Radware Cloud WAF Service Reviews

We are a Data Center company with a lot of internal applications and customers. Our primary use case is to protect all internal applications hosted on Public Cloud with Radware Cloud WAF. This protection is crucial for safeguarding our customers' applications from external threats and ensuring high availability and security.

The most important aspect of Radware Cloud WAF is that it is over the cloud, offering a comprehensive solution that includes WAF, API protection, bots, and Layer 7 DDoS. This combination efficiently blocks a large number of unknown threats and ensures high security and uptime for our internal applications as well as our customers' applications, making it a revenue-generating tool. Cloud WAF provides excellent analytical dashboards that allow us to report, track, and resolve many issues quickly.

The reporting features could be more intuitive with more real-time monitoring, which would help make faster decisions. While false positives have reduced by 35%, more granular control can simplify it for new users. The initial complexity should be reduced to make it simpler for new customers. Furthermore, support staff needs to be more proactive so that issues can be resolved at lower levels without escalation.

I have been using Radware Cloud WAF for four years.

There has been downtime only once in the last year. Otherwise, the product has been stable.

Since it's a Cloud WAF, it is always scalable. We can subscribe to more applications and protections as needed.

We have ERT premium support with a five-minute SLA, and the service has been reliable. We have additional support from Radware management. The quality of support is excellent, and we haven't faced any major issues.

Positive

Previously, I used to work with F5 WAF in my earlier company, not the current one.

The initial setup was complex and took a long time to complete.

We used a dedicated team for deployment as we wanted to train our team thoroughly.

Radware Cloud WAF has helped reduce false positives and efforts, which in turn, improved the total cost of ownership by freeing up time to focus on other projects.

Pricing could be more competitive, especially for smaller customers. However, the technical excellence of the product balances out the pricing aspect.

Earlier, I used F5 WAF in a different company.

Overall, I would rate Cloud WAF nine out of ten. 

Despite its initial complexity, the product is a one-stop shop for our cloud security needs. It integrates well with applications, simplifying protection and operations. 

I recommend Radware can make further improvements in pricing and simplifying initial use for new customers.

The core use cases for Radware Cloud WAF Service are web application firewall functionality, DDoS protection, and protection against zero-day vulnerability and emerging threats.

The most valuable aspect of Radware Cloud WAF Service is that it supports mode detection and provides email alerts on sudden alert spikes and early warnings. The most advanced feature is the DDoS protection and the way this web handles DDoS attacks, as I am currently working in the SOC team and managing the Radware administration part.

Regarding zero-day attacks, Radware Cloud WAF Service helps us actively receive early warnings, and we raise those to the relevant teams. The services related to zero-day attacks and threat intelligence are very effective.

The dashboard of Radware Cloud WAF Service could be more interactive and user-friendly. While implementing it for the first time, it requires core technical knowledge, and without that knowledge, implementation can be quite challenging. However, the support from Radware is excellent when support cases are raised.

I have been using Radware Cloud WAF Service for three and a half years in my career after joining my current organization.

Regarding stability, I have not experienced any lagging, crashing, or downtime in my experience with Radware Cloud WAF Service.

Radware Cloud WAF Service is scalable; once we set up the entire service and it is up to date, we can onboard as many applications as our license allows.

I have contacted Radware's technical support many times, and their quality is very good as we receive timely support according to the case priority. Their engineers are skilled and capable enough to resolve issues quickly.

Positive

I have used alternatives to Radware Cloud WAF Service, specifically Akamai Web Service, which is a very popular service. One of its disadvantages is that it does not support custom ports like Radware does.

The entire process of onboarding the application for the first time with Radware Cloud WAF Service requires core technical knowledge, but with the support of Radware, it becomes much easier.

The pricing of Radware Cloud WAF Service is lower compared to Akamai, and while the price in the industry is acceptable, it is not too expensive.

The combination of negative and behavioral-based positive security models provided by Radware Cloud WAF Service is very important for my organization's security strategy, as the main purpose of Radware WAF is security.

