Radware Cloud WAF Service Reviews

My use case for Radware Cloud WAF Service is mostly defending web applications against web application-related attacks, and it is mostly related to bots. I have onboarded multiple websites onto Radware Cloud WAF Service, so by default, it prevents SQL injection, cross-site scripting, and other attacks, and it even detects any bots and fake account creations on our main website.

The best feature in Radware Cloud WAF Service is its bot management, as there are many fake account creations on our website, and this feature is great. I also use Radware Cloud WAF Service for load balancing and DDoS-type attacks, fulfilling multiple use cases.

The effectiveness of automated blocking in the Radware Cloud WAF Service stems from its ability to automatically block known botnets, proxies, and malicious IPs from the global threat intelligence feed, making it highly beneficial. 

Our environment is safe due in part to behavior and anomaly detection, which provides IP-based, subnet-based, and country-based blocking.

I use the automated source blocking feature in Radware Cloud WAF Service. From my experience regarding incoming bot traffic, I discovered there were DDoS attacks in some areas, with multiple botnets being created, which were automatically blocked by Radware Cloud WAF Service due to the recognition of known botnets.

My thoughts on the automated analytics for looking at events in Radware Cloud WAF Service are positive; it learns automatically based on behaviors and threat intelligence IP addresses, blocking anomalies. If an anomaly is found, we get a detection and it is automatically blocked, while the model learns the traffic patterns of onboarded applications, aiding in the fine-tuning of security policies.

I use the API discovery feature for IP blocking. My impressions of the end-to-end API protection within Radware Cloud WAF Service are that both communications are encrypted, providing security during API discovery, which also offers authentication before accessing anything. After successful authentication, it is helpful for access and authentication, as well as traffic prevention.

I use the CDN services offered by Radware together with Cloud WAF Service for load balancing. Using CDN together with Radware Cloud WAF Service is easy, as everything can be implemented at one point, protecting against web application attacks and DDoS attacks. This integration is quite good.

Radware Cloud WAF Service has helped reduce false positives, although I have not encountered many use cases, since we have around seven to ten applications onboarded. We have numerous instances in the prevention of malicious IPs and blocking web attacks, but for false positives, I can say it is about ten to 20 percent.

The real-time BLA detection and mitigation in Radware Cloud WAF Service has affected threat management positively; while it might sometimes trigger false positives, it effectively detects behavior and helps block threats about 50% of the time.

In Radware Cloud WAF Service, areas for improvement include behavioral and anomaly detection, where it could be better by reducing false positives. The AI feature can also improve; while the API is fine, behavioral and anomaly detection sometimes learns automatically from the traffic, potentially triggering false alerts.

I have been using Radware Cloud WAF Service for around two to three years.

Regarding the stability of the solution, I have observed some downtime in the portal, however, not in other respects, so I would rate it a seven out of ten.

I would rate the scalability of Radware Cloud WAF Service a nine out of ten, as it is pretty good.

I would rate the technical support of Radware Cloud WAF Service a seven to eight out of ten.

Positive

My thoughts on Radware Cloud WAF Service's integration with other systems and applications are mostly positive; it's a pretty easy setup, as we just need to provide our applications and get ready to onboard. It is not complicated, and we just need to enable different services.

I am not much aware of the pricing; however, I've seen different WAF pricing, and this seems to be okay, cheaper.

When comparing Radware Cloud WAF Service with other WAF solutions, I find that some features are missing in other companies, which makes Radware Cloud WAF Service different. 

Additionally, the support that Radware Cloud WAF Service provides is good, unlike some others where the support is lacking.

I definitely recommend this product to other users, as it is a good product for those needing to protect their applications from fake account creations and web application attacks. 

On a scale of one to ten, I rate Radware Cloud WAF Service a nine out of ten.

The primary use case for Radware Cloud WAF Service is DDoS protection and web application firewalls. My clients use it for these purposes as they want to be protected by a web application firewall against attacks on their websites.

The most valuable features of Radware Cloud WAF Service include its automation and learning capabilities for protection, as well as its superior bot mitigation. The precise negative security on the web application firewall is also noteworthy. Additionally, the onboarding process is smooth, allowing customers the unique ability to use the web application firewall on the cloud.

Radware needs to improve the certificate renewal process for customers who want to be secured with HTTPS. Some other web application firewalls have a mechanism that allows automatic certificate uploads, which Radware could adopt. 

Also, improvements could be made to be more precise on the negative security perspective.

I have been using Radware Cloud WAF Service for about two years.

