Try our new research platform with insights from 80,000+ expert users

AWS WAF vs Sucuri comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
76
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (13th)
AWS WAF
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
59
Ranking in other categories
Web Application Firewall (WAF) (1st)
Sucuri
Average Rating
8.4
Reviews Sentiment
7.5
Number of Reviews
6
Ranking in other categories
Web Application Firewall (WAF) (24th), Distributed Denial-of-Service (DDoS) Protection (16th), Domain Name System (DNS) Security (13th)
 

Featured Reviews

Carlos Alam Hernandez Baruch - PeerSpot reviewer
Fast and secure deployments simplify operations for government and fintech clients
It is a fast and secure DNS. It is very easy to deploy, and my customers are happy with this tool. Additionally, the CDN performance in Mexico is excellent, providing fast service and tools. It offers reliability during high-traffic periods, ensuring no impact on the environment. It helps my clients avoid using on-premise boxes, simplifying operations as they only use the prices on Cloudflare.
Kavin Kalaiarasu - PeerSpot reviewer
AWS's cloud-native security simplifies rule enforcement but needs better DDoS integration
The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded. The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF. Instead, they are part of AWS Shield. Providing DDoS protection as part of their WAF solution would be beneficial.
Akshit Malik - PeerSpot reviewer
Provides website security, safeguarding against various threats and effective protection against DDoS attacks
The initial setup is moderate because it's neither too easy nor too hard. Sucuri provides us with many ways to set up our site, handle the routing, and perform the necessary configurations. It's deployed on the cloud. We used the managed service of Sucuri and then routed all the requests from Sucuri to our AWS platform.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"New and innovative way to protect the client's data."
"DDoS attacks target unprotected machines. Cloudflare detects and stops these attacks using internal systems. It identifies incoming DDoS attacks, issuing challenges or blocking them immediately."
"It's a great product because it's scalable, has great coverage, and is mature with good defenses against DDoS attacks."
"Even when there is a high load on our servers, Cloudflare is able to cache the data and serve it to users, ensuring they can still access the website."
"Its most significant benefit to date is the speed with which it refreshes DNS records on the internet once you change it. If you are changing a website or registering a new record, it is very quick."
"Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications."
"I get a lot of value from Cloudflare's API because it enables you to build a separate environment inside the solution. You can create a domain for performing test requests before you move to the production environment and connect various domains."
"Easier http to https redirect using page rules"
"If hackers try to insert bugs, the tool blocks it."
"The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match."
"The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections."
"AWS has flexibility in terms of WAF rules."
"The security firewall plus the features that protect against database injections or scripting,"
"Some valuable features of AWS WAF include its seamless integration and ease of orchestration within the AWS platform."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"The customizable features are good."
"The initial setup was straightforward. Straight forward because the plugin can simply be installed and then it does its job. It's not complex, there is no learning curve. The online scan is simple, you put in the website address and the scan gives us a report on the browser itself. It's simple to use."
"It significantly eases the workload and streamlines the initial setup required to protect a website."
"Domain name scanning since it allows us to scan all our domain names and determine whether it has malware or if is reported as phishing."
"The most valuable part is the analytics and visualization."
"I use it as a WAF, which is basically a web firewall to monitor and block traffic to our web server."
"The initial setup was very easy."
 

