Radware Cloud WAF Service Reviews

We are choosing Radware Cloud WAF Service over traditional WAF because it has API first behavioral protection, advanced bot defense, and layer 7 web DDoS capability. It was chosen because of the hybrid and Cloud native app environment. For internal and external customers, we have approximately 1300 plus customers in our data center colocation, and all of them are using Radware Cloud WAF Service.

There are various use cases for Radware Cloud WAF Service. One is about securing public-facing portals, internal applications, and APIs, including REST API and GraphQL API. The deployed assess provides services to internal IT customers and external customers. This WAF is configured in reverse proxy mode plus API security module, and it is integrated with CI/CD pipeline for secure application development.

We have been using Radware Cloud WAF Service as it supports integration with CDN services such as Akamai, Cloudflare, and AWS CloudFront. Radware has CDN nodes for optimized delivery and protection. However, we have been using AWS CloudFront currently, but I'm in discussion with the Radware team about acquiring more Cloud WAF licenses, along with Cloud DDoS, to enhance Cloud DDoS protection capability. They have recently launched Cyber Controller Plus, so I'm going to procure Cyber Controller Plus.;

Automatic API discovery and schema validation is something we have appreciated about Radware Cloud WAF Service. It has automatic API discovery, protection against injection, abuse, and credential stuffing. It also has token-based authentication and enforcement, along with rate limiting. Bot and threat protection is another excellent feature.

It eliminates manual API inventory and documents and streamlines the security policy creation. It reduced the work for developers and the SOC workload because with a large SOC team, it helped to offload and eliminate overhead costs, providing SOC people with better resources.

Automatic threat detection in blocking and detecting without manual intervention is essential. Scalability is another benefit because it has Cloud native architecture. Cloud native architecture is readily scalable, requiring no hardware maintenance.

I see areas in Radware Cloud WAF Service for improvement, specifically in its initial tuning period, because the machine learning model takes two to three weeks for baseline behavior establishment. Closely monitoring alerts during this period is essential to avoid false positives. 

There's an alert noise issue; during the early stages, we received a high volume of alerts for minor issues, requiring collaboration with the SOC team to fine-tune thresholds and concentrate on genuine threats. 

The documentation is not up to par, as while the platform's system is robust, the documentation, particularly for API integration, could be more developer-friendly with real-world use cases.

We have been working with Radware Cloud WAF Service for almost four and half to five years now.

My experience with the technical support of Radware Cloud WAF Service is that they are excellent, and I have established a strong relationship with the executive leadership up to Roy, the CEO. They provide excellent support.

My experience with the pricing, setup costs, and licensing of Radware Cloud WAF Service is positive because I'm a Radware shop. I have all the Radware products, so my feedback is purely positive.

I have seen a return on investment with Radware Cloud WAF Service since I have been providing support and selling it as a service to customers.

When looking into Radware Cloud WAF Service, I evaluated F5 and Fortinet as other options.

We have been using many products provided by Radware. API discovery in Radware Cloud WAF Service was straightforward. Although initially, our people were new to Radware, and we had some challenges in the initial phase with false positives and early learning phases, especially with custom applications. Over time, with its intuitive UI, we were able to implement it quickly; my team learned and started working on it.

Radware Cloud WAF Service is integrated with SIEM and our SOC team of 75 people. Initially, during the early phase, false positives were common because SIEM was learning the traffic pattern, monitoring the logs, and adjusting the sensitivity. We accomplished policy tuning efficiently by manually fine-tuning the security parameters after analyzing the pattern and adjusting the threshold to reduce noise.

Radware Cloud WAF Service has been doing excellent work in protecting against zero-day attacks. We are using the automated source blocking feature. It has significantly helped our compliance efforts and helps maintain business continuity with its DDoS protection capabilities, which we utilize through real-time behavior-based detection using machine learning.

I rate Radware Cloud WAF Service eight out of ten.

My use case for Radware Cloud WAF Service is for blocking malicious IP addresses.

Radware Cloud WAF Service blocks threats effectively, providing a comprehensive report that shows the traffic and denied traffic from malicious IPs or specific countries, so I am satisfied. 