Radware Cloud WAF Service is very stable, with no experienced downtime on Radware's part. I give it a stability rating of eight out of ten.

Radware Cloud WAF Service is quite scalable, with a rating of eight out of ten.

The technical support for Radware Cloud WAF Service is excellent. They are knowledgeable, speak the technical language, respond quickly, and work collaboratively to overcome challenges. I rate the customer service nine out of ten.

Positive

The initial setup is straightforward, involving adding an A record in the customer's infrastructure and ensuring the right certificate is in place.

Radware Cloud WAF Service pricing falls on the pricier side with a rating of seven out of ten. It may not have helped reduce the total cost of ownership.

I evaluated other solutions like Incapsula, Impreva, and F5 before choosing Radware.

I advise conducting a POC to ensure that Radware Cloud WAF Service meets specific needs in terms of maintenance and understanding. It takes complex tasks, like web application firewall functions, and simplifies them for customer ease. 

I rate the overall solution eight to eight and a half out of ten.

Radware offers a cloud, software, and hardware-based solution. It deals with all three platforms. 

1. They have a hardware device on which their software can be installed. We can manage all the load balancing with it. 

2. Similarly, for the Radware software, we can install the OVA file on our server and configure all the admin backend servers on it to perform services. 

3. In the cloud, we can use their API service to create a virtual platform for clients on which they can deploy and run their applications.

Cloud WAF blocks unknown threats and attacks. We have a monitoring tool, and security patches are released monthly. We can deploy these signatures on the WAF, which identifies threats based on IPs. There are multiple signatures for various attacks, like bot attacks, that we can monitor.

There is a forensic dashboard where we can identify real-time events, hits, and blocks. If there are genuine requests being blocked, we can deploy a custom page with a case number for users to resolve issues. For example, if a user triggers the Web Application Firewall (WAF) due to a misinterpreted service, they will see a blocking page with a case number. There's also an option to refine the WAF settings if it blocks a genuine request.

I also work with the API discovery feature in the Cloud solution. Once the API is enabled and the application vendor provides the API key, we can deploy our application. If the API is correct, it functions properly; otherwise, issues are highlighted on the dashboard. For example, cross-site scripting is blocked at the label level.

API discovery is straightforward to use. There is an option to add the API stream. If the API is correct, it will be processed; otherwise, the API service is blocked.

The dashboard provides multiple features and analytics tools to identify API issues. If there is a cost issue with an API, it can be identified, and we can report it.

It's not difficult to work with the API discovery feature because everything is reflected on the forensic dashboard. There's an option within the dashboard, under the security section, where you define the correct API. You can also identify and exclude specific APIs if needed. There's only one option to add to the API stream. If the API is correct, it will be processed; otherwise, it's blocked.

It's not difficult to identify API issues because when we define the API call, and it is incorrect or not valid, it won't sync with the vendor's application. They identify this and generate a blocking request, which helps us easily identify the issue.

It's mostly for the Alteon service. The Alteon load balancing part, particularly the SSL offloading and WAF offloading, is crucial. Offloading allows us to monitor and identify issues easily. I believe the SSL offloading is the most valuable feature.

It's easy to use, and the configurations are similar across different vendors. Compared to F5 and Citrix, Radware is easier to communicate with and use. The configuration process is simple, involving the creation of groups and pools, much like in F5. The SSL offloading is also very easy. Overall, I think it's a good solution.

The service we use through the cloud is very easy. We have one dashboard to manage everything, which is convenient.

The analytic dashboard could be integrated with other platforms like Splunk. In Splunk, the dashboard shows multiple things, and I think Radware could improve its dashboard in that regard.

In the WAF part, there are multiple things that are initiated, such as updates and patches. There's a global issue right now that we need to monitor on our side. I think the ability to monitor server-level updates and patches should be integrated into the WAF.

I have been using it for three to four years. 

If we raise an issue, they usually identify and resolve it by the end of the day or the next day. There haven't been any escalated cases on the cloud. However, we did encounter one issue regarding the filter and signature. We created a policy to block access from Pakistan, Bangladesh, and other specific locations.

Although the policy was in place and checked, users from those locations were still able to access the application. This was a bug that we reported to the technical team. They identified an issue with their software version and provided us with a new version to update. After the update, the blocking feature worked correctly.

It's scalable. We can customize it as per our requirements. We can customize it in most cases.

In the State Bank of India project, we deployed it, and I believe two or three other banks are using Radware's WAF. Some applications are deployed globally, meaning they're used in Australia, America, and multiple countries. We have multiple deployment options for that. For example, the YONO application is deployed globally and used by many users in different countries. We can easily identify and track that traffic on the dashboard.

