Radware needs to improve the certificate renewal process for customers who want to be secured with HTTPS. Some other web application firewalls have a mechanism that allows automatic certificate uploads, which Radware could adopt. Also, improvements could be made to be more precise on the negative security perspective.
Network & Security - Specialist at a manufacturing company with 1,001-5,000 employees
Real User
Top 10
2024-07-09T16:07:00Z
Jul 9, 2024
They need to improve their reporting. We need to present our management with reports and we need better options for reporting. They don't want lengthy reports. They need something that is one to two pages and includes everything - a more high-level document with the most important information.
Security analyst at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2024-06-18T20:58:00Z
Jun 18, 2024
Cloud WAF's management portal lacks many indicators, and the interface could be more user-friendly. It should provide more detailed information on events, possible solutions, and what each event means. While it does give you the event and block part, it doesn't give you a solution. Let's say, for example, someone wants to go into an SQL injection and find a possible solution other than the blocking part, there are no details. It would be good to have possible solutions or the ability to create an automated report to send to the developers in the portal. Also, they should offer more Spanish-language tutorial videos. There is only one tutorial in Spanish, which is difficult for us as Latin American customers.
Radware's bot manager can be improved because it's very complicated to implement for apps. Radware could also add alerts by WhatsApp or Telegram. It only sends notifications via email or SMS.
Jefe de Infraestructura y Seguridad at a comms service provider with 51-200 employees
Real User
Top 20
2023-04-30T10:29:00Z
Apr 30, 2023
We have had difficulties with the configuration of rules when it comes to allowing connections and having a list of IPs that are authorized to use a specific service. We have not been able to make a whitelist work. For example, if we want to publish services to a limited number of providers and we only want those providers to connect, we need to forward those requests to the Radware support team and they apply them, but it takes some time. It seems to me that this long process would be faster if the configuration could exist directly in the portal. That would make things easier.
They have a portal for webinar training but because we are in a Spanish-speaking country, it is difficult for us to watch them. Not all of us are fluent in English, but most of the courses and webinars are in English. That part could be improved, with more options for people for whom English is not their native language.
Network Engineer at a real estate/law firm with 1,001-5,000 employees
Real User
Top 5
2023-04-13T18:07:00Z
Apr 13, 2023
The reporting has room for improvement. We've had some issues with putting certificates in. We considered using Radware Cloud WAF Service to protect our API gateway with a WAF. However, we encountered issues with licensing since we had to obtain a license for each individual connection, which was not suitable for our API. To deploy one API Gateway, we would need to purchase 30 licenses, which was expensive. Additionally, we experienced difficulties with obtaining support and resolving the issue, which went on for several weeks. Eventually, we decided to explore other options due to the lack of time to address the problem. The scaling is not cost-effective and has room for improvement.
CISO at a financial services firm with 1,001-5,000 employees
Real User
Top 5
2023-03-02T21:22:00Z
Mar 2, 2023
They've changed their process for call logging. I suppose it's fine, but I used to be able to send emails in. They could also build up more local resiliency here in South Africa. They're working on that, so it isn't much of an issue now.
IT Unit Chief at ATM - AUTORITAT DEL TRANSPORT METROPOLITA
Real User
Top 10
2023-02-17T19:40:00Z
Feb 17, 2023
The primary area for improvement is in issue detection and understanding whether a log is a false positive. It can sometimes be a challenge to take the data of a given security event and determine if it's a genuine threat using a Wiki etc. Navigating to find specific options can sometimes be challenging, but we only do this occasionally; we primarily control the logs, so it's not particularly significant for us. We had some issues with the initial implementation, especially around tuning the solution to avoid false positives.
Manager Cloud Security at a computer software company with 501-1,000 employees
Real User
2022-09-12T08:59:58Z
Sep 12, 2022
The integration part could be better. The visibility part could improve as well. In the market, everyone is moving towards the cloud. However, the patience is not good. When we are trying to find out some information, we are not getting what we need on time. They need to arrange some more use cases for their partners, for their customers to showcase their product and show exactly how it is working, how they're capturing the market, et cetera. Right now, they aren't showcasing what can be done, making it hard to sell. I've found it difficult to find good documentation for cloud deployments.
