Radware Cloud WAF Service Reviews

Our company infrastructure is supported in AWS, and we use Cloud WAF to protect most of our applications, including mobile apps, our main website, and other business-related apps. 

We have many applications in the AWS cloud, including API gateways and balancers, so the backend is made up of all our apps and network load balancer. We use the solution as a frontend protection tool, and the integration is simple, uncomplicated, and works fine.  

The most significant benefit of using Cloud WAF is the robust protection it provides, particularly against Layer 7 attacks. We've been protected against attacks on our website, and in the case of one DDoS attack, Radware supported us in detecting the attack behavior and blocking the threat. The block took five to ten minutes, we configured the solution to account for the specific behavior of the attack, and we re-established our website. 

The product significantly reduced our false positives, as we previously had many. We had more false positives just after the implementation, but following some reconfiguration and changing some features with the help of Radware's implementation team, the tool works fine. We only have a few false positives; we've seen a reduction of around 80%.  

Cloud WAF helps to free up our IT staff for other projects and saves us significant time. I manage the solution and log into the console around once a week; it takes very little time to configure. The tool doesn't require continuous supervision, just infrequent configuration changes, five times a month.  

Geo-blocking is one of the most valuable features we use the most; most of our users are in North, Central, and South America, so we use geo-blocking to block access from other countries.

In our experience, Cloud WAF effectively prevents unknown threats and attacks. We have received reports of attacks in the past, but the product successfully blocked them. In a few instances, we contacted Radware support for assistance in blocking specific attacks. Despite experiencing around three incidents over the past four years, we are satisfied with the solution's performance and have not encountered any further issues.  

The solution's automated analytics for looking at events works great, as it has a model that can analyze the traffic and respond to an attack. We can also configure the tool to block or allow specific traffic based on the analytics.

We receive many reports from our security team of IPs flagged by our security tools, such as Palo Alto. I cannot add the file containing the IPs to get them blocked; instead, I have to contact Radware support and open a ticket for them to do it. I need to be able to block flagged IPs myself, as it currently takes more time to open a ticket, contact the support team, and wait four to six hours for a response. I want to be able to upload a file with 2,000-3,000 IPs in the console and then apply and save the configuration.

We've been using the solution for four to five years. 

The solution is highly stable; we never had a direct issue with the tool in four years, so it's very solid. 

The solution is highly scalable; we can apply multiple servers and add applications to Radware almost immediately. 

We have contacted support on multiple occasions, and they are excellent, though it depends upon the case. If we have a P1 issue, we can contact support by calling them directly, which takes up to 15 minutes. For non-critical regular tickets, these can take between four and six hours, which is good. If we have multiple issues, we can enter a Zoom call with support, and they will help us to block malicious traffic, for example. I rate them nine out of ten.

Positive

The initial setup was very straightforward, and we implemented with a team of three or four staff. The product doesn't require any maintenance on our side; we sometimes receive emails informing us Radware will carry out maintenance, but it never affects the company.

We are based in El Salvador and don't have a direct license with Radware; we purchase the license through resellers. The pricing is reasonable, as I managed an Akamai product in a previous position, and Cloud WAF is competitively priced.

I rate the solution nine out of ten. 

Radware is very valuable to our business, the deployment is simple, and it only took a couple of weeks to see that value. 

My advice to others considering the solution is that it's a good tool. Regarding security, it's an excellent and feature-rich product that can protect your website, is easy to configure, and has strong support. The Radware technical support staff are very experienced and knowledgeable about their product. We can also generate periodic reports, and Cloud WAF is a great solution that will help improve your work.

We had adware attack mitigation systems and DDoS appliances in place, but these are primarily designed to handle flood attacks. We found that our frontend pages, including our online banking, were being attacked by bots. Hundreds of these connections created such a high load on our backend web servers that they failed to respond to legitimate requests. 

Our primary use case for Cloud WAF is to stop these malicious bots from continuously calling up web pages. They look legitimate, but they constantly call or refresh the web page.

