Radware Cloud WAF Service Reviews

My main use case for Radware Cloud WAF Service is blocking the IPs of hackers, SQL injections, and others for protecting the domains of Gran Melia Resort.

In my experience, the best feature of Radware Cloud WAF Service is its strong protection for public-facing domains and web applications. Its ability to block common web attacks and the visibility it gives into suspicious traffic and threats improves the security posture of our online services without adding too much operational complexity.

Radware Cloud WAF Service has positively impacted our organization by giving us peace of mind with suspicious traffic, fewer web security concerns on public services, and more confidence in the protection of our applications. It has helped us maintain service availability more effectively during suspicious traffic situations.

Radware Cloud WAF Service could be improved with a simpler management interface, more detailed reporting, and easier policy tuning for day-to-day administration. The service is strong, but improving its usability, reporting clarity, and day-to-day policy management would make it even better. A more streamlined administrative experience would be very valuable.

I have been working in my current field for three years.

Radware Cloud WAF Service has been very stable in our experience, and we have not had any problems with the service.

Radware Cloud WAF Service has shown good scalability in our experience. It has been able to support our needs reliably as requirements grow without causing issues in daily operations.

The customer support for Radware Cloud WAF Service has been very good. We are happy with the support provided and the overall responsiveness of the team.

We did not use a different solution before Radware Cloud WAF Service.

I would recommend clearly defining our protection needs and public-facing services from the start so the setup can be aligned with our environment. If security and reliable support are important for our organization, Radware Cloud WAF Service is a strong option to consider.

Our only relationship with the vendor is as a customer.

I have seen a return on investment with Radware Cloud WAF Service mainly in terms of time saved, lower operational risk, and better protection of our public-facing services.

Before choosing Radware Cloud WAF Service, we also evaluated other well-known options such as Cloudflare, Akamai, and Imperva.

Radware Cloud WAF Service is deployed in a public cloud environment. I would rate this review as a ten out of ten.

We have COTS and SaaS applications that are onboarded behind this Radware Cloud WAF Service. We are leveraging the Radware SaaS platform, and that is how it is being used; we have huge traffic hitting every day on the applications hosted behind it.

The Bot Manager operates on the concept of AI/ML and is essential for our security strategy. The security events and alerts generated by the Bot Manager are crucial, enabling us to stop numerous attacks from various sources. By using the Bot Manager, we've discovered important insights about our incoming bot traffic that we weren't aware of before. Previously, we did not have that functionality, but after enabling Bot Manager, we began receiving alerts and visibility into anomalies that we weren't aware of. This added visibility allows us to monitor identified traffic, with some already blocked while still keeping others under watch, protecting our applications from excessive traffic through Radware Cloud WAF Service.

The real-time BLA detection and mitigation processes have significantly enhanced our threat management with Radware Cloud WAF Service. Enabling various blades, including this real-time functionality, ensures we have visibility and can block undesired traffic effectively.

I have tried using the API discovery feature with the Radware Cloud WAF Service for almost all of our onboarded applications, and it's pretty straightforward. It provides useful results, and our application penetration testing team leverages it significantly, making it very helpful for gathering data during tests. 

We have integrated Radware Cloud WAF Service with our SIEM tool to capture audit logs and security events. The integration process is quite simple, thanks to the available connectors and developed methodologies, making it one of the simplest integrations we've done, even though they have limited connectors and integrations at this point.

Incorporating Radware's combination of negative and behavioral-based positive security models is becoming essential for our security strategy as we delve into the AI world and machine learning. User analytics and behavior analysis are very important, with anomalies flagged by the analytics engine running behind the traffic hitting the Radware Cloud WAF Service.

What I appreciate the most about Radware Cloud WAF Service is that the UI is quick and very simple. Ease of administration is crucial since I'm the administrator looking after it. The functionality they have, starting from onboarding applications to managing them, is pretty straightforward; modifications, additions, or deletions are completed without complex codes or scripts. Additionally, the data populated post-onboarding includes both an executive view and detailed views for security analysts, which are incredibly helpful. If we compare this to other Cloud WAFs, we often don't get as much information for many security alerts, requiring deeper investigation. However, with Radware Cloud WAF Service, details are available when opening any security alerts, making the process more efficient.

