Radware Cloud WAF Service Reviews

Our company does collections of debt and we have a number of public websites. We usually send emails or snail mail to the clients and they reach us through any of our three of our main sites. Because those sites are exposed to the internet, we use the web application firewall from Radware to protect them. It protects us from attacks like denial service, SQL injections, et cetera. It is an application-oriented firewall for everything that is exposed over the internet.

On the InfoSec side, it helps us to know who is trying to access our site but is not legitimate. The protection against low and slow DDoS attacks is helpful because they are another way that malicious actors try to get into our system.

Also, with Radware Cloud WAF, we have reduced our security headcount. Before we had it, we had to have at least one person going over all the elements of our firewall and fine-tune it against whatever attacks and elements were there. Now, that position is no longer needed because we can receive reports. We went from having almost daily conversations about elements that we were seeing in our firewall, to just presenting monthly reports of what we were protected against to senior management. We go in through Radware to the dashboard and get the information.

They do have an API for getting reports and we are in the middle of trying to get those reports automated. But, for the time being, everything is on the really nice and well-organized dashboard that we use for those executive reports. By the end of the month, we will actually have executive reports that go to our senior level.

Also, if Radware finds some sort of a legitimate attack, they actually call us, like a SOC would, and report it to us.

Another benefit is that it has reduced our false positives. Usually, we would have five to eight in a week. We're down to almost one a month. That's impressive. We were doing reactive fine-tuning, whereas this is more of an AI and machine-learning implementation, which is way better. Each of those false positives we used to have required between 10 minutes and almost an hour from us. In the worst-case scenario, we were putting in one hour daily on false positives, or 20 hours monthly.

The isolation feature is the most important one because everything is going directly to Radware first and then it goes into our system. What we get is the filtered version of everything that would otherwise come directly to us.

For blocking unknown threats and attacks, it uses machine learning. It actually learns what is normal traffic from clients. Once we got the solution, they asked us to open all requests to do some type of machine learning to understand what normal traffic is. With other elements that Radware has in its arsenal, it can differentiate between normal, human traffic and bots or even DDoS attacks.

And we haven't had any false positives so far from the solution's automated analytics. On top of that, it's a very good tool because we can actually see the locations that traffic is coming from, and we can prohibit it from very specific areas of the world. One thing we have learned is how to optimize some of our code to make the application faster. The solution can react to attacks from different parts of the world and block them from entering our servers.

We also use the API Discovery feature and the analysis of the contents of the API is very good. Because we are PCI-certified, we usually use external penetration tests and obfuscation of malicious code through API, and what is discovered by Radware, and blocked, is very impressive. It won't allow any callbacks unless they are from our IP. It also offers VPN connectivity that we are testing, to provide end-to-end protection. What it comes down to is that no one reaches out to our server that is publicly exposed; that exposure is only to Radware. We like that.

It's easy to use the API Discovery, but you must know what you're doing. You just enable it but there are some elements that you need to provide to Radware. The only downside there is the learning process on the Radware side. You need to run it without any filters so it can actually see what normal traffic is and then it can apply the protection.

In terms of integrating Radware Cloud WAF Service with the other systems and applications, everything is API-connected so it was really easy. There is a testing period and, in one case, it took us 90 days, but in another, it was only two weeks. But it integrates really well with our systems.

There is a learning curve for the API for reporting. It is not as easy as other APIs.

Also, the implementation was hit or miss for the first few months. They did some tweaking and, since then, there have been no problems. 

Another issue is that they don't go back into information beyond 90 days. We have to pull the information so we can have, let's say, a year of threats, attacks, and data to help us make decisions about providing more or fewer resources, depending on the year-long data.

I have been using Radware Cloud WAF Service since 2019.

The stability is good. There was one instance of downtime but it was basically our systems.

