Radware Cloud WAF Service Reviews

My use case for the Radware Cloud WAF Service involves checking the WAF related to DDoS traffic from the public IP to the organization, which outlines how much impact there is on the WAF. We check the traffic to see what fluctuations occur from the outside and inside, particularly in regards to DDoS types of attacks as mentioned my basic monitoring workflow. 

Monitoring Workflow:

• Traffic Analysis: I monitor traffic from public IPs to your organization, focusing on fluctuations that may indicate DDoS attacks.
• Impact Assessment: We evaluate how these attacks affect the WAF, especially in terms of utilization and attack surface.
• Escalation: If anomalies or high-impact events are detected, we raise a case with Redware support.
• Integration with SIEM: We already done, integrating with a SIEM tool can help correlate WAF data with other security logs for deeper insights.
• Historical Trend Analysis: Compare current traffic with historical data to identify patterns or recurring threats.
• Trends and Dashboard: We have creating a dashboard or report template to visualize the traffic and attack trends on live monitoring use.

The Radware's combination of negative and behavioral based positive security models is beneficial. This behavior is good for timely checks against threats utilizing live monitoring during attack surfaces from public environments, particularly for ISP-relevant traffic or recognizing malicious abnormal activities, which is effective in our environment.

In the Radware Cloud WAF Service, the best features I find are that it's easy to use and that it's easy to identify what procedures are ongoing within this environment. We can see live data regarding the public IP's impact on our organization and what actions we can check. 

We also find the dashboard helpful; we can monitor multiple business units in Adani from the same page through the Radware dashboard services and its other functions. We feel safe using Radware, and we are happy with it.

We use the API Discovery feature. Regarding how Radware Cloud WAF Service has helped with compliance efforts, compliance actions are done by other tools for the Adani Group, however, we check WAF integrations with our domains through the Radware portal.

We have created a small dashboard monitoring various group-wise applications and domains, including corporate business units, ensuring all websites and public IPs are accounted for. The compliance processes are predefined. We remain compliant. We use additional tools alongside Radware and BITs; both tools provide similar functionalities, and we check Radware for risk mitigation related to any threat intel.

This has quite an impact on our business; all applications and domains are mapped via API with Radware Cloud WAF Service. We receive scores, alerts about impacts, and informational notifications via email for necessary follow-up actions. 

To make the solution a ten out of ten, we need improvements in AI capabilities, which Radware Cloud WAF Service currently has yet it still has room for integration. Considering what can be improved, customization could be enhanced, and support could be a tad faster; more reporting capabilities or additional intuitive AI features would also be constructive. 

Honestly, I currently do not face any challenges that I can articulate for improvement; everything functions according to the service we have.

I have been using the Radware Cloud WAF Service for about 1.6 years now.

For stability, I can give it a score of nine out of ten, with a possibility of considering it a ten due to its reliability. 

Regarding stability, I would rate it a nine out of ten; we've received notifications when maintenance is ongoing, usually informed timely, which is commendable.

About scalability, we haven't examined it at a full 100%, however, for our current needs, it meets 100% of them without pressing requirements for enhancement.

Support for Radware Cloud WAF Service is good; I'm using it on a daily basis and receive 24/7 support, timely reminders, and assistance. However, where improvements could be made includes aspects like API calls and related tasks; daily improvements are noted along with suggestions from our team.

Deployment of Radware Cloud WAF Service is easy, and we regularly use it. It provides an intuitive understanding of how to raise API calls and integrate other requirements. We map our dashboards easily, reviewing and utilizing its functionality effectively.

The Radware solution requires maintenance which our R team oversees. As for regular maintenance, there are no current issues, and the upgrading part is managed by the team who provides the necessary updates based on our needs.

Regarding pricing, I don't find it expensive; it's reasonably priced and aligns with our requirements, so I see it as fair compared to other more expensive tools.

The learning capacity is good, and every feature provided is available; we just haven't fully utilized all aspects of Radware's offerings. 

I would rate the Radware Cloud WAF Service a nine out of ten; it is solid and efficient from my perspective.

We are using Radware Cloud WAF Service to prevent our applications from attacks, such as DDoS and other attacks.