Regarding maintenance, we receive quarterly reports, which are sufficient.

On a scale of 1-10, I rate Radware Cloud WAF Service an 8.

In my organization, we are focused on using various security measures to protect against threats, particularly those related to bots. The key product we have employed is Radware Cloud WAF Service, which primarily provides DDoS protection. This service helps us block large-scale attacks aimed at exploiting network vulnerabilities and other weaknesses in our applications.

Additionally, we utilize the Radware Cloud WAF Service to safeguard our websites and application APIs from threats like SQL injection and other malicious activities, employing various authentication methods for enhanced security. I am also working on learning about bot management, as I have been assigned a task in this area. So far, I have been studying behavioral analysis and detection methods that can identify and block malicious bots effectively.

I have worked with the API feature of Radware Cloud WAF Service and have experience with the GraphQL endpoint. While I haven't worked on advanced web attacks, I am familiar with common ones. As many applications heavily rely on APIs, it's obvious for attackers to target them. The WAF provides mobile and web app backend security for protection, and I have mainly used the bot detection and mitigation feature to detect and block malicious bot attacks.

Zero-day attacks can be particularly challenging because they exploit vulnerabilities that are not yet known to the software vendor. However, certain solutions can effectively address these threats. One of the key benefits of Radware Cloud WAF Service is its ability to detect potential vulnerabilities before they can be exploited by attackers.

Currently, there is a growing trend towards using machine learning and AI models, which can provide proactive defenses against zero-day vulnerabilities. As we know, a zero-day vulnerability can pose significant risks to any organization or system. One concept that is crucial in this context is behavior-based analysis and detection. This involves analyzing incoming suspicious requests to identify patterns that do not align with normal behavior. When such anomalies are detected, the system can alert administrators to take appropriate action. Another important feature is virtual patching. This technique can block known vulnerabilities at the edge, even before an official patch is released by the vendor. This proactive approach helps mitigate risks while waiting for a formal solution.

Source blocking is a method we employ in our organization to block incoming requests from specific sources based on the type of traffic. This approach helps us effectively identify and filter out malicious or unwanted traffic. By recognizing certain requests as malicious, we can prevent them from reaching our systems. We have blocked specific IP ranges, known malicious URLs, and other sources based on geographical locations, depending on our organization's needs. To strengthen our defenses, we use various filters tailored to our requirements, along with threat intelligence feeds and behavioral patterns. Overall, source blocking plays a crucial role in preventing attacks and enhancing our security posture, especially against brute force attacks originating from known malicious IPs.

Radware Bot Manager, a security tool that helps identify and manage bot traffic and malicious bot attacks, is important for organizations that face heavy traffic loads. Bot Manager helps reduce bot attacks and secure us from threats. I have experience with behavior analytics, custom rules, and the bot detection engine, which focuses on identifying malicious bots and securing APIs from automated abuse.

What I appreciate most about Radware Cloud WAF Service is that it includes all the aspects that an organization wants to run smoothly, such as overall configuration and real-time protection methods, customization of rule creation, fast deployment, and vital visibility in environment maintenance. Its maintenance cost is very low unlike others, and the real-time dashboards show us who is attacking and what types of attacks are happening in our environment or any endpoints or devices being targeted.

I appreciate the real-time protection part, especially against SQL injection and Zero-Day exploits. Radware Cloud WAF Service is beneficial for detecting Zero-Day vulnerabilities before they are exploited by attackers. With a focus on machine learning and AI models, it offers proactive defenses against these vulnerabilities. The WAF utilizes behavior-based analysis to identify anomalous requests and can virtually block known vulnerabilities at the edge before vendor patches are released.

In some cases, if the configuration of rules is too strict or complex, there might be a possibility that genuine traffic gets blocked or considered a false positive. The complexity can be lowered to improve the understanding for users or customers.

I have been using Radware Cloud WAF Service for nearly one year.