In addition, they have also deployed the DDoS service in WAF. So, in case of a DDoS attack or something similar, they can easily identify and monitor it.

It's software-only, so most of the time it works as intended. However, I did raise one request about a filter option in the dashboard not working perfectly. We identified that there was a version issue, and they fixed it in a new patch. They were able to easily identify and resolve the version issue.

They are not globally available but can manage and support us within a range of five to seven. They can usually provide support easily.

Neutral

I have worked on Citrix as well. Both Citrix and Radware are similar, but in Citrix, some things are more lengthy. Radware is better integrated and easier to understand, so anyone can use it.

I haven't directly compared them, but F5 is very popular globally. Both are similar, but Radware lags behind F5 in a few features.

In terms of user experience and management, Radware is easier. However, F5 has better performance. 

Both are cost-effective, but Radware is less expensive because F5 licenses are costly. Technically, Radware is easier to understand.  

We currently use the integrated WAF option on the same device in our application (SBI). There is no dedicated WAF solution. There are two options: license-based and integrated. Using the integrated part helps to identify blocks and other issues effectively.

Integrating with other systems and applications in the environment:

Integration is not difficult. In the dashboard, under the policy section, we can find virtual services and easily enable the API service. Once enabled, WAF monitoring should also be enabled. We can then identify the application's requirements, like JSON ID, cookies, headers, what should be whitelisted, body size, etc. 

We can gather this information from the application owner during deployment to determine what needs to be whitelisted, such as extensions, zip files, XML files, and cookies.

Once we deploy an application, it doesn't take too much time because the application is already deployed. We also use the load balancing feature, so we just need to enable the security web application service. There is an option for this under virtual services where we can also enable it for bot protection. I think anyone can easily manage it if they know about these things.

Radware is signature-based. The patches and signatures are important because we cannot easily monitor them ourselves. They are regularly updated, I think, weekly, so that's helpful. I think this regular update makes it easier for us.

We are a managed service provider (MSP) for Radware. The technical support is handled directly by Radware, but we manage the technical aspects.

We use integrated and cloud solutions because we manage multiple applications for multiple vendors. Some vendors are using the integrated WAF, which is good. The cloud part is also managed by us, not the customer. We deploy everything, including signatures and patches, if needed.

We can deploy it within a month. It's very easy to deploy and work with. If you create load balancing and WAF configurations, both are very simple. The deployment process is easy if you know how to configure it. Anyone who knows the basics of networking and security can easily deploy it. The dashboard and management are also simple. There is no confusion.

If you're creating a virtual service, you can easily create the virtual service port and configure the backend server. It's very simple.

In F5, when creating a group, you need to take one pool service. But in Radware, you can create one group and easily select it. The dashboard and configuration in Radware are very simple.

We mostly deploy in one-arm mode, but there's also a two-arm mode. In one-arm mode, all applications and servers are on the same subnet. We take a single IP from the subnet (e.g., 10.86.11.x). We need three IPs: one for management and two for deployment and virtual services. 

When deploying an application, we can use the same IP range. We deploy all backend servers on the virtual service. We select the backend servers and multiple ports based on the requirements. We then configure the services on the virtual service and review everything. For networking, we need to do NATing if the application is globally accessible, which is also very simple.

The dashboard and conciliation aspects are straightforward in Radware.

Just as in the same domain, we can deploy mainly in one-arm mode, or two-arm mode. There are two different modes. Okay? But typically, we deploy in one-arm mode. In this mode, all applications and services should be on the same subnet. We can take a single IP from the same subnet, for example, if you have a subnet of twenty-three, like 10.86.11.something. We require three IPs in total. One IP for management, and two others for deployment and the virtual service. If we deploy an application, we can use that same IP range. We take it. And on this virtual service, we can deploy to all back-end servers. We can select the back-end server and multiple ports based on the requirements. We can select the ports we need and configure the services on them. On the virtual service, we can configure all the services and review everything. For networking, we need a NATing part if the application is globally accessible so we can NAT through their public IP. It's a very simple deployment process.

For a new project, it might take longer than a month due to approvals and networking configurations. These processes, especially to get approvals for NATing and network paths, can be take time. That's why it takes almost two months. However, if everything is ready, deployment and testing can be completed within five to ten days.

Two resources are enough for the deployment. From a maintenance perspective, not much is needed.

It does bring ROI.