Using Radware Cloud WAF Service has saved us considerable time. It provides good visualization and traffic information, saving around four to six hours for investigating logs whenever we try to pull logs from any other tools.

Radware Cloud WAF Service is quite effective for blocking unknown threats and attacks. We have 10 to 15 applications onboarded with Radware, and it has proven to be good at blocking threats from external sources. 

Radware Cloud WAF Service is able to protect against zero-day attacks. They are committed to preventing any potential attacks. It has the capability to analyze behavioral patterns, which allows them to implement preventive measures. I have received notifications from Radware confirming that they are fully optimized to address zero-day vulnerabilities at this time.

Radware Cloud WAF Service allow us to directly filter the data from whatever attack was performed, so we can directly filter the attack details from the event viewer section, which is very helpful to us. Another module that I appreciate about Radware Cloud WAF Service is that it provides custom port security. The other tools are not providing the custom port feature where Radware Cloud WAF Service is providing, and it will be very helpful to us.

The automated analytics for looking at events in Radware Cloud WAF Service are working for us; the automatic event correlation is very beneficial to analyze how the alerts and events occur and visualize the patterns of network traffic and other traffic going in and out from the application via Radware Cloud WAF Service. 

The combination of negative and behavioral-based positive security models is important for our security strategy; since most of our applications work internally, behavioral-based analytics helps us address issues where methods such as POST and GET are not functioning, so we raise concerns with our internal team to whitelist applications, thus helping reduce blocking of traffic in our environment.

Radware Cloud WAF Service is effective, particularly in the custom service it provides and its capabilities in DDoS protection and bot manager facilities, making it effective for validating the correlation part of incidents.

Regarding areas in Radware Cloud WAF Service that have room for improvement, one thing we observed was that we received a notification where Radware Cloud WAF Service stopped working properly in our cloud environment without any prior notification. We got the alert around one and a half hours after the event occurred, so I would suggest that they should notify customers in such scenarios.

I have been using Radware Cloud WAF Service for three to four years.

The stability of the Radware Cloud WAF Service rates around nine out of ten.

The scalability of the Radware Cloud WAF Service deserves a full ten, as it is definitely scalable.

Organization-wise, we have more than 100 users using the service currently.

The technical support for Radware Cloud WAF Service rates 10 out of 10; whenever we require support, it is perfectly timely.

Positive

The deployment method of the Radware Cloud WAF Service is very easy; since most of our applications operate on custom ports, it helps us integrate and onboard them securely.

The solution does not require any maintenance from our side.

I am not directly looking into the integration aspect of the Radware Cloud WAF Service, but I have discussed it with other team members who might be using the integration part to collect logs from Radware Cloud WAF Service to get correlation and alert triggers for incident management tools such as ServiceNow and Sentinel, but they are not using it frequently or fully optimized currently.

We have discovered bot traffic involving attacks such as SQL injection. Radware's Bot Manager is working to prevent such attacks, especially with SQL injection and XSS attempts from outside entities. Regarding compliance with PCI DSS, we don't have any issues currently; we are also compliant with ISO 27001, and our applications onboarded on the Radware Cloud WAF Service operate without compliance issues.

We are using the web DDoS protection such as HTTP, L7 in the Radware Cloud WAF Service, and it is effective for us; we experienced an attack from the external side last month, which Radware Cloud WAF Service effectively prevented. 

Overall, I would rate the Radware Cloud WAF Service a nine out of ten.

My use case for Radware Cloud WAF Service is that we have Radware as one of our products for security protocols that we have established at our organization. Whenever there is a cloud security alert, we check Radware services so that we can mitigate the alerts.

What I appreciate the most about Radware Cloud WAF Service is the API management. The API information that they provide is excellent. The hidden and non-discoverable APIs information available with Radware Cloud WAF Service is really great.

I cannot share some important details of the incident that we received. That said, thanks to this feature, we were able to mitigate a threat. The information they provide and the discovery they do really help us out in some incidents.

They also help us meet compliance requirements. Being a big organization, we have to meet certain compliance standards, and for the PCI DSS, this product really helps us out.

