2020-03-30T17:00:00Z
Unmesh Deshpande - PeerSpot reviewer
CTO at Kingsway Hospitals
  • 16
  • 257

Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?

Hello community, 

I am the CTO for a large multi-specialty private hospital.

We are currently researching WAF solutions. Which WAF solution would you recommend with no heritage for subscription charges? We are a hospital with many web apps that need to be published soon and quickly. We have decent internet access. There could be 100 to 125 concurrent sessions.

Thanks! I appreciate your help. 

17
PeerSpot user
17 Answers
MC
Chief Information Officer at a computer software company with 11-50 employees
Real User
Top 5
2021-08-24T06:09:22Z
Aug 24, 2021

Cloudflare - since deployment it's super fast and supports Terraform for automation.

Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
Aug 24, 2021

@reviewer1586961 thanks for your answer! 
Also, do you mind sharing with the community a short explanation (as an article: https://www.itcentralstation.c...) about Terraform use cases in DevOps?

PeerSpot user
Search for a product comparison in Web Application Firewall (WAF)
HK
Consultor de seguridad de información at DATASEC SRL
User
2021-08-24T21:10:13Z
Aug 24, 2021

Give Reblaze a try. You won't be disappointed.

Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
Aug 25, 2021

@Hugo Koncke, can you please explain why you're recommending this product? 
What differentiates it from others? Tnx.

PeerSpot user
Wilfredo Sanchez - PeerSpot reviewer
Senior System Administrator at PFCTI
Real User
2020-04-02T04:20:02Z
Apr 2, 2020

If you only need a WAF service for a few websites, I recommend Cloudflare. 


If you need a balancer and WAF and you are thinking of a hybrid solution I recommend Citrix NetScaler - hybrid and multi-cloud GLB solution. 


If you need WAF for a lot websites and many IP addresses, I recommend Imperva Incapsule. 


Check Cloudflare is more than WAF and very easy to setup

Alcides Barros - PeerSpot reviewer
Regional Sales Manager at CromiWaf
Vendor
2020-04-02T12:12:55Z
Apr 2, 2020

CromiWAF's WAF solution provides a smooth service for 100 to 125 simultaneous sessions, but we need two additional information to define the most appropriate "package", number of URL's and throughput.

Aum e Hani - PeerSpot reviewer
Manager - Web Development at a engineering company with 1,001-5,000 employees
Real User
2020-03-31T20:46:24Z
Mar 31, 2020

I myself used Cloudflare as the easiest and quicker solution to implement. But if you are concerned on budget you may try AWS WAF as well. It costs minimal and as per usage instead of fixed monthly expense.

Both are super reliable solutions.
Good Luck

Jeremy Rammalaere - PeerSpot reviewer
Corporate Information Technology Manager at Supply Point
Real User
2020-03-31T12:42:29Z
Mar 31, 2020

We have been having great success with FortiWeb appliances. They offer various sizes to meet your bandwidth needs. I don't know what "with no heritage for subscription charges" means but any good vendor will have some sort of subscription (whether it is signature updates, general support, firmware updates, etc.). WAFs need to be kept up to date just like all security products.

Learn what your peers think about Imperva DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,711 professionals have used our research since 2012.
Srdjan - PeerSpot reviewer
Senior Technical and Integration Designer / Center of Excellence / Europe & Indonesia at Ahold Delhaize
Real User
2020-03-31T10:16:10Z
Mar 31, 2020

I would always recommend F5 WAF, it is probably the best one on the market, aside from Imperva. However both solutions are very expensive, Imperva even more and both might not be suitable if your IT personnel is junior when it comes to this kind of technology - this product requires "engineer attention" and offers even more in return. If you want to avoid opex, i.e. subscriptions, than you need to go for appliance on-prem version and you can use it for years before having replacement. all cloud solutions probably come with subscriptions. Check it out on https://www.f5.com/products/security/advanced-waf, they have roi calculator as well.