Radware is less expensive because F5 licenses are costly. F5 charges for each and every license. For every virtual service you create, you need to pay additional license fees. The licenses are more COSTLY compared to Radware. 

Radware also has lower annual maintenance costs (AMC) compared to F5. F5 is more expensive than Radware, but it's the leading product globally.

It's not very costly because everything is license-based, all things depend on the license and annual maintenance contract (AMC). If you have an AMC, the cost will be higher. Without an AMC, the cost is less because the product itself is less expensive. But if you have the AMC, the cost will be higher.

If companies provide the signatures and patches perfectly because we can't easily identify new viruses or threats, we rely on the solution company to regularly update their software and devices. Radware is one such company that updates its patches and signatures monthly. They allow us to review all the CVEs and update their patches accordingly. So, I think it's a good option.

Overall, I would rate it a seven out of ten because there are some issues in the cloud part, where it lags. 

We use Radware Cloud WAF Service to monitor and protect against data packet applications from websites and web applications.

Radware Cloud WAF Service excels at blocking unknown threats and attacks. It achieves this by providing real-time threat monitoring and reporting across all devices and platforms within our network regardless of the system we're using.

Cloud WAF's automated analytics simplify the process of identifying anomalies in network traffic. This is achieved by analyzing events and correlating them with captured data packets. The WAF can capture data at all seven layers of the OSI model, ensuring comprehensive network flow analysis.

Cloud WAF provides effective end-to-end protection for APIs.

Using the API discovery feature is easy.

The CDN Service works together with its Cloud WAF to secure our applications. Since most threats target the application layer, we leverage the Radware API to monitor activity and receive reports for further analysis and protection. Using Radware CDN Service, and Cloud WAF together is easy.

It offers a comprehensive range of benefits. It provides detailed reporting on network security, allowing us to monitor traffic across all routes. The WAF can then identify and block malicious activity within shared traffic, forwarding only clean traffic to our organization. This proactive approach effectively defines and protects our systems from harmful attacks.

Cloud WAF has helped reduce the number of false positives we receive through fine-tuning by 90 percent.

Radware Cloud WAF is a Cloud platform, so it allows for easy integration with other systems in our environment.

It has helped free up around 60 percent of the time for our IT team to focus on other projects and has helped reduce our total cost of ownership.

The benefits of Radware Cloud WAF Service became readily apparent soon after implementation. We experienced this firsthand through the prompt support we received and the solutions provided to address our most critical security threats.

The most valuable feature is the monitoring dashboard that we access through the portal.

The Cloud Portal has room for improvement.

I have been using Radware Cloud WAF Service for around five years.

I would rate the stability of Radware Cloud WAF Service ten out of ten.

I would rate the scalability of Radware Cloud WAF Service nine out of ten.

Our experience with Radware support has been positive. Our partnership with them grants us access to privileged customer tools and the customer community. This allows us to utilize valuable resources such as blogs and troubleshooting guides, ensuring we can effectively address any issues that may arise.

Positive

The implementation took three years to complete and we had three people involved.

We have seen around a 60 percent return on investment from Radware Cloud WAF Service.

Radware Cloud WAF Service falls within a mid-range price bracket compared to other web application firewall solutions.

I would rate Radware Cloud WAF Service ten out of ten.

We have around 500 customers utilizing the Radware Cloud WAF Service.

Radware provides a sufficient product that doesn't require maintenance from our end.

For comprehensive cloud and load balancing protection, I highly recommend Radware Cloud WAF Service to all organizations.

We provide our clients with Cloud WAF Service, which enables us to detect and report web shell attacks against their servers. 

The main benefit is that all traffic is shifted by the cloud service, which exists outside the customer's infrastructure. It's highly efficient. Many customers have problems inside the infrastructure that must be efficiently detected. With Cloud WAF we can notify our client when an attack is outside and detect when a web shell script is already running on the server. This information helps the client understand what's happening with the web shell.

We've reduced many false positives using Cloud WAF Service. The learning period is helpful. Radware sends a policy with a lot of information that helps the customer observe and design their policies to eliminate false positives.

Cloud WAF saves us a lot of time because we face many strong attacks. It helps us modify the back end and implement some policies to prevent more attacks.

The best feature is the SQL injection signatures, and another is the DDoS protection. Radware is more efficient than other solutions. It handles unknown threats very well. We face many bad requests with malware that are expensive to remedy. Radware's service center in the cloud helps a lot. 

Radware's bot manager can be improved because it's very complicated to implement for apps. Radware could also add alerts by WhatsApp or Telegram. It only sends notifications via email or SMS.