Source blocking is a straightforward feature in the Radware Cloud WAF Service. We can easily block or whitelist traffic coming from certain geo-locations or specific IPs. I find that feature nicely implemented in a simple manner.

The web DDoS protection, particularly HTTP L7, is critical and has helped us immensely. It provides visibility, especially over port 80 and 443, as well as custom ports offered by Radware, and has proven essential for preventing denial-of-service attacks, whether distributed or isolated.

The automated analytics for looking at events is where there is room for improvisation in the Radware Cloud WAF Service. They are working on improving the automated capabilities of workflows and integrating AI, but it's not quite up to the mark yet. There's a lot of work to be done since various customers have different requirements, and any implemented automated features should provide expected results.

They need to improve the support side. Information should be more readily available on their support portal, especially knowledge-based articles for customers to resolve queries independently. The support portal used to be slow, and the UI experience was less than ideal, although it has improved over time. Additionally, the lack of an AI chatbot has been a downside, though we have been notified that functionality is in development now.

On the reporting side, customization options are limited; creating tailored reports is currently not possible, which is a significant drawback since full customization is crucial for effective data presentation.

I have been using Radware Cloud WAF Service for two and a half years.

In terms of stability, Radware Cloud WAF Service operates at 99.99% uptime. I have never witnessed any lagging, crashing, or downtime.

Scalability isn't an issue with Radware Cloud WAF Service; we can onboard as many applications as we need, and since it operates in the cloud, they effectively expand their resources as required.

I have contacted technical support with Radware Cloud WAF Service numerous times, mainly because I am the administrator overseeing all features. I regularly interact with their support team and customer success managers. The quality of support from Radware Cloud WAF Service is good; however, they must improve the speed of addressing customer queries, especially for straightforward questions. They adhere to policies but need to resolve blockers for customers much quicker. There's substantial room for improvement on their support side. I would give a score of seven out of ten for the quality of support received from Radware Cloud WAF Service based on my current experiences.

Neutral

I have used alternatives to Radware Cloud WAF Service, including Akamai, which we leveraged for different purposes, but that service is being discontinued.

The initial deployment with Radware Cloud WAF Service was straightforward and lacked complexity. There wasn't much information needed, making it easy to set up.

There is no maintenance required on our end since Radware Cloud WAF Service is a cloud-based and SaaS product. They manage everything, and we only need to monitor our applications.

Pricing with Radware Cloud WAF Service depends on the applications we want to onboard and how negotiations go between our technical commercial teams and Radware. Based on all current deals, it has been a win-win situation for both parties, and I feel satisfied with the pricing.

When it comes to false positives with Radware Cloud WAF Service, we absolutely get a lot of them. Whenever we onboard new applications, it's expected to encounter numerous false positives, which will mature over time. We have tweaked our queries to improve the ratio of true positives versus false positives, and now we don't see as many false positives compared to when we started with Radware Cloud WAF Service. It is important to note that onboarding applications with high traffic will still likely yield some false positives, which is expected in the cybersecurity world, but we see it maturing over time. 

With regards to protecting against zero-day attacks using Radware Cloud WAF Service, we haven't seen any such attacks being caught or flagged by the Radware team. While we do catch information from various sources, media, and other channels, we feel there isn't a reliable tool that can notify us of zero-day detections at the outset.

We don't use any CDN services with the Radware Cloud WAF Service at the moment. All our applications are on-prem, accessed from specific geo-locations, and currently, we don't require CDN services. 

We are not using the PCI DSS 4 extension compliance with Radware Cloud WAF Service, as we don't have any applications storing sensitive records.

I would rate Radware Cloud WAF Service a nine out of ten.

The use case is protection for all  web applications. This includes the applications we serve via critical workloads. We are utilizing Radware Cloud WAF Service for this protection.

In addition to protecting our production environment, we also implement Layer 7 protections, DDoS protections, and other security measures. We have established a detailed level of protection for all of our applications.

I am satisfied with Radware Cloud WAF Service's ability to block unknown threats and attacks, as the moment we enable protection for specific applications, it starts working. For instance, we receive results indicating whether there's any unusual activity. This system operates like Software as a Service (SaaS). You don't have to worry about the underlying algorithms or the conditions that need to be applied. It's essentially a plug-and-play solution, making it easy to use.