We haven't needed to scale, for the moment. But I know on their side that they have a huge number of denial-of-service attacks and we haven't had any feedback from our clients about not being able to reach our website. So the solution is working. I don't know how they scale it because, with a DDoS attack, if you don't know how to treat it, you will need to scale it so you can actually allow safe users into your system.

Our number of users is more than 5,000 with two locations. The number of people involved in the Cloud WAF project, on our team plus the networking team, is about 10.

Tech support is ticket-based. We have a 24-hour SLA that they have committed to, but we are more into having communication directly with them. Even though they have the ticket system and ask us to create tickets, we usually reach out to our contacts and try to expedite support requests.

Positive

We were using Cisco Firepower as our main firewall, but that is not a web application firewall. We switched to Radware Cloud WAF because we evaluate our InfoSec roadmap every year. Based on the capabilities that Radware offered, and on recommendations from each year's pen test, and because we are trying to evolve our security to make it more mature, it was the decision that we took. It was a good one.

The deployment is hybrid. There are elements that go to AWS and elements that go to our co-location services in Jacksonville. Eventually, everything is going to be exclusively cloud-based.

We are currently migrating everything to AWS. Setting things up, at that moment in time, was kind of hectic, but that was more because of our side. What Radware asked us to do was to redirect everything into our DNS, so it was fairly in terms of what their side needed. It was more an issue of understanding how we could tweak the solution on our side. With the planning included, it took less than a month.

In terms of maintenance, it mostly just works. But from time to time, based on the changes that we make to our web application code, we need to tweak some of the settings of the web application firewall.

Everything was in-house and we had four people involved.

Imagine those 20 hours we used to spend on false positives multiplied by the employees' salaries and you have an ROI. I can't tell you if the ROI takes less than a year or two years, but this solution is one of our main layers of defense and it is a requirement for everything we do.

The pricing is fair. We compared Radware to others using industry reviews and Radware is at the top right now.

Radware Cloud WAF is way better than what we had. It's more self-sufficient. When we used the regular firewall, we were the ones trying to build up the different signatures and create some sort of access control list based on location. And there was no API filtering. It is a night and day change.

My main advice would be to include the development team, because the adoption of really good API-based protection is going to happen by having really good communication with your development team. They actually consume some of the rules that we use to create those APIs, and they pass that to their machine-learning processes. That's what is going to customize the web application firewall for your environment. 

Our company infrastructure is supported in AWS, and we use Cloud WAF to protect most of our applications, including mobile apps, our main website, and other business-related apps. 

We have many applications in the AWS cloud, including API gateways and balancers, so the backend is made up of all our apps and network load balancer. We use the solution as a frontend protection tool, and the integration is simple, uncomplicated, and works fine.  

The most significant benefit of using Cloud WAF is the robust protection it provides, particularly against Layer 7 attacks. We've been protected against attacks on our website, and in the case of one DDoS attack, Radware supported us in detecting the attack behavior and blocking the threat. The block took five to ten minutes, we configured the solution to account for the specific behavior of the attack, and we re-established our website. 

The product significantly reduced our false positives, as we previously had many. We had more false positives just after the implementation, but following some reconfiguration and changing some features with the help of Radware's implementation team, the tool works fine. We only have a few false positives; we've seen a reduction of around 80%.  

Cloud WAF helps to free up our IT staff for other projects and saves us significant time. I manage the solution and log into the console around once a week; it takes very little time to configure. The tool doesn't require continuous supervision, just infrequent configuration changes, five times a month.  

Geo-blocking is one of the most valuable features we use the most; most of our users are in North, Central, and South America, so we use geo-blocking to block access from other countries.

In our experience, Cloud WAF effectively prevents unknown threats and attacks. We have received reports of attacks in the past, but the product successfully blocked them. In a few instances, we contacted Radware support for assistance in blocking specific attacks. Despite experiencing around three incidents over the past four years, we are satisfied with the solution's performance and have not encountered any further issues.  

