Reblaze OverviewUNIXBusinessApplication

Buyer's Guide

Download the Web Application Firewall (WAF) Buyer's Guide including reviews and more. Updated: November 2022

What is Reblaze?

Reblaze is a cloud-based, fully managed protective shield for sites and web applications. Hostile traffic is blocked in the cloud, before it reaches the protected network.

Reblaze is a comprehensive web security solution, providing a next-gen WAF, DoS and DDoS protection, bot mitigation, scraping prevention, CDN, load balancing, and more.

The platform offers a unique combination of benefits. Machine learning provides accurate, adaptive threat detection. Dedicated Virtual Private Clouds ensure maximum privacy. Top-tier infrastructure assures maximum performance. Fine-grained ACLs enable precise traffic regulation. An intuitive web-based management console provides real-time traffic control. A one-month trial offer allows you to assess Reblaze with no cost, risk, or obligation.

Reblaze makes it effortless and affordable to secure and accelerate your web assets. Organizations from many vertical markets around the globe are benefiting from Reblaze's highly scalable WAF/IDS, DDoS, anti-scraping and Bot mitigation service.

Reblaze Customers

eBay, AirAsia, Taboola, Reebonz, IAI, Payoneer, mySupermarket, William Hill, Fanduel

Reblaze Video

Archived Reblaze Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Senior Security Consulting Manager at a tech vendor with 11-50 employees
Real User
Leaderboard
Provides valuable API for system tool kit as well as mobile app security
Pros and Cons
  • "Provides mobile app security."
  • "Some of the settings on the dashboard are confusing."

What is our primary use case?

We use this product for publishing. I'm a senior security consulting manager and we are partners with Reblaze. 

What is most valuable?

The feature most valuable to me is the API for STK. It provides me with mobile app security as well. 

What needs improvement?

The interface on the dashboard could be improved. Some of the settings are confusing which makes things difficult when you're trying to get a handle on the product. This is also an expensive solution so it would be helpful if the price was reduced. 

For how long have I used the solution?

I've been using this solution for six months. 

Buyer's Guide
Web Application Firewall (WAF)
November 2022
Find out what your peers are saying about Reblaze, Imperva, Amazon and others in Web Application Firewall (WAF). Updated: November 2022.
657,849 professionals have used our research since 2012.

What do I think about the stability of the solution?

This is a stable solution. 

What do I think about the scalability of the solution?

There are no issues with scalability. The solution is on public cloud so it does auto-scaling.

How are customer service and support?

The technical support is quite good. As soon as you have an issue, you call or send an email and they respond very quickly. They also provide you with contact details of the CEO.

How was the initial setup?

The initial setup is quite a straightforward process although it does take some time.

What's my experience with pricing, setup cost, and licensing?

This is quite an expensive solution but it comes as a bundle package that offers the option to add other features. 

What other advice do I have?

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
PatrickMoshe Perelsztejn - PeerSpot reviewer
Infrastructures Security & Cyber Project Manager at El Al
Real User
Leaderboard
Blocks huge botnet Layer 7 attacks on our website and provides us with real-time reporting
Pros and Cons
  • "I very much like the elastic search and reports, allowing us to have a 360-degree view of the customer's activities and enabling us to track down any suspicious bots."
  • "The WAF features are not as granular as we would expect from a WAF system. There should be more granularity and in-depth rules, out-of-the-box."

What is our primary use case?

We use it for blocking Layer 7 DDoS attacks. We also use it for managing box cracking and all activities; as a basic method for watching things. It's one of our tools for monitoring the activities on our website.

How has it helped my organization?

Reblaze has definitely saved us money. We have estimated that it saves up to €500,000 a year.

What is most valuable?

We have found it extremely valuable in blocking huge botnet Layer 7 attacks on our website. It has been very successful in doing so.

I very much like the elastic search and reports, allowing us to have a 360-degree view of the customer's activities and enabling us to track down any suspicious bots.

The real-time reporting is very good. The monitoring is also working very nicely and very smoothly, in almost real-time.

What needs improvement?

The WAF features are not as granular as we would expect from a WAF system. There should be more granularity and in-depth rules, out-of-the-box.

For how long have I used the solution?

We have been using Reblaze since summer of 2013.

What do I think about the stability of the solution?

It's 100 percent stable. We haven't ever had any problem with the stability of the product.

What do I think about the scalability of the solution?

We haven't had any problem with the scalability and the performance is okay.

Currently, all of our websites are under the protection of the system and, as we roll out new systems, every new site or application will be automatically installed under the protection of the system.

How are customer service and technical support?

The R&D is extremely responsive to our requests for changes and improvements. Overall, technical support is extremely responsive.

Which solution did I use previously and why did I switch?