I have contacted the customer support of Radware and generally received responses within the scheduled framework, ensuring that my tasks are completed on time. I am quite satisfied with their customer support.

Positive

The initial deployment involves a specific set of stages that are quite transparent. There are several steps we typically encounter during this process. While I wouldn't describe the configuration as overly complex, I would categorize it as moderate in difficulty. I would rate it as moderate. It’s not too challenging, but it does require some attention.

I would rate Radware Cloud WAF Service a nine out of ten.

Since many of our businesses are on this application and web applications, we have a huge environment. There are more than hundreds of applications that we have. We are using it for WAF-based production, for bot and for DDoS protection.

The interface is quite concise and clear, and it is easy to navigate. I have worked with other WAFs, however, Radware Cloud WAF Service is quite easy to navigate compared to others. 

I have never had a problem with the application or any websites. Many threats are getting blocked here. Since I joined this organization and had the opportunity to compare early deployment statistics with current ones, we can see that many threats have been blocked, resulting in a very good return on investment.

With Bot Manager, we get many detections which are actually blocked, especially related to application headers. Malicious user agents are something that we get frequently and it has been blocking the majority of the threats, almost about 97-98% of threats are blocked, almost to 99% itself.

Our first line of defense for our web applications, especially on the cloud, is Radware Cloud WAF Service. Whatever comes through, including reconnaissance attempts, different types of targeted attacks, targeted threat vectors and many APT groups targeting our environment, they are getting blocked in the recon phase itself thanks to the Bot Manager.

They can work more on the documentation part. The documentation I found is quite vague. There can be more practical examples, and since we are a paid customer, they can give us arranged training. They can arrange sessions or trainings regarding using Radware Cloud WAF Service and what further things we can do. I recently learned about source blocking, so training or sessions can be organized, along with improving documentation with practical examples.

I have been using it for two and a half years since joining the new company. The company has been using the solution for quite a long time.

In the last two and a half years, I have not seen any kind of lags or issues.

Scalability is good. Our organization is quite big, so we keep on adding applications behind it. I never found an issue with lagging or non-working components due to scaling limitations. The solution is providing scalability in all aspects.

The speed and quality was good. We got a good quick turnaround time, especially in cases where we were actually under attacks and wanted blocking to work as soon as possible.

Positive

In my previous company, I have worked with other WAFs, including the F5 WAF and the cloud native WAF. I have also worked with Akamai. I found Radware Cloud WAF Service to be better compared to others.

The initial setup was quite easy. I moved around, did some R&D on my own, and it was easy to navigate.There are clear and concise filters that I can apply. Everything was on the screen. Whatever I wanted to try or do was available on the screen. I could move around in the console and try all kinds of experiments. It was quite easy and user-friendly.

Since I joined this organization and had the opportunity to compare early deployment statistics with current ones, we can see that many threats have been blocked, resulting in a very good return on investment.

Pricing is something that is decided by the top management. I am more of an operations person.

We do not use the CDN services.

I have not used the API Discovery completely, however, I have checked out the API security that comes under the WAF part, specifically the threat detection part that we are focused on. I am hearing about source blocking for the first time, which would be helpful as we would not have to manually block it.

We are using the DDoS protection and it has been blocking many DDoS attacks that we have observed. Many times when traffic slips through our DDoS protection pipelines, they are definitely getting blocked by Radware Cloud WAF Service, including anomalous rate limiting.

It took me about a week to learn the system, as I am a quick learner. There is no required maintenance as it is already taken care of by Radware. We get notifications regarding maintenance upgrades and everything, mainly for the IP blocking parts.

On a scale of one to ten, I rate this solution a nine.

We are in the post-implementation phase of using Radware Cloud WAF Service right now, but we have been using a Radware solution for about six years in our company.