Radware Cloud WAF Service is a comprehensive tool, and my functionality with it is limited as I'm working on multiple things at a time as a security consultant. In our organization, only specific tasks are assigned to a single individual. That's why I'm primarily focused on API security and sometimes DDoS attacks.

Radware Cloud WAF Service integrates very well with other applications and services; we have Microsoft TI tool with us, and it's integrated efficiently. We receive the alerts on time.

Regarding zero-day attacks, we are fortunate that we haven't received any as of now. For API security, I have closely seen how Radware Cloud WAF Service has helped us twice this year.

We use Radware Cloud WAF Service for our security purposes. We have a symbiotic relationship with Radware Cloud WAF Service. They provide us with information and necessary security steps, and we use it for our investigation or threat hunting.

As for the downsides of Radware Cloud WAF Service, I would surely appreciate some AI integration with report management. Whenever we handle an incident, we have to generate many reports. We have to get data, information, and screenshots on multiple things. A future feature in Radware Cloud WAF Service that could give us a presentable report for our stakeholders would be a really great addition.

I have been using Radware Cloud WAF Service for about 18 months.

I have never seen any lagging, crashing, or downtime with Radware Cloud WAF Service.

The cloud engineering team has told us it's really scalable. Whenever we deploy something or integrate this, it's really flexible with the DevOps and DevSecOps teams.

I have never contacted the technical support or customer support. We have communication through emails; nothing very technical.

Positive

The learning curve for using Radware Cloud WAF Service is very easy. There is nothing too complex about it.

We have these Radware information sessions and emails coming up to tell us the latest about what's happening in the cyber environment. They provide information on basic concepts and where to find it in the emails. Even a beginner can learn it within ten days.

Radware Cloud WAF Service does not require any maintenance on my end.

I have never used any alternatives to Radware Cloud WAF Service. In my previous company and currently at our company, it has been Radware Cloud WAF Service.

The source blocking feature is not utilized here as we use a different solution for source blocking. My colleague handles the Bot Manager aspects. Everyone here has different tasks, roles, and responsibilities, and we get assigned to specific incidents.

I rate Radware Cloud WAF Service nine out of ten.

My use case for Radware Cloud WAF Service is to block all IPs and geo-locations that are not required in the organization.

Blocking based on geolocation is very helpful.

The automated analytics for analyzing events are beneficial for automation and make it easier for analysts working in the SOC. It is useful for analytical purposes as it helps us understand how we can perform various activities that Radware Cloud WAF Service belongs to.

Radware Cloud WAF Service has reduced our false positive rate by more than 50%. Regarding the blocking feature, Radware Cloud WAF Service is one of the best tools as we can easily block and reduce our alerts through IP blocking. We utilize CDN services with Radware Cloud WAF Service, and although it was initially challenging to understand, once we grasped it, it became easy for us.

I am using web DDoS protection with Radware Cloud WAF Service, and it is a very good product for protecting our businesses. The WAF protection is excellent and does not require any improvements as it is already working effectively and is executable. Radware Cloud WAF Service is really good for protecting against zero-day attacks as it protects our organization and businesses effectively. For patching purposes, once a zero-day attack has been exploited, we can block some geo-locations to prevent other attackers from targeting us.

Compared to other Cloud WAFs, Radware Cloud WAF Service is one of the best since it blocks for protection purposes within 15 to 20 minutes when we raise an incident, while it takes longer for others to implement geo-fencing and related protections.

The area that can improve with Radware Cloud WAF Service is the speed at which they block geo-fencing and IP for P1 cases, which currently takes about an hour. If they could reduce that to ten to 15 minutes, it would be easier for us.

I have been using Radware Cloud WAF Service for one and a half years.

I rate the stability of Radware Cloud WAF Service as ten out of ten, as there are no glitches, and when they occasionally happen, they notify us, making it easier than other services.

More than 500 users are using Radware Cloud WAF Service.

I would rate the technical support as ten out of ten.

Positive

I find the solution easy to deploy.

The pricing is moderate, making it affordable for any business and not overly costly.

I definitely recommend Radware Cloud WAF Service products to other users as it is comparatively good, not very costly, and the service they provide is among the best. 

I rate this solution ten out of ten.

My use case for the Radware Cloud WAF Service involves monitoring it as I am on a Security Operations Center team, and we have to monitor the traffic for any potential threats. We just monitor that for the onboarded sites.

