Radware Cloud WAF Service Reviews

We are choosing Radware Cloud WAF Service over traditional WAF because it has API first behavioral protection, advanced bot defense, and layer 7 web DDoS capability. It was chosen because of the hybrid and Cloud native app environment. For internal and external customers, we have approximately 1300 plus customers in our data center colocation, and all of them are using Radware Cloud WAF Service.

There are various use cases for Radware Cloud WAF Service. One is about securing public-facing portals, internal applications, and APIs, including REST API and GraphQL API. The deployed assess provides services to internal IT customers and external customers. This WAF is configured in reverse proxy mode plus API security module, and it is integrated with CI/CD pipeline for secure application development.

We have been using Radware Cloud WAF Service as it supports integration with CDN services such as Akamai, Cloudflare, and AWS CloudFront. Radware has CDN nodes for optimized delivery and protection. However, we have been using AWS CloudFront currently, but I'm in discussion with the Radware team about acquiring more Cloud WAF licenses, along with Cloud DDoS, to enhance Cloud DDoS protection capability. They have recently launched Cyber Controller Plus, so I'm going to procure Cyber Controller Plus.;

Automatic API discovery and schema validation is something we have appreciated about Radware Cloud WAF Service. It has automatic API discovery, protection against injection, abuse, and credential stuffing. It also has token-based authentication and enforcement, along with rate limiting. Bot and threat protection is another excellent feature.

It eliminates manual API inventory and documents and streamlines the security policy creation. It reduced the work for developers and the SOC workload because with a large SOC team, it helped to offload and eliminate overhead costs, providing SOC people with better resources.

Automatic threat detection in blocking and detecting without manual intervention is essential. Scalability is another benefit because it has Cloud native architecture. Cloud native architecture is readily scalable, requiring no hardware maintenance.

I see areas in Radware Cloud WAF Service for improvement, specifically in its initial tuning period, because the machine learning model takes two to three weeks for baseline behavior establishment. Closely monitoring alerts during this period is essential to avoid false positives. 

There's an alert noise issue; during the early stages, we received a high volume of alerts for minor issues, requiring collaboration with the SOC team to fine-tune thresholds and concentrate on genuine threats. 

The documentation is not up to par, as while the platform's system is robust, the documentation, particularly for API integration, could be more developer-friendly with real-world use cases.

We have been working with Radware Cloud WAF Service for almost four and half to five years now.

My experience with the technical support of Radware Cloud WAF Service is that they are excellent, and I have established a strong relationship with the executive leadership up to Roy, the CEO. They provide excellent support.

My experience with the pricing, setup costs, and licensing of Radware Cloud WAF Service is positive because I'm a Radware shop. I have all the Radware products, so my feedback is purely positive.

I have seen a return on investment with Radware Cloud WAF Service since I have been providing support and selling it as a service to customers.

When looking into Radware Cloud WAF Service, I evaluated F5 and Fortinet as other options.

We have been using many products provided by Radware. API discovery in Radware Cloud WAF Service was straightforward. Although initially, our people were new to Radware, and we had some challenges in the initial phase with false positives and early learning phases, especially with custom applications. Over time, with its intuitive UI, we were able to implement it quickly; my team learned and started working on it.

Radware Cloud WAF Service is integrated with SIEM and our SOC team of 75 people. Initially, during the early phase, false positives were common because SIEM was learning the traffic pattern, monitoring the logs, and adjusting the sensitivity. We accomplished policy tuning efficiently by manually fine-tuning the security parameters after analyzing the pattern and adjusting the threshold to reduce noise.

Radware Cloud WAF Service has been doing excellent work in protecting against zero-day attacks. We are using the automated source blocking feature. It has significantly helped our compliance efforts and helps maintain business continuity with its DDoS protection capabilities, which we utilize through real-time behavior-based detection using machine learning.

I rate Radware Cloud WAF Service eight out of ten.

My use case for Radware Cloud WAF Service is for blocking malicious IP addresses.