We have had issues with Cloud WAF one or two times, but the service works fine most of the time.

Cloud WAF scales very well. 

I rate Radware support nine out of 10. They have a simple platform for opening tickets, and they respond quickly. 

Our previous solution was hard to install, but Cloud WAF is straightforward because it's cloud-based. You add the certificate for the business and point it to the IP. Deployment is very fast. It takes 30 minutes to an hour.  Cloud WAF requires some maintenance when a customer changes their website or programs. We need to adjust the policies.

I rate Radware Cloud WAF Service eight out of 10. It is the best solution for stopping DDoS attacks. 

We are a data center company that hosts a variety of applications for our customers. We use these applications for two purposes: internal protection and external customer protection. Currently, all of our internal applications are hosted on the cloud and are safeguarded by the Cloud WAF service. Our customers also use the Cloud WAF service to protect their applications from external threats. 

We aim to provide our customers with 99.99 percent infrastructure availability and 99.95 percent service uptime. When we guarantee availability and security, we must ensure we have the strongest security measures in your environment. That is the highest priority for the company.

We've deployed Radware for various applications in our environment. We have also successfully used it in heterogeneous customer environments without any issues. We have some internet-facing applications like SAP and Oracle. Our company has custom Java-based and .NET-based applications. The clients' ERP environments may also be vulnerable because they are the company's heart. We deploy and host many ERP environments and protect them against external attacks.

Radware Cloud WAF Service's ability to block unknown threats and attacks is useful. Radware Cloud WAF Service's best feature is its ability to protect against and log a wide range of unknown threats as part of its offerings.

I can confidently say that Radware Cloud WAF Service serves as a comprehensive solution for both our current and prospective customers, generating revenue for us. This service guarantees high uptime and availability of all our business applications while reducing overall operational complexity.

Automated event analytics are effective. We have automated event monitoring, which provides us with excellent analytical dashboards that help us identify any issues. These dashboards report, track, monitor, and ultimately resolve the issues. Therefore, the mitigation process is highly effective when utilizing these analytical dashboards.

We implemented API protection as a security measure, which includes an API discovery feature. This feature helps protect APIs from attacks, making it a valuable aspect of Radware Cloud WAF Service.

The API discovery feature provides outstanding end-to-end API protection. APIs play a crucial role in applications, often requiring extensive investigation. Having automated discovery and protection against external threats makes this feature even more exceptional.

API discovery is a user-friendly feature that comes with an automated algorithm. The algorithm detects APIs and generates tailored security policies to identify and log any real-time API FOCA attacks. This makes it an outstanding feature. Additionally, Radware repair protection can access the automated algorithm to discover APIs and create personalized security policies that can detect and prevent API worker attacks in real-time.

The API discovery aided in the reduction of our overhead costs by around 20 percent. The APIs are protected in real-time, which enabled us to decrease operational complexity and costs significantly.

We provide data center services and offer both public and private cloud options to our customers. Our Radware Cloud WAF Service provides comprehensive protection against bots and APIs, safeguarding all the Internet-facing applications hosted on our platform. As a result of implementing this service, our organization has greatly benefited.

The Radware Cloud WAF Service has been instrumental in reducing our false positives by nearly 25 percent. This is due to its comprehensive API protection and bot offerings, which have reduced operational complexity. 

The cost of managing the overall solution decreased because we now require fewer personnel. With the tool's significant automation and numerous analytic dashboards, customers now feel more comfortable and have greater peace of mind than before.

I would rate the integration of Radware Cloud WAF Service a nine out of ten. This solution has user-friendly integration algorithms and features that make it easy to integrate with other applications. Once we become familiar with the product, the interfaces are straightforward to use. The software has an API, which enables different applications to communicate with each other, making it the best part of the solution. Therefore, API protection is included in the software, allowing applications to interact with each other seamlessly. Consequently, customers can feel more confident when using Radware Cloud WAF Service.

Radware Cloud WAF Service reduced the effort of our IT team, therefore, freeing up their time for other projects.

Radware Cloud WAF Service helped reduce our TCO because we can now offer this service to our customers. This has resulted in generating additional revenue, contributing to the overall cost savings.

After three months of implementing the Radware Cloud WAF Service and selecting the product, we began to see time to value.

We have recently upgraded our cloud WAF to Radware Cloud WAF Service to include WAF and ADA protection, as well as watch management and Layer 7. What makes this a comprehensive offering from Radware is that it combines WAF, ADA, bot management, and API protection, which is not currently available from any other provider in the market. The most valuable aspect of our service is its ability to safeguard applications from external threats, including the API. This sets the solution apart from other web operators in the market.