The automated analytics of Radware Cloud WAF Service are quite effective. They inspect and remediate DDoS attacks quickly by monitoring any suspicious activity and reporting it, demonstrating the power of their deployed algorithms.

I use the CDN service offered by Radware together with Radware Cloud WAF Service, and I find it feasible because it provides faster responses for users accessing our applications, especially when it's caching configurations and monitoring protection simultaneously.

Radware Cloud WAF Service has saved me more than 30% of my time, as it's very easy to spin up any application with just a few clicks.

I receive reports every 30 days. The live metrics are visible on their dashboard, showing the current status of all applications and the number of hits, including false positives.

The automated source blocking features of Radware Cloud WAF Service have a proactive and holistic approach. It effectively protects applications with default methods for any sort of protection, though some of those methods generate false positives that we need to adjust based on our needs.

In terms of compliance, we are following GDPR, and to adhere to this compliance, we have chosen the required region to ensure all incoming traffic is treated accordingly. I find Radware Cloud WAF Service good with respect to my compliance needs, providing services in all required regions.

I really appreciate the DDoS protection that Radware Cloud WAF Service provides, especially because it reacted well to multiple DDoS attacks on my applications in the last couple of months without any signs of issues being reported.

Their Network Operation Center (NOC) is very proactive in monitoring the health status and metrics continuously. Whenever they identify an issue, they do not delay in informing me or my team, making them very proactive.

Radware Cloud WAF Service has helped reduce false positives, but we do experience some false positives, such as when certain URIs or headers are incorrectly flagged as malicious, and we need Radware to refine those to treat as genuine traffic, achieving about a 25% reduction in false positives.

There is an area for improvement in Radware Cloud WAF Service, specifically regarding the visibility of default algorithms or source blocking systems that create false positives, as it would help if customers could see these blocks to isolate problems quickly without needing to reach out for tech support. There are various blocking systems in place, including some default algorithms that can block a lot of content. Unfortunately, this can lead to false positives, making it difficult to determine whether an issue is being caused by Radware WAF or something else. As a customer, we can't see what's happening behind the scenes because it's a SaaS service. I would suggest that if there are any blocks, they should be clearly visible to us. This would allow us to isolate the problem and understand whether it's related to the WAF or another source. Currently, these blockings are not transparent; they remain hidden until we reach out to the tech support teams. Often, we only find out about the issues from them, which leaves us unaware of the problems as they aren't displayed in the portal. These behind-the-scenes elements should be available. I understand it would have read-only access. That's acceptable, but it should be visible so we can isolate issues quickly.

We have been using it for the last one and a half years.

The service is always available to us. I would rate the stability of Radware Cloud WAF Service as a nine out of ten, as we rarely experience downtime, bugs, or glitches.

I rate the scalability of Radware Cloud WAF Service as a seven out of ten, fitting well with our approximately 8,000 users.

I rate the technical support of Radware Cloud WAF Service as an eight out of ten.

Positive

I find the deployment of Radware Cloud WAF Service to be moderate in complexity, as it takes months to complete based upon requirement

More than 8,000 users work with Radware Cloud WAF Service. While it does require maintenance, it is not a concern for us since it's a SaaS service, meaning they maintain everything on the backend while we focus on uptime.

The pricing for Radware Cloud WAF Service is cost-efficient for us, especially since we have opted for a big bundle that includes not only the Cloud WAF but also Radware other products.

We did not assess any other vendor as we have been using Radware from the beginning and are already familiar with its features, knowing it is fully integrated with our requirements and custom ports for web applications. While comparing Radware Cloud WAF Service with other WAF solutions, the biggest advantage is its seamless integration with my environment, and their tech support and NOC support are better than several other WAF services.

The combination of negative and behavioral-based positive security models is important for my security strategy, and we have defined a ratio of 70% to 30%, where it properly blocks what we define, and false positives are adjusted for all applications.

I would recommend Radware Cloud WAF Service to other users because it offers excellent WAF protection services that work like a plug-and-play solution without needing to worry about algorithms. However, the deployment time could be a drawback.

Overall, I would rate Radware Cloud WAF Service an eight out of ten.