We haven't integrated much yet. Cloud WAF is protecting our frontend pages, but our banking profile for logging our backend financial transactions sits behind our corporate frontend pages. Cloud WAF is also protecting that piece. Once we've completed protecting our landing pages, we'll start working on our other applications. 

From a financial point of view, we no longer constantly need to appropriate more horsepower to our backend web servers to service these requests because Cloud WAF is preventing malicious bots from accessing our web page. It reduced the load on our backend. 

We don't have all the in-house expertise to investigate a typical HTTPS request to see what's happening. We rely on Radware's emergency response team to provide us with biweekly feedback saying, "This is what we've observed and what we recommend." 

By using Radware Cloud WAF, we don't need to hire web threat specialists. We can rely on Radware's emergency response team to fine-tune our policies. Spinning up a web application firewall on our own is a long and challenging process. It's far easier to outsource that job to Radware.

Using Radware freed up resources, especially on the web side. We would typically require an internal team to look after the web pages, but that has been outsourced to Radware. Now, those employees can shift their focus to other projects, and they need not worry about what Radware's doing because they know that it's in the capable hands of an experienced team. 

Cloud WAF reduced our false positives. That's one feature Radware is known for. We get very few false positives, but when we do, we bring them up during our biweekly meeting with the Radware team. They help refine our policies so we no longer see the same issue. Most Radware products perform exceptionally well at eliminating false positives.

It's hard for us to quantify the reduction of false positives because it's a relatively new product. We'll start collecting these metrics toward the end of 2023. Based on our customer call center's feedback, we haven't received complaints about blocking legitimate traffic. When we adopted Cloud WAF, that was a concern our business units had. Some were worried we would deny a lot of traffic. That hasn't been a problem thus far. 

We now have more accurate statistics about legitimate website visitors because we've eliminated those malicious bots that artificially inflated the number of hits on our website. It was creating a false impression that we had an unusually high number of hits. Traditionally, they were there for web scraping, but we eliminated unwanted traffic pushing up our analytics. Google Analytics gave us the impression that we had a ton of traffic. Those figures have gone down because we've eliminated the baddies.

The most valuable components are the bot manager Radware offers as part of graph services and the WAF component. We haven't begun using the API protection, but we plan to implement that in the latter half of 2023. We're also looking at the content delivery network feature. CDN serves static web pages from the Cloud WAF to speed up processes. 

We recognize the potential value of the CDN function. It's part of Cloud WAF, so it can also be enabled relatively quickly. The CDN function offers specific bolt-on security because the application services are protected, and the CDN function is a click away. It doesn't require changes to our backend applications. We only need to use a TNA, and we will have access to the CDN features.

We're currently getting our money's worth from the WAF, the bot manager, and the DDoS components. We see a lot of value in these three components of Cloud WAF.

Our current web protection relies on a negative security model. In other words, we use signatures for known threats. We will eventually transition to a proactive security model Cloud WAF can accommodate where we deny everything by default and only allow specific things. 

We're currently vulnerable to zero-day attacks because we depend on known signatures. We're looking forward to shifting to a positive security model from the WAF we use in conjunction with the bot manager. Radware's intelligence about known bots is an extreme value add to us. 

The automated analysis of events is intuitive and user-friendly because we're not flooded with thousands and thousands of events. The analytics features provide a summary, so there's no need to look for something line by line. It's aggregated into a nice simplified event with the option to drill down for more details. 

We can investigate if we experience issues from a specific subset of customers. For example, we can search by ISP, URL, or IP address. Cloud WAF adds a lot of value by enabling us to pinpoint where we are experiencing an issue.

Our only complaint is the reporting on the DDoS side. We also use Radware for on-premises DDoS protection and their Vision product. I just want to paint you an example. We face so many Layer 3 and Layer 4 DDoS attacks on Cloud WAF. The reporting on those types of attacks can be improved.

We started a pilot project in April 2022 and purchased Cloud WAF in November 2022.