At the time, there was no real DDoS and anti-bot system online and available for commercial use for heavy traffic botnet attacks. The service, which was brand new on the market, was able to block the attackers and block the attack.

At the time, Reblaze was the only provider that agreed to take the challenge with the budget that we had, and they were successful.

How was the initial setup?

We were the very first commercial customer of Reblaze in the world. The initial setup was extremely easy. It took an hour to set it up and get it to the point that it was active and blocking malicious traffic.

What about the implementation team?

The setup was done directly with Reblaze, their R&D. Our experience with them was very good. It was very friendly and very professional.

What was our ROI?

By having our e-commerce sites up 100 percent of the time, we are selling 100 percent of the time. And we are reducing competitors' bot-scraping when it comes to pricing, reducing the opportunity for competing companies to scrape our prices and give concurrence to their pricing. In addition, since producing pricing adds costs to our back-end system, it helps us to reduce expenses on our internal systems. So we definitely have ROI from the product.

What's my experience with pricing, setup cost, and licensing?

As an early customer, I think we are getting a very good price. There are no additional costs to the standard licensing fees, as far as I know.

Which other solutions did I evaluate?

We evaluated other solutions as they began to be available in 2013 but none were really mature and meeting our needs.

What other advice do I have?

Just do it. Try it first, but do it. It's very easy to implement and very easy to understand. If you are a simple site it will be very easy to implement and if you have very complex sites, including web applications and mobile applications, with the SDK they provide for iOS and Android, there is 100 percent coverage of requirements.

The biggest lesson we have learned from using this solution is that sometimes, when you have an entrepreneurial company with fire in its eyes and one that is willing to push and give you the best, you can trust it and grow with it, especially when they are very responsive to your needs and ready to change and add features very fast.

We have three internal administrators working on the product and there are five or six viewers, who have different roles and who monitor the activities. We have one full-time employee who works on the product and monitors and improves rules, as needed. He is a cyber security administrator.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Web Application Firewall (WAF)
November 2022
Find out what your peers are saying about Reblaze, Imperva, Amazon and others in Web Application Firewall (WAF). Updated: November 2022.
657,849 professionals have used our research since 2012.
Principal Security Engineer at a leisure / travel company with 1,001-5,000 employees
Real User
Leaderboard
Blocks malicious actors and unauthorized locations, saving us cloud egress costs
Pros and Cons
  • "The real-time monitoring and reporting are very good. There are information updates in their portal every two minutes. They also have the ability to spill it into Sumo Logic, for example. It's very easy to use."
  • "We have multiple products behind different instances of Reblaze. We have one instance for staging and then we have a production instance for multiple products. One of the things that we have requested is a unified view panel, so that we can see each of the instances in a unified view. That way, we won't have to go bouncing from instance to instance."

What is our primary use case?

We use all aspects of it. We are using it for WAF and DDoS protection.

How has it helped my organization?

The response time to web-based attacks on things like credential stuffing is usually two minutes or less. So the response time is very good. For DDoS, they are able to scale and absorb fairly quickly. Usually, within three to five minutes, they have absorbed it and deflected it fully. I have tested this with unannounced tests.

The solution's presentation of all the traffic, not just the blocked requests, gives us a little deeper understanding of what the clients look like. It gives us fairly good fingerprinting on systems, what browsers they are using and the load geography. We have a pretty good indication of where everybody is coming from.

When we are troubleshooting an issue, sometimes they will have insight from the error messages that they receive from our infrastructure, in particular for the casino product. That message might say, "Hey, we are seeing that your systems are not handling the load. You may need to do this, this, or this." We have used them quite a bit to help troubleshoot the product.

I do not know how much, but it has definitely saved us on some infrastructure costs because, obviously, in any cloud environment you get charged for egress. Since they block out the malicious actors and unauthorized locations, that helps save us money. We do not have extended costs coming out of China, Russia, and other places.

What is most valuable?

Definitely the DDoS solution is always good to have. We have actually had a few tests done against them, unannounced, to simulate a DDoS, and they reacted very quickly. In our business, it costs us $52,000 a minute if we are down. So it is very important that we are up. 

We also use their WAF extensively, with their automated blocking mechanisms and some of the heuristics that they have internally. They are the ones who monitor the vast majority of it. We use them as an MSSP so they are the first line of defense.

The real-time monitoring and reporting are very good. There are information updates in their portal every two minutes. They also have the ability to spill it into Sumo Logic, for example. It's very easy to use.

We have the VPC feature inserted in front of our casino product and they are deployed in a hybrid fashion. They are deployed to protect our casino product in AWS and in Google. And then the actual infrastructure is sitting in the data center.