The solution's automated analytics for looking at events works great, as it has a model that can analyze the traffic and respond to an attack. We can also configure the tool to block or allow specific traffic based on the analytics.

We receive many reports from our security team of IPs flagged by our security tools, such as Palo Alto. I cannot add the file containing the IPs to get them blocked; instead, I have to contact Radware support and open a ticket for them to do it. I need to be able to block flagged IPs myself, as it currently takes more time to open a ticket, contact the support team, and wait four to six hours for a response. I want to be able to upload a file with 2,000-3,000 IPs in the console and then apply and save the configuration.

We've been using the solution for four to five years. 

The solution is highly stable; we never had a direct issue with the tool in four years, so it's very solid. 

The solution is highly scalable; we can apply multiple servers and add applications to Radware almost immediately. 

We have contacted support on multiple occasions, and they are excellent, though it depends upon the case. If we have a P1 issue, we can contact support by calling them directly, which takes up to 15 minutes. For non-critical regular tickets, these can take between four and six hours, which is good. If we have multiple issues, we can enter a Zoom call with support, and they will help us to block malicious traffic, for example. I rate them nine out of ten.

Positive

The initial setup was very straightforward, and we implemented with a team of three or four staff. The product doesn't require any maintenance on our side; we sometimes receive emails informing us Radware will carry out maintenance, but it never affects the company.

We are based in El Salvador and don't have a direct license with Radware; we purchase the license through resellers. The pricing is reasonable, as I managed an Akamai product in a previous position, and Cloud WAF is competitively priced.

I rate the solution nine out of ten. 

Radware is very valuable to our business, the deployment is simple, and it only took a couple of weeks to see that value. 

My advice to others considering the solution is that it's a good tool. Regarding security, it's an excellent and feature-rich product that can protect your website, is easy to configure, and has strong support. The Radware technical support staff are very experienced and knowledgeable about their product. We can also generate periodic reports, and Cloud WAF is a great solution that will help improve your work.

We use the solution to protect our environment against attacks.

I am satisfied with its ability to block unknown threats and attacks.

The Radware Cloud WAF Service is beneficial to our organization because it allows us to unify protection across cloud-based locations and have centralized control over it. Additionally, implementation of the solution is relatively straightforward if the web application is not overly complex.

I think we still need to analyze exactly how much the solution has helped reduce false positives. However, the estimate doesn't have as many false positives. The solution provides accurate signatures for most of the operating systems, and protections. I believe it is quite effective in reducing false positives as we can filter, we have detailed security reviews with the policy security reviews from the previous year and prior day implementation with the experts from Radware. The policies that are set are quite good and there are not as many false positives. We have seen around a 20 percent reduction in the number of false positives.

When the solution works flawlessly it frees up around ten percent of our IT people's time to work on other areas.

Compared to other solutions, the protection against the tax provided by Radware Cloud WAF Service is the same except we now have fewer false positives.

Radware Cloud WAF Service has several valuable features, with good support and a user-friendly GUI. There are some advanced rules that can be useful for reconfiguring complex applications, though not always. Advanced tools are also available.

The automated analytics of the solution is beneficial for examining events. We can traverse security events, extract the necessary information, and search for specific ones.

If the applications are not too complex, integrating the solution with other systems and applications in our environment is easy. However, if they have custom services ports and other components beyond the HCT protocols, then we may have a problem.

The connection between the front and back ends could be improved. The connection is not always accurate, and there are occasional bugs. Radware should consider introducing more advanced tools than the larger ones, as well as providing use cases within the documentation for more advanced rules such as client certificate authentication.

I have been using the solution for seven months.

The solution is stable.

The technical support is responsive.

Neutral

We previously used on-prem solutions and switched to Radware Cloud WAF Service because of the cloud capabilities.

The initial setup is straightforward as long as the applications do not have any custom ports and more services or applications are relatively basic and exposed on the outside without additional services.

A full deployment with security policies and complete implementation requires around three weeks.

