Radware Cloud WAF Service Reviews

We have both infrastructure protection and web application protection. Infrastructure protection is against network-level denial of service attacks, and we use the application protection for our web application firewall, which provides layer seven security.

Being a cloud service, it removes the maintenance tasks for system uptime and the maintenance of on-prem appliances. It gives security analysts much more time for SOC work in analyzing alerts and threats. With on-premises solutions, there is a lot of maintenance involved to ensure that everything is functioning properly. Much time is dedicated to maintaining on-premises products. In contrast, as a cloud product, we don't have to worry about issues related to high availability or managing multiple instances of security solutions. Maintenance tasks such as operating system upgrades and other related issues are handled for us. This allows us to focus our efforts on SOC analysis work without the burden of these maintenance responsibilities.

It helps reduce the number of false positives and also addresses sophisticated attacks that may not be detected by our traditional systems on-premises.

Alerts help us quickly narrow down the issue, allowing us to spend less time on analysis and more time addressing active threats as they occur. Automation plays a significant role in this process.

Bot Manager has been quite positive. I find it to be more than just your traditional method of examining signatures or even looking at user agent headers. It goes beyond that; it analyzes the behavioral patterns of requests. Bots have become more advanced, often trying to imitate human behavior as closely as possible. With this bot protection, certain traffic gets blocked and flagged as bot traffic. However, when I review the requests from a human perspective, it can be challenging to identify what was actually bot traffic. Fortunately, the system provides a description of why a particular request was blocked and flagged as bot traffic. Bot traffic is a lot compared to normal human traffic, about 50% more. That alone frees up a lot of compute for our applications. The performance of the applications is significantly better because the bot's traffic is effectively filtered in the cloud. Only clean traffic reaches the applications, ensuring optimal performance.

The detection for bad bots and layer seven anomaly detection is ingrained within the logic. First of all, it examines normal signatures and user agents. Additionally, there is a significant reliance on AI-driven signatures that it looks out for. It also incorporates threat intelligence, which may include insights from various sources. Another important aspect is IP reputation, which is gathered from other clients with whom these bots have interacted. Overall, I think this solution is very effective; it has worked well for us and is actually blocking the traffic as advertised.

We rely heavily on Web DDoS protection, with about ninety percent of our services being application-based. Therefore, ensuring their security is very important to us. Radware provides the security we need and guarantees that the traffic reaching our web applications and servers is clean. This gives us peace of mind. While we monitor our systems closely, knowing that Radware Cloud WAF Service has our back is essential. Overall, it plays a crucial role in our business continuity as a security solution.

Our use cases for Radware Cloud WAF Service include all of our applications, such as online banking applications, as I work for a bank. It works effectively. Our payment systems also operate through this service, and we have a few applications running over the web.

Radware Cloud WAF Service works very well for blocking unknown threats and attacks. We haven't seen any issues with that. Whenever we experienced any threat, we got accurate blocking. We haven't had any issues.

Automated analytics for looking at events are good. We have no issues with it. It gives us precise and accurate information. It helps us a lot. We're able to allowlist and check port managers and all of that.

Radware Cloud WAF Service has helped us reduce false positives by 100%. It's accurate and has significantly aided our efforts. Radware Cloud WAF Service has improved our efficiency by about 95%.

From the networking perspective, Radware Cloud WAF Service integrates very effectively with our systems and applications. However, other business units in the company find it somewhat difficult to adapt to Radware's methodology. For our networking team, we are fully utilizing it without issues, and we're looking to move everything to Radware Cloud WAF Service for our online banking, connecting backend devices to Radware Cloud WAF Service instead of F5 for load balancing. This is a big project involving eight countries, not just South Africa, and as network professionals, we truly enjoy working with Radware Cloud WAF Service.

Radware Cloud WAF Service has handled zero-day attacks effectively. It has been very helpful and has prevented numerous issues. The last time we were attacked as a bank was around 2017, before COVID, resulting in only about five minutes of downtime. Since then, smaller attacks have been mitigated by both Radware Cloud WAF Service and the Radware DPX boxes on-premises.