OLUWASEGUN ADERIBIGBE - PeerSpot reviewer
Manager - IT Security at a tech services company with 11-50 employees
Reseller
2020-04-02T13:11:18Z
Apr 2, 2020

Imperva Clod WAF is the best option. Not only can you protect your IPs, DNS, Apps, you can also mitigate DDoS attack on your network or apps. Imperva has the best and biggest capacity to handle DDoS.
It is fast to deploy, easy to use and a very friendly user interface. Need I say more? You pay only for what yo need.

Cole Bisset - PeerSpot reviewer
Marketing Coordinator at Snapt
Consultant
2020-04-01T09:47:41Z
Apr 1, 2020

I'd highly recommend using the Snapt ADC.

The ADC is a full suite..You get one of the world's finest Load Balancers with included functionality of a WAF, Web Accelerator & a GSLB. All of the Snapt support is done in house as well which gives you a direct line to the people who built the solution.

RaynielBadiola - PeerSpot reviewer
Technical Manager at Secur Links
Real User
Top 5Leaderboard
2020-04-01T02:05:38Z
Apr 1, 2020

If you are looking for an effective WAF solution, I would recommend Radware Appwall, it provides a complete web application security that you are looking for. Radware Appwall WAF comes with a hybrid solution in which you can deploy an on-prem device or via a cloud. Since you don’t want any subscription charges, for now, you can just deploy the on-prem device which will blocks attacks at the perimeter and ensures fast, reliable and secure delivery of mission-critical web applications.

I may not be able to size-up the exact model for you since there are a lot of things to consider like the number of applications, the number of CEC/CPS/HTTP TPS need to pass through the WAF, etc.but I do recommend to contact your local Radware vendor which can assist you on sizing up the Radware WAF solution.

Hedbert Carrasco Carrazana - PeerSpot reviewer
Support Engineer at a tech services company with 11-50 employees
Real User
2020-03-31T20:58:47Z
Mar 31, 2020

It depends if you want to apply positive security or negative security.

For positive security, I strongly recommend F5 due to its large number of features that the software has, but bear in mind that when applying positive security, your applications have to go through a learning process which will map all the parameters and URLs that the application uses. This process can take time depending on how they test the application.

Another point to consider is that after passing your applications to production, you almost always have a few parameters that did not go through the QA tests and can generate a Waf ID which then must be excepted.

If your strategy is based more on the speed of deployment of applications in the shortest possible time, I recommend that you use negative security.

Negative security solutions, I recommend using Cloudflare in this case, so you deploy DNS, WAF, Analysis in one place. Adding to that you should not buy equipment for the solution. Of course, most negative security solutions are only based on signatures. So if you don't have the updated signatures, you could be compromised with a zero-day attack.

That simply can give you my experience in the field.

WA
Solution Architect at a tech services company with 51-200 employees
User
2020-03-31T19:57:15Z
Mar 31, 2020

First, we should keep in mind the subscription in security devices is mandatory for keeping the certifications and database updated for known threats and If the device supports UTM and zero-day attack vector which is required for most the well-known organization then the subscription is required, Mostly vendors keep the package worth 1, 3, 5 support including all updates & Technical support as per the SLA purchased. For WAF I would suggest FortiGate appliance or SOPHOS with the UTM bundle. Both vendors also offer cloud-based subscription and Integrated Threat management if further security footprint is required within the organisation.

DC
President with 1-10 employees
User
2020-03-31T14:12:28Z
Mar 31, 2020

Generally, and without knowing your specifics, you cannot go wrong with any of the following:
1. Akamai
2. AWS
3. Cloudflare
4. Incapsula

GG
Marketing Manager at Snapt
Vendor
2020-03-31T12:40:52Z
Mar 31, 2020

The Snapt Nova ADC, and included WAF, solution would be a great fit here and for Kingsway Hospitals.

Nova's WAF features:

- Powerful centrally managed WAF.
- Automatic mitigation of Denial of Service attacks, with flexible and
ML-driven dynamic reactions to traffic.
- Full OWASP Top 10 protection suite, ensuring protection from threats and compliance is met.
- Blacklists, whitelists, rulesets, rate limits control across all your ADCs from one location.