Radware’s Cloud WAF provides enterprise-grade, continuously adaptive web application security protection. Based on Radware’s ICSA Labs certified, market-leading web application firewall, it provides full coverage of OWASP Top-10 threats and zero-day attacks, while implementing both negative and positive web application security models to automatically adapt protections to evolving threats and protected assets.
Radware’s Cloud WAF offers full web security protection including OWASP Top-10...
Radware needs to improve the certificate renewal process for customers who want to be secured with HTTPS. Some other web application firewalls have a mechanism that allows automatic certificate uploads, which Radware could adopt. Also, improvements could be made to be more precise on the negative security perspective.
It needs a better reporting and dashboard to provide better insights.
They need to improve their reporting. We need to present our management with reports and we need better options for reporting. They don't want lengthy reports. They need something that is one to two pages and includes everything - a more high-level document with the most important information.
Cloud WAF's management portal lacks many indicators, and the interface could be more user-friendly. It should provide more detailed information on events, possible solutions, and what each event means. While it does give you the event and block part, it doesn't give you a solution. Let's say, for example, someone wants to go into an SQL injection and find a possible solution other than the blocking part, there are no details. It would be good to have possible solutions or the ability to create an automated report to send to the developers in the portal. Also, they should offer more Spanish-language tutorial videos. There is only one tutorial in Spanish, which is difficult for us as Latin American customers.
Radware's bot manager can be improved because it's very complicated to implement for apps. Radware could also add alerts by WhatsApp or Telegram. It only sends notifications via email or SMS.
The Cloud Portal has room for improvement.
We have had difficulties with the configuration of rules when it comes to allowing connections and having a list of IPs that are authorized to use a specific service. We have not been able to make a whitelist work. For example, if we want to publish services to a limited number of providers and we only want those providers to connect, we need to forward those requests to the Radware support team and they apply them, but it takes some time. It seems to me that this long process would be faster if the configuration could exist directly in the portal. That would make things easier.
They have a portal for webinar training but because we are in a Spanish-speaking country, it is difficult for us to watch them. Not all of us are fluent in English, but most of the courses and webinars are in English. That part could be improved, with more options for people for whom English is not their native language.
The reporting has room for improvement. We've had some issues with putting certificates in. We considered using Radware Cloud WAF Service to protect our API gateway with a WAF. However, we encountered issues with licensing since we had to obtain a license for each individual connection, which was not suitable for our API. To deploy one API Gateway, we would need to purchase 30 licenses, which was expensive. Additionally, we experienced difficulties with obtaining support and resolving the issue, which went on for several weeks. Eventually, we decided to explore other options due to the lack of time to address the problem. The scaling is not cost-effective and has room for improvement.
They've changed their process for call logging. I suppose it's fine, but I used to be able to send emails in. They could also build up more local resiliency here in South Africa. They're working on that, so it isn't much of an issue now.
The primary area for improvement is in issue detection and understanding whether a log is a false positive. It can sometimes be a challenge to take the data of a given security event and determine if it's a genuine threat using a Wiki etc. Navigating to find specific options can sometimes be challenging, but we only do this occasionally; we primarily control the logs, so it's not particularly significant for us. We had some issues with the initial implementation, especially around tuning the solution to avoid false positives.
The integration part could be better. The visibility part could improve as well. In the market, everyone is moving towards the cloud. However, the patience is not good. When we are trying to find out some information, we are not getting what we need on time. They need to arrange some more use cases for their partners, for their customers to showcase their product and show exactly how it is working, how they're capturing the market, et cetera. Right now, they aren't showcasing what can be done, making it hard to sell. I've found it difficult to find good documentation for cloud deployments.