I am the one who can operate everything on the cloud, but we need to obtain signatures from a number of people in order to change the IP addresses. The deployment requires one person from the IT security team and five or more people from the business side.

The return on investment is satisfactory and has stabilized at this point.

The price is a bulk average.

I give the solution an eight out of ten.

The solution's time to value is average. Sometimes bugs arise and take longer than expected, and sometimes everything goes smoothly. I would say the ratio is 50/50. When everything goes smoothly with the integration the value is seen immediately.

The solution has been deployed across multiple locations in six different countries.

It has required some maintenance a few times but not much.

We have 30 people using the solution.

I would recommend the solution; however, it is always beneficial to have a proof of concept first. You should go through the demo to ensure the solution fits their environment.

We have multiple use cases for Radware Cloud WAF Service. We use it to protect our voice domain, our banking solution, and any other applications that are open to the Internet. We use the same Radware WAF for our applications on AWS.

The effectiveness of Radware Cloud WAF Service in blocking unknown threats and attacks depends on the situation. Usually, when we deploy applications, we have everything planned in advance. In this case, we can simply log in to the portal and configure the WAF. However, if we are dealing with a repeated case or if we need to update a certificate, we can use automation to make the changes. In most cases, we do not need to make any changes to the WAF configuration. For example, if we need to block a specific IP address, we can create a template and apply it to all of our web applications. This allows us to use WAF for both web applications and API code.

Radware Cloud WAF Service's automated analytics for looking at events is good. We actually had something similar before, but this service gives us a better understanding of how we use WAF for different products. For example, DDoS protection is also included. This allows me to analyze which users are coming from which locations, what my status is, and if I have a SQL injection or something similar. There are a lot of features, so I definitely know my application better and can identify any security events that are happening on my web or application.

The end-to-end API protection offered by Radware Cloud WAF Service's API discovery feature is a good tool. However, it can only be effective if we understand the WAF portal concept and know what the tool does. Before we use the tool, we should read its documentation. Radware also has a universal university where we can learn more about how Radware works in a web application. This is helpful because different vendors have different ways of using the same application. I have been part of this learning experience and found it to be very helpful.

API Discovery is easy to use for those who are familiar with WAFs and APIs. However, we need to use a document to configure it, which is not a big deal.

Using Radware CDN services and Cloud WAF together is easy. However, it requires coordination between two different teams. The security team is responsible for CDN, while the development team is responsible for the application. If these teams communicate effectively, it is very easy to use the combined services. Even if the development team does not have experience with CDN, it is not difficult to learn. I have been part of both teams, and I can confirm that using Radware CDN services and Cloud WAF together is easy.

Radware Cloud WAF Service is user-friendly. It provides us with what we need and tells us where to click. Even if we are new to using it, we will not get lost or confused. Once we log in, we can simply click through the steps and understand what is happening. The application is easy to configure and does not require highly technical knowledge.

Radware Cloud WAF Service helped reduce the overhead on one team. In a previous product preview event, only two teams were configuring everything for the project team. However, now even the user developer can develop applications. They develop the application, put their endpoint, and go to Radware to create everything. The system management and network teams are no longer involved. This reduced the dependency on a team by 70 percent. Additionally, any individual team can now configure and use the service.

Radware Cloud WAF Service helped reduce our TCO by ten percent.

We noticed the time to value within two months of using Radware Cloud WAF Service.

Radware Cloud WAF Service is user-friendly and easy to deploy. All we need is our domain name, and we can easily configure it. I migrated from old products to new products using Radware Cloud WAF Service. Migration can be a complex process, but Radware makes it easy by providing a step-by-step guide. We can migrate one application at a time, or we can migrate multiple applications at once. Radware also provides an API that we can use to automate the migration process.

Radware Cloud WAF Service should provide SSL certificates for its hosting customers. Currently, customers must purchase an external certificate and upload it to their hardware. This is a major inconvenience, and I would like to see Radware offer a certificate solution.