My main use case for Radware Cloud WAF Service is to protect domains with the WAF services. I am mainly using Radware Cloud WAF Service to protect my web services, and it has helped me address SQL injection, DDoS, and every malware attack which we are protecting our domains.

The best features of Radware Cloud WAF Service are valuable for protecting our domains with day-to-day attacks, including fake URLs so that we can maintain our domains to best practice for the users.

Since using Radware Cloud WAF Service, when we onboard our domains in the WAF, it has become very easy to track down things for the domains, allowing us to protect against fake domain attacks and track with that false domain.

It reduces incidents and also saves real-time because our domains contain very sensitive data, which gives us a clear vision to protect that with the WAF.

Radware Cloud WAF Service must improve by providing clearer directions; it is not recommended for new users to have bulky features, but the WAF is doing very well as we receive prompt responses regarding alerts, and we can track easy logs findings.

I have been using Radware Cloud WAF Service for the past four years.

In my experience, Radware Cloud WAF Service is stable with no downtime or reliability issues, and we receive notifications regarding any changes or downtime prior, which makes it easy to notify our users.

Radware Cloud WAF Service can handle growth easily as our needs increase.

The experience with customer support is very good because when I raise a case, I will receive prompt responses and continuous follow-ups regarding the tickets.

I do not know regarding money saved, but definitely, the time saving with the WAF is very useful because nowadays, saving time for employees and your organization is the best practice.

Regarding pricing, if an organization wants to protect their domains with a clear and very good experience with WAF services, I do not think the price is an issue because for perfect security with the domains, you will get the best services for the pricing.

I would advise others looking into using Radware Cloud WAF Service to go for this WAF because it is very helpful and very protective for the domain.

The main use case my organization has for Radware Cloud WAF Service is the protection of websites. A concrete example of how my organization uses Radware Cloud WAF Service to protect these websites is that the platform is protected by hardware against attacks such as SQL Injection.

Radware Cloud WAF Service is very good, and there are various features such as DDoS for blocking mass attacks. The best features offered by Radware Cloud WAF Service include that it is SaaS. The features I consider to be the best include a user-friendly interface, very good support, fast response times, and very advanced tools for blocking Zero-day attacks. The positive impact of Radware Cloud WAF Service on my organization is the defense of the websites of our clients, since hackers constantly attack the websites and Radware Cloud WAF Service protects our websites. Since using Radware Cloud WAF Service, we have experienced measurable benefits such as the blocking of SQL Injection, XSS, RFI, LFI, and various injection attacks.

An aspect that could be improved in Radware Cloud WAF Service is having more reports. I would prefer that part to be improved by having the data presented in charts and more visual dashboards in order to have a more accurate analysis of what is happening in real time.

I have been using Radware Cloud WAF Service for two years.

I consider Radware Cloud WAF Service to be a stable solution.

I have not needed to scale the initial service yet, as it still meets my needs.

I would rate Radware's customer support for Radware Cloud WAF Service as very good. On a scale from one to ten, I would rate customer support a ten.

We used other solutions before Radware Cloud WAF Service, and then we migrated to Radware.

Before choosing Radware Cloud WAF Service, we evaluated other options, considering it being SaaS in the cloud because of the ease of configuration and maintenance.

I rate Radware Cloud WAF Service a ten overall. I give it a ten because I appreciate the platform, the support, the blocking capabilities of the tool, the features, the infrastructure, and the ease of use. I would advise other professionals considering using Radware Cloud WAF Service that it is very good, very fast, and very simple to understand and configure, although I do not have information about the price.

We are generally using the Radware Cloud WAF Service to secure our external web applications. We are not using the API Discovery feature as of now, but we are using the Web DDoS module of the Radware Cloud WAF Service.

Radware Cloud WAF Service has reduced the time needed for management. Overall, it saves us time. At the start, we had to give a lot of time to Radware Cloud WAF Service as we were unaware of the portal. Now, we have automated most parts, and we are just checking it once a day for about 10 to 15 minutes.

The combination of negative and behavioral-based positive security models for our security strategy was helpful. We had a number of requests that were not supposed to be entertained by the web server. Now, we are blocking them via the WAF. Regarding protecting against zero-day attacks, we have not received any zero-day attacks so far.