Radware Cloud WAF Service has reduced the false positive rate, and it's beneficial for our organization. By using Radware Cloud WAF Service, 30% to 40% of false positives are reduced.

For zero-day attacks, Radware Cloud WAF Service integrates threat intel, which detects anomalous traffic and blocks it automatically, preventing attackers from entering our organization or attacking our domains. Source blocking is effective because it has good capability to handle things automatically without human intervention, as a human cannot handle all the alerts and traffic.

The real-time BLA detection and mitigation of Radware Cloud WAF Service strongly performs to mitigate and take action against contamination. Radware Cloud WAF Service is quite effective and handles all traffic to HTTP or HTTPS effectively.

My organization is quite large, so we have to monitor activities promptly. Since it's not possible for a human to detect and address every threat, we implemented Radware Cloud WAF Service, which automatically detects and prevents DDoS threats and traffic without human intervention, making it better for us and protecting our organization.

With the automated analytics of Radware Cloud WAF Service, if multiple logins occur from the same malicious IP in the same pattern, the AI automatically recognizes it and takes the appropriate action, such as blocking or allowing, which is beneficial for us.

Improvement areas could be some of the AI capabilities related to false positives. The required IP addresses sometimes get blocked, so that needs to be enhanced. The AI recognizing features can be improved. Recognition aspects could be refined; it's performing at almost 99%, so there's a small margin for improvement.

I have been using Radware Cloud WAF Service for three years in my organization.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

We have about 35 users working with this solution.

I would rate their customer support a ten out of ten.

Positive

It is easy. It takes 10 to 15 days.

The pricing for Radware Cloud WAF Service is moderate; it's not expensive. We can't say it's low and we can't say high; it's moderate, and I got that perfect point.

It is easier to use with a moderate cost than others.

To assess Radware Cloud WAF Service for blocking unknown threats and attacks, we have found that if an IP is identified as malicious, we can block it, and we utilize the graph chart provided. Using the CDN with Radware Cloud WAF Service is easy to implement and use; it's not a headache for us.

I would rate Radware Cloud WAF Service a nine out of ten.

The main use case for Radware Cloud WAF Service in my organization is blocking attacks. A specific example of a type of attack that I was able to block using Radware Cloud WAF Service is blocking DDoS attacks. I am referring to DDoS-type attacks.

Radware Cloud WAF Service detects and blocks this type of threat in my environment by blocking them and then showing them to me in interactive dashboards with the source IP addresses.

The dashboards work very well to understand the focus of the threat, the origin of the attacks, and to create interactive reports to explain in dashboards where each attack comes from and to block the sources.

The best features offered by Radware Cloud WAF Service are the dashboard and the ease of blocking attacks.

On a day-to-day basis, the most useful features of the dashboard make things easier for us because it blocks the attacks, preventing them from reaching the company's environments. In the dashboards, I get the IPs, the origin, a map showing where they are located, and the specific pages that are attacked.

Radware Cloud WAF Service positively impacts my organization as it saves us headaches when we have attacks since it blocks them. I have noticed a specific change in security, a reduction of incidents, and improvements in response times since I started using the tool, as problems have decreased with fewer attacks.

Radware Cloud WAF Service could be improved by making exporting dashboards easier.

I have been working in the area of systems administration for five years.

I consider Radware Cloud WAF Service to be stable in my environment.

I rate the scalability of Radware Cloud WAF Service as it adapts very well to growth or changes in my organization.

My experience with Radware Cloud WAF Service customer support could be better.

I did not use any other solution before implementing Radware Cloud WAF Service.

Before choosing Radware Cloud WAF Service, I did not evaluate other options.

I have seen a return on investment since I started using Radware Cloud WAF Service with time savings.

That time savings translates into my day-to-day work or my team's processes by eliminating the need for us to block the sources; Radware Cloud WAF Service blocks them automatically.

My experience with the pricing, implementation cost, and licenses of Radware Cloud WAF Service has been good. The only thing is that I would lower the price, but otherwise it's great.

My advice to other companies that are considering using Radware Cloud WAF Service is that they should buy it because it makes your work life better. I give Radware Cloud WAF Service a rating of 9 out of 10.