The lower-level technical team at Radware could improve their approach to problem-solving as they are sometimes very slow. While the higher management is highly active and supportive, the lower management and staff may take longer to provide support, leading to delays. Proactively improving their response time could enhance their overall performance. Otherwise, customers may need to escalate issues to the higher-ups, which could be avoided.

I have been using Radware Cloud WAF Service for over three years.

Radware Cloud WAF Service is stable. We have not had any performance issues.

I give Radware Cloud WAF Service a nine out of ten for scalability.

Radware Cloud WAF is a cloud-based solution, so it's scalable. We have a 5GB contract and can always increase. If it had been on-premises, Radware would be a less-scalable solution. We can easily add capacity if needed.

We have Radware's ERT premium support which is great.

We signed the highest-level SLA with Radware called ERT Premium Services, which guarantees a five-minute response from Radware 24/7. Radware India also provides support. We call management if we have an issue, and they take care of it. Radware also has an excellent knowledge base and community forums.

A few months ago, we had an attack at night and needed immediate support. I called the director of Radware India, and he immediately lined up the entire support team within a few minutes. They resolved the issue as soon as the ticket entered their system. In five minutes, we got support from the most senior employee of Radware India. When we were implementing the Radware DDoS, the management maintained communication with us and helped us get started fast.

It was the same with the Radware load balancer. We subscribed to the new load balancers, which we needed to provide additional capacity for our company over the next five years, and management was there to guide us in the right direction.

Positive

Compared to previous solutions, Radware Cloud WAF Service is a reliable product, especially when combined with senior management support. If we obtain both, such as contacting the senior manager, the Managing Director of Redwood in India, we can expect a response in a matter of minutes. This is the service's greatest advantage.

The initial setup was straightforward because we had the help of the Radware specialists. The implementation strategy involved conducting a brief proof of concept for a few applications within the entire solution. Once the POC was successful, we proceeded to deploy it in the test environment. After testing, we moved it to production within three months.

Our L1, L2, and L3 support, with the assistance of Radware, completed the deployment in five weeks on the back end.

Radware Cloud WAF Service is deployed in the cloud for internal applications hosted on Yotta, as well as for customers who chose to use this service.

The entire deployment took around six weeks, from the planning stage to the final rollout. We deployed the architecture, created the MSSP, configured the links, and created the domain names. We developed the implementation strategy with Radware and its partner. We first deployed the solution for approximately 20 or so internal applications. In phase two, we opened the solution up to customers.

After deployment, Radware WAF doesn't require much maintenance aside from updates and periodic maintenance windows on the vendor side.

Radware's partner helped with the implementation.

We experienced a positive return on investment of up to 50 percent, due to our ability to reduce false positives. This led to a significant decrease in the effort required to manage the solution and a reduction in the overall cost of ownership. Additionally, the solution generated revenue from customers as we can now identify and address external threats to their environment. As a result, we also receive renewals. This is the most significant benefit of the solution.

When compared to Akamai and F5, Radware's pricing and licensing are highly competitive. In fact, Radware offers the best price along with excellent licensing pricing. Moreover, we received ERP premium support as a part of the package, which would otherwise be a service that incurs a high cost.

We conducted an evaluation of F5 Advanced WAF and Akamai Web Application Protector, both of which performed well. However, the standout feature was Radware's five-minute SLA on their premium ERT support. This evaluation considers three factors: the product, the SLA, and the management support. Radware offers the highest level of ERP payment support with a response time of five minutes. Additionally, if any issues arise, we have the option to escalate to Radware's senior management, and we can expect a response from Radware's MD within a few minutes. When considering the product, SLA, and management support as a whole, we believe that Radware Cloud WAF Service is the best option.

I give Radware Cloud WAF Service a nine out of ten.

As of now, we have not had to maintain the solution.

I recommend Radware Cloud WAF Service for any organization which wants to be free from external threats.

A year ago, people were only talking about the WAF application firewall. Today, we refer to WAAP, which provides increased protection against threats and vulnerabilities. Radware came out with this innovative offering called WAAP, including, WAF, API and bot protection, and DDoS. This is an innovative solution. If you want peace of mind, Cloud WAF is a one-stop shop for your security needs. Radware WAAP is a comprehensive security solution.

After a security breach on one of our web applications, we transitioned to a cloud-based web application firewall solution. We chose Radware Cloud WAF Service to protect our critical web applications.