Radware Cloud WAF Service blocks threats effectively, providing a comprehensive report that shows the traffic and denied traffic from malicious IPs or specific countries, so I am satisfied. 

Radware Cloud WAF Service has reduced the false positive rate, and it's beneficial for our organization. By using Radware Cloud WAF Service, 30% to 40% of false positives are reduced.

For zero-day attacks, Radware Cloud WAF Service integrates threat intel, which detects anomalous traffic and blocks it automatically, preventing attackers from entering our organization or attacking our domains. Source blocking is effective because it has good capability to handle things automatically without human intervention, as a human cannot handle all the alerts and traffic.

The real-time BLA detection and mitigation of Radware Cloud WAF Service strongly performs to mitigate and take action against contamination. Radware Cloud WAF Service is quite effective and handles all traffic to HTTP or HTTPS effectively.

My organization is quite large, so we have to monitor activities promptly. Since it's not possible for a human to detect and address every threat, we implemented Radware Cloud WAF Service, which automatically detects and prevents DDoS threats and traffic without human intervention, making it better for us and protecting our organization.

With the automated analytics of Radware Cloud WAF Service, if multiple logins occur from the same malicious IP in the same pattern, the AI automatically recognizes it and takes the appropriate action, such as blocking or allowing, which is beneficial for us.

Improvement areas could be some of the AI capabilities related to false positives. The required IP addresses sometimes get blocked, so that needs to be enhanced. The AI recognizing features can be improved. Recognition aspects could be refined; it's performing at almost 99%, so there's a small margin for improvement.

I have been using Radware Cloud WAF Service for three years in my organization.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

We have about 35 users working with this solution.

I would rate their customer support a ten out of ten.

Positive

It is easy. It takes 10 to 15 days.

The pricing for Radware Cloud WAF Service is moderate; it's not expensive. We can't say it's low and we can't say high; it's moderate, and I got that perfect point.

It is easier to use with a moderate cost than others.

To assess Radware Cloud WAF Service for blocking unknown threats and attacks, we have found that if an IP is identified as malicious, we can block it, and we utilize the graph chart provided. Using the CDN with Radware Cloud WAF Service is easy to implement and use; it's not a headache for us.

I would rate Radware Cloud WAF Service a nine out of ten.

The main use case for Radware Cloud WAF Service in my organization is blocking attacks. A specific example of a type of attack that I was able to block using Radware Cloud WAF Service is blocking DDoS attacks. I am referring to DDoS-type attacks.

Radware Cloud WAF Service detects and blocks this type of threat in my environment by blocking them and then showing them to me in interactive dashboards with the source IP addresses.

The dashboards work very well to understand the focus of the threat, the origin of the attacks, and to create interactive reports to explain in dashboards where each attack comes from and to block the sources.

The best features offered by Radware Cloud WAF Service are the dashboard and the ease of blocking attacks.

On a day-to-day basis, the most useful features of the dashboard make things easier for us because it blocks the attacks, preventing them from reaching the company's environments. In the dashboards, I get the IPs, the origin, a map showing where they are located, and the specific pages that are attacked.

Radware Cloud WAF Service positively impacts my organization as it saves us headaches when we have attacks since it blocks them. I have noticed a specific change in security, a reduction of incidents, and improvements in response times since I started using the tool, as problems have decreased with fewer attacks.

Radware Cloud WAF Service could be improved by making exporting dashboards easier.

I have been working in the area of systems administration for five years.

I consider Radware Cloud WAF Service to be stable in my environment.

I rate the scalability of Radware Cloud WAF Service as it adapts very well to growth or changes in my organization.

My experience with Radware Cloud WAF Service customer support could be better.

I did not use any other solution before implementing Radware Cloud WAF Service.

Before choosing Radware Cloud WAF Service, I did not evaluate other options.

I have seen a return on investment since I started using Radware Cloud WAF Service with time savings.

That time savings translates into my day-to-day work or my team's processes by eliminating the need for us to block the sources; Radware Cloud WAF Service blocks them automatically.