The Nova ADC provides load balancing, acceleration and application security at a massive scale. Whether you have one device – or one million – Nova is built for DevOps, micro-services, and cloud-native. More details on the WAF here: https://nova.snapt.net/platform/waf

As there is no history or heritage for subscription charges, out flexible pricing, and business support offering is ideal:
https://nova.snapt.net/pricing. In terms of the 100 to 125 concurrent sessions and many web apps that need to be published soon and quickly, Snapt also assists with support and setup.

Loi Phan - PeerSpot reviewer
Network Security Team Leader at Vietinbank
Real User
2020-03-31T09:45:26Z
Mar 31, 2020

Here is my suggestion:

I am familiar with F5. So, I suggest choosing F5 Big-IP 2000s. You can find more about F5 via https://www.f5.com/pdf/products/big-ip-platforms-datasheet.pdf. Hope you have the best selection.

SeydouSidibe - PeerSpot reviewer
General Manager at 3R Technologie
Real User
2020-04-02T23:30:31Z
Apr 2, 2020

If you want granularity, flexibility, simplicity of administration and powerful WAF I would advise you to go for RSCS. In addition you will have good pricing.

AE
Product Manager with 51-200 employees
User
2020-04-01T09:46:37Z
Apr 1, 2020

You may use Citrix NetScaler or F5 BigIP, Kemp is okay as well, FortiGate is fine if you are looking for a budget ADC with humble performance.

Related Questions
Eric Signe - PeerSpot reviewer
INFORMATION SECURITY ANALYST / ARCH at octosafes inc
Jul 21, 2022
Hi infosec professionals, I'd like to understand better the main highlights of WAF security. E.g., what type of security can be achieved with a WAF tool? Thank you for sharing your knowledge.
2 out of 3 answers
Eric Signe - PeerSpot reviewer
INFORMATION SECURITY ANALYST / ARCH at octosafes inc
Feb 13, 2022
-Application security  -OWASP top 10 -Protection on two aspects: detection/prevention of malicious IPs or threats -Certain WAFs protect against DoS, ...
Tom Foale - PeerSpot reviewer
CTO at Klaatu IT Security Ltd
Feb 15, 2022
A good WAF secures not just your websites and cloud applications but will protect against bots and protect containers, databases, VMs and APIs too. It will have a low rate of false positives, which is becoming critical as the volume of attacks increase. If you are a small business then a cloud-based one has a lower management overhead.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jun 28, 2022
Hello, Would you recommend using an open-source WAF for a large company? If so, which one and why? Thanks.
See 2 answers
JT
DevOps Senior Engineer at Fingerhut
Nov 1, 2021
I do NOT have a simple answer.  However, we have to start looking at the OSI Model. WAF only satisfies some but not all OSI layers.  I would list out the requirements, prior to asking this question. With the requirements in place, there are open-source packages that would satisfy most of your requirements (there is NOT one Hat that fits all). I am using NGINX as an internal WAF. In a normal mode, the internal traffic is a lot less malicious than from the public network.
Nir - PeerSpot reviewer
Head of Marketing at Reblaze
Jun 28, 2022
Hi, You can check out Curiefense.io. It is suitable for both enterprises and SMBs. 
Related Articles
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 5, 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedicated to improving software security. It operates under an open community model, meaning that anyone can participate in and contribute to OWASP-related online chats and projects. The OWASP ensures that its offerings (online tools, videos, forums, events, etc.) remain free and are easily accessible t...
See 2 comments
Ben Arbeit - PeerSpot reviewer
Manager at a retailer with 51-200 employees
Jul 31, 2022
Thanks for this informative article.
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Aug 5, 2022
OWASP is nice, but very specific and currently limited. How about trying ISO-24772 for all?
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 18, 2022
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch up on recent contributions by community members. Trending What open-source HCI solution do you recommend? How much time does SSO save? What are the main technical differences between Microsoft Power Automate and Blue Prism? Articles Top HCI in 2022 What is Web Design? The Ultima...
Related Articles
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 5, 2022
What is OWASP Top 10 in 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedi...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 18, 2022
Community Spotlight #10
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch...
Download Free Report
Download our free Imperva DDoS Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,711 professionals have used our research since 2012.