I have not compared AWS WAF with any other WAF solution yet, but whatever WAF you choose, there will always be challenges, and it cannot block all malicious traffic. For AWS WAF, we have seen cases where it allowed suspicious HTTPS headers even if they carried malicious payloads. However, the malicious payloads are not straightforward, and there are assembly scripts that come with the HTTP headers that sometimes AWS WAF misses. In the last four or five years, we have seen a case where WAF was unable to capture a threat. On the other hand, we also see alerts from WAF indicating that it has figured out many DDoS protection alerts and was able to block them, even with rate limiting. Rule-based WAF works perfectly fine, but I don't think any threat intelligence-based WAF solutions can be 100% accurate. The integration with AWS Organizations and enforcement of security policies, particularly SCP, is difficult to deploy in most of my companies due to client environments. When I say difficult, it depends on the client's organization processes, not AWS itself. The SCP feature is excellent in my view and is the best way to reduce the attack surface for organizations structured in a specific manner. While we have used it internally, limited features of SCPs can be utilized by customers. Regarding automating security policy deployment, we have utilized automated security policy features, but it is difficult in some instances. We have identified what has been identified, but enabling automated SCP policies can be restrictive, which is actually good but makes it hard to implement for all organizations. Automating security policy features could understand the customer's environment better. An AI- or ML-enabled automated SCP could be a better option since it can understand the actions of administrators or developers in the customer's organization within the AWS platform, providing more in-depth automated assessments and SCP features. I rate this solution 8 out of 10.
Prior to choosing it, it's essential to grasp the AWS landscape and assess how the application could bring benefits to the organization. I would rate it eight out of ten.
I rate AWS Firewall Manager seven out of 10. If you don't have another firewall deployed in your environment, there is only one way to control the traffic through the integrated firewall or security groups. I would rate it higher if they added UTM features.
Technical Architect at a venture capital & private equity firm with 11-50 employees
Real User
2020-06-04T09:41:22Z
Jun 4, 2020
Currently, the AWS Firewall Manager is sufficient for our needs because we don't use any software that will generate massive loads of traffic. My advice for anybody who is considering the AWS Firewall Manager is that it is pretty simple to set up and easy to use. I rarely have to look at it. I would rate this solution an eight out of ten.
Principal Security Architect at Harman International Industries, Incorporated
Real User
2020-05-14T10:16:00Z
May 14, 2020
I would say if you have three or four deployments in your environment, then use Firewall Manager. If you have one and want your deployments to grow further in numbers I would always advise to go for Firewall Manager. When we do a neck to neck comparison it's all different. My recommendation to go with Firewall Manager depends. I feel that when it comes to firewall protection, I would always prefer AWS. If you're looking for full-fledged network firewall capabilities, obviously go for AWS Firewall. I would rate it an eight out of ten.
Presales at a tech services company with 1,001-5,000 employees
Real User
2020-03-29T08:26:17Z
Mar 29, 2020
My advice for anybody who is considering this solution is to do a cost-benefit analysis of using AWS Firewalls versus using an open-source solution. That said, I do recommend that people use this product. Obviously, it depends on the requirements so I can not simply recommend it to somebody without knowing a little bit more about their environment, but in some cases, I would recommend it immediately. From a technical perspective, it is a good product. From a customizability perspective, there is room for improvement. I would rate this solution an eight out of ten.
AWS Firewall Manager is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization. As new applications are created, Firewall Manager makes it easy to bring new applications and resources into compliance by enforcing a common set of security rules. Now you have a single service to build firewall rules, create security policies, and enforce them in a consistent, hierarchical manner across your...
I have not compared AWS WAF with any other WAF solution yet, but whatever WAF you choose, there will always be challenges, and it cannot block all malicious traffic. For AWS WAF, we have seen cases where it allowed suspicious HTTPS headers even if they carried malicious payloads. However, the malicious payloads are not straightforward, and there are assembly scripts that come with the HTTP headers that sometimes AWS WAF misses. In the last four or five years, we have seen a case where WAF was unable to capture a threat. On the other hand, we also see alerts from WAF indicating that it has figured out many DDoS protection alerts and was able to block them, even with rate limiting. Rule-based WAF works perfectly fine, but I don't think any threat intelligence-based WAF solutions can be 100% accurate. The integration with AWS Organizations and enforcement of security policies, particularly SCP, is difficult to deploy in most of my companies due to client environments. When I say difficult, it depends on the client's organization processes, not AWS itself. The SCP feature is excellent in my view and is the best way to reduce the attack surface for organizations structured in a specific manner. While we have used it internally, limited features of SCPs can be utilized by customers. Regarding automating security policy deployment, we have utilized automated security policy features, but it is difficult in some instances. We have identified what has been identified, but enabling automated SCP policies can be restrictive, which is actually good but makes it hard to implement for all organizations. Automating security policy features could understand the customer's environment better. An AI- or ML-enabled automated SCP could be a better option since it can understand the actions of administrators or developers in the customer's organization within the AWS platform, providing more in-depth automated assessments and SCP features. I rate this solution 8 out of 10.
I would recommend AWS Firewall Manager due to its excellent features and benefits.
Stay updated with the solution's new releases and leverage customer support when necessary. I rate it an eight.
I rate AWS Firewall Manager an eight out of ten. There is a scope for improvement for automaton features while handling infrastructure platforms.
Prior to choosing it, it's essential to grasp the AWS landscape and assess how the application could bring benefits to the organization. I would rate it eight out of ten.
I rate AWS Firewall Manager seven out of 10. If you don't have another firewall deployed in your environment, there is only one way to control the traffic through the integrated firewall or security groups. I would rate it higher if they added UTM features.
Currently, the AWS Firewall Manager is sufficient for our needs because we don't use any software that will generate massive loads of traffic. My advice for anybody who is considering the AWS Firewall Manager is that it is pretty simple to set up and easy to use. I rarely have to look at it. I would rate this solution an eight out of ten.
I would say if you have three or four deployments in your environment, then use Firewall Manager. If you have one and want your deployments to grow further in numbers I would always advise to go for Firewall Manager. When we do a neck to neck comparison it's all different. My recommendation to go with Firewall Manager depends. I feel that when it comes to firewall protection, I would always prefer AWS. If you're looking for full-fledged network firewall capabilities, obviously go for AWS Firewall. I would rate it an eight out of ten.
My advice for anybody who is considering this solution is to do a cost-benefit analysis of using AWS Firewalls versus using an open-source solution. That said, I do recommend that people use this product. Obviously, it depends on the requirements so I can not simply recommend it to somebody without knowing a little bit more about their environment, but in some cases, I would recommend it immediately. From a technical perspective, it is a good product. From a customizability perspective, there is room for improvement. I would rate this solution an eight out of ten.