I use Radware Cloud WAF Service to protect customers from cyber attacks, mostly SQL injections, cross-site scripting, and degradation with DDoS attacks.

Almost every day, cyber attackers are trying to disrupt the correct functionality of the application for our customers, so I review the console in Radware Cloud WAF Service, searching for strange behavior. If I see something that is not in place, I mostly block via geolocation or IP address or by activating the advanced protection from the applications in the tenant for the customers.

Mostly, I also create different types of rules with Radware Cloud WAF Service, varying from redirections to blacklisting, to whitelisting, exceptions, rate limiting, and others to better protect the customers.

The best features Radware Cloud WAF Service offers are mostly the advanced protections because you only need to activate them, and they protect against a lot of today's most common OWASP attacks.

The advanced protections help me in my day-to-day work with Radware Cloud WAF Service because they are very effective as they attack mostly the OWASP Top 10, and they are easy to use because you only need to activate them, and by default, they block a vast gamut of cyber attacks today.

Before our customers purchased Radware Cloud WAF Service, they had a lot of breaches in their network, and after, we successfully lowered the attack rates, and by that, we protect their applications better.

Before Radware Cloud WAF Service, our customers had almost four or five million requests, and they were not always clean, but now with Radware Cloud WAF Service, we see that we block almost 95 or 96 percent of the attacks that we are receiving.

I think the things I want to improve in Radware Cloud WAF Service are, for example, the possibility to upload CSV files with IOCs, so we can load a lot of IOCs in one load instead of loading them one by one manually.

I also want the possibility of seeing traffic in real time because I only see a dashboard with the security events, but in regards to real time, I don't see something that tells me how the traffic behavior is.

I have been using Radware Cloud WAF Service for almost three years now.

Radware Cloud WAF Service is mostly stable.

I think Radware Cloud WAF Service scales pretty well because we add more applications or users, and we don't have a problem with that.

I have a good experience with customer support for Radware Cloud WAF Service; they tend to respond quickly to our cases and they help us really well with the cases.

Positive

I used Cloudflare and Imperva before Radware Cloud WAF Service, and we switched mostly because the security in Radware Cloud WAF Service console is easier to administrate than in the other providers.

Unfortunately, I don't have metrics for return on investment because I only administrate the console.

My experience with pricing, setup cost, and licensing for Radware Cloud WAF Service is good.

I evaluated Cloudflare and Imperva before choosing Radware Cloud WAF Service.

I invite others looking into using Radware Cloud WAF Service to try it and see all the different protections that the console can provide. I would rate this solution an 8 out of 10.

The main use case for which I use Radware Cloud WAF Service is the protection of web applications. I protect a web application from denial-of-service attacks using Radware Cloud WAF Service.

The best features that Radware Cloud WAF Service offers include the deployment, as it is very easy to implement, and the platform management is efficient.

The specific aspects that make the implementation process simple in my experience are the integration and the redirection to the web applications.

Radware Cloud WAF Service has enabled me to save time by viewing and monitoring the traffic that my applications receive, since it isolates the attacks or threats that my web applications face.

To make Radware Cloud WAF Service even more useful for my organization, I believe there should be greater integration with other tools, such as log tools.

I would rate it a 9 and not a 10 because the dashboard is sometimes not as intuitive as it could be for displaying the necessary information. You have to take a few extra steps in order to view the information you need.

I have been using Radware Cloud WAF Service for approximately 3 years.

I consider Radware Cloud WAF Service to be quite stable in its daily operation.

I would rate the scalability of Radware Cloud WAF Service as good, as it adapts well to the growth of my needs.

My experience with Radware Cloud WAF Service's customer support has been excellent, as the partner we have responds to us on time and as diligently as possible.

Before using Radware Cloud WAF Service, we did not have any solution previously.

I have seen time savings due to the visualization and monitoring of the attacks on the applications since I started using Radware Cloud WAF Service.

My experience with the pricing, implementation cost, and licensing of Radware Cloud WAF Service is that it costs what it is worth for what you receive.

Before choosing Radware Cloud WAF Service, I evaluated alternatives such as Barracuda and Cloudflare WAF.

The advice I would give to other companies considering implementing Radware Cloud WAF Service is to take into account that it is an excellent tool for protecting their applications. I would rate this solution a 9.