Cloud WAF has been extremely stable. We only had one service interruption during our proof of concept, but it has been reliable since we went live. We've never needed to make a DNS entry change and redirect that web traffic back to our perimeter. 

In the beginning, we were constantly watching it, but we don't have to check on it now that we know it's working. 

We haven't experienced any scalability issues because we requested all the throughput needed for our necessary applications or services from a bandwidth and billions of transactions per month. 

I rate Radware support a ten out of ten. I'm pleased so far. Everything was new to us in the initial phases. We called or emailed them, and they helped us within five minutes. Now, we follow the standard process where we log a case ticket and get a response in ten minutes. 

Positive

We used on-premises security solutions, but we are moving to cloud-based applications. Radware has done such an excellent job with our perimeter and cloud DDoS services. They were the only ones who correctly identified our issue with these small low-bandwidth usage attacks coming that look legitimate to the existing web solution. We piloted the web and bot manager solutions, and we were astonished by the number of malicious bots accessing our website and how that impacts our KPIs.

The WAF service runs on Radware's cloud. Their infrastructure is in a neutral co-location. Radware is able to offer the same protection for our on-prem equipment because it uses Nginx. Cloud WAF can protect on-prem systems plus AWS and Azure clouds.

The onboarding was quick. We finished within half an hour and moved some services onto the Cloud WAF within an hour. The beauty of the solution is that it requires no major changes on the customer side. You make a DNS entry change to point your website to the Radware hardware.

There is no maintenance on our side. We have a strict SLA with Radware that requires notification far in advance about maintenance on their end. They typically avoid maintenance at the end of the month, which is a busy period because people need to do banking. They also do not do maintenance during a year-end freeze. They only do maintenance on one location at a time, so if they take one down, we can continue working on the other. They have built that availability in South Africa.

We haven't seen a return on investment, but we expect to see that in the third year. If we set this up ourselves, we would need to pay for all the necessary appliances, hardware, VMs, and internal staff. Outsourcing to the Cloud WAF solution saved us capital expenses but increased our operational expenditures. We'll have some stats on the total cost of ownership by the end of the year. The time to spin up our own WAF service would be a lot longer than paying for Cloud WAF to protect our applications. 

A yearly license worked out to be a lot cheaper than what other competitors offered for an on-prem solution. We negotiated with Radware and managed to strike a good deal. The company was accommodating to our particular needs as a financial institution. We had to test things for pre-production and spin-up because they charge per FQDN as a service or an application.

When it came to pre-production testing, they set it up for us with a minimal charge, so our QA and UA teams could do testing. We saw the value added from DDoS protection for Layer 3 and Layer 4 attacks. It includes API protection. We had to pay extra for bot managers, but the pricing is competitive overall.

If you plan to deploy Cloud WAF, keep in mind that the product is priced based on the megabits of traffic that pass through and the number of transactions. You should get your requirements correct up front. The active attackers feed and CDN services cost extra, so you need to negotiate these features up front. 

Another company had a similar service but didn't have a presence in South Africa. Radware has got two locations in the country, and that was a deciding factor. There were other financial institutions and retailers on the cloud, so it was easy to decide that we no longer wanted to do this on-premises. We decided that it was better to let Radware spin up and maintain the hardware.

I rate Radware Cloud WAF a ten out of ten. 

No experts are required from our side, the onboarding is straightforward, maintenance is easy, and Radware's security operations enable us to stay agile. 

We use the solution to protect our main public application for transportation tickets. We have the product in the cloud set up before our infrastructure, so there is no need to integrate it as if it were an appliance etc.  

Most importantly, the solution put our security team at ease. We previously had some other infrastructure to protect our servers, but having Radware in the cloud gives us confidence.

The tool helped free up our IT team for other projects and saved us significant time. It eased our workload, allowing us to work in other areas. Overall, the time savings are in the region of 10-15%.

Cloud WAF helped to reduce our false positives; we initially had a lot, but once we learned, we had very few. The solution reduced our false positives by about 80%.  

