NGINX App Protect OverviewUNIXBusinessApplication

NGINX App Protect is the #1 ranked solution in top API Security tools, #4 ranked solution in Container Security Solutions, and #11 ranked solution in top Web Application Firewalls. PeerSpot users give NGINX App Protect an average rating of 8.0 out of 10. NGINX App Protect is most commonly compared to F5 Advanced WAF: NGINX App Protect vs F5 Advanced WAF. NGINX App Protect is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Buyer's Guide

Download the Web Application Firewall (WAF) Buyer's Guide including reviews and more. Updated: November 2022

What is NGINX App Protect?

NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

  • Integrating security controls directly into the development automation pipeline
  • Applying and managing security for modern and distributed application environments such as containers and microservices
  • Providing the right level of security controls without impacting release and go-to-market velocity
  • Complying with security and regulatory requirements

NGINX App Protect offers:

  • Expanded security beyond basic signatures to ensure adequate controls
  • F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
  • Confidently run in “blocking” mode in production with proven F5 expertise
  • High‑confidence signatures for extremely low false positives
  • Increases visibility, integrating with third‑party analytics solutions
  • Integrates security and WAF natively into the CI/CD pipeline
  • Deploys as a lightweight software package that is agnostic of underlying infrastructure
  • Facilitates declarative policies for “security as code” and integration with DevOps tools
  • Decreases developer burden and provides feedback loop for quick security remediation
  • Accelerates time to market and reduces costs with DevSecOps‑automated security

NGINX App Protect was previously known as NGINX WAF, NGINX Web Application Firewall.

NGINX App Protect Video

NGINX App Protect Pricing Advice

What users are saying about NGINX App Protect pricing:
  • "Really understand the licensing model, because we underestimated that."
  • "The pricing is reasonable because NGINX operates on an instance basis."
  • "There are not any additional costs we had to pay to use NGINX App Protect."
  • "There is a monthly or annual subscription to use NGINX App Protect. There are not any additional costs to the subscription."
  • "The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner."
  • "There are no additional fees."
  • "There is a license needed to use NGINX App Protect."
  • NGINX App Protect Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Head Competence Center Agile & Communication at a insurance company with 1,001-5,000 employees
    Real User
    Top 20Leaderboard
    Capable of complete automation but is costly
    Pros and Cons
    • "We were looking for a product that is capable of complete automation and a container based solution. It's working."
    • "As far as scalability, it takes a long time for deployment."

    What is our primary use case?

    We tried to secure our public exposed APIs with NGINX App Protect. The cases must be all completely automated, because we want to build a self-service engine so that a decentralized approach is possible in the organization.

    What is most valuable?

    We were looking for two main valuable features. We were looking for a product that is capable of complete automation and a container based solution. It's working.

    What needs improvement?

    The solution is working on OpenShift, but we have the feeling the product was designed not only for OpenShift or a container-based solution to operate. 

    In addition, they have a messy license model; it's not really made for microservice architecture. It's getting expensive really, really fast.

    NGINX made some promises for a roadmap which they weren't able to deliver. One was about virus scanning, and the other was WebSocket inspection. I think they will provide both features in the future, but the communication was really bad. Then there was a problem in production during config reload. If you want to deploy a new API, it takes around 20 seconds. For one API it's not a lot, but if you have 300 APIs, it takes a lot of time. It's not made for deployment in a self-service model. 

    Most important to see in a new release would be the WebSocket inspection and virus scan.

    For how long have I used the solution?

    I have been using this solution for about six months.

    Buyer's Guide
    Web Application Firewall (WAF)
    November 2022
    Find out what your peers are saying about F5, Amazon, Microsoft and others in Web Application Firewall (WAF). Updated: November 2022.
    656,474 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The stability of App Protect was pretty good.

    What do I think about the scalability of the solution?

    As far as scalability, it takes a long time for deployment.

    How are customer service and support?

    Tech support wasn't really helpful. They asked the wrong questions. We tried to help them and head them in the right direction, but we always had the feeling the wrong people were in charge because we had more knowledge than they had.

    How was the initial setup?

    The initial setup was straightforward; maybe a bit uncomfortable because you have to build your own ConfigMap application so that you're able to produce all these configs. They don't have any support tool or similar.

    What about the implementation team?