We use the geo-blocking feature to block out areas that we're not authorized to have people betting from, or other geographies that are hostile like China, Russia, etc.

What needs improvement?

We have multiple products behind different instances of Reblaze. We have one instance for staging and then we have a production instance for multiple products. One of the things that we have requested is a unified view panel, so that we can see each of the instances in a unified view. That way, we won't have to go bouncing from instance to instance.

For how long have I used the solution?

We've been using Reblaze for about two-and-a-half years. We are using public cloud right now. We are working with them on a possible hybrid cloud solution. We're in discussion on that right now.

What do I think about the stability of the solution?

It is very stable. We have not noticed any bugs or issues with it.

What do I think about the scalability of the solution?

We have never run into a scalability issue at all with them. We are in the horse racing business, so we have five really busy times of the year which you can think of as similar to Black Friday levels of traffic. They have supported us through record growth.

We do have plans for increasing usage. We are rolling out a new application stack, and we are going to insert Reblaze in front of that. We have it in front of five of our six existing platforms.

How are customer service and technical support?

Technical support is very good. They are always there when we need them. They are more of a partner. We have the telephone number of the CTO, the CEO, the COO, if needed, to escalate. But generally we just log a case or call their support line and they're on with us within a few minutes. They are very responsive. They are a valued partner and we're glad to be working with them.

Which solution did I use previously and why did I switch?

We did have a previous solution. We were in a physical data center, so we had an appliance deployed which came from our vendor. It was part of UltraDNS. I don't remember the name, but the appliance could handle about 2 GBs of traffic and if it got beyond that, where it couldn't handle it, then it would have to throw up the GRE tunnels, which were always problematic. That usually resulted in an interruption of between five and 15 minutes and, for every minute we're down, it costs us about $52,000.

We are trying to get away from the older methods where you would put a sensor network in front of your application and then, if you are getting DDoS'ed, you have to create GRE tunnels and a number of things. We wanted to try to find a different way to do it.

Reblaze was recommended to us by Google.

How was the initial setup?

The initial setup was fairly straightforward. Instead of advertising our DNS names, we advertise Reblaze's with our DNS provider, so it all goes directly to Reblaze. We have had to do a little bit of troubleshooting here and there for SEO and a few other things, but that was fairly minor — things like tweaking headers slightly with some code.

It took us two to three months to get it running. It usually does take a little bit to get used to how the product reacts and works.

What about the implementation team?

We did the implementation ourselves, with Reblaze.

What was our ROI?

We have definitely seen a return on investment with the cost savings compared to the other solutions we looked at. It was pretty much a no-brainer.

You get very good coverage and capability for what it costs. Most other companies have legacy models where, for every different feature, they require more licensing.

What's my experience with pricing, setup cost, and licensing?

I believe that for the six instances we have right now, it's costing us $16,000 per month. 

There are no additional costs. That is the beauty with them. You negotiate the cost and that's it. We are using their MSSP solution, so they have their own SOC. They monitor for us and then, if needed, they will escalate to us, but they generally handle it. It's one price for the whole thing. 

And there is also predictable pricing. Right now we are set up for seven domains within each of the instances. If we want to add another domain it would be $500 more. There are no extra costs for something like DDoS, for example.

Which other solutions did I evaluate?

We tested them against competitors such as Imperva, which is also a cloud solution, Cloudflare, and F5, but Reblaze had the best features and the best price as well. 

Imperva, for the amount of protection we are getting out of Reblaze, would have been an additional $500,000 or more. Imperva had the capability but they license use for every piece of the product. If you want WAF, it costs you this much. If you want DDoS protection from 500 MB to a gigabyte, it is this much. There is a continuous amount of money required. 

Cloudflare is basically a repackaged, open-source WAF solution. It is a repackaged version of a product whose name I do not remember off the top of my head. The reporting was very bad, and it actually failed our testing twice. We did initial testing across each of the products I mentioned above. Cloudflare tests literally failed. We then let them know and we retested them two weeks later and they still failed.

Because we are in the gambling business, one of the problems with F5 is that the state they are based in does not allow them to support a gambling company.

Reblaze was the best one for us. It doesn't have all the complexities of having an appliance in our environment and then seeing the DDoS traffic and having to spin up GRE tunnels and redirect our traffic.

What other advice do I have?

The biggest thing we've learned from using this solution is that "it doesn't always have to be hard."

Know what your site's profile is and listen to Reblaze. They will put you into a learning mode to identify what they are seeing and what your normal traffic looks like and what traffic is suspicious. Work with them. As long as you work well with Reblaze, you will get a good solution out of it.

Reblaze has just made things simpler for us. We have them in fairly complex setups with the hybrid solution, which is in Google and AWS. They deployed it, they maintain it. All we do is make sure that it is operating as expected. We scan it weekly, just to be sure, but they are a trusted resource.