Radware Cloud WAF Service protects the web applications that are the APIs and transactional systems. In the WAF, all the protection is configured for the website and internal ticket sales system. In addition to everything related to the tickets, all APIs are protected, which is very useful for the microservices architecture and all the integrations with the different providers.

The best features offered by Radware Cloud WAF Service are the ease of integration, in addition to all the security it offers, the high availability it has, and the automatic updating of the solutions.

Radware Cloud WAF Service has had a positive impact with improvements in security. All issues related to incidents have been reduced, and it informs and gives control over any latency or any misuse that someone might try with an API.

Denial-of-service issues and the downtime of those APIs have been mitigated by approximately 30%, since previously, over a period of time, there were quite a few outages. With this integration of the tool to mitigate all those issues, it has improved in that sense.

Something that could be added to Radware Cloud WAF Service would be a bit more training and not having to depend so much on the vendor, because sometimes when you have to configure advanced policies it requires a lot of experience and dependence on the vendor to provide support throughout the implementation of those advanced policies.

The interface is quite intuitive, and there are no other improvements needed.

Radware Cloud WAF Service has been used for approximately two years.

Radware Cloud WAF Service is quite stable.

Radware Cloud WAF Service has been able to adapt as the organization has grown a lot in applications and APIs, and the tool has worked without any issues.

The experience with Radware Cloud WAF Service's customer support has been quite positive. They have always assisted quickly and without any issues whenever assistance has been needed.

No other solution was used before implementing Radware Cloud WAF Service.

The process of integrating Radware Cloud WAF Service into the environment was very quick. Everything really was very fast, and with the documentation provided, it was possible to do it easily and achieve the objective, which was to integrate the platform.

The organization is only a customer of the vendor.

All the benefits obtained have been in security, in prestige, and from using this type of tool for the operation.

The cost of Radware Cloud WAF Service is actually a bit high, but given all these benefits, the investment makes sense.

Other options in the market were evaluated, looking at different alternatives from different vendors. Palo Alto and Check Point were evaluated before deciding on Radware Cloud WAF Service.

Radware Cloud WAF Service is deployed in public cloud, directly on Radware's cloud in the public cloud. Being in the cloud is quite a strong point for Radware Cloud WAF Service.

Other companies considering using Radware Cloud WAF Service will find a very robust tool that has different types of applications for managing all the APIs, all the applications, and controlling the security of all the entities.

Everything important about Radware Cloud WAF Service has been covered in this interview. This interview is considered very complete and appropriate for the moment and for the product. This review has been given a rating of 9.

The core use cases for Radware Cloud WAF Service are web application firewall functionality, DDoS protection, and protection against zero-day vulnerability and emerging threats.

The most valuable aspect of Radware Cloud WAF Service is that it supports mode detection and provides email alerts on sudden alert spikes and early warnings. The most advanced feature is the DDoS protection and the way this web handles DDoS attacks, as I am currently working in the SOC team and managing the Radware administration part.

Regarding zero-day attacks, Radware Cloud WAF Service helps us actively receive early warnings, and we raise those to the relevant teams. The services related to zero-day attacks and threat intelligence are very effective.

The dashboard of Radware Cloud WAF Service could be more interactive and user-friendly. While implementing it for the first time, it requires core technical knowledge, and without that knowledge, implementation can be quite challenging. However, the support from Radware is excellent when support cases are raised.

I have been using Radware Cloud WAF Service for three and a half years in my career after joining my current organization.

Regarding stability, I have not experienced any lagging, crashing, or downtime in my experience with Radware Cloud WAF Service.

Radware Cloud WAF Service is scalable; once we set up the entire service and it is up to date, we can onboard as many applications as our license allows.

I have contacted Radware's technical support many times, and their quality is very good as we receive timely support according to the case priority. Their engineers are skilled and capable enough to resolve issues quickly.

Positive

I have used alternatives to Radware Cloud WAF Service, specifically Akamai Web Service, which is a very popular service. One of its disadvantages is that it does not support custom ports like Radware does.

The entire process of onboarding the application for the first time with Radware Cloud WAF Service requires core technical knowledge, but with the support of Radware, it becomes much easier.