The solution requires very little maintenance; we install it, it works without any problems, is reliable, and we can almost forget about it.

Radware Cloud WAF works very well to block unknown threats and attacks; we set up some products and infrastructure beyond the solution, and they aren't detecting any threats.   

The tool's automated analytics work fine for looking at events; the fact is, we're preparing to renew our license for another three years. 

The primary area for improvement is in issue detection and understanding whether a log is a false positive. It can sometimes be a challenge to take the data of a given security event and determine if it's a genuine threat using a Wiki etc.

Navigating to find specific options can sometimes be challenging, but we only do this occasionally; we primarily control the logs, so it's not particularly significant for us.

We had some issues with the initial implementation, especially around tuning the solution to avoid false positives. 

I've been using the solution for three to four years. 

The solution was relatively unstable during the first year, and we encountered issues, but after that, it was very stable.

The technical support is excellent; they ask questions, and on rare occasions, they haven't been able to help us. However, they looked into the issues on these occasions and provided a solution a few months later.

Positive

Radware Cloud WAF is the first WAF solution we've used.

The initial setup was relatively complex; we had some DNS certificate issues, and the deployment took much longer than we expected. However, the second implementation was straightforward and much faster. We experienced DNS issues again, but we had the benefit of experience.

The initial deployment took a few weeks and was carried out by two staff members. We outsourced the solution's management to a civil security team of around ten members.

The product is excellent in terms of ROI because it has saved us a lot of time.

The pricing is fair; it's neither particularly cheap nor expensive.

I rate the solution eight out of ten, and I recommend it.

We have seen time to value with Cloud WAF, and we saw this value after around three months. Once we tuned the application to avoid false positives, we started to see a return on our investment.  

We don't currently use the API Discovery feature but plan to implement it soon.

We are a company that specializes in loyalty programs for airlines and retail businesses. Our website allows customers to log in and check their loyalty program points, redeem them for flights or other items, and purchase additional points or life miles. As this is a sensitive website that is subject to many attacks, we implemented Radware Cloud WAF Service to protect it.

The solution is deployed on the cloud. We use AWS, but the web application firewall is on Radware infrastructure.

The Radware Cloud WAF Service is an excellent solution for blocking unknown threats and attacks. We have follow-up meetings with our team every other month, and we receive a summary of all the threats the solution blocked. The metrics are very positive. Without this service, we would certainly be in trouble, as we experience a large number of attacks. The solution is very specific in identifying the region from which the attack originates, as well as the type of attack, such as mail service or SQL injection. It also provides details on how the attack was blocked.

The primary advantage of Radware Cloud WAF Service is that we can be confident that the website will not be vulnerable or that our client's accounts will not be compromised. Therefore, it is highly beneficial for us.

We have very few false positives; it is very rare. In the two and a half years I have been with the organization, there has only been one false positive. This occurred when an authentic IP from Colombia attempted to log into the website and was blocked by the WAF.

The solution definitely freed up our IT teams for other projects, as we no longer have to manage the WAF ourselves. With Radware taking care of the WAF deployment in our Amazon infrastructure, our IT personnel who would have otherwise been working on managing our application firewall can now be assigned to other projects. The solution helped save 30 hours a week.

I particularly appreciate the low administrative burden of this solution, as well as the excellent monitoring tools. I can easily view blocked requests and malicious activity in a summary dashboard without needing to intervene. The solution works well independently.

Radware does not have much online training available to help customers get the most out of this solution. For example, we do not know how to integrate the solution with other tools or take advantage of the analytics that it offers. Radware could improve access to this knowledge by providing short training sessions so that customers can benefit more from their work.

I have been using Radware Cloud WAF Service for two and a half years. 

The solution is highly reliable; we have never experienced any outages.

The scalability is completely transparent for us. For instance, on Black Friday, we experience an increase in traffic on our website, yet we don't notice anything because Radware automatically scales, so we don't need to take any action. Therefore, it is very efficient at scaling.