Right now, we are working on transitioning our systems to the cloud. We have just obtained the license and are currently testing the system as part of the implementation process. This started back in January of this year, and we are approaching one year of use. While we are in the post-implementation phase, our corporate structure has a lot of approval processes that require multiple steps. Because of this, we can't fully transition to the protection capabilities of Cloud WAF just yet. However, we are actively using and testing it, and we are taking note of all the results.

Our company works in banking, and every day we face malicious and suspicious requests incoming to our site. Radware Cloud WAF Service is helping protect against these threats effectively. When we were using physical hardware, it would become overloaded and go down, making it impossible to protect our site. Radware Cloud WAF Service protects all of the backend applications and services by defending against malicious and suspicious requests.

Automated analytics are easy to use. When we were using manual detection, it was difficult to detect certain traffic patterns. The automatic detection is very effective.

Radware Cloud WAF Service reduces false positives compared to our previous on-premises system. After implementing Radware Cloud WAF Service, I observed the alerts and noticed a significant reduction in false positive blocking. It has more advanced capabilities, including header request searching.

We have integrated it only with Splunk so far, and it's easy to integrate.

Bot Manager's configuration is straightforward. We input IP addresses, local IPs, and configure log sending to Splunk.

The interface is really cool, especially with the dark theme. It looks clean and organized, which I appreciate. It's not complicated at all.

Support is prompt and efficient. The response to our support tickets has been quick, and I'm really happy with that. Overall, I'm glad with my experience so far.

It is easy to use for me. I've already been working with the hardware and the portal for two years now. I know where everything is, so I find it easy.

They might need to add more integrations. Adding AI-based search capabilities would be beneficial, allowing us to search for the origins of bot attacks by country. The behavioral analysis could be made more efficient. While Bot Manager has many of these features already, there is room for further enhancement.

It is stable.

It is scalable. 

The support team responds quickly to our tickets, and I am very satisfied with their service.

Positive

The Radware deployment process was straightforward and easy to install. Our company has many approvals and processes, so it took over two weeks.

Our SOC team with ten people works with this solution. Our company has two teams working on security systems with three levels of engineers. I am a level two engineer handling configuration and monitoring. The level three engineers manage major updates and have comprehensive knowledge of the system.

We conducted POC testing with three systems: Akamai, Imperva, and Radware Cloud WAF Service. We only tested Imperva and Radware because Akamai did not meet our bank corporation's policies regarding reseller companies. Imperva had too many issues.

The Imperva cloud solution was located in Hong Kong, which was too far from Mongolia and caused internet connectivity issues. After testing it, we were not satisfied. We then tested Radware Cloud WAF Service and found it easier to use, particularly since we were already using Radware Bot Manager in the cloud.

Currently, we are not using the API discovery feature as we are in the pre-implementation phase of API protection. We are focusing on getting Radware Cloud WAF Service into production first. After that, we plan to implement additional features such as API security and customer security.

In Mongolia, we do not have a CDN and are currently using Akamai CDN. The situation in Mongolia is restricted and somewhat complicated.

I would recommend this solution. Radware is the largest company in the security solutions industry. They have many prototypes and numerous integrations. This is an important aspect of the purchasing process. Another key point is their support; they provide a quick response to your inquiries. Their service is easy to use. With Radware's cloud solutions, they cover all aspects of security effectively. They are able to provide comprehensive coverage for your needs.

I would rate Radware Cloud WAF Service an eight out of ten.

Our primary use case is defense against DDoS. We are using Radware Cloud WAF and load balancer solutions. We use it for our cloud infrastructure and various applications focusing on various security aspects.

It integrates seamlessly with our infrastructure, allowing us to manage DDoS attacks and load balancing efficiently.

The ability to easily handle configurations and the user-friendly nature of the solution make it accessible for various team members, including L1 and L2 users.

The load balancer is very good for DR purposes. Previously, our client had issues with DR, but it is no longer an issue. We can directly move from primary to secondary.

Radware Bot Manager has been very useful. If any user tries to save a password on a mobile or a browser, it blocks that. We can see all the details about the traffic and port requests.