The technical support has room for improvement.

I have been using Radware Cloud WAF Service for six months.

Radware Cloud WAF Service is stable.

Radware Cloud WAF Service is scalable. We have multiple teams but we are all on one cloud. We have approximately 50 people using Radware Cloud WAF Service.

Overall, the technical support team resolves our issues, but they take some time to understand the issues.

Neutral

We previously used Imperva Web Application Firewall, but it was too expensive. We switched to the Radware Cloud WAF Service, which is more affordable.

We did not use the automation with Imperva in the same way that we do with Radware Cloud.

The initial setup was straightforward. The deployment took one month because we wanted Radware to learn about our footprint. We started blocking after a month, once they developed an algorithm to understand how the application works and what the major use cases are. Initially, we were not in a blocking mode. We were just configuring everything and learning more about the application. We initially required six people because we were building the policies.

The implementation was completed in-house.

We are still in the early stages of using Radware Cloud WAF Service, but we have already seen a 10 percent return on investment due to a reduction in team dependency.

For the current market, the price for Radware Cloud WAF Service is exactly where we want it to be.

We are using two services, WAF and CDN, and we have a three-year contract for these services.

I give Radware Cloud WAF Service an eight out of ten.

I recommend conducting a proof of concept before purchasing Radware Cloud WAF Service.

We use Radware to protect our applications and the portals that we share with our clients and business partners.

Among the improvements to our organization is that we are calmer regarding the use of the applications that we publish. Radware gives us a level of confidence that assures us that, if there is an attack, we have a tool that will protect us and that will block suspicious behavior.

Cloud WAF Service has also helped us reduce false positives. I don't have the exact data on how much they have decreased, but once we enter the portal we can see network connections that have an unknown IP and we can scan and block applications automatically from countries in which we do not have clients.

It has also helped save time for our IT team. We don't dedicate so much time to the threats, but we directly review the reports. We have saved about 30 percent in time invested.

One of the most valuable features we have found in the solution is protection against attacks from botnet networks and the requests that these remote networks can generate that are blocked from our servers. That frees us from having to deal with that traffic.

Cloud WAF Service has also been useful for us in terms of blocking threats because it automatically detects them, detects behavior patterns that have a threat pattern, and directly blocks them. Without making any changes or decisions, we automatically have protection.

Also, regarding the classification of events, the solution does productive work in detecting the logs where there could be threats to our applications, and that is quite useful.

We have had difficulties with the configuration of rules when it comes to allowing connections and having a list of IPs that are authorized to use a specific service. We have not been able to make a whitelist work.

For example, if we want to publish services to a limited number of providers and we only want those providers to connect, we need to forward those requests to the Radware support team and they apply them, but it takes some time. It seems to me that this long process would be faster if the configuration could exist directly in the portal. That would make things easier.

We are in our third year of use of Radware Cloud WAF Service.

We have only had one network outage which happened a while ago. Fortunately, it was short and we were quickly back in business.

We have plans to increase the use of Radware in our enterprise. There are a couple of applications that are going to be added.

The technical support is very good.

Positive

We did not have a previous solution. It was a fairly quick decision to go with Radware. It was chosen because Cisco offered a package of security solutions in which Radware was included.

The initial setup was pretty easy. An engineer from Radware helped us. We scheduled a meeting, discussed the changes that we had to make internally at the DNS level, and that's it. The engineer who helped us was assigned by Radware and we had a pretty good experience with him. On our side it required two people, our system administrator and security analyst.

The programming process and our first use of the solution were quite successful. It was deployed with a set of default rules and policies in a short amount of time, and these gave a certain level of protection for our applications. When we started using it, we understood its features and potential.

In terms of maintenance, there are changes and revisions that need to be made from time to time, mainly to check for false positives. Generally, only one person participates in that process.

We have seen return on investment through the level of reliability of the application and the optimal stability that it gives to our users.