My experience with the pricing, implementation cost, and licenses of Radware Cloud WAF Service has been good. The only thing is that I would lower the price, but otherwise it's great.

My advice to other companies that are considering using Radware Cloud WAF Service is that they should buy it because it makes your work life better. I give Radware Cloud WAF Service a rating of 9 out of 10.

I use Radware Cloud WAF Service to protect customers from cyber attacks, mostly SQL injections, cross-site scripting, and degradation with DDoS attacks.

Almost every day, cyber attackers are trying to disrupt the correct functionality of the application for our customers, so I review the console in Radware Cloud WAF Service, searching for strange behavior. If I see something that is not in place, I mostly block via geolocation or IP address or by activating the advanced protection from the applications in the tenant for the customers.

Mostly, I also create different types of rules with Radware Cloud WAF Service, varying from redirections to blacklisting, to whitelisting, exceptions, rate limiting, and others to better protect the customers.

The best features Radware Cloud WAF Service offers are mostly the advanced protections because you only need to activate them, and they protect against a lot of today's most common OWASP attacks.

The advanced protections help me in my day-to-day work with Radware Cloud WAF Service because they are very effective as they attack mostly the OWASP Top 10, and they are easy to use because you only need to activate them, and by default, they block a vast gamut of cyber attacks today.

Before our customers purchased Radware Cloud WAF Service, they had a lot of breaches in their network, and after, we successfully lowered the attack rates, and by that, we protect their applications better.

Before Radware Cloud WAF Service, our customers had almost four or five million requests, and they were not always clean, but now with Radware Cloud WAF Service, we see that we block almost 95 or 96 percent of the attacks that we are receiving.

I think the things I want to improve in Radware Cloud WAF Service are, for example, the possibility to upload CSV files with IOCs, so we can load a lot of IOCs in one load instead of loading them one by one manually.

I also want the possibility of seeing traffic in real time because I only see a dashboard with the security events, but in regards to real time, I don't see something that tells me how the traffic behavior is.

I have been using Radware Cloud WAF Service for almost three years now.

Radware Cloud WAF Service is mostly stable.

I think Radware Cloud WAF Service scales pretty well because we add more applications or users, and we don't have a problem with that.

I have a good experience with customer support for Radware Cloud WAF Service; they tend to respond quickly to our cases and they help us really well with the cases.

Positive

I used Cloudflare and Imperva before Radware Cloud WAF Service, and we switched mostly because the security in Radware Cloud WAF Service console is easier to administrate than in the other providers.

Unfortunately, I don't have metrics for return on investment because I only administrate the console.

My experience with pricing, setup cost, and licensing for Radware Cloud WAF Service is good.

I evaluated Cloudflare and Imperva before choosing Radware Cloud WAF Service.

I invite others looking into using Radware Cloud WAF Service to try it and see all the different protections that the console can provide. I would rate this solution an 8 out of 10.

The core use cases for Radware Cloud WAF Service are web application firewall functionality, DDoS protection, and protection against zero-day vulnerability and emerging threats.

The most valuable aspect of Radware Cloud WAF Service is that it supports mode detection and provides email alerts on sudden alert spikes and early warnings. The most advanced feature is the DDoS protection and the way this web handles DDoS attacks, as I am currently working in the SOC team and managing the Radware administration part.

Regarding zero-day attacks, Radware Cloud WAF Service helps us actively receive early warnings, and we raise those to the relevant teams. The services related to zero-day attacks and threat intelligence are very effective.

The dashboard of Radware Cloud WAF Service could be more interactive and user-friendly. While implementing it for the first time, it requires core technical knowledge, and without that knowledge, implementation can be quite challenging. However, the support from Radware is excellent when support cases are raised.

I have been using Radware Cloud WAF Service for three and a half years in my career after joining my current organization.

Regarding stability, I have not experienced any lagging, crashing, or downtime in my experience with Radware Cloud WAF Service.