We've got system engineers, security engineers, and some network engineers all using this system and all of the different instances. We also have a third-party on the casino product, which is helping us to support that instance.

We will have to do some maintenance about once every three to six months, in general, for major upgrades. That would usually involve a system engineer and a security engineer. Beyond that, the rules and the other methods that they are using for DDoS protection are fairly automated. We may tweak the rules here and there if we see a specific issue that we are sensing, but it is fairly low maintenance.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
VP Security at a financial services firm with 11-50 employees
Real User
Leaderboard
Real-time reporting enables us to see when users have been disabled
Pros and Cons
  • "The main feature is using the rules and being able to see the traffic. It helps us find malicious traffic."
  • "There is room for improvement in helping us understanding session management... We want Reblaze to catch and identify everything. We want to see the various devices doing one activity and to see, in a timeline, what's happened. We would like to see a more human-readable display to understand what's happening in the web app."

What is our primary use case?

We use it for protection.

How has it helped my organization?

It helps us find malicious actors using and abusing our application. We are on a blockchain. There are users and spammers and scammers, people who are trying to steal a lot of money. The app helps us to understand if that is happening and to block them.

The solution's presentation of all the traffic, not just the blocked requests, helps us in our monitoring operations. It's not only for security purposes. We can understand if we have something that is bad, a behavioral anomaly on our app. It helps us understand abusers. Not everything is related directly to security. There are things that you cannot do if you don't have this on your web app. For example, we can see if someone is copying our data. There are endless opportunities.

Reblaze has saved us money by optimizing server usage and blocking malicious bots.

What is most valuable?

Everything is valuable. It's a WAF. The main feature is using the rules and being able to see the traffic. It helps us find malicious traffic.

We use the real-time monitoring and reporting a lot. We can see where it's disabling users.

What needs improvement?

There is room for improvement in helping us understand session management. If I'm a user, I'm one person, I can access the web app in a variety of ways. I can come with one IP, then another IP, with another user agent, with another browser. I'm the same user. We want Reblaze to catch and identify everything. We want to see the various devices doing one activity and to see, in a timeline, what's happened. We would like to see a more human-readable display to understand what's happening in the web app. 

When I analyze our traffic on Reblaze, I do a lot of processing in my mind because I know how things are working. But I have to think: "Oh, this is a person, this is an ISP, this is something else." I process that and understand. But I want Reblaze to do that for me.

For how long have I used the solution?

We have been using Reblaze for about a year-and-a-half.

What do I think about the stability of the solution?

The stability is perfect.

What do I think about the scalability of the solution?

There is also no problem with the scalability.

We have three people using the solution and they handle deployment and maintenance of it. We use it every day but we don't currently have plans to increase usage.

How are customer service and technical support?

Technical support is a group of supportive people. They want to help 24 hours a day. It doesn't matter if it's a weekend or a holiday. They are always helping and give us the best support we can have. They are really technical. There is on person in particular who is super-technical, he knows exactly what's happening with Reblaze. He understands and has a lot of experience. Tech support has really helped us.

What other advice do I have?

Try it on your real production data and try it for more than just one week. You need to sit with a person who knows how to operate it. It's really simple to operate, but you need to learn it.

Reblaze has taught me a lot about how to use my web application; how to think about my users and what they need. The biggest lesson I've learned is that, in security testing, you need to maintain things all the time. It will sound a little bit cliché, but it's a cat-and-mouse game. Reblaze helps with this game because it's effective and you can change it all the time and you can see what is changing in real-time. In the game of cat-and-mouse it's a good solution.

I rate Reblaze at eight out of ten. Nothing is perfect. Producing security products is really hard and there is a lot more to do. Compared to other products in the category, it's really different. It's a little bit more convenient, simpler. The people behind Reblaze have learned a lot by participating in security games. You need a lot of knowledge when you're dealing with web applications.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
CTO & Product at a financial services firm with 11-50 employees
Real User
Leaderboard
Optimizes everything around security, providing reports on risks
Pros and Cons
  • "Reblaze knows how to manage security. For me as, someone who knows little about security, it's good that I have a firm that optimizes everything according to their standards. It's their responsibility and they are fully hands-on."
  • "They have an interface that you have to adjust to. That is a bit of a downfall because I expect an interface to be very intuitive for someone who knows little about security. But if you know about security, the interface is wonderful."

What is our primary use case?

We use is as a WAF, defending all our internet business.

Our application is hosted in Amazon and their solution is cloud-based.

How has it helped my organization?

It gives me a worry-free environment; free of internet risk and cyber risk, so I'm free to do everything else.

What is most valuable?