In terms of TCO, it has not been an expense. More than anything, it has been a beneficial service that has reduced TCO by approximately 70 percent.

Radware Cloud WAF Service is a good option. It is a good tool that will definitely give you the protection you are looking for.

The most important lesson that Radware has taught me is that, as a service, it can relieve you of many application security tasks.

Foreign Language:(Spanish)

¿Cuál es nuestro caso de uso principal?

Usamos Radware para proteger nuestras aplicaciones y los portales que compartimos con nuestros clientes y socios comerciales.

¿Cómo ha ayudado a mi organización?

Entre las mejoras de nuestra organización está que estamos más tranquilos en cuanto al uso de las aplicaciones que publicamos. Radware nos da un nivel de confianza que nos asegura que si hay un ataque, tenemos una herramienta que nos protegerá y bloqueará comportamientos sospechosos.

Cloud WAF Service también nos ha ayudado a reducir los falsos positivos. No tengo los datos exactos de cuánto han disminuido, pero una vez que entramos en el portal podemos ver conexiones de red que tienen una IP desconocida y podemos escanear y bloquear aplicaciones automáticamente de países en los que no tenemos clientes.

También ha ayudado a ahorrar tiempo para nuestro equipo técnico. No dedicamos tanto tiempo a las amenazas, pero revisamos directamente los informes. Hemos ahorrado alrededor del 30 por ciento en el tiempo invertido.

¿Qué es lo más valioso?

Una de las características más valiosas que hemos encontrado en la solución es la protección contra ataques de redes botnet y las solicitudes que pueden generar estas redes remotas que son bloqueadas de nuestros servidores. Eso nos libera de tener que lidiar con ese tráfico.

Cloud WAF Service también nos ha resultado útil en términos de bloqueo de amenazas porque las detecta automáticamente, detecta patrones de comportamiento que tienen un patrón de amenaza y los bloquea directamente. Sin tener que hacer algún cambio o decisión, estamos protegidos automáticamente.

Además, en cuanto a la clasificación de eventos, la solución hace un trabajo productivo al detectar los logs donde podría haber amenazas a nuestras aplicaciones, y eso es bastante útil.

¿Qué necesita mejorar?

Hemos tenido dificultades con la configuración de reglas a la hora de permitir conexiones y tener una lista de IPs que están autorizadas para usar un servicio específico. No hemos podido hacer que una lista blanca funcione.

Por ejemplo, si queremos publicar servicios para un número limitado de proveedores y solo queremos que esos proveedores se conecten, debemos reenviar esas solicitudes al equipo de soporte de Radware y ellos las aplican, pero lleva algo de tiempo. Me parece que este largo proceso sería más rápido si la configuración pudiera existir directamente en el portal. Eso facilitaría las cosas.

¿Por cuánto tiempo he usado la solución?

Estamos en nuestro tercer año de uso del servicio Radware Cloud WAF.

¿Qué pienso sobre la estabilidad de la solución?

Solo hemos tenido una interrupción de la red que ocurrió hace un tiempo. Afortunadamente, fue breve y rápidamente volvimos a la normalidad.

¿Qué opino de la escalabilidad de la solución?

Tenemos planes para aumentar el uso de Radware en nuestra empresa. Hay un par de aplicaciones que se van a agregar.

¿Cómo son el servicio de atención al cliente y el soporte?

El soporte técnico es muy bueno.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo

¿Qué solución usé anteriormente y por qué cambié?

No teníamos una solución previa. Fue una decisión bastante rápida optar por Radware. Se eligió porque Cisco ofrecía un paquete de soluciones de seguridad en el que se incluía Radware.

¿Cómo fue la configuración inicial?