API integration and documentation need to be improved. There should be more detailed documentation for API usage, rate limiting, CNAME, and DDoS functions. A lot of articles need to be added to their portal.

Additionally, enhancing the capabilities for bypass functions where users can manage URLs more flexibly, including the use of wildcard characters, would be beneficial.

We have been working with Radware Cloud WAF Service for a minimum of 18 months.

There have generally been no stability issues.

Radware Cloud WAF is scalable and accommodates our growing needs effectively.

We get proper solutions from them. The salesperson and other support resources have been good at providing solutions. I would rate their technical support an eight out of ten. 

Positive

I have used F5 which is a physical WAF solution. We switched to Radware Cloud WAF for its cloud-oriented capabilities and user-friendly interface, although the F5 solution was effective too.

Radware provides only three URLs for whitelisting, whereas F5 supports multiple URLs for whitelisting. Radware is also more complicated for customers when it comes to bypassing.

The initial setup of Radware Cloud WAF is straightforward, allowing for easy configuration and integration within our existing infrastructure.

It does not require maintenance from our side. We just have to ensure that we have the correct licenses. They inform us of any maintenance window in advance.

We get good direct support from Pankaj at Radware. He has helped us with the implementation and understanding of Radware solutions. In case of any issues, I can ping him and get more information or resolution.

It has saved us time and money.

I am not directly involved in pricing and setup cost discussions, but it seems that Radware offers a more cost-effective solution compared to F5. It is considered a good value for our budget.

Overall, I would rate Radware Cloud WAF as nine out of ten. It is a reliable solution with effective security features, though there are areas for improvement, particularly in API integration and documentation.

The use case is protection for all  web applications. This includes the applications we serve via critical workloads. We are utilizing Radware Cloud WAF Service for this protection.

In addition to protecting our production environment, we also implement Layer 7 protections, DDoS protections, and other security measures. We have established a detailed level of protection for all of our applications.

I am satisfied with Radware Cloud WAF Service's ability to block unknown threats and attacks, as the moment we enable protection for specific applications, it starts working. For instance, we receive results indicating whether there's any unusual activity. This system operates like Software as a Service (SaaS). You don't have to worry about the underlying algorithms or the conditions that need to be applied. It's essentially a plug-and-play solution, making it easy to use.

The automated analytics of Radware Cloud WAF Service are quite effective. They inspect and remediate DDoS attacks quickly by monitoring any suspicious activity and reporting it, demonstrating the power of their deployed algorithms.

I use the CDN service offered by Radware together with Radware Cloud WAF Service, and I find it feasible because it provides faster responses for users accessing our applications, especially when it's caching configurations and monitoring protection simultaneously.

Radware Cloud WAF Service has saved me more than 30% of my time, as it's very easy to spin up any application with just a few clicks.

I receive reports every 30 days. The live metrics are visible on their dashboard, showing the current status of all applications and the number of hits, including false positives.

The automated source blocking features of Radware Cloud WAF Service have a proactive and holistic approach. It effectively protects applications with default methods for any sort of protection, though some of those methods generate false positives that we need to adjust based on our needs.

In terms of compliance, we are following GDPR, and to adhere to this compliance, we have chosen the required region to ensure all incoming traffic is treated accordingly. I find Radware Cloud WAF Service good with respect to my compliance needs, providing services in all required regions.

I really appreciate the DDoS protection that Radware Cloud WAF Service provides, especially because it reacted well to multiple DDoS attacks on my applications in the last couple of months without any signs of issues being reported.

Their Network Operation Center (NOC) is very proactive in monitoring the health status and metrics continuously. Whenever they identify an issue, they do not delay in informing me or my team, making them very proactive.

Radware Cloud WAF Service has helped reduce false positives, but we do experience some false positives, such as when certain URIs or headers are incorrectly flagged as malicious, and we need Radware to refine those to treat as genuine traffic, achieving about a 25% reduction in false positives.