The combination of negative and behavioral-based positive security models is very important for the security strategy of every organization, making it important to adopt this strategy.

We are using the automated source blocking feature as it blocks whenever high-volume traffic is detected on any attack side. The proactive and holistic approach based on cross-module correlation has been effective in protecting applications. We have integrated Radware with many applications, and Radware is more positively effective compared to others.

In terms of threat management, the real-time BLA detection and mitigation from Radware Cloud WAF Service effectively detects bot traffic and mitigates it by recognizing the traffic patterns from bots. For customers using the PCI DSS 4 extension compliance, Radware Cloud WAF Service helps to remediate vulnerabilities by providing scores based on the application's vulnerability scans conducted periodically, thereby assisting in reducing vulnerabilities and achieving higher scores.

The best features of Radware Cloud WAF Service are the auto-mitigation and detecting web application vulnerabilities from the OWASP Top 10 and the DDoS protection. The AI feature is newly introduced. What makes the Radware Cloud WAF Service effective is the auto-mitigation features, and it balances the load of the website. Due to the WAF, the applications won't be getting any impact from threats or attacks.

Radware Cloud WAF Service has saved a lot of time. Before integrating any applications, there was no security, maybe just local website firewalls which were not very effective, but once we onboarded the Cloud WAF, it became a lot easier to manage threats. It saves approximately 60% of my time.

For areas of improvement in Radware Cloud WAF Service, support and analytics need to improve in a way that first-time users can easily navigate through every detail. Regarding the automated analytics for looking at events in the Radware Cloud WAF Service, analytics could be easier. While we are used to Radware Cloud WAF and find it easy to navigate through the analytics and analyze traffic, for any new person, it could be more complex to understand.

I have been using the Radware Cloud WAF Service for more than three years.

I would rate the stability of Radware Cloud WAF Service as an eight out of ten.

I would rate the scalability of Radware Cloud WAF Service as a seven out of ten.

I would rate the support from Radware Cloud WAF Service a seven out of ten.

Positive

It saves about 60% of time.

Regarding pricing, Radware Cloud WAF Service is cheaper than other products. It is affordable and positioned at an average cost, not too high or too low.

When comparing Radware Cloud WAF Service with other WAF software such as Akamai, there are limitations, as Akamai runs on an edge-based model, while Radware offers cloud, on-premise, and hybrid options.

We are using web protection, which is a part of the Radware Cloud WAF Service. Regarding web protection, we are onboarding applications specifically for website protection. 

Regarding zero-day attacks, the Cloud WAF is actually quite effective. According to Radware's documentation and guides, it learns from every piece of traffic received by an application. This means it can analyze the traffic from each application and related traffic, allowing it to identify and block potentially harmful traffic. Overall, it’s a good solution.

Radware Cloud WAF Service is easy in terms of auto-mitigation, though some features are complex for first-time users, but once you get used to it, it becomes easy.

I would rate Radware Cloud WAF Service an eight out of ten.

We are choosing Radware Cloud WAF Service over traditional WAF because it has API first behavioral protection, advanced bot defense, and layer 7 web DDoS capability. It was chosen because of the hybrid and Cloud native app environment. For internal and external customers, we have approximately 1300 plus customers in our data center colocation, and all of them are using Radware Cloud WAF Service.

There are various use cases for Radware Cloud WAF Service. One is about securing public-facing portals, internal applications, and APIs, including REST API and GraphQL API. The deployed assess provides services to internal IT customers and external customers. This WAF is configured in reverse proxy mode plus API security module, and it is integrated with CI/CD pipeline for secure application development.

We have been using Radware Cloud WAF Service as it supports integration with CDN services such as Akamai, Cloudflare, and AWS CloudFront. Radware has CDN nodes for optimized delivery and protection. However, we have been using AWS CloudFront currently, but I'm in discussion with the Radware team about acquiring more Cloud WAF licenses, along with Cloud DDoS, to enhance Cloud DDoS protection capability. They have recently launched Cyber Controller Plus, so I'm going to procure Cyber Controller Plus.;

Automatic API discovery and schema validation is something we have appreciated about Radware Cloud WAF Service. It has automatic API discovery, protection against injection, abuse, and credential stuffing. It also has token-based authentication and enforcement, along with rate limiting. Bot and threat protection is another excellent feature.