La configuración inicial fue bastante fácil. Un ingeniero de Radware nos ayudó. Programamos una reunión, discutimos los cambios que teníamos que hacer internamente a nivel de DNS y eso es todo. El ingeniero que nos ayudó fue asignado por Radware y tuvimos una experiencia bastante buena con él. Por nuestra parte, requería dos personas, nuestro administrador de sistemas y el analista de seguridad.

El proceso de programación y nuestro primer uso de la solución fueron bastante exitosos. Se implementó con un conjunto de reglas y políticas predeterminadas en un corto período de tiempo, y estas brindaron un cierto nivel de protección para nuestras aplicaciones. Cuando empezamos a usarlo, entendimos sus características y potencial.

En cuanto al mantenimiento, hay cambios y revisiones que deben realizarse de vez en cuando, principalmente para comprobar si hay falsos positivos. Generalmente, solo una persona participa en ese proceso.

¿Cuál fue nuestro Retorno de la Inversión?

Hemos visto el retorno de la inversión a través del nivel de confiabilidad de la aplicación y la estabilidad óptima que brinda a nuestros usuarios.

En términos de TCO, no ha sido un gasto. Más que nada, ha sido un servicio beneficioso que ha reducido el TCO en aproximadamente un 70 por ciento.

¿Qué otro consejo tengo?

Radware Cloud WAF Service es una buena opción. Es una buena herramienta que definitivamente te brindará la protección que buscas.

La lección más importante que me ha enseñado Radware es que, como servicio, puede liberarte de muchas tareas de seguridad de las aplicaciones.

We are a company that specializes in loyalty programs for airlines and retail businesses. Our website allows customers to log in and check their loyalty program points, redeem them for flights or other items, and purchase additional points or life miles. As this is a sensitive website that is subject to many attacks, we implemented Radware Cloud WAF Service to protect it.

The solution is deployed on the cloud. We use AWS, but the web application firewall is on Radware infrastructure.

The Radware Cloud WAF Service is an excellent solution for blocking unknown threats and attacks. We have follow-up meetings with our team every other month, and we receive a summary of all the threats the solution blocked. The metrics are very positive. Without this service, we would certainly be in trouble, as we experience a large number of attacks. The solution is very specific in identifying the region from which the attack originates, as well as the type of attack, such as mail service or SQL injection. It also provides details on how the attack was blocked.

The primary advantage of Radware Cloud WAF Service is that we can be confident that the website will not be vulnerable or that our client's accounts will not be compromised. Therefore, it is highly beneficial for us.

We have very few false positives; it is very rare. In the two and a half years I have been with the organization, there has only been one false positive. This occurred when an authentic IP from Colombia attempted to log into the website and was blocked by the WAF.

The solution definitely freed up our IT teams for other projects, as we no longer have to manage the WAF ourselves. With Radware taking care of the WAF deployment in our Amazon infrastructure, our IT personnel who would have otherwise been working on managing our application firewall can now be assigned to other projects. The solution helped save 30 hours a week.

I particularly appreciate the low administrative burden of this solution, as well as the excellent monitoring tools. I can easily view blocked requests and malicious activity in a summary dashboard without needing to intervene. The solution works well independently.

Radware does not have much online training available to help customers get the most out of this solution. For example, we do not know how to integrate the solution with other tools or take advantage of the analytics that it offers. Radware could improve access to this knowledge by providing short training sessions so that customers can benefit more from their work.

I have been using Radware Cloud WAF Service for two and a half years. 

The solution is highly reliable; we have never experienced any outages.

The scalability is completely transparent for us. For instance, on Black Friday, we experience an increase in traffic on our website, yet we don't notice anything because Radware automatically scales, so we don't need to take any action. Therefore, it is very efficient at scaling.

From a financial perspective, we have definitely reduced fraud. This has been a return on investment, as we are no longer losing money compensating customers for fraud. I cannot provide an estimated amount, but we have a team in the company dedicated to preventing fraud. There has definitely been a return on the investment.