Reblaze knows how to manage security. For me as, someone who knows little about security, it's good that I have a firm that optimizes everything according to their standards. It's their responsibility and they are fully hands-on. They know what they're doing so, if there's a risk of something, they report it to me. They tell me, for example, "Listen, we have an IP that has been trying to contact you too many times. Do you know this IP or do you want to close it?" They take care of everything.

They provide a one-person contact who can help you manage your service better and the traffic that goes in and goes out.

What needs improvement?

They have an interface that you have to adjust to. That is a bit of a downfall because I expect an interface to be very intuitive for someone who knows little about security. But if you know about security, the interface is wonderful.

Also, they could improve the reporting alerts, showing alerts on-the-fly.

I would also like them to initiate more solutions, such as offering advice about architectures that can help manage cyber risks better.

For how long have I used the solution?

We have been using Reblaze for approximately three years.

What do I think about the stability of the solution?

The stability is very good. I can't say it is error-free, but Reblaze knows how to find an error quickly and successfully.

What do I think about the scalability of the solution?

It's scalable.

We plan to increase use of Reblaze. we need Reblaze to take part in defending the new environments that we are uploading .

How are customer service and technical support?

Their technical support has a lot of knowledge, and very helpful.

Which solution did I use previously and why did I switch?

We used Incapsula. We switched to save money.

How was the initial setup?

The initial setup was very simple. All we had to do is tell them our main risks and what we are aiming for and they provided the solution and built everything from scratch. We told them about the architecture of our service, our application architecture — that we need to get traffic from here to there — and please provide us with the right solution. 

The deployment took one day. The implementation strategy was really up to them.

What about the implementation team?

We deployed it with the help of an integrator from Reblaze. They deployed it. Our experience with them was very good. Very straightforward. They replied quickly and were very responsive.

What was our ROI?

I don't know if "saved us money" is the right description because if I did it by myself I would save money. But then again, we would need a person who would operate all these systems. This saves money by eliminating the need for another person to manage the WAF or manage cyber risk.

What's my experience with pricing, setup cost, and licensing?

Reblaze has affordable prices!

Which other solutions did I evaluate?

We did evaluate other products. Reblaze was the most effective and responsive and that is why we choose them.

What other advice do I have?

They provide a solution for something that I have no time to do. Reblaze provides us with a solution we can count on. It is a company that will provide you with the solution you need, and you can count on them to do the right thing.

We don't need anyone for deployment and maintenance of the solution. It runs by itself.

I would rate Reblaze at nine out of ten because it needs a little bit of improvement, such as the interface and alerts on-the-fly.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
YacovHabusha - PeerSpot reviewer
Network and Security Department Manager at a comms service provider with 501-1,000 employees
Real User
Leaderboard
Allowed us to replace our reverse proxy, load-balancing, and WAF products with one platform
Pros and Cons
  • "The most valuable features were the real-time monitoring and the management. With this kind of product, you need a very good management system to allow you to see false positives in real-time; to see what's happening in real-time... The clarity stood out. It was very visible and very easy to navigate; very easy to find the data we were looking for."
  • "I would like to have seen more automated reports. Maybe it has been improved in the last year and I'm just not aware of it. But from a managerial point of view, you want a summary report, a weekly report: How many attacks were blocked? How much bandwidth was saved due to the caching mechanism? What were the top-ten attacks that were tested on the network, etc? I could most likely have found all that data if I logged in to the system and ran different reports. It would be very helpful to get a management report on a weekly basis."

What is our primary use case?

The organization that I worked for is a very old organization. We had 30 years of experience with a lot of websites on many of different technologies, so we looked for a product that could handle the ten different technologies we had to support. We used it as a WAF, a web application firewall for all of our websites.

How has it helped my organization?

When you have a problem that you want to verify, what's important is the time that it takes you to actually find it. If it takes you more than few minutes, or it takes you an hour, or if you need to call their support to get answer, that can be problematic. If you can do it yourself, it means that it's easy. It saved us a couple of hours a week.

Before Reblaze, we worked with and used a number of products. We had one product for reverse proxy, one product for load-balancing, and another product as a web application firewall. We combined them all into one product, into the Reblaze platform. That helped reduce costs a lot. For example, we stopped using the F5 as a load balancer. We only had one F5, so by stopping use of it we ruled out the single-point-of-failure issue. And, of course, it saved us not only the direct cost of paying the vendor, but the cost of maintaining another environment as well, including eliminating backups, upgrades, etc. It saved us a lot of time and money. I worked for an educational institute so the pricing was different, but it saved us thousands of dollars a year.

The presentation of all the traffic, not just the blocked requests, helped our monitoring operations. Because we had very old platforms, the code was not written "by the book" and it was not, for example, HTTP-compliant. We wanted to roll out the solution very fast without false positives. Reblaze was a single, unified platform that helped us a lot in doing that.