I would rate Radware Cloud WAF Service's ability to block unknown threats and attacks as nine out of ten.

Radware Cloud WAF Service initially operated in a learning mode for the first week after deployment, gathering data. Once it switched to action mode, we began to experience the service's full benefits.

Cloud WAF has helped reduce our false positives by 20 percent.

We have implemented Cloud WAF in conjunction with Alteon, and we are currently integrating a bot manager and web application DDoS protection. The integration was easy because we were accompanied by Radware.

Cloud WAF has helped free up our IT team for other projects.

The most valuable feature of Radware Cloud WAF Service is the visibility into attacks that are being cut off instantly.

It would be ideal if Radware could offer a bundled package that includes Cloud WAF, web DDoS protection, bot manager, and Alteon for a more comprehensive security solution.

I have been using Radware Cloud WAF Service for two and a half years.

Radware Cloud WAF Service is scalable.

Radware Cloud WAF Service met our scaling requirements.

The technical support is great. I have nothing bad to say about them.

Positive

The initial deployment process went smoothly and was completed in three weeks by a five-person team consisting of two representatives from our organization and three from Radware.

The pricing is fair. We pay for what we need.

After evaluating Radware Cloud WAF Service against other options and confirming its leading position in Gartner's Magic Quadrant for Web Application Firewalls, we chose it for our web security needs.

I would rate Radware Cloud WAF Service nine out of ten.

No maintenance is required on our end.

Radware Cloud WAF Service does what is expected and reduces the number of attacks on our web applications.

Initially, all our services were on-premises, but we decided to move many of them to the Azure cloud to make them accessible to our customers. However, we discovered that certain attacks were going undetected and the native tools in Azure cloud were inadequate for protecting against them. As a result, our expenses were increasing due to resource exhaustion. To address this issue, we consulted with our vendors and found a Cloud WAF hardware solution. Once we implemented Radware Cloud WAF Service and combined it with application controls, bot protection, and DDoS services, our expenses were reduced by 80 percent. This was a remarkable achievement.

I report every month on any incidents involving our public assets. One particular use case that I focus on is geo attacks, which help identify who is attempting to access these resources from locations outside of our Southeast US customer base. This helps reduce unnecessary noise. We also have private APIs that are only accessible to specific vendors, and it's important to secure them with an access list. Although it is a basic measure, it allows me to monitor who is attempting to access those resources. The unknown threat aspect of it is not a frequent occurrence.

Radware Cloud WAF Service provides excellent automated analytics for event analysis. Its visibility feature alone is a selling point for the product. When we initially invest in cloud services, it can be difficult to monitor activity. We only receive a bill indicating increased CPU and RAM usage. The analytics provided by Radware Cloud WAF Service has been extremely helpful in this regard.

Radware Cloud WAF Service has significantly reduced our Azure bill by filtering out unnecessary CPU, compute, and bandwidth usage on the front end. Previously, we experienced a lot of errors and serious issues due to APIs being exposed, and our developers could not always understand why these errors occurred. However, once we implemented Radware Cloud WAF Service, it significantly reduced the noise and eliminated malicious data. As a result, our developer logs now look good, and we can identify who is targeting us and their intentions through the provided metrics. It has been incredibly helpful from a management perspective as we can present them with dashboard metrics showing how the tool is blocking and protecting us. They appreciate this information.

Radware Cloud WAF Service has helped reduce our false positives by 90 percent.

We quickly recognized the value of the Radware Cloud WAF Service upon deployment. However, we needed to ensure that the business owners understood the changes being made. Upon activating the spot protection and geolocation service, we noticed a significant decrease in illegitimate traffic. Prior to the implementation, we were receiving an overwhelming amount of hits, averaging between 150,000 to 160,000 per hour on certain pages. Once the services were activated, this number decreased to only 2,000 to 3,000 hits per hour, indicating that a majority of the previous traffic was not legitimate. This allowed us to reduce our footprint in Azure and do so immediately. It is evident that the internet is filled with a vast amount of illegitimate traffic, with many individuals scanning for open services. The implementation of Radware Cloud WAF Service helped eliminate this issue within a day.

Before the introduction of Azure cloud-native tools, monitoring visibility was inadequate, making it difficult to identify the cause of resource attacks. With the current visibility dashboard, we can now obtain insight into the nature of attacks, identify attackers, and detect top IP or threat regions. This dashboard has proven to be helpful in improving our ability to identify and respond to attacks.