It eliminates manual API inventory and documents and streamlines the security policy creation. It reduced the work for developers and the SOC workload because with a large SOC team, it helped to offload and eliminate overhead costs, providing SOC people with better resources.

Automatic threat detection in blocking and detecting without manual intervention is essential. Scalability is another benefit because it has Cloud native architecture. Cloud native architecture is readily scalable, requiring no hardware maintenance.

I see areas in Radware Cloud WAF Service for improvement, specifically in its initial tuning period, because the machine learning model takes two to three weeks for baseline behavior establishment. Closely monitoring alerts during this period is essential to avoid false positives. 

There's an alert noise issue; during the early stages, we received a high volume of alerts for minor issues, requiring collaboration with the SOC team to fine-tune thresholds and concentrate on genuine threats. 

The documentation is not up to par, as while the platform's system is robust, the documentation, particularly for API integration, could be more developer-friendly with real-world use cases.

We have been working with Radware Cloud WAF Service for almost four and half to five years now.

My experience with the technical support of Radware Cloud WAF Service is that they are excellent, and I have established a strong relationship with the executive leadership up to Roy, the CEO. They provide excellent support.

My experience with the pricing, setup costs, and licensing of Radware Cloud WAF Service is positive because I'm a Radware shop. I have all the Radware products, so my feedback is purely positive.

I have seen a return on investment with Radware Cloud WAF Service since I have been providing support and selling it as a service to customers.

When looking into Radware Cloud WAF Service, I evaluated F5 and Fortinet as other options.

We have been using many products provided by Radware. API discovery in Radware Cloud WAF Service was straightforward. Although initially, our people were new to Radware, and we had some challenges in the initial phase with false positives and early learning phases, especially with custom applications. Over time, with its intuitive UI, we were able to implement it quickly; my team learned and started working on it.

Radware Cloud WAF Service is integrated with SIEM and our SOC team of 75 people. Initially, during the early phase, false positives were common because SIEM was learning the traffic pattern, monitoring the logs, and adjusting the sensitivity. We accomplished policy tuning efficiently by manually fine-tuning the security parameters after analyzing the pattern and adjusting the threshold to reduce noise.

Radware Cloud WAF Service has been doing excellent work in protecting against zero-day attacks. We are using the automated source blocking feature. It has significantly helped our compliance efforts and helps maintain business continuity with its DDoS protection capabilities, which we utilize through real-time behavior-based detection using machine learning.

I rate Radware Cloud WAF Service eight out of ten.

My use case for Radware Cloud WAF Service is for blocking malicious IP addresses.

Radware Cloud WAF Service blocks threats effectively, providing a comprehensive report that shows the traffic and denied traffic from malicious IPs or specific countries, so I am satisfied. 

Radware Cloud WAF Service has reduced the false positive rate, and it's beneficial for our organization. By using Radware Cloud WAF Service, 30% to 40% of false positives are reduced.

For zero-day attacks, Radware Cloud WAF Service integrates threat intel, which detects anomalous traffic and blocks it automatically, preventing attackers from entering our organization or attacking our domains. Source blocking is effective because it has good capability to handle things automatically without human intervention, as a human cannot handle all the alerts and traffic.

The real-time BLA detection and mitigation of Radware Cloud WAF Service strongly performs to mitigate and take action against contamination. Radware Cloud WAF Service is quite effective and handles all traffic to HTTP or HTTPS effectively.

My organization is quite large, so we have to monitor activities promptly. Since it's not possible for a human to detect and address every threat, we implemented Radware Cloud WAF Service, which automatically detects and prevents DDoS threats and traffic without human intervention, making it better for us and protecting our organization.

With the automated analytics of Radware Cloud WAF Service, if multiple logins occur from the same malicious IP in the same pattern, the AI automatically recognizes it and takes the appropriate action, such as blocking or allowing, which is beneficial for us.