Radware Cloud WAF Service is scalable; once we set up the entire service and it is up to date, we can onboard as many applications as our license allows.

I have contacted Radware's technical support many times, and their quality is very good as we receive timely support according to the case priority. Their engineers are skilled and capable enough to resolve issues quickly.

Positive

I have used alternatives to Radware Cloud WAF Service, specifically Akamai Web Service, which is a very popular service. One of its disadvantages is that it does not support custom ports like Radware does.

The entire process of onboarding the application for the first time with Radware Cloud WAF Service requires core technical knowledge, but with the support of Radware, it becomes much easier.

The pricing of Radware Cloud WAF Service is lower compared to Akamai, and while the price in the industry is acceptable, it is not too expensive.

The combination of negative and behavioral-based positive security models provided by Radware Cloud WAF Service is very important for my organization's security strategy, as the main purpose of Radware WAF is security.

Regarding maintenance, we receive quarterly reports, which are sufficient.

On a scale of 1-10, I rate Radware Cloud WAF Service an 8.

In my organization, we are focused on using various security measures to protect against threats, particularly those related to bots. The key product we have employed is Radware Cloud WAF Service, which primarily provides DDoS protection. This service helps us block large-scale attacks aimed at exploiting network vulnerabilities and other weaknesses in our applications.

Additionally, we utilize the Radware Cloud WAF Service to safeguard our websites and application APIs from threats like SQL injection and other malicious activities, employing various authentication methods for enhanced security. I am also working on learning about bot management, as I have been assigned a task in this area. So far, I have been studying behavioral analysis and detection methods that can identify and block malicious bots effectively.

I have worked with the API feature of Radware Cloud WAF Service and have experience with the GraphQL endpoint. While I haven't worked on advanced web attacks, I am familiar with common ones. As many applications heavily rely on APIs, it's obvious for attackers to target them. The WAF provides mobile and web app backend security for protection, and I have mainly used the bot detection and mitigation feature to detect and block malicious bot attacks.

Zero-day attacks can be particularly challenging because they exploit vulnerabilities that are not yet known to the software vendor. However, certain solutions can effectively address these threats. One of the key benefits of Radware Cloud WAF Service is its ability to detect potential vulnerabilities before they can be exploited by attackers.

Currently, there is a growing trend towards using machine learning and AI models, which can provide proactive defenses against zero-day vulnerabilities. As we know, a zero-day vulnerability can pose significant risks to any organization or system. One concept that is crucial in this context is behavior-based analysis and detection. This involves analyzing incoming suspicious requests to identify patterns that do not align with normal behavior. When such anomalies are detected, the system can alert administrators to take appropriate action. Another important feature is virtual patching. This technique can block known vulnerabilities at the edge, even before an official patch is released by the vendor. This proactive approach helps mitigate risks while waiting for a formal solution.

Source blocking is a method we employ in our organization to block incoming requests from specific sources based on the type of traffic. This approach helps us effectively identify and filter out malicious or unwanted traffic. By recognizing certain requests as malicious, we can prevent them from reaching our systems. We have blocked specific IP ranges, known malicious URLs, and other sources based on geographical locations, depending on our organization's needs. To strengthen our defenses, we use various filters tailored to our requirements, along with threat intelligence feeds and behavioral patterns. Overall, source blocking plays a crucial role in preventing attacks and enhancing our security posture, especially against brute force attacks originating from known malicious IPs.

Radware Bot Manager, a security tool that helps identify and manage bot traffic and malicious bot attacks, is important for organizations that face heavy traffic loads. Bot Manager helps reduce bot attacks and secure us from threats. I have experience with behavior analytics, custom rules, and the bot detection engine, which focuses on identifying malicious bots and securing APIs from automated abuse.

What I appreciate most about Radware Cloud WAF Service is that it includes all the aspects that an organization wants to run smoothly, such as overall configuration and real-time protection methods, customization of rule creation, fast deployment, and vital visibility in environment maintenance. Its maintenance cost is very low unlike others, and the real-time dashboards show us who is attacking and what types of attacks are happening in our environment or any endpoints or devices being targeted.