    We implemented the solution ourselves. We have two engineers for deployment and maintenance.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is yearly, and we have two teams using NGINX App Protect. Just our team has a yearly fee of maybe $25,000. It's not a lot, but it's because we made decisions on the architecture style to save some money. If we didn't do that, we were heading up to $300,000, $400,000.

    Which other solutions did I evaluate?

    We are developing an integration platform based on the API gateway and web application firewall. We went live this year, and we have some production issues with the chosen technologies. We use NGINX App Protect as a web application firewall and 3scale as an API gateway. Both products are working, but it's not a perfect match for us. Because of this, we did some research during the summer and decided to change the whole solution to AWS.

    What will be definitely better is the AWS license model for us. We pay maybe 10% of the whole solution we had before. So it's much cheaper. They are technical as well because we are able to instantiate per API, our own web application firewall, and API gateway. So it's not just the price, it's the whole that looks like AWS is a much better solution than NGINX.

    What other advice do I have?

    Regarding the solution, be clear on the consequences of writing your own configuration files; that's one part that was really cost-intensive and time-consuming for us. Also, really understand the licensing model, because we underestimated that.

    I would rate this solution a six out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Senior Network and Security Specialist at a tech services company with 51-200 employees
    Real User
    Top 10Leaderboard
    Reasonably priced and responsive support, but scalability could be improved
    Pros and Cons
    • "NGINX App Protect has complete control over the HTTP session."
    • "Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."

    What is our primary use case?

    I work with containers. I do the architecting, but there are times when I also do the implementation. So I'm familiar with the products, particularly NGINX.

    NGINX App Protect is used in Kubernetes and OpenShift environments.

    What is most valuable?

    NGINX App Protect has complete control over the HTTP session. I can experiment with whatever I want. I can start with URLs and cookies. I can work with parameters and everything that I need. I can work with signatures also. I can inspect the traffic whenever I want.

    What needs improvement?

    As I see it now, there are some things to improve, but the F5's WAF is, more enhanced when compared to NGINX's. However, they have done a good job adapting it.

    It should be automated in some way. 

    Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment.

    It would be good if some kind of automation was included.

    For how long have I used the solution?

    I have worked with NGINX App Protect for at least three or four years.

    What do I think about the stability of the solution?

    NGINX App Protect is a stable product. Because it's an additional module, we use it in conjunction with the Ingress Controller, but it can also be run anywhere, as a VM or whatever you need. 

    They did an excellent job porting the VSM code to NGINX.

    What do I think about the scalability of the solution?

    NGINX App Protect is scalable, but, handling the configuration is still time-consuming. It doesn't have a centralized option. They have the NGINX controller and some APIs to do it, but it isn't fully scalable in my opinion.

    How are customer service and support?

    I've known them for a long time because I began working with F5 more than ten years ago. Even though my primary experience is with F5, and I don't have many tickets open in NGINX in general, the service is quick. But, in my opinion, it's pretty solid.

    Which solution did I use previously and why did I switch?

    I began with F5 products such as ASM. It performs the functions of the various firewalls. When NGINX was acquired by F5, they adapted the module for NGINX, which was dubbed App Protect. When this became public, I began to work with NGINX in this case as well.

    How was the initial setup?

    The implementation process is not simple. If you have more than one, the policy must be created from scratch in YAML files, which is not automated and takes time.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is reasonable because NGINX operates on an instance basis. There are differences. There is some leeway in how much the instance can cost, depending on the customer and other actions, but it's reasonable in my opinion.

    Which other solutions did I evaluate?

    I work as a consultant for a company and am currently evaluating some products.

    What other advice do I have?

    We are a partner with F5. I am currently evaluating Prisma Cloud because they have a WAF option on Palo Alto and I'm looking into it. But, aside from Prisma, I've never seen the WAF. So I'm attempting to make some comparisons in order to learn the Prisma side and see how it works with NGINX. I downloaded a document to get a head start on it and to form an idea for now.