Cons

"For the free and Pro plans, Cloudflare could use a simple bot to provide information to users. This would improve support, especially for less advanced users who utilize the free components."
"There are some issues with the CDN services."
"Cloudflare should add more documentation and pricing to the cloud version."
"Areas like how assessment, discovery, and payload are dealt with and how it all comes into your organization can be considered when trying to make suggestions to Cloudflare for improvements."
"The solution could work at being less expensive. It costs a lot to use it."
"It should have easier documentation for the configuration. It's very technical and people who aren't technical should also be able to do the configuration."
"Technical support is lacking."
"Cloudflare does not have an on-premise solution. If they had different approaches they could be better suited to accommodate more customers, such as on-premise and hybrid deployments. For example, hybrid deployments would be useful where you could move the traffic from the enterprise to the cloud."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps."
"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"Compatibility and integration functionalities, especially with services like Kafka for event-driven messaging, could be better."
"I'd like to see improvements in its usability and functionality. I'm also concerned about being too dependent on the cloud provider's WAF version. For security, using multiple vendors and not putting all our eggs in one basket is better."
"We don't have much control over blocking, because the WAF is managed by AWS."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"The price could be improved."
"The main improvement I would like to see is support for .NET applications. If they could include this feature, I would include more sites in the protection."
"In terms of improvement, the cost factor is always there."
"Confident score: Currently it does not have one and there are cases that most websites flagged are false-positives."
"I would rate this solution an eight out of ten. The reason is that we have found sometimes customers or Google saying that there is something wrong with the website but Sucuri says that the site is clean so we do have to look at the site manually which means that the Sucuri scan does not pick up anything and everything."
"It would greatly benefit customers if they implemented an online chat or messaging system for quicker assistance."
"Sucuri could provide help for specific security alerts in-line instead of requiring users to search for it in the help section."
 

Pricing and Cost Advice

"We are using the free version."
"The pricing for the service is reasonable, neither excessively cheap nor prohibitively expensive. It aligns well with the value of their solution."
"In terms of licensing costs, we don't pay for licensing for Cloudflare. We only establish communication, then for peering, Cloudflare takes care of the cross-connection in different data centers."
"For Cloudflare, I recommend it heavily for small businesses with revenue under a couple of million dollars. Onboarding is easy, and they even have a free plan. This makes it simple for businesses in the $100,000-$500,000 range to try it out and see its value, allowing them to scale up their infrastructure as needed."
"The product's pricing is cheap."
"So far I use free tier and happy with it. You can subscribe to business package if needed."
"A free version of the solution is available."
"The solution is expensive when compared to other products but offers unlimited bandwidth."
"There are different scale options available for WAF."
"I rate the product price a five on a scale of one to ten, where one is high price, and ten is low price"
"The price of AWS WAF is reasonable, it is not expensive and it is not cheap."
"The solution is affordable."
"Its price is fair. There is a very fair amount that they charge. It has a pay-as-you-go model, so it pretty much depends on how much a user uses it. As per the cloud norms, the more you use, the more you pay. I would rate it a five out of ten in terms of pricing."
"The pricing is good and manageable."
"There are no separate licensing costs we pay for since it is included in the plan we purchase."
"It's quite affordable. It's in the middle."
"Sucuri offers different plans, both the standard plan and an advanced plan. So there are different plans to choose from."
"I’d simply say it’s really worth it."
"The ROI has been very good. Because of the solution, I have a tax break. The site developers were not always experienced people. We used to pay more for cleaning up the site when it was infected. Now, we have peace of mind knowing that the solution will clean up the site and that we won't have to go through the unnecessary process of restoring it from a backup. The protection on the WAF and the measures for backups have also prevented our site from going down."
"It stands out as a more cost-effective option compared to other cloud-based security services like Cloudflare or JetPass."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
861,170 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Comms Service Provider
10%
Financial Services Firm
10%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
9%
Government
5%
Educational Organization
14%
Computer Software Company
12%
Manufacturing Company
9%
Real Estate/Law Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
What do you like most about Sucuri?
The initial setup was very easy.
What is your experience regarding pricing and costs for Sucuri?
The pricing is very reasonable. Sucuri offer other features as an add-on, such as backup, but these have an additiona...
What needs improvement with Sucuri?
The main improvement I would like to see is support for .NET applications. If they could include this feature, I woul...
 

Comparisons

 

Also Known As

Cloudflare DNS
AWS Web Application Firewall
No data available
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
eVitamins, 9Splay, Senao International
The Loft Salon, Tom McFarlin, WPBeginner, Taylor Town, Everything Everywhere, Financial Ducks in a Row, Chubstr, Real Advice Gal, Sujan Patel, Wallao, List25, School the World
Find out what your peers are saying about AWS WAF vs. Sucuri and other solutions. Updated: June 2025.
861,170 professionals have used our research since 2012.