We supported consumers and users at home and in schools, and when you work with end-users, the variety of their computers is amazing. Each one had a different browser, a different operating system. The combinations are infinite. Reblaze helped us to see the different combinations and it helped us to better understand which combinations we had a problem with. It helped us a lot to identify end-users' problems, whether it was a specific operating system or a specific combination of the operating system and browser version.

We didn't experience any major performance issues. The caching mechanism helped us a lot. It sent fewer requests to the front-end server and it cached all the static objects. It saved a lot of traffic into our network. It helped saved money by optimizing our server usage. We were able to use fewer resources on our side. It saved us about $15,000 to $20,000 a year in computing resources that we didn't need because we had the reverse proxy, the caching mechanism.

We used the platform as a CDN as well. We installed them outside our network so we could bring in only clean traffic, and only traffic for known static objects. It saved us a lot of traffic and we got only clean traffic. That meant we could use lower models of firewalls because the Reblaze WAF service blocked a lot of unnecessary traffic from coming into our network.

What is most valuable?

The most valuable features were the real-time monitoring and the management. With this kind of product, you need a very good management system to allow you to see false positives in real-time; to see what's happening in real-time. If you have a block, you need to understand what is being blocked and why. You need a very good management system to support that. The clarity stood out. It was very visible and very easy to navigate; very easy to find the data we were looking for.

What needs improvement?

Perhaps the automatic reporting could be better. I would like to have seen more automated reports. Maybe it has been improved in the last year and I'm just not aware of it. But from a managerial point of view, you want a summary report, a weekly report: How many attacks were blocked? How much bandwidth was saved due to the caching mechanism? What were the top-ten attacks that were tested on the network, etc? I could most likely have found all that data if I logged in to the system and ran different reports. It would be very helpful to get a management report on a weekly basis.

For how long have I used the solution?

We were using it at my last company for about three years. I moved to another company about ten months ago, so currently, I'm not using Reblaze.

What do I think about the stability of the solution?

We had no real-time issues ever, due to the system. We had problems because of our programming team, upgrading the components without testing it first, moving it to production, and then something would be blocked because it was not tested.

For example, we had false positives when Google Chrome was upgraded and specifically asked for new parameters or was doing more validation. Then, we were stuck and we needed to do more whitelisting.

What do I think about the scalability of the solution?

In the first year, the scalability was very low. We were one of the first customers that they created front-end load balancers for. The initial solution was a static DNS solution. Only after a year did they provide front-end load balancer servers to spread the load in a much smarter way. Now, it's fully scalable.

The end-users were all the school-age students in Israel, about 2 million students. We had 1.2 million distinct users a month. There was no problem with scalability in that aspect.

How are customer service and technical support?

Every time that you call, you get an answer from an expert, not a level-one, or level-two, or level-three. You are getting answers from an expert in the system. It's someone who knows a bit of coding, knows what to do, what to recommend, and who helps you in real-time. That was their standard support, unless they have changed it since I last used it.

Which solution did I use previously and why did I switch?

F5 was the load balancer which Reblaze replaced and the reverse proxy it replaced was Squid. The WAF that we used was Sucuri. We had a couple of web application firewalls which were SaaS services. One service, for example, was for the PHP websites, and another one was for SharePoint. We had to use different services because each one worked with just one platform.

The biggest difference between Sucuri and Reblaze was that Sucuri was a one-stop-shop for a lot of attacks. It was blocking the DDoS attacks, pattern attacks, behavioral attacks, automated attacks. It was blocking a lot of different attacks in one product. That was the benefit for us.

We knew of Reblaze because one of the founders of the company, was a vendor of mine when at a different company.

How was the initial setup?

The initial setup was very complex, but because of our side. We had very old platforms and our programming staff wasn't strict about implementing normal programming procedures. So we had to do a lot of whitelisting and a lot of changes in our code to be compliant and to have minimal security on our side.

For example, they still support ASP websites; not even .NET. We needed to whitelist a lot of things, such as moving parameters on the URL. That's something you don't do anymore in coding.

Our deployment took around seven to eight months, but we had something like 250 websites. It was not one website. Where CNN, which is one of the biggest, major websites in the world, has one major website that's called "cnn.com," we had more than 200 websites in ten or 15 different technologies. We had WordPress, Drupal, PHP, our native PHP, .NET, ASP, SharePoint and more that we had to support. It's a unique environment and that's why we were looking for a solution.

What helped us a lot is their support team. That is the major benefit of Reblaze; not the technology, not the product — the support team. That's what we were paying for.