There is an area for improvement in Radware Cloud WAF Service, specifically regarding the visibility of default algorithms or source blocking systems that create false positives, as it would help if customers could see these blocks to isolate problems quickly without needing to reach out for tech support. There are various blocking systems in place, including some default algorithms that can block a lot of content. Unfortunately, this can lead to false positives, making it difficult to determine whether an issue is being caused by Radware WAF or something else. As a customer, we can't see what's happening behind the scenes because it's a SaaS service. I would suggest that if there are any blocks, they should be clearly visible to us. This would allow us to isolate the problem and understand whether it's related to the WAF or another source. Currently, these blockings are not transparent; they remain hidden until we reach out to the tech support teams. Often, we only find out about the issues from them, which leaves us unaware of the problems as they aren't displayed in the portal. These behind-the-scenes elements should be available. I understand it would have read-only access. That's acceptable, but it should be visible so we can isolate issues quickly.

We have been using it for the last one and a half years.

The service is always available to us. I would rate the stability of Radware Cloud WAF Service as a nine out of ten, as we rarely experience downtime, bugs, or glitches.

I rate the scalability of Radware Cloud WAF Service as a seven out of ten, fitting well with our approximately 8,000 users.

I rate the technical support of Radware Cloud WAF Service as an eight out of ten.

Positive

I find the deployment of Radware Cloud WAF Service to be moderate in complexity, as it takes months to complete based upon requirement

More than 8,000 users work with Radware Cloud WAF Service. While it does require maintenance, it is not a concern for us since it's a SaaS service, meaning they maintain everything on the backend while we focus on uptime.

The pricing for Radware Cloud WAF Service is cost-efficient for us, especially since we have opted for a big bundle that includes not only the Cloud WAF but also Radware other products.

We did not assess any other vendor as we have been using Radware from the beginning and are already familiar with its features, knowing it is fully integrated with our requirements and custom ports for web applications. While comparing Radware Cloud WAF Service with other WAF solutions, the biggest advantage is its seamless integration with my environment, and their tech support and NOC support are better than several other WAF services.

The combination of negative and behavioral-based positive security models is important for my security strategy, and we have defined a ratio of 70% to 30%, where it properly blocks what we define, and false positives are adjusted for all applications.

I would recommend Radware Cloud WAF Service to other users because it offers excellent WAF protection services that work like a plug-and-play solution without needing to worry about algorithms. However, the deployment time could be a drawback.

Overall, I would rate Radware Cloud WAF Service an eight out of ten.

I use Radware services to protect some web portals in my company from web application attacks. Specifically, I use their web application firewall.

I like the reliability of the system since it's quite reliable. Additionally, I appreciate the user interface, particularly from the reporting point of view. Configuration can sometimes be tricky as I have to know where the options are, which isn't very intuitive. However, apart from this, it is a good product and very reliable for me.

Sometimes, I encounter issues with password reset, particularly in the last two weeks. I tried to access the system, and it didn't recognize my password, even though I hadn't changed it. When I attempted the password reset from the login page, I didn't receive any email. This indicates some reliability issues or problems within the management interface.

I have been using Radware Cloud WAF for something like three years.

The stability of the solution is very good. I would rate it as nine out of ten.

I haven't used any of the integration capabilities, however, I would rate the scalability as nine out of ten.

The technical support is very good. They are usually very fast in response, and I think they deserve a nine out of ten.

Positive

The initial setup was not heavy. It was quite simple, and with the support from Radware's technical and commercial teams, I could set up the system in monitoring mode before moving into production.

I had calls with the technical support of Radware and the commercial team. The team was supportive throughout the process.

I find Radware Cloud WAF to be a quite expensive product compared to others. However, the quality-to-price ratio is very good.

I highly recommend Radware Cloud WAF for its reliability and fast support. However, the cost is something to consider as it might be on the higher side. 

Overall, I would rate Radware Cloud WAF as nine out of ten.