I appreciate the real-time protection part, especially against SQL injection and Zero-Day exploits. Radware Cloud WAF Service is beneficial for detecting Zero-Day vulnerabilities before they are exploited by attackers. With a focus on machine learning and AI models, it offers proactive defenses against these vulnerabilities. The WAF utilizes behavior-based analysis to identify anomalous requests and can virtually block known vulnerabilities at the edge before vendor patches are released.

In some cases, if the configuration of rules is too strict or complex, there might be a possibility that genuine traffic gets blocked or considered a false positive. The complexity can be lowered to improve the understanding for users or customers.

I have been using Radware Cloud WAF Service for nearly one year.

I have contacted the customer support of Radware and generally received responses within the scheduled framework, ensuring that my tasks are completed on time. I am quite satisfied with their customer support.

Positive

The initial deployment involves a specific set of stages that are quite transparent. There are several steps we typically encounter during this process. While I wouldn't describe the configuration as overly complex, I would categorize it as moderate in difficulty. I would rate it as moderate. It’s not too challenging, but it does require some attention.

I would rate Radware Cloud WAF Service a nine out of ten.

Since many of our businesses are on this application and web applications, we have a huge environment. There are more than hundreds of applications that we have. We are using it for WAF-based production, for bot and for DDoS protection.

The interface is quite concise and clear, and it is easy to navigate. I have worked with other WAFs, however, Radware Cloud WAF Service is quite easy to navigate compared to others. 

I have never had a problem with the application or any websites. Many threats are getting blocked here. Since I joined this organization and had the opportunity to compare early deployment statistics with current ones, we can see that many threats have been blocked, resulting in a very good return on investment.

With Bot Manager, we get many detections which are actually blocked, especially related to application headers. Malicious user agents are something that we get frequently and it has been blocking the majority of the threats, almost about 97-98% of threats are blocked, almost to 99% itself.

Our first line of defense for our web applications, especially on the cloud, is Radware Cloud WAF Service. Whatever comes through, including reconnaissance attempts, different types of targeted attacks, targeted threat vectors and many APT groups targeting our environment, they are getting blocked in the recon phase itself thanks to the Bot Manager.

They can work more on the documentation part. The documentation I found is quite vague. There can be more practical examples, and since we are a paid customer, they can give us arranged training. They can arrange sessions or trainings regarding using Radware Cloud WAF Service and what further things we can do. I recently learned about source blocking, so training or sessions can be organized, along with improving documentation with practical examples.

I have been using it for two and a half years since joining the new company. The company has been using the solution for quite a long time.

In the last two and a half years, I have not seen any kind of lags or issues.

Scalability is good. Our organization is quite big, so we keep on adding applications behind it. I never found an issue with lagging or non-working components due to scaling limitations. The solution is providing scalability in all aspects.

The speed and quality was good. We got a good quick turnaround time, especially in cases where we were actually under attacks and wanted blocking to work as soon as possible.

Positive

In my previous company, I have worked with other WAFs, including the F5 WAF and the cloud native WAF. I have also worked with Akamai. I found Radware Cloud WAF Service to be better compared to others.

The initial setup was quite easy. I moved around, did some R&D on my own, and it was easy to navigate.There are clear and concise filters that I can apply. Everything was on the screen. Whatever I wanted to try or do was available on the screen. I could move around in the console and try all kinds of experiments. It was quite easy and user-friendly.

Since I joined this organization and had the opportunity to compare early deployment statistics with current ones, we can see that many threats have been blocked, resulting in a very good return on investment.

Pricing is something that is decided by the top management. I am more of an operations person.

We do not use the CDN services.

I have not used the API Discovery completely, however, I have checked out the API security that comes under the WAF part, specifically the threat detection part that we are focused on. I am hearing about source blocking for the first time, which would be helpful as we would not have to manually block it.