We use the source blocking feature with IP blocks. The solution's proactive and holistic approach based on cross-module correlation has effectively protected our applications. Earlier, we allowed most IPs to access our application, but now, with that module, we only allow certain IPs from which we genuinely expect requests, significantly reducing attack traffic and bandwidth utilization.

The mitigation has been very good. We have not seen many false positives compared to our previous experiences, and the mitigation has been good as of now.

The integration process was easy and smooth. However, many of our systems are not integrated with Radware Cloud WAF Service. 

The best feature of the Radware Cloud WAF Service would be that it is easy to use. The panel itself is very easy to understand, and we can get along with the panel easily. Also, the security features provided by Radware Cloud WAF Service are very good as compared to other vendors. Apart from that, the features are good.

The log feature in Radware Cloud WAF Service has some limitations. Unfortunately, the portal does not provide much information. If there is an issue, we may need to raise a case with the vendor to obtain further details. Aside from that, the other features are quite good.

In the Radware Cloud WAF Service, areas that have room for improvement include the logs part. Currently, we only see logs for requests that are getting blocked. It would be helpful if there was a feature to view all application traffic logs. Also, the visibility on the configured rules in Radware Cloud WAF Service is not better; we do not have any visibility on those rules. The two areas are logs and the visibility of rules, which need improvement.

I have been using the Radware Cloud WAF Service for more than a year and a half.

Regarding stability, I would rate it an eight out of ten.

For scalability, I would rate it a nine out of ten.

Currently, we have six users working with the solution.

It has been good. I would rate their support as a nine out of ten.

Apart from the Radware Cloud WAF Service, we tried F5 Cloud WAF as well. As compared to F5, using Radware Cloud WAF Service was easy to use and easy to understand. All the security features we require are straight away given in the console. Creating an application and enabling the security features is not much harder as compared to F5.

The deployment of the solution was easy.

The solution does not require any maintenance.

We purchased the solution through a partner.

Overall, the Radware Cloud WAF Service has helped reduce our false positives significantly, reducing our bandwidth cost. We can say it has halved the bandwidth cost by blocking true positive attack traffic.

It was better and efficient compared to other vendors.

Regarding securing business continuity with the Web DDoS feature for HTTP L7, we had a couple of applications with a DNS entry receiving false alerts, which meant false traffic. This caused a huge consumption of our bandwidth, so we raised a case with Radware. They suggested we use the Web DDoS feature. By using that feature, we are blocking most of the true positive requests that we should not be entertaining on our bandwidth, saving costs on bandwidth as well.

We keep the controls on report mode, analyze the logs for about seven days, and if we find any true false positives, we check on them. After seven days, we move the controls to block mode.

We are not using the CDN service offered by Radware with the Cloud WAF Service. 

I would recommend Radware Cloud WAF Service to other users. My overall rating for this solution is a nine out of ten.

My use case for Radware Cloud WAF Service is mostly defending web applications against web application-related attacks, and it is mostly related to bots. I have onboarded multiple websites onto Radware Cloud WAF Service, so by default, it prevents SQL injection, cross-site scripting, and other attacks, and it even detects any bots and fake account creations on our main website.

The best feature in Radware Cloud WAF Service is its bot management, as there are many fake account creations on our website, and this feature is great. I also use Radware Cloud WAF Service for load balancing and DDoS-type attacks, fulfilling multiple use cases.

The effectiveness of automated blocking in the Radware Cloud WAF Service stems from its ability to automatically block known botnets, proxies, and malicious IPs from the global threat intelligence feed, making it highly beneficial. 

Our environment is safe due in part to behavior and anomaly detection, which provides IP-based, subnet-based, and country-based blocking.

I use the automated source blocking feature in Radware Cloud WAF Service. From my experience regarding incoming bot traffic, I discovered there were DDoS attacks in some areas, with multiple botnets being created, which were automatically blocked by Radware Cloud WAF Service due to the recognition of known botnets.

My thoughts on the automated analytics for looking at events in Radware Cloud WAF Service are positive; it learns automatically based on behaviors and threat intelligence IP addresses, blocking anomalies. If an anomaly is found, we get a detection and it is automatically blocked, while the model learns the traffic patterns of onboarded applications, aiding in the fine-tuning of security policies.