    I would rate NGINX App Protect a seven out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Web Application Firewall (WAF)
    November 2022
    Find out what your peers are saying about F5, Amazon, Microsoft and others in Web Application Firewall (WAF). Updated: November 2022.
    656,474 professionals have used our research since 2012.
    Ntwrkengine0887 - PeerSpot reviewer
    Senior Network Engineer at a comms service provider with 1,001-5,000 employees
    Reseller
    Top 20Leaderboard
    Flexible and high availability
    Pros and Cons
    • "The most valuable feature of NGINX App Protect is its flexibility."
    • "The setup of NGINX App Protect is complex. The full process took one week to complete. Additionally, we had to change the network infrastructure platform which took one month."

    How has it helped my organization?

    NGINX App Protect has improved the flexibility of services in our company and distributed new escalation applications. The downtime in our network has decreased substantially. In a short time, we can republish and resolve issues in our network.

    What is most valuable?

    The most valuable feature of NGINX App Protect is its flexibility.

    For how long have I used the solution?

    I have been using NGINX App Protect for approximately three years.

    What do I think about the stability of the solution?

    NGINX App Protect is stable.

    What do I think about the scalability of the solution?

    The scalability of NGINX App Protect is decent.

    We have approximately 500 people using the solution in my organization. We have IT specialists that work with the core mobile network.

    How are customer service and support?

    We do not have technical support in Iran, we only use our own knowledge about the solution.

    Which solution did I use previously and why did I switch?

    I did not use a similar solution previous to NGINX App Protect.

    How was the initial setup?

    The setup of NGINX App Protect is complex. The full process took one week to complete. Additionally, we had to change the network infrastructure platform which took one month.

    I rate the setup difficulty of NGINX App Protect a four out of five.

    What about the implementation team?

    We used an IT expert for the implementation of NGINX App Protect. We have three people who provide support for NGINX App Protect.

    What was our ROI?

    We have received a return on investment, NGINX App Protect was a good investment.

    What's my experience with pricing, setup cost, and licensing?

    I rate the price of NGINX App Protect a three out of five.

    There are not any additional costs we had to pay to use NGINX App Protect.

    What other advice do I have?

    We have a complex project and we found some of our applications did not work as intended. However, moving forward we do not find we will experience this level of complexity.

    I rate NGINX App Protect a nine out of ten.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    Information Security Engineer at a computer software company with 1,001-5,000 employees
    Real User
    Top 10Leaderboard
    Beneficial reverse proxy, effective load balancer, and helpful support
    Pros and Cons
    • "The most valuable feature of NGINX App Protect is the reverse proxy."
    • "The price of NGINX App Protect could improve."

    What is our primary use case?

    NGINX App Protect can be used as a reverse proxy, internet controller, and for caching.

    How has it helped my organization?

    NGINX App Protect has improved our organization by using the load balancer feature.

    What is most valuable?

    The most valuable feature of NGINX App Protect is the reverse proxy.

    What needs improvement?

    The price of NGINX App Protect could improve.

    For how long have I used the solution?

    I have been using NGINX App Protect for approximately two years.

    What do I think about the stability of the solution?

    NGINX App Protect is stable. It is lightweight and fast.

    What do I think about the scalability of the solution?

    The scalability of NGINX App Protect is good and it is easy to do.

    How are customer service and support?

    The experience I had with the technical support was good.

    Which solution did I use previously and why did I switch?

    We used another solution previously to NGINX App Protect. We switch to testing other solutions.

    How was the initial setup?

    The initial setup of NGINX App Protect is basic. The full deployment took approximately one day.

    What about the implementation team?

    We followed the documentation to do the implementation of NGINX App Protect in-house. We have one person that does the deployment and maintenance of the solution.

    What was our ROI?

    I have not seen a return on investment, it is too soon. We are only in the testing phase.

    What's my experience with pricing, setup cost, and licensing?

    There is a monthly or annual subscription to use NGINX App Protect. There are not any additional costs to the subscription.

    I rate the price of NGINX App Protect a three out of five.

    What other advice do I have?

    I would recommend this solution to others because it performs well.

    I rate NGINX App Protect a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Chief Technology Officer at a tech company with 11-50 employees
    Real User
    Top 20Leaderboard
    Beneficial open-source environment, simple implementation, and reliable

    What is our primary use case?

    We are using NGINX App Protect as a web portal and we are planning to use it as an API gateway.

    What is most valuable?

    The most valuable feature of NGINX App Protect is its open source.

    What needs improvement?

    NGINX App Protect could improve security.

    For how long have I used the solution?

    I have been using NGINX App Protect for approximately five years.