From a financial perspective, we have definitely reduced fraud. This has been a return on investment, as we are no longer losing money compensating customers for fraud. I cannot provide an estimated amount, but we have a team in the company dedicated to preventing fraud. There has definitely been a return on the investment.

It is slow for us to get a quote, which is something that could be improved by the sales or commercial team. However, I believe the prices are fair. We pay for each application we add to the protection, as well as for each additional website. We currently have three licenses and are satisfied with them.

We always compare Radware Cloud WAF Service to the Amazon web application firewall. We have found that Radware Cloud WAF Service is a better solution for us as it is specialized and managed, so we do not need to spend time configuring or managing the solution.

I give the solution a ten out of ten.

We do not use the solution for integrating with other applications. The only other solution is the Cloud WAF Bot Manager, which is another product from the same company. We can access it from the same account using the same credentials. I can access both dashboards, the WAF and Bot Manager, but we do not integrate them with anything else.

The solution has not been implemented in multiple locations. Most of the traffic comes from Latin America and the United States. I do not have an exact figure for the number of end users that access our website, however, I can estimate that it is in the hundreds of thousands per day.

We have never performed any maintenance from our end.

We need to understand how the solution is priced, as our company has one main website, but sometimes there are other products with different URLs and websites, so we must pay for each one. My advice to customers is to understand how this is priced so they can plan accordingly.

We use Radware to protect our applications and the portals that we share with our clients and business partners.

Among the improvements to our organization is that we are calmer regarding the use of the applications that we publish. Radware gives us a level of confidence that assures us that, if there is an attack, we have a tool that will protect us and that will block suspicious behavior.

Cloud WAF Service has also helped us reduce false positives. I don't have the exact data on how much they have decreased, but once we enter the portal we can see network connections that have an unknown IP and we can scan and block applications automatically from countries in which we do not have clients.

It has also helped save time for our IT team. We don't dedicate so much time to the threats, but we directly review the reports. We have saved about 30 percent in time invested.

One of the most valuable features we have found in the solution is protection against attacks from botnet networks and the requests that these remote networks can generate that are blocked from our servers. That frees us from having to deal with that traffic.

Cloud WAF Service has also been useful for us in terms of blocking threats because it automatically detects them, detects behavior patterns that have a threat pattern, and directly blocks them. Without making any changes or decisions, we automatically have protection.

Also, regarding the classification of events, the solution does productive work in detecting the logs where there could be threats to our applications, and that is quite useful.

We have had difficulties with the configuration of rules when it comes to allowing connections and having a list of IPs that are authorized to use a specific service. We have not been able to make a whitelist work.

For example, if we want to publish services to a limited number of providers and we only want those providers to connect, we need to forward those requests to the Radware support team and they apply them, but it takes some time. It seems to me that this long process would be faster if the configuration could exist directly in the portal. That would make things easier.

We are in our third year of use of Radware Cloud WAF Service.

We have only had one network outage which happened a while ago. Fortunately, it was short and we were quickly back in business.

We have plans to increase the use of Radware in our enterprise. There are a couple of applications that are going to be added.

The technical support is very good.

Positive

We did not have a previous solution. It was a fairly quick decision to go with Radware. It was chosen because Cisco offered a package of security solutions in which Radware was included.

The initial setup was pretty easy. An engineer from Radware helped us. We scheduled a meeting, discussed the changes that we had to make internally at the DNS level, and that's it. The engineer who helped us was assigned by Radware and we had a pretty good experience with him. On our side it required two people, our system administrator and security analyst.

The programming process and our first use of the solution were quite successful. It was deployed with a set of default rules and policies in a short amount of time, and these gave a certain level of protection for our applications. When we started using it, we understood its features and potential.

In terms of maintenance, there are changes and revisions that need to be made from time to time, mainly to check for false positives. Generally, only one person participates in that process.

We have seen return on investment through the level of reliability of the application and the optimal stability that it gives to our users.

In terms of TCO, it has not been an expense. More than anything, it has been a beneficial service that has reduced TCO by approximately 70 percent.