Radware's combination of negative and behavior-based positive security models is very important for our security strategy because threats come from various sources and can spoof our network. Our firewall system isn't strong enough to detect or block these threats, but with Radware, we feel completely safe and secure, allowing us to remain calm in the face of potential attacks.

We are using the automated source blocking feature of Radware Cloud WAF Service, and it's superb. We have been using it for less than six months, and so far, we haven't regretted the decision. The proactive and holistic approach of Radware Cloud WAF Service has been very effective in protecting our applications. After moving to Radware Cloud WAF Service, we got to know about hidden attacks that we couldn't identify before. In the past, we could not identify the problem. There've been certain failures or issues that we suspected to be related to the backend of the app or F5, but they were not. They were attacks that were hiding behind the radar.

We use the Radware Bot Manager and have had a positive experience with it. We can block bad bots effectively, and since we started using it about two years ago, we haven't encountered any problems. Bot Manager helps with our compliance efforts, but I haven't had much contact with them—most discussions happen with my colleague Paul, who has worked with Radware since day one.

The real-time BLA detection and mitigation from Radware Cloud WAF Service hasn't negatively impacted us. We've had minimal downtime, about five to seven minutes, but since then, we have experienced everything operating smoothly. 

Web DDoS protection is good. Our layer 7 protection is working very well. In the past, we couldn't do anything about it. We were getting so many attacks. We haven't had any issues since we started using it.

We are choosing Radware Cloud WAF Service over traditional WAF because it has API first behavioral protection, advanced bot defense, and layer 7 web DDoS capability. It was chosen because of the hybrid and Cloud native app environment. For internal and external customers, we have approximately 1300 plus customers in our data center colocation, and all of them are using Radware Cloud WAF Service.

There are various use cases for Radware Cloud WAF Service. One is about securing public-facing portals, internal applications, and APIs, including REST API and GraphQL API. The deployed assess provides services to internal IT customers and external customers. This WAF is configured in reverse proxy mode plus API security module, and it is integrated with CI/CD pipeline for secure application development.

We have been using Radware Cloud WAF Service as it supports integration with CDN services such as Akamai, Cloudflare, and AWS CloudFront. Radware has CDN nodes for optimized delivery and protection. However, we have been using AWS CloudFront currently, but I'm in discussion with the Radware team about acquiring more Cloud WAF licenses, along with Cloud DDoS, to enhance Cloud DDoS protection capability. They have recently launched Cyber Controller Plus, so I'm going to procure Cyber Controller Plus.;

Automatic API discovery and schema validation is something we have appreciated about Radware Cloud WAF Service. It has automatic API discovery, protection against injection, abuse, and credential stuffing. It also has token-based authentication and enforcement, along with rate limiting. Bot and threat protection is another excellent feature.

It eliminates manual API inventory and documents and streamlines the security policy creation. It reduced the work for developers and the SOC workload because with a large SOC team, it helped to offload and eliminate overhead costs, providing SOC people with better resources.

Automatic threat detection in blocking and detecting without manual intervention is essential. Scalability is another benefit because it has Cloud native architecture. Cloud native architecture is readily scalable, requiring no hardware maintenance.

I am using Radware Cloud WAF and have been using it for the last five years. Recently, I considered deploying Radware Discovery API. I have taken a proof of concept of Radware Discovery and plan to onboard it in the next one or two months. 

Additionally, it is essential for reducing DDoS attacks within my organization.

We have had a very good experience with Radware Cloud. It has significantly reduced attacks on our applications. All our critical applications are onboarded to Radware, which uses AI to automatically learn behavior patterns and refine security policies. 

It also provides comprehensive protection against the top ten web application security risks. Importantly, we have not experienced any zero-day attacks because Radware Cloud offers protection against emerging threats. The Emergency Response Team is very active, and I consistently receive excellent responses from them.

It's a very comprehensive and user-friendly solution. It's easy to implement and integrate. We also have found it's easy to reach support if we need help.

The solution has helped us enhance our cyber security posture. It's good for data protection. We've been able to protect our public-facing infrastructure.

We haven't had any incidents or compromises in the entire three years we've used Radware.

The Cloud WAF Service blocks unknown threats and attacks effectively.