Our implementation strategy was to move a couple of websites. We didn't have a QA site or pre-production site for all of our systems. So we had to move a lot of our environments in real-time, in a monitoring mode, and see what was going to be blocked. We then whitelisted that and moved into production and saw what was being blocked for our user.

On our IT side, three people — not full time, of course — were involved in the setup. And from our programming environment, there were about 20 different people, but not at the same time. From Reblaze's side, we worked with three to four different guys. Not more than that because they knew our environment.

In terms of day-to-day maintenance, for load-balancing, caching, and supporting the whole system, we required about 30 to 35 percent of one full-time job. The maintenance is not low. Our QA team, of course, were also users of Reblaze. They knew how to work with the system and how to configure the system because they worked on testing the websites with Reblaze.

Reblaze manages the solution so we didn't need to follow which version we were on. It's a bit different than a normal IT product where you need to upgrade it. It was a managed service for us. In our case, it was in our private cloud. That was a bit different than for other customers, but for us, it was on our private cloud.

What was our ROI?

It's a bit hard to speak about ROI when you are speaking about our security. You don't know what you are blocking. You only know if something happens to your network. We had no penetration into our network ever. That was the main issue.

Because we were dealing with students' data, in Israel we have regulations, like GDPR, but a bit different. It helped us to pass all the tests we needed to pass, and we were able to file all the legal documents with the government because we had this system. The system answered something like 25 different security chapters in the regulations.

What's my experience with pricing, setup cost, and licensing?

In Israel, as an educational organization, the pricing, hardware- and software-wise, was very low. The educational market in Israel has very different pricing compared to other markets.

Also, it was a multi-payment model. It was not like we needed to buy a license. We paid on a monthly basis. It's pay-as-you-grow. I don't know what the licensing model is today.

Thirdly, unlimited support was included. We didn't have to pay for Professional Services hours.

Finally, we had a very good termination agreement. We could leave, if I remember correctly, on 60 days' notice.

Beyond the cost of the product, we paid for the hardware. That was our decision. Again, it was private cloud, so we were paying for the computing resources.

Which other solutions did I evaluate?

We also looked into Imperva and F5 ASM. Reblaze stood out because of the support. We had a very complicated environment. We needed somebody that would help us configure and help us to implement our websites into the system. There were also budget issues. And it was very helpful for us because we wanted a local installation, not a cloud installation.

Another factor was that we were one of their first customers, so we knew we had an opportunity to impact the product. If we wanted a feature, we knew that somebody would at least listen to us. Of course they would think about whether that would be beneficial for other customers or not, but at least there was someone who would listen to us, feature-wise.

The security-to-cost ratio, when compared with competitors, is much better. Today, I'm working for an integration company and we are selling F5. I see the complexity. I see how much manpower I need and how many hours a month I'm selling to my customers for Professional Services to support their ASM. F5 is not the easiest product ever. I totally see the benefit of Reblaze.

What other advice do I have?

Go ahead and use it. We took a chance because, when we started with Reblaze, it was a young company. With a young company, you don't know if it will be there in two years. It was risky because to implement the system takes six months. To move to another platform would take another six months. So it was a risk. Today, there is no risk. Reblaze stands on its own. Its income is stable from customers. It's not only investors' money today. Reblaze has a lot of customers and its teams are much bigger.

My primary advice is to have the coding team, the programming team, with you from the first minute, because they will need to support you. It's not just an IT task. It seems to be, but it's not. It's also a task for the programming team. You will need QA resources which, in most cases, are provided by the programming team. You also need architecture teams. You need to work much more closely with all these teams than we initially thought, when implementing this kind of solution.

Look at 

  • how much time you can save and the resources required
  • the stability and 
  • the support.

Those are the three main factors for me. And in these three factors, Reblaze excels.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user1050450 - PeerSpot reviewer
Co-Founder at PeerSpot
Real User
Offers good website protection and the dashboard is simple to use
Pros and Cons
  • "We like the website protection. It's really good. The dashboard is really simple to use."
  • "The next release should have next-generation automation."

What is our primary use case?

We use the private and public cloud deployment models of this solution. We use it for the web application. It's a good solution, the service is good. 

What is most valuable?

We like the website protection. It's really good. The dashboard is really simple to use.

What needs improvement?

The next release should have next-generation automation. 

For how long have I used the solution?

I have been using this solution for two and a half years.

What do I think about the stability of the solution?

There is no downtime. Up until now, the stability has been good. It's a good solution. 

What do I think about the scalability of the solution?

Scalability is good. 

The security team uses this product. Only they have access to this solution because it's a security product. 

How are customer service and technical support?

Their technical support is really good and professional. If I want to speak to a higher level of support, I can. They offer good video material. 