Improvement areas could be some of the AI capabilities related to false positives. The required IP addresses sometimes get blocked, so that needs to be enhanced. The AI recognizing features can be improved. Recognition aspects could be refined; it's performing at almost 99%, so there's a small margin for improvement.

I have been using Radware Cloud WAF Service for three years in my organization.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

We have about 35 users working with this solution.

I would rate their customer support a ten out of ten.

Positive

It is easy. It takes 10 to 15 days.

The pricing for Radware Cloud WAF Service is moderate; it's not expensive. We can't say it's low and we can't say high; it's moderate, and I got that perfect point.

It is easier to use with a moderate cost than others.

To assess Radware Cloud WAF Service for blocking unknown threats and attacks, we have found that if an IP is identified as malicious, we can block it, and we utilize the graph chart provided. Using the CDN with Radware Cloud WAF Service is easy to implement and use; it's not a headache for us.

I would rate Radware Cloud WAF Service a nine out of ten.

I am using Radware Cloud WAF and have been using it for the last five years. Recently, I considered deploying Radware Discovery API. I have taken a proof of concept of Radware Discovery and plan to onboard it in the next one or two months. 

Additionally, it is essential for reducing DDoS attacks within my organization.

We have had a very good experience with Radware Cloud. It has significantly reduced attacks on our applications. All our critical applications are onboarded to Radware, which uses AI to automatically learn behavior patterns and refine security policies. 

It also provides comprehensive protection against the top ten web application security risks. Importantly, we have not experienced any zero-day attacks because Radware Cloud offers protection against emerging threats. The Emergency Response Team is very active, and I consistently receive excellent responses from them.

It's a very comprehensive and user-friendly solution. It's easy to implement and integrate. We also have found it's easy to reach support if we need help.

The solution has helped us enhance our cyber security posture. It's good for data protection. We've been able to protect our public-facing infrastructure.

We haven't had any incidents or compromises in the entire three years we've used Radware.

The Cloud WAF Service blocks unknown threats and attacks effectively.

The analytics are very good.

The API discovery feature is very helpful, and end-to-end API protection is useful. Everything is encrypted to ensure effective protection. We get Layer 7 protection from it.

The API discovery is a very useful feature. It is easy to use. A few months before, I did a demo to learn more. We can see which APIs are being used or not. It helps us discover and remove unused APIs. In our case, we found 20 APIs that were not used by the team.

We use the CDN features. It's pretty easy to use the combination of CDN and Cloud WAF. It helps your Radware Cloud connect with the nearest server or the Redware server. We have multiple servers worldwide, so this is useful for us.

Integration is very easy. Sometimes, we have 10 to 15 applications hosted on the cloud. It's very easy to add applications. It's not complicated.

From the Radware cloud, it's integrated with our SOC. All the logs are received by the SOC.

An area of improvement is the visibility at the attack level. Management often asks for detailed reporting on attacks such as botnet and zero-day attacks, including the number of attacks within a month, week, or day. Improving dashboard capabilities to provide this information clearly for management is crucial.

They need to improve their reporting. We need to present our management with reports and we need better options for reporting. They don't want lengthy reports. They need something that is one to two pages and includes everything - a more high-level document with the most important information.

I have been using Radware Cloud WAF for the last five years.

I give the stability a score of 9.5 out of ten. I have never encountered downtime, maintenance-related issues, or latency. As a network and cybersecurity specialist, this provides me with peace of mind.

The scalability is fine. We haven't faced any issues.

The support provided by Radware's Emergency Response Team is excellent. They respond promptly to any queries or concerns raised via the hardware portal according to SLA expectations. The responses are satisfactory. Although I have not required much support in the past five years, whenever I did, I received answers to my queries.

Positive

I did not use a different solution previously.

The initial setup was straightforward. We onboarded critical applications in a prioritized manner, starting with the most critical and gradually moving to the others. The setup process was smooth, and we were able to get visibility from the applications post-onboarding.

I am not involved in purchasing or negotiating pricing, as this is done by our material team. My role is to recommend the products we need. The material team discusses with partners and determines the appropriate pricing.

I rate the overall solution a nine out of ten. By not giving a perfect score, I recognize that there is room for improvement, which is crucial for fostering development. It is essential for Radware to continue improving and researching advancements needed to enhance customer experience.