The analytics are very good.

The API discovery feature is very helpful, and end-to-end API protection is useful. Everything is encrypted to ensure effective protection. We get Layer 7 protection from it.

The API discovery is a very useful feature. It is easy to use. A few months before, I did a demo to learn more. We can see which APIs are being used or not. It helps us discover and remove unused APIs. In our case, we found 20 APIs that were not used by the team.

We use the CDN features. It's pretty easy to use the combination of CDN and Cloud WAF. It helps your Radware Cloud connect with the nearest server or the Redware server. We have multiple servers worldwide, so this is useful for us.

Integration is very easy. Sometimes, we have 10 to 15 applications hosted on the cloud. It's very easy to add applications. It's not complicated.

From the Radware cloud, it's integrated with our SOC. All the logs are received by the SOC.

We are a Data Center company with a lot of internal applications and customers. Our primary use case is to protect all internal applications hosted on Public Cloud with Radware Cloud WAF. This protection is crucial for safeguarding our customers' applications from external threats and ensuring high availability and security.

The most important aspect of Radware Cloud WAF is that it is over the cloud, offering a comprehensive solution that includes WAF, API protection, bots, and Layer 7 DDoS. This combination efficiently blocks a large number of unknown threats and ensures high security and uptime for our internal applications as well as our customers' applications, making it a revenue-generating tool. Cloud WAF provides excellent analytical dashboards that allow us to report, track, and resolve many issues quickly.

Radware offers a cloud, software, and hardware-based solution. It deals with all three platforms. 

1. They have a hardware device on which their software can be installed. We can manage all the load balancing with it. 

2. Similarly, for the Radware software, we can install the OVA file on our server and configure all the admin backend servers on it to perform services. 

3. In the cloud, we can use their API service to create a virtual platform for clients on which they can deploy and run their applications.

Cloud WAF blocks unknown threats and attacks. We have a monitoring tool, and security patches are released monthly. We can deploy these signatures on the WAF, which identifies threats based on IPs. There are multiple signatures for various attacks, like bot attacks, that we can monitor.

There is a forensic dashboard where we can identify real-time events, hits, and blocks. If there are genuine requests being blocked, we can deploy a custom page with a case number for users to resolve issues. For example, if a user triggers the Web Application Firewall (WAF) due to a misinterpreted service, they will see a blocking page with a case number. There's also an option to refine the WAF settings if it blocks a genuine request.

I also work with the API discovery feature in the Cloud solution. Once the API is enabled and the application vendor provides the API key, we can deploy our application. If the API is correct, it functions properly; otherwise, issues are highlighted on the dashboard. For example, cross-site scripting is blocked at the label level.

API discovery is straightforward to use. There is an option to add the API stream. If the API is correct, it will be processed; otherwise, the API service is blocked.

The dashboard provides multiple features and analytics tools to identify API issues. If there is a cost issue with an API, it can be identified, and we can report it.

It's not difficult to work with the API discovery feature because everything is reflected on the forensic dashboard. There's an option within the dashboard, under the security section, where you define the correct API. You can also identify and exclude specific APIs if needed. There's only one option to add to the API stream. If the API is correct, it will be processed; otherwise, it's blocked.

It's not difficult to identify API issues because when we define the API call, and it is incorrect or not valid, it won't sync with the vendor's application. They identify this and generate a blocking request, which helps us easily identify the issue.

Our primary use case is defense against DDoS. We are using Radware Cloud WAF and load balancer solutions. We use it for our cloud infrastructure and various applications focusing on various security aspects.

It integrates seamlessly with our infrastructure, allowing us to manage DDoS attacks and load balancing efficiently.

The ability to easily handle configurations and the user-friendly nature of the solution make it accessible for various team members, including L1 and L2 users.

I use Radware services to protect some web portals in my company from web application attacks. Specifically, I use their web application firewall.

I like the reliability of the system since it's quite reliable. Additionally, I appreciate the user interface, particularly from the reporting point of view. Configuration can sometimes be tricky as I have to know where the options are, which isn't very intuitive. However, apart from this, it is a good product and very reliable for me.