I use it as a WAF, which is basically a web firewall to monitor and block traffic to our web server. We wanted to have improved security for our not-so-new web server and also for newer technologies. If they can block using geolocation, it can analyze the URLs, and you can basically define folders that are to be blocked or not to be blocked and also rule. So it's a really good product, simple and not too complicated. It does the work. I was pleasantly surprised that it has geolocation blocking and is very easy to allow/disallow folders.
Sucuri could provide help for specific security alerts in-line instead of requiring users to search for it in the help section. Users get errors or EBAs, and if they want to read about it, they need to find it in the help section of the site. It would be more helpful to allow users to see more information and tips immediately from within the alert.
I have been using Sucuri for half a year. I'm not using an on-prem installation. I'm using their software as a service, so I am using the latest version.
I never had any issues with stability. I would rate it a ten out of ten.
It's a cloud service, so it's scalable. I would rate it a ten out of ten. We're a small business.
There's an option to contact technical support for help, but I always manage to find the solution on my own.
The initial setup is not difficult. You need to direct your DNS to a few clicks to pull me, and then it's basic. The deployment takes just minutes, depending on your DNS setup.
For maintenance, you should monitor the reports. For example, if a customer complains that one of their subcontractors cannot work in a certain country that you block, you can allow access to their specific IPs. So it's fairly easy to maintain, and everything is fairly easy to find. One person is required for the maintenance.
There was an ROI. It is worth the investment.
The price is around $25 per site per domain. It's a good price compared to the cost of other similar products that can cost thousands of dollars.
It's not expensive, so I would rate it as one, where ten means very expensive.
I would recommend knowing your data so you can understand if there's an issue and get alerts. Also, make sure to publish it for your APIs or web anytime so you can understand what's going on.
Overall, I would rate the solution a ten out of ten.