The support is simple. It does the base level of the configuration but we have to do the finetuning. There are a few levels of support. If we have to do something complicated they configure it. Any time that I need something I just open a case and they take care of it.

Which solution did I use previously and why did I switch?

My customer is in Europe and we tried a different product but it didn't catch the attacks. The configuration wasn't good so we went with Reblaze

How was the initial setup?

The service is on a cloud. They published the URL and we just connected it. It doesn't need to be installed. 

What about the implementation team?

We deployed it in-house. 

What's my experience with pricing, setup cost, and licensing?

Our licensing is on a yearly basis. 

Which other solutions did I evaluate?

We also evaluated Incapsula, f5, and Imperva. A lot of companies want to work as a service. 

What other advice do I have?

I know Reblaze really well. I hear Microsoft has good products but I don't have experience with them. I would say that Reblaze is good but you should evaluate all of your options. 

You should do the configuration correctly and work according to the product's best practices. 

I would rate it an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Oren Yeger - PeerSpot reviewer
Managing Director at cloudnow
Real User
Leaderboard
The user-friendly dashboard saves me time and the technical support is excellent
Pros and Cons
  • "The feature I find most valuable is the user-friendly dashboard. It is easy to understand how everything works and it allows you to make decisions quickly and efficiently."
  • "Up to now the only cons I could find is sometimes getting change management back on track, because it's a company that evolves, and sometimes I don't have the same needs that they have. But besides that, up until now, I am really pleased with their service and I've also recommended them to some of my clients."

What is our primary use case?

Our primary use case for Reblaze is for WAF, DDOS prevention, and bot management. I had various deployments and therefore I have various usages.

How has it helped my organization?

When we had some unexplained behavior about our services, we approach the Reblaze team and they introduced us to the WAF. During installation we identified a malicious code or malicious IPs that affected our services. The moment they deployed WAF, it automatically differed from our main traffic and allow us to come back on track.

What is most valuable?

The feature I find most valuable is the user-friendly dashboard. It is easy to understand how everything works and it allows you to make decisions quickly and efficiently. The second thing I like is their agile ability to custom change my needs. Every time we needed them to make some modifications according to our needs, they were very supportive and they know how to provide us with the relevant support. So for them, it is not just plug-and-play, they offer great support.

The solution enabled me to evolve in my cloud secure architecture and to know the roles of what needed to be done, using Reblaze. I could implement it very easily.

What needs improvement?

Up to now the only cons I could find is sometimes getting change management back on track, because it's a company that evolves, and sometimes I don't have the same needs that they have. But besides that, up until now, I am really pleased with their service and I've also recommended them to some of my clients. So I would like to see an improvement in their change advisory board concept. There are many things that they are asking to change or modify that are not necessarily on their business agenda.

For how long have I used the solution?

I have been using Reblaze for about two years.

What do I think about the stability of the solution?

Up until now, I haven't had any problems with this product. It is very stable. The moment I installed it, everything ran smoothly and I could forget about everything. Unlike other programs I have worked on before. 

What do I think about the scalability of the solution?

I haven't had a need for massive scalability but whenever I needed to scale up a notch, it was not an issue.

It seems the implementation of Reblaze is company-wide. It's not users who use it protecting our activities. It's protecting our cloud solutions. I'm the user of the system but we are protecting our implementations with it. We have a lot of clients connecting through our implementation where Reblaze is in the front.

How are customer service and technical support?

The technical support is excellent. Whenever I have any problem or even if I have to escalate, I can simply call them. One time I even asked for a face-to-face meeting with one of their engineers to help me with a walkthrough about the product and they were very responsive.

Which solution did I use previously and why did I switch?

I have a lot of knowledge about Oracle audit and other database firewalls, which has similar WAF solutions like Incapsula. All of them have their own set of pros and cons. I prefer Reblaze due to its agility and fast response features and its cost-effectiveness. You also get great support from their technical team. 

How was the initial setup?

The initial setup was very straightforward and extremely user-friendly. When I had an emergency, I just called them and they came and installed it in a matter of hours. So it wasn't long before our system was up and running and preventive. Three days tops. 

What other advice do I have?

I rate this solution eight out of ten. I will never, never recommend any company to use any specific solution. I will always tell them to choose what is best for them, but I will give them my opinion on which programs I value. I always say which program I prefer but I will never say that it is the only solution because it will present me as biased and not a trusted advisor. I prefer to say what I like about the program, and then the person can choose what works best for him.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Web Application Firewall (WAF) Report and find out what your peers are saying about Reblaze, Imperva, Amazon, and more!
Updated: November 2022
Buyer's Guide
Download our free Web Application Firewall (WAF) Report and find out what your peers are saying about Reblaze, Imperva, Amazon, and more!