Radware Cloud WAF Service has significantly reduced the number of attacks and improved our visibility. However, there are some areas where it could improve its maturity. Previously, the interface, Bot manager, and Cloud WAF were separate interfaces, but they have now been merged into one dashboard. However, the current setup is somewhat cumbersome, and there is room for improvement in this area.

Radware Cloud WAF Service has limited integrations, and I would like to see it integrate with our use of Azure DevOps. Specifically, I would like it to be able to automatically detect and protect new APIs and changes made to existing ones, utilizing the API discovery and protection features. Currently, there is no integration for this. If we use a SIM, we can receive email alerts or check the dashboard for information on the types of attacks, but this is not an ideal or modern approach to alerting. It would be beneficial for the service to integrate with top enterprise tools like SIEM, allowing for more efficient and effective alerting and logging. Unfortunately, there are currently no native tie-ins for some of the products we use, requiring us to set up email notifications to our SIM. Therefore, integrating with enterprise tools for alerting and SIM purposes would be greatly appreciated.

I wish to have improved integrations with larger vendor tools, such as alerting systems or SIMs, to enable us to pull and query performance metrics for analysis. As a fairly large organization, we require a tool that can consolidate data from multiple applications into a single location for better visibility and decision-making. Unfortunately, we are currently unable to extract this data into any of our existing systems.

I have been using Radware Cloud WAF Service for two years.

I have only experienced one outage with Radware Cloud WAF Service in the past two years, so I would say that it is very reliable and stable.

The interfaces have significantly improved, but we had numerous queries about their functionalities and how to enable specific capabilities for monitoring purposes. We had to spend a considerable amount of time trying to understand the process, such as what we needed to turn on and how to turn it on, as well as interpreting the log entries. As a result, we had to contact support multiple times, which involved a lot of back and forth. Additionally, during certain periods, our services were targeted by heavy DDoS attacks, and we had to rely on support heavily to mitigate them. There were a few instances where we had to request significant assistance from support.

Positive

Previously, we utilized Azure Application Gateway, which included a built-in WAF capability. However, due to its cumbersome nature and limited capabilities, approximately 10 percent of Radware Cloud WAF Service, we switched to Radware. Azure CloudApp lacked reporting functionality, making it difficult for us to identify attack sources, methods, and user agents.

In comparison to Azure Application Gateway, Radware Cloud WAF Service has the ability to detect all types of attacks. While using Azure, there were a few attacks that utilized a unique combination of user agent strengths which Azure Cloud WAF was unable to detect. Due to limitations in the user registry and signature attack type, it could not comprehend how to prevent these attacks. Therefore, we opted to switch to Radware Cloud WAF Service, which was better suited to meet our security needs.

Setting up Cloud WAF was straightforward, but the bot protection was a bit of a mess initially. When the product was first launched, separate dashboards were provided for both services, giving the impression that they had separate support from the company. However, over the last two years, they have been consolidated into a single dashboard, making deployment and management much easier. Despite the initial difficulty with bot protection, Cloud WAF was ultimately easy to deploy. We required two people for the deployment.

The implementation was completed in-house.

We assessed Citrix Web App and Imperva DDoS, and Microsoft urged us to test their latest version of Cloud WAF. However, we declined their offer and instead opted for Radware Cloud WAF Service because it was effortless to implement. We were able to turn it on and have it working on the same day without requiring extensive integration, which was necessary for the other options we considered. We preferred a plug-and-play solution with a minimal learning curve. Radware Cloud WAF Service met these requirements and has been functioning well.

I give Radware Cloud WAF Service a nine out of ten.

We are interested in utilizing the API discovery feature, but since we frequently make changes to our APIs using a DevOps pipeline, our APIs change on a regular basis, almost every two weeks. Our company's current goal is automation, and all changes to the environments must be done through a coded pipeline with variables. Unfortunately, the API discovery feature may slow down our automation capabilities, making it difficult to push changes every two weeks unless the interface is improved. While we would like to take advantage of the API mapping and different attack techniques, we cannot use the feature until it becomes more mature and integrated with our automated pipeline.

We deploy the solution across one location.

The ability to log in and review data and logs is a crucial feature for me when choosing a Cloud WAF. While most services have similar capabilities, the differentiator lies in how well they can parse and present the data. I had trouble with Citrix as it was difficult to obtain and interpret the data to prevent attacks. However, Imperva has an excellent interface for pulling data, which helps us make informed decisions. Radware stood out as the best in both areas, with their dashboard being user-friendly and responsive. The implementation was also straightforward as all the necessary information was readily available. It only took a few hours to set up a new site, making it easy to go live quickly.