It is slow for us to get a quote, which is something that could be improved by the sales or commercial team. However, I believe the prices are fair. We pay for each application we add to the protection, as well as for each additional website. We currently have three licenses and are satisfied with them.

We always compare Radware Cloud WAF Service to the Amazon web application firewall. We have found that Radware Cloud WAF Service is a better solution for us as it is specialized and managed, so we do not need to spend time configuring or managing the solution.

I give the solution a ten out of ten.

We do not use the solution for integrating with other applications. The only other solution is the Cloud WAF Bot Manager, which is another product from the same company. We can access it from the same account using the same credentials. I can access both dashboards, the WAF and Bot Manager, but we do not integrate them with anything else.

The solution has not been implemented in multiple locations. Most of the traffic comes from Latin America and the United States. I do not have an exact figure for the number of end users that access our website, however, I can estimate that it is in the hundreds of thousands per day.

We have never performed any maintenance from our end.

We need to understand how the solution is priced, as our company has one main website, but sometimes there are other products with different URLs and websites, so we must pay for each one. My advice to customers is to understand how this is priced so they can plan accordingly.

We have a couple of AWS customers where we are implementing this solution.

When we are talking about the WAF use case, we just like to save the request. Whatever request you are getting on the WAF side, you can block it according to the filter. If you have any vulnerability inside the request, that will be inspected. If it's not legitimate, then it will be stopped with the help of WAF.

The solution offers good protection. It's for the L7, actually. When you are trying to protect the L7, this is a good product.

There are templates you can try which is useful.

It's easy to implement. 

The solution scales quite well. 

The solution is stable and reliable.

Technical support has been helpful.

The integration part could be better. The visibility part could improve as well. In the market, everyone is moving towards the cloud. However, the patience is not good. When we are trying to find out some information, we are not getting what we need on time. They need to arrange some more use cases for their partners, for their customers to showcase their product and show exactly how it is working, how they're capturing the market, et cetera. Right now, they aren't showcasing what can be done, making it hard to sell. 

I've found it difficult to find good documentation for cloud deployments. 

We've been using the solution over the past year. We've used it for ten months.

The stability is quite good. I would rate it a four out of five in terms of stability. It is reliable. There are no bugs or glitches. 

It is a scalable product. We don't have any issues in that regard. I'd rate it four out of five. 

We have a few customers on the solution. We have one with 15,000 POC employees, and they are using it. There are also a couple of other POCs we are working on now.

Their support has been very good. We are quite pleased with their general capabilities. We tend to also handle issues that are at an L2 or L3. If we cannot handle the client requests, we may reach out to Radware for help. 

Positive

The initial setup is not overly complex. The entire process is easy to manage. 

For deployment, I don't need many people. We do have a team of ten to 15 people who are managing all the security features. I can assign one of them to take care of tasks as necessary. One person who is knowledgeable in WAF can handle the deployment part.

Implementation is a one-time thing. However, the processing of requests is ongoing. Today, a customer has a certain requirement to maintain their compliance, so they can go ahead with the initial set of rules. In the future, if they come across different kinds of compliance, they definitely need to create new rules. Therefore, it's an ongoing process. We cannot say that is a one-time process work for a week, and we've completed it. Basically, the initial implementation can get done in a week. Within a week, we will have to also collect the rule stage information from the customer, including any other requirements. Then, after that, it's ongoing tweaking. 

We tend to perform maintenance for clients. If a customer faces any challenges, they create a case with us, and we deal with it. 

We can handle the initial setup ourselves. 

From my side, there is only one resource deployed on the project. However, there are multiple people required to gather information. From the customer side, it will require them to share what rules should be implemented and we figure out how we will proceed and what requests we will get coming into the application server.

The solution is pretty pricey. It's not a cheap option. I'd rate it a three out of five in terms of affordability.

They do offer different types of licenses, according to your needs. 

I'm a Radware partner. 

We have the latest version implemented right now. 

I'd rate the solution eight out of ten.

I would recommend the solution to people.