out of ten.
My advice for anybody who is implementing this solution is not to simply look it up on Google before starting to use it. I would suggest taking some training courses, start to understand how it works internally, and then begin using it. Overall, it is a good product and it generally fits well for my purposes. I would rate this solution a seven out of ten.
The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products. I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva. I would rate this product a seven out of 10.
We use the public cloud deployment model. We use the Amazon cloud. From a technology perspective, Amazon is very simple. It requires, in order for it to run effectively, quite a mature cloud-based culture within your organization, however. My advice to others would be to get their operating model internally right before going ahead with the implementation. I would rate the solution nine out of ten.
We use the public cloud deployment model. I use everything AWS. I need it to work for me, and it does. I hope that the solution continues to improve, but for me, it's perfect right now. For those considering implementing the solution, I would advise that they understand how networks work because sometimes they can be quite complex. Many architects do not understand the basic concepts of networking. I would recommend the solution. I would rate it nine out of ten.
My advice is "go for it, use it." In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.
Everybody handles their own platform differently. Some people love what they have but haven't necessarily experienced anything else. This platform is a good one. If you have your own platform and you think it's better, that's fine. But get a taste of this one, try it and see how it feels in terms of security. Security has always been a problem and it will always be a problem. There's no security platform or software that is 100 percent. We don't know when a Zero-day will happen. Hackers are everywhere, they are creating things and innovating every day. As far as I am concerned right now, the platform is good. It's doing its job. I rate the solution at six out of ten. I don't want to give them 100 percent because sometimes things happen.
It's pretty good, as long as the pricing matches your budget. I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.
The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it. We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up. I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.
We have an above average security posture.