We are using the DDoS protection and it has been blocking many DDoS attacks that we have observed. Many times when traffic slips through our DDoS protection pipelines, they are definitely getting blocked by Radware Cloud WAF Service, including anomalous rate limiting.

It took me about a week to learn the system, as I am a quick learner. There is no required maintenance as it is already taken care of by Radware. We get notifications regarding maintenance upgrades and everything, mainly for the IP blocking parts.

On a scale of one to ten, I rate this solution a nine.

We are in the post-implementation phase of using Radware Cloud WAF Service right now, but we have been using a Radware solution for about six years in our company.

Right now, we are working on transitioning our systems to the cloud. We have just obtained the license and are currently testing the system as part of the implementation process. This started back in January of this year, and we are approaching one year of use. While we are in the post-implementation phase, our corporate structure has a lot of approval processes that require multiple steps. Because of this, we can't fully transition to the protection capabilities of Cloud WAF just yet. However, we are actively using and testing it, and we are taking note of all the results.

Our company works in banking, and every day we face malicious and suspicious requests incoming to our site. Radware Cloud WAF Service is helping protect against these threats effectively. When we were using physical hardware, it would become overloaded and go down, making it impossible to protect our site. Radware Cloud WAF Service protects all of the backend applications and services by defending against malicious and suspicious requests.

Automated analytics are easy to use. When we were using manual detection, it was difficult to detect certain traffic patterns. The automatic detection is very effective.

Radware Cloud WAF Service reduces false positives compared to our previous on-premises system. After implementing Radware Cloud WAF Service, I observed the alerts and noticed a significant reduction in false positive blocking. It has more advanced capabilities, including header request searching.

We have integrated it only with Splunk so far, and it's easy to integrate.

Bot Manager's configuration is straightforward. We input IP addresses, local IPs, and configure log sending to Splunk.

The interface is really cool, especially with the dark theme. It looks clean and organized, which I appreciate. It's not complicated at all.

Support is prompt and efficient. The response to our support tickets has been quick, and I'm really happy with that. Overall, I'm glad with my experience so far.

It is easy to use for me. I've already been working with the hardware and the portal for two years now. I know where everything is, so I find it easy.

They might need to add more integrations. Adding AI-based search capabilities would be beneficial, allowing us to search for the origins of bot attacks by country. The behavioral analysis could be made more efficient. While Bot Manager has many of these features already, there is room for further enhancement.

It is stable.

It is scalable. 

The support team responds quickly to our tickets, and I am very satisfied with their service.

Positive

The Radware deployment process was straightforward and easy to install. Our company has many approvals and processes, so it took over two weeks.

Our SOC team with ten people works with this solution. Our company has two teams working on security systems with three levels of engineers. I am a level two engineer handling configuration and monitoring. The level three engineers manage major updates and have comprehensive knowledge of the system.

We conducted POC testing with three systems: Akamai, Imperva, and Radware Cloud WAF Service. We only tested Imperva and Radware because Akamai did not meet our bank corporation's policies regarding reseller companies. Imperva had too many issues.

The Imperva cloud solution was located in Hong Kong, which was too far from Mongolia and caused internet connectivity issues. After testing it, we were not satisfied. We then tested Radware Cloud WAF Service and found it easier to use, particularly since we were already using Radware Bot Manager in the cloud.

Currently, we are not using the API discovery feature as we are in the pre-implementation phase of API protection. We are focusing on getting Radware Cloud WAF Service into production first. After that, we plan to implement additional features such as API security and customer security.

In Mongolia, we do not have a CDN and are currently using Akamai CDN. The situation in Mongolia is restricted and somewhat complicated.

I would recommend this solution. Radware is the largest company in the security solutions industry. They have many prototypes and numerous integrations. This is an important aspect of the purchasing process. Another key point is their support; they provide a quick response to your inquiries. Their service is easy to use. With Radware's cloud solutions, they cover all aspects of security effectively. They are able to provide comprehensive coverage for your needs.

I would rate Radware Cloud WAF Service an eight out of ten.