    What do I think about the stability of the solution?

    NGINX App Protect is stable.

    What do I think about the scalability of the solution?

    The scalability of NGINX App Protect is good.

    Everyone in my company that uses this solution are developers. We have a total of 150 concurrent users.

    How are customer service and support?

    The support from NGINX App Protect is too expensive. We did not end up receiving support because of the cost.

    How was the initial setup?

    The initial setup of NGINX App Protect is easy. It took us a couple of days maximum.

    What about the implementation team?

    NGINX App Protect is low maintenance and we did the implementation in-house with a couple of people.

    What was our ROI?

    We have seen a return on investment using NGINX App Protect.

    What's my experience with pricing, setup cost, and licensing?

    The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner.

    What other advice do I have?

    I rate NGINX App Protect an eight out of ten.

    No solution is perfect, there is always room for improvement.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Head Of Information Security at a financial services firm with 501-1,000 employees
    Real User
    Top 20Leaderboard
    Perfect protection against all application attacks

    What is our primary use case?

    We use this solution for protecting published services including website applications, mobile applications, and web applications.

    What is most valuable?

    The policies are flexible based on the technologies you use. 

    What needs improvement?

    The dashboard could provide a more comprehensive view of the status of the connections.

    For how long have I used the solution?

    I have been using the solution for the past two years.

    What do I think about the stability of the solution?

    The solution is stable.

    What do I think about the scalability of the solution?

    The solution is scalable with many licensing options according to client requirements. We have about 800 employees who use NGINX App protect.

    How are customer service and support?

    Customer support is helpful, and they respond fast.

    How was the initial setup?

    Initial setup was easy. For the implementation, it takes no time, but it takes some time to learn, understand the traffic, and to build the policies according to the traffic of the applications already implemented.

    We have two employees for maintenance. 

    What about the implementation team?

    We had a partner implement the solution and they were able to do so easily.

    What's my experience with pricing, setup cost, and licensing?

    There are no additional fees.

    What other advice do I have?

    This solution provides perfect protection for the published services against all application attacks.

    I would rate this a 9 out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    VijayLalwani - PeerSpot reviewer
    Manager - Cyber Security at a financial services firm with 10,001+ employees
    Real User
    Top 20Leaderboard
    Great auto-learning and protection
    Pros and Cons
    • "NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
    • "NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution."

    What is most valuable?

    NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks.

    What needs improvement?

    NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution. In the next release, I'd like to see some enhancements in bot protection, API security, and mobile application security.

    For how long have I used the solution?

    I've been using NGINX App Protect for four years.

    What do I think about the stability of the solution?

    NGINX App Protect is stable but has some areas for improvement, including HTML5 availability. I would rate its stability eight out of ten.

    How are customer service and support?

    NGINX's technical support is good, but sometimes their response time is delayed, or they don't have the technical skills to resolve issues. We're seeing these issues despite having premium support.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I previously used Imperva WAF.

    What other advice do I have?

    I would give NGINX App Protect a rating of eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Tech Lead Security at a comms service provider with 51-200 employees
    Real User
    Top 5Leaderboard
    Reliable, scalable, and simple installation

    What is our primary use case?

    We used NGINX App Protect for our externally-facing web applications to secure them using the WAF.

    What needs improvement?

    The integration of NGINX App Protect could improve.

    For how long have I used the solution?

    I have been using NGINX App Protect for approximately two years.

    What do I think about the stability of the solution?

    NGINX App Protect is stable.

    What do I think about the scalability of the solution?

    The scalability of NGINX App Protect is good.

    We have two people using this solution in my company.

    How are customer service and support?

    I have not contacted support.

    How was the initial setup?

    The initial setup of NGINX App Protect is simple.

    What about the implementation team?

    We have two people that are doing the support for NGINX App Protect which included the deployment.

    What's my experience with pricing, setup cost, and licensing?

    There is a license needed to use NGINX App Protect.

    What other advice do I have?

    The solution is very good overall.

    I rate NGINX App Protect an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Web Application Firewall (WAF) Report and find out what your peers are saying about F5, Amazon, Microsoft, and more!
    Updated: November 2022
    Buyer's Guide
    Download our free Web Application Firewall (WAF) Report and find out what your peers are saying about F5, Amazon, Microsoft, and more!