Radware Cloud WAF Service is a good option. It is a good tool that will definitely give you the protection you are looking for.

The most important lesson that Radware has taught me is that, as a service, it can relieve you of many application security tasks.

Foreign Language:(Spanish)

¿Cuál es nuestro caso de uso principal?

Usamos Radware para proteger nuestras aplicaciones y los portales que compartimos con nuestros clientes y socios comerciales.

¿Cómo ha ayudado a mi organización?

Entre las mejoras de nuestra organización está que estamos más tranquilos en cuanto al uso de las aplicaciones que publicamos. Radware nos da un nivel de confianza que nos asegura que si hay un ataque, tenemos una herramienta que nos protegerá y bloqueará comportamientos sospechosos.

Cloud WAF Service también nos ha ayudado a reducir los falsos positivos. No tengo los datos exactos de cuánto han disminuido, pero una vez que entramos en el portal podemos ver conexiones de red que tienen una IP desconocida y podemos escanear y bloquear aplicaciones automáticamente de países en los que no tenemos clientes.

También ha ayudado a ahorrar tiempo para nuestro equipo técnico. No dedicamos tanto tiempo a las amenazas, pero revisamos directamente los informes. Hemos ahorrado alrededor del 30 por ciento en el tiempo invertido.

¿Qué es lo más valioso?

Una de las características más valiosas que hemos encontrado en la solución es la protección contra ataques de redes botnet y las solicitudes que pueden generar estas redes remotas que son bloqueadas de nuestros servidores. Eso nos libera de tener que lidiar con ese tráfico.

Cloud WAF Service también nos ha resultado útil en términos de bloqueo de amenazas porque las detecta automáticamente, detecta patrones de comportamiento que tienen un patrón de amenaza y los bloquea directamente. Sin tener que hacer algún cambio o decisión, estamos protegidos automáticamente.

Además, en cuanto a la clasificación de eventos, la solución hace un trabajo productivo al detectar los logs donde podría haber amenazas a nuestras aplicaciones, y eso es bastante útil.

¿Qué necesita mejorar?

Hemos tenido dificultades con la configuración de reglas a la hora de permitir conexiones y tener una lista de IPs que están autorizadas para usar un servicio específico. No hemos podido hacer que una lista blanca funcione.

Por ejemplo, si queremos publicar servicios para un número limitado de proveedores y solo queremos que esos proveedores se conecten, debemos reenviar esas solicitudes al equipo de soporte de Radware y ellos las aplican, pero lleva algo de tiempo. Me parece que este largo proceso sería más rápido si la configuración pudiera existir directamente en el portal. Eso facilitaría las cosas.

¿Por cuánto tiempo he usado la solución?

Estamos en nuestro tercer año de uso del servicio Radware Cloud WAF.

¿Qué pienso sobre la estabilidad de la solución?

Solo hemos tenido una interrupción de la red que ocurrió hace un tiempo. Afortunadamente, fue breve y rápidamente volvimos a la normalidad.

¿Qué opino de la escalabilidad de la solución?

Tenemos planes para aumentar el uso de Radware en nuestra empresa. Hay un par de aplicaciones que se van a agregar.

¿Cómo son el servicio de atención al cliente y el soporte?

El soporte técnico es muy bueno.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo

¿Qué solución usé anteriormente y por qué cambié?

No teníamos una solución previa. Fue una decisión bastante rápida optar por Radware. Se eligió porque Cisco ofrecía un paquete de soluciones de seguridad en el que se incluía Radware.

¿Cómo fue la configuración inicial?

La configuración inicial fue bastante fácil. Un ingeniero de Radware nos ayudó. Programamos una reunión, discutimos los cambios que teníamos que hacer internamente a nivel de DNS y eso es todo. El ingeniero que nos ayudó fue asignado por Radware y tuvimos una experiencia bastante buena con él. Por nuestra parte, requería dos personas, nuestro administrador de sistemas y el analista de seguridad.

