AWS WAF Reviews

We are a technical services company and this is one of the solutions that we have helped implement for our clients. We stopped using AWS about six months ago and as such, we are not currently using the AWS Web Application Firewall.

The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements.

I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps.

The stability is good. From our experience, I've felt very happy with all of the AWS components in terms of stability. They work fine and have met our requirements.

The scalability of this solution is very good.

I am really happy with the AWS customer support, although I have not needed to contact them for this solution.

We have changed solutions because the choice of product depends on the customer's preferences and requirements. When I am working on a contract, I am required to use whatever they ask me to. If I already have the experience then I apply it. Otherwise, I learn what I need to, which sometimes involves taking training courses.

My advice for anybody who is implementing this solution is not to simply look it up on Google before starting to use it. I would suggest taking some training courses, start to understand how it works internally, and then begin using it.

Overall, it is a good product and it generally fits well for my purposes.

I would rate this solution a seven out of ten.

I'm a manager and in charge of IT infrastructure and information security for an airline company. We're a customer of AWS WAF. We use the product to protect the websites that our customers access to book flights. It provides the sites with DDoS protection and OWASP top 10 application security.

The best features are the security firewall and the features that protect against database injections or scripting, and against overall OWASP top 10, but I have concerns about the cloud front which doesn't handle bot attacks properly, so it's not as effective as I would like it to be.

A significant improvement would be built in bots protection enhancement, or seamless integration with other products. For now, there are limited feature to protect against an attack from the bad bots so users go to third party solutions, which just complicates integration and operation.

A helpful additional feature would be to have a fully unified unique product, including the DDoS, with sophisticated attack capabilities including anti bot management. They should also take a look at reviewing the complexity of the integration with other third-party vendor solutions.

I've been using the product for the last two years. We upgraded recently and I'm using the latest version. 

Technical support is good. 

Deployment is easy, it's not complex.The complexity is when you need it for integration with other third-party products. We also use CDN, part of the web solution from Amazon. 

The price of the product is fair enough and one of the product's advantages. Their price is good compared to other vendors. 

The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products.

I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva.

I would rate this product a seven out of 10. 

We primarily use the solution for its rich insights to improve customer experience.

The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match.

The AI functionality and the machine learning are very good.

The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively.

The solution is very stable.

The solution is extremely scalable.

We have Amazon managed services, and, as part of our agreement, we have the lower end of that managed service. The solution is not a business-critical system for us, so we have a four hour SLA for resolution. That's pretty good. We're very satisfied with technical support.

Previous to this solution, we used Microsoft Azure.

Amazon allows you to provision more services once you have the initial platform in place. Using Amazon Marketplace, it's so simple to provide additional services and functionality so it allows you to grow the capability of the platform with very little integration into other systems because it's all built into the marketplace. With Azure, it's only capable of some products and they don't have APIs available to integrate as well as Amazon does. 

The initial setup was straightforward. Deployment took about three months. For the setup of the platform, we had six people. For the maintenance of the platform, we now have three people maintaining it.

We brought Amazon on to set everything up for us. They made implementation very easy. 

We use the public cloud deployment model. We use the Amazon cloud.

From a technology perspective, Amazon is very simple. It requires, in order for it to run effectively, quite a mature cloud-based culture within your organization, however. My advice to others would be to get their operating model internally right before going ahead with the implementation.

I would rate the solution nine out of ten.

The primary use of the solution is for perimeter security. I use it to secure my application and infrastructure.

Fast deployment and auto-manage are the most valuable aspects of the solution. The auto-manage primarily reacts and has to do all the little things like putting in the ACL, etc. 

The solution could be faster in detecting threats.

They should work to define more threats, add more security, and make it more compliant with more security companies.

The solution could always be more automated.

The solution is stable.

The solution is easily scalable.

I have a number for WAF, but I've never used technical support.

I previously used a different solution. The complex setup and installation were the main differences between that and WAF. I've worked with system compliance for many years, and it usually involves complex solutions. You have to know the CLF, etc. Cisco, for example, is so complex that you need to know many things. Whereas with WAF, you have to put up your host, your network, and you have the solution up and running.

The initial setup was very straightforward. Deployment took about ten minutes or less. You only need one person to handle deployment and maintenance.

I implemented the solution myself.

We use the public cloud deployment model.

I use everything AWS. I need it to work for me, and it does. I hope that the solution continues to improve, but for me, it's perfect right now.

For those considering implementing the solution, I would advise that they understand how networks work because sometimes they can be quite complex. Many architects do not understand the basic concepts of networking.

I would recommend the solution. I would rate it nine out of ten.

Application security is our primary use case.

The customized billing is the most valuable feature.

In a future release of this solution, I would like to see additional management features to make things simpler.

It's pretty good, as long as the pricing matches your budget.

I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.

The primary use case is application security.

We are using the latest version.

It is a one-click WAF with no effort needed.

Protection and WAF.

We need more support as we go global.

The UI could use improvement.

It is stable.

It is Amazon. Everything is scalable. It is beyond what we need.

We hardly received technical support on this product.

It was super easy to set up. We did it with one click.

We chose this solution because it is cloud native Amazon.

We have an above average security posture.

We use it to protect our backend services.

Because it integrates with the existing AWS solution, we get a lot of support without having to do much extra work. It has helped increase staff productivity and has probably saved at least one engineer, not having to have an engineer on staff for it.

• It's simple, easy to use.
• Integration.

The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on. Also, more fine-tuning would be convenient.

We haven't had any problems with it.

We haven't run into any scale issues at the moment.

AWS, in general, has good support.

We were using just the built-in Amazon intrusion detection stuff. Then we decided to go for an actual full-blown WAF. We weren't using any actual WAF before. WAF is a general solution that we knew that we needed. It's a standard security measure.

It was relatively simple, for the integration.

There are different scale options available for WAF.

The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it.

We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up.

I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.

It is our web application firewall.

We do have a lot of external applications which are exposed to the internet and WAF provides protection for them. We haven't seen a decrease in the mean time to respond to threats because it has caught everything.

The solution has also increased staff productivity by as much as 50 percent.

The most valuable feature is the way it blocks threats to external applications.

In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications.

We haven't had any problems with the stability at all.

Up to now, the scalability has been good.

I haven't had to use technical support yet.

Our previous solution was also a WAF but it was not a scalable environment like the cloud is. Everybody is moving to the cloud. We were stuck on an appliance in our data center and we decided to move. We went with this solution because of the stability and quick response.

The setup was a bit complex because our environment is a bit different. It was tough but it was good in the end.

We used a consultant for the deployment and it was a great experience with them.

There are no costs in addition to the standard licensing fees.

My advice is "go for it, use it."

In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.