I use the API discovery feature for IP blocking. My impressions of the end-to-end API protection within Radware Cloud WAF Service are that both communications are encrypted, providing security during API discovery, which also offers authentication before accessing anything. After successful authentication, it is helpful for access and authentication, as well as traffic prevention.

I use the CDN services offered by Radware together with Cloud WAF Service for load balancing. Using CDN together with Radware Cloud WAF Service is easy, as everything can be implemented at one point, protecting against web application attacks and DDoS attacks. This integration is quite good.

Radware Cloud WAF Service has helped reduce false positives, although I have not encountered many use cases, since we have around seven to ten applications onboarded. We have numerous instances in the prevention of malicious IPs and blocking web attacks, but for false positives, I can say it is about ten to 20 percent.

The real-time BLA detection and mitigation in Radware Cloud WAF Service has affected threat management positively; while it might sometimes trigger false positives, it effectively detects behavior and helps block threats about 50% of the time.

In Radware Cloud WAF Service, areas for improvement include behavioral and anomaly detection, where it could be better by reducing false positives. The AI feature can also improve; while the API is fine, behavioral and anomaly detection sometimes learns automatically from the traffic, potentially triggering false alerts.

I have been using Radware Cloud WAF Service for around two to three years.

Regarding the stability of the solution, I have observed some downtime in the portal, however, not in other respects, so I would rate it a seven out of ten.

I would rate the scalability of Radware Cloud WAF Service a nine out of ten, as it is pretty good.

I would rate the technical support of Radware Cloud WAF Service a seven to eight out of ten.

Positive

My thoughts on Radware Cloud WAF Service's integration with other systems and applications are mostly positive; it's a pretty easy setup, as we just need to provide our applications and get ready to onboard. It is not complicated, and we just need to enable different services.

I am not much aware of the pricing; however, I've seen different WAF pricing, and this seems to be okay, cheaper.

When comparing Radware Cloud WAF Service with other WAF solutions, I find that some features are missing in other companies, which makes Radware Cloud WAF Service different. 

Additionally, the support that Radware Cloud WAF Service provides is good, unlike some others where the support is lacking.

I definitely recommend this product to other users, as it is a good product for those needing to protect their applications from fake account creations and web application attacks. 

On a scale of one to ten, I rate Radware Cloud WAF Service a nine out of ten.

We are a Data Center company with a lot of internal applications and customers. Our primary use case is to protect all internal applications hosted on Public Cloud with Radware Cloud WAF. This protection is crucial for safeguarding our customers' applications from external threats and ensuring high availability and security.

The most important aspect of Radware Cloud WAF is that it is over the cloud, offering a comprehensive solution that includes WAF, API protection, bots, and Layer 7 DDoS. This combination efficiently blocks a large number of unknown threats and ensures high security and uptime for our internal applications as well as our customers' applications, making it a revenue-generating tool. Cloud WAF provides excellent analytical dashboards that allow us to report, track, and resolve many issues quickly.

The reporting features could be more intuitive with more real-time monitoring, which would help make faster decisions. While false positives have reduced by 35%, more granular control can simplify it for new users. The initial complexity should be reduced to make it simpler for new customers. Furthermore, support staff needs to be more proactive so that issues can be resolved at lower levels without escalation.

I have been using Radware Cloud WAF for four years.

There has been downtime only once in the last year. Otherwise, the product has been stable.

Since it's a Cloud WAF, it is always scalable. We can subscribe to more applications and protections as needed.

We have ERT premium support with a five-minute SLA, and the service has been reliable. We have additional support from Radware management. The quality of support is excellent, and we haven't faced any major issues.

Positive

Previously, I used to work with F5 WAF in my earlier company, not the current one.

The initial setup was complex and took a long time to complete.

We used a dedicated team for deployment as we wanted to train our team thoroughly.

Radware Cloud WAF has helped reduce false positives and efforts, which in turn, improved the total cost of ownership by freeing up time to focus on other projects.

Pricing could be more competitive, especially for smaller customers. However, the technical excellence of the product balances out the pricing aspect.

Earlier, I used F5 WAF in a different company.

Overall, I would rate Cloud WAF nine out of ten. 

Despite its initial complexity, the product is a one-stop shop for our cloud security needs. It integrates well with applications, simplifying protection and operations. 

I recommend Radware can make further improvements in pricing and simplifying initial use for new customers.