El proceso de programación y nuestro primer uso de la solución fueron bastante exitosos. Se implementó con un conjunto de reglas y políticas predeterminadas en un corto período de tiempo, y estas brindaron un cierto nivel de protección para nuestras aplicaciones. Cuando empezamos a usarlo, entendimos sus características y potencial.

En cuanto al mantenimiento, hay cambios y revisiones que deben realizarse de vez en cuando, principalmente para comprobar si hay falsos positivos. Generalmente, solo una persona participa en ese proceso.

¿Cuál fue nuestro Retorno de la Inversión?

Hemos visto el retorno de la inversión a través del nivel de confiabilidad de la aplicación y la estabilidad óptima que brinda a nuestros usuarios.

En términos de TCO, no ha sido un gasto. Más que nada, ha sido un servicio beneficioso que ha reducido el TCO en aproximadamente un 70 por ciento.

¿Qué otro consejo tengo?

Radware Cloud WAF Service es una buena opción. Es una buena herramienta que definitivamente te brindará la protección que buscas.

La lección más importante que me ha enseñado Radware es que, como servicio, puede liberarte de muchas tareas de seguridad de las aplicaciones.

We have external facing sites that our clients use, and it's important that those are protected. It's a traditional use case. The end-users are the firm clients trying to come into the firm using firm applications. So, this is the external perimeter, and that's the typical use case.

It gives you more insights into what may be happening in your environment. It doesn't free up people's time, but it helps them add an additional data point so that they can be better informed. In that sense, it improves efficiency. When you are in the security mindset, you want to make sure you have the ability to gain as many insights as possible for a potential attack. The intent is never around freeing up time.

It provides the first level of defense against external threats trying to come into the environment, but it's one of the many toolkits we use. 

I'm the global head of cybersecurity across all business lines with a prime focus on audit risk and compliance. I look at Radware in terms of the ability to do two things. One is being very well aware of what's happening in the industry and the threat landscape, and the relative to that is the right sizing of the product so that the product can identify those emerging threats in time and then block them. That's essentially what I'm expecting Radware to do. The ability to provide some insights into lookback is equally important, which means you found something today but that doesn't mean that it happened today. It could have happened many moons ago. That lookback is equally important. There is a lot more that is expected from Radware's automated analytics for looking at events. There needs to be more context of where protection is required these days.

I have used the API Discovery feature. It's relatively easy to use, but it pales to some of the tools that currently exist in the marketplace. They may be a little more sophisticated than what Radware provides. A lot of work needs to be done out there for the end-to-end API protection offered by the API Discovery feature. It's a good first step, but Radware isn't there yet. Similarly, in terms of integrating with other systems and applications in our environment, a lot more work needs to be done out there.

The visibility of API relative to data flow and contextual understanding of what that is for a business is extremely important, and APIs don't seem to cut it. The majority of the attacks take place in memory, so you need to make sure that there is close alignment around how you view that and draw conclusions based on that data. Right-sizing is based on the industry because some of them have the same set of APIs and the same set of structures from which you can easily draw context and draw conclusions in terms of what's happening.

We've been using it for two years. It came to us with an acquisition.

They've had one odd outage. You can't have an outage in that business. They got to get a little better for enterprise-grade.

They have been collaborative. They were eager to have the firm's business, so we received the kind of support we wanted, and that's fair. We have no complaints, and there is nothing that stands out of the ordinary. I'd rate them a seven out of ten.

Neutral

In an organization of our size, you don't have one single vendor. It's a layered defense model. You don't have one single product that you're heavily reliant on. From that perspective, Radware is a part of the ecosystem.

In terms of blocking unknown threats and attacks, Radware is at par with other firms. There is nothing extraordinary. The protection it provides is comparable. It isn't superior. It's amongst the top three or four, but it's definitely not number one.

It required tuning to meet our requirements, but that's true for all products.

It was implemented in-house. There were four people involved in its implementation.

The value proposition of a product is based on not just one feature set. It's based on the suite of features and the impact. It's no different than the value of a security guard outside the building. It's justified in case you have a major attack and it has been able to thwart that attack, but up until that point, you won't be able to say, "Hey, what is the true value that I'm getting out of this?"

When you're getting this or any other solution, you need to look at three things.

1. Is it fit for purpose? What are you getting it for, or does the solution meet the need?
2. Is it going to add value and be a strategic partner going forward? Do you see it evolving with where the threat landscape is heading and where the market is heading? Do you see a relationship?
3. Do they get it right? Are they aligned or in sync with the industry and with what the regulators are looking at? This one is generally missing in this case.

I've used CDN services offered by Radware in conjunction with Cloud WAF. Radware is in the same ballpark compared to the industry leaders, though some of the industry leaders are a little sophisticated in terms of features and offerings. However, there are certain areas towards which the industry isn't evolving, and Radware can obviously position itself so that it can succeed.

Overall, I'd rate Radware Cloud WAF Service a seven out of ten. There is a lot they can do. They're in a good position. They have their foot in the door. They need to just up their game.

We have a couple of AWS customers where we are implementing this solution.

When we are talking about the WAF use case, we just like to save the request. Whatever request you are getting on the WAF side, you can block it according to the filter. If you have any vulnerability inside the request, that will be inspected. If it's not legitimate, then it will be stopped with the help of WAF.

The solution offers good protection. It's for the L7, actually. When you are trying to protect the L7, this is a good product.

There are templates you can try which is useful.

It's easy to implement. 

The solution scales quite well. 

The solution is stable and reliable.

Technical support has been helpful.

The integration part could be better. The visibility part could improve as well. In the market, everyone is moving towards the cloud. However, the patience is not good. When we are trying to find out some information, we are not getting what we need on time. They need to arrange some more use cases for their partners, for their customers to showcase their product and show exactly how it is working, how they're capturing the market, et cetera. Right now, they aren't showcasing what can be done, making it hard to sell. 

I've found it difficult to find good documentation for cloud deployments. 

We've been using the solution over the past year. We've used it for ten months.

The stability is quite good. I would rate it a four out of five in terms of stability. It is reliable. There are no bugs or glitches. 

It is a scalable product. We don't have any issues in that regard. I'd rate it four out of five. 

We have a few customers on the solution. We have one with 15,000 POC employees, and they are using it. There are also a couple of other POCs we are working on now.

Their support has been very good. We are quite pleased with their general capabilities. We tend to also handle issues that are at an L2 or L3. If we cannot handle the client requests, we may reach out to Radware for help. 

Positive

The initial setup is not overly complex. The entire process is easy to manage. 

For deployment, I don't need many people. We do have a team of ten to 15 people who are managing all the security features. I can assign one of them to take care of tasks as necessary. One person who is knowledgeable in WAF can handle the deployment part.

Implementation is a one-time thing. However, the processing of requests is ongoing. Today, a customer has a certain requirement to maintain their compliance, so they can go ahead with the initial set of rules. In the future, if they come across different kinds of compliance, they definitely need to create new rules. Therefore, it's an ongoing process. We cannot say that is a one-time process work for a week, and we've completed it. Basically, the initial implementation can get done in a week. Within a week, we will have to also collect the rule stage information from the customer, including any other requirements. Then, after that, it's ongoing tweaking. 

We tend to perform maintenance for clients. If a customer faces any challenges, they create a case with us, and we deal with it. 

We can handle the initial setup ourselves. 

From my side, there is only one resource deployed on the project. However, there are multiple people required to gather information. From the customer side, it will require them to share what rules should be implemented and we figure out how we will proceed and what requests we will get coming into the application server.

The solution is pretty pricey. It's not a cheap option. I'd rate it a three out of five in terms of affordability.

They do offer different types of licenses, according to your needs. 

I'm a Radware partner. 

We have the latest version implemented right now. 

I'd rate the solution eight out of ten.

I would recommend the solution to people.