The pricing of Radware Cloud WAF Service is lower compared to Akamai, and while the price in the industry is acceptable, it is not too expensive.

The combination of negative and behavioral-based positive security models provided by Radware Cloud WAF Service is very important for my organization's security strategy, as the main purpose of Radware WAF is security.

Regarding maintenance, we receive quarterly reports, which are sufficient.

On a scale of 1-10, I rate Radware Cloud WAF Service an 8.

In my organization, we are focused on using various security measures to protect against threats, particularly those related to bots. The key product we have employed is Radware Cloud WAF Service, which primarily provides DDoS protection. This service helps us block large-scale attacks aimed at exploiting network vulnerabilities and other weaknesses in our applications.

Additionally, we utilize the Radware Cloud WAF Service to safeguard our websites and application APIs from threats like SQL injection and other malicious activities, employing various authentication methods for enhanced security. I am also working on learning about bot management, as I have been assigned a task in this area. So far, I have been studying behavioral analysis and detection methods that can identify and block malicious bots effectively.

I have worked with the API feature of Radware Cloud WAF Service and have experience with the GraphQL endpoint. While I haven't worked on advanced web attacks, I am familiar with common ones. As many applications heavily rely on APIs, it's obvious for attackers to target them. The WAF provides mobile and web app backend security for protection, and I have mainly used the bot detection and mitigation feature to detect and block malicious bot attacks.

Zero-day attacks can be particularly challenging because they exploit vulnerabilities that are not yet known to the software vendor. However, certain solutions can effectively address these threats. One of the key benefits of Radware Cloud WAF Service is its ability to detect potential vulnerabilities before they can be exploited by attackers.

Currently, there is a growing trend towards using machine learning and AI models, which can provide proactive defenses against zero-day vulnerabilities. As we know, a zero-day vulnerability can pose significant risks to any organization or system. One concept that is crucial in this context is behavior-based analysis and detection. This involves analyzing incoming suspicious requests to identify patterns that do not align with normal behavior. When such anomalies are detected, the system can alert administrators to take appropriate action. Another important feature is virtual patching. This technique can block known vulnerabilities at the edge, even before an official patch is released by the vendor. This proactive approach helps mitigate risks while waiting for a formal solution.

Source blocking is a method we employ in our organization to block incoming requests from specific sources based on the type of traffic. This approach helps us effectively identify and filter out malicious or unwanted traffic. By recognizing certain requests as malicious, we can prevent them from reaching our systems. We have blocked specific IP ranges, known malicious URLs, and other sources based on geographical locations, depending on our organization's needs. To strengthen our defenses, we use various filters tailored to our requirements, along with threat intelligence feeds and behavioral patterns. Overall, source blocking plays a crucial role in preventing attacks and enhancing our security posture, especially against brute force attacks originating from known malicious IPs.

Radware Bot Manager, a security tool that helps identify and manage bot traffic and malicious bot attacks, is important for organizations that face heavy traffic loads. Bot Manager helps reduce bot attacks and secure us from threats. I have experience with behavior analytics, custom rules, and the bot detection engine, which focuses on identifying malicious bots and securing APIs from automated abuse.

What I appreciate most about Radware Cloud WAF Service is that it includes all the aspects that an organization wants to run smoothly, such as overall configuration and real-time protection methods, customization of rule creation, fast deployment, and vital visibility in environment maintenance. Its maintenance cost is very low unlike others, and the real-time dashboards show us who is attacking and what types of attacks are happening in our environment or any endpoints or devices being targeted.

I appreciate the real-time protection part, especially against SQL injection and Zero-Day exploits. Radware Cloud WAF Service is beneficial for detecting Zero-Day vulnerabilities before they are exploited by attackers. With a focus on machine learning and AI models, it offers proactive defenses against these vulnerabilities. The WAF utilizes behavior-based analysis to identify anomalous requests and can virtually block known vulnerabilities at the edge before vendor patches are released.

In some cases, if the configuration of rules is too strict or complex, there might be a possibility that genuine traffic gets blocked or considered a false positive. The complexity can be lowered to improve the understanding for users or customers.

I have been using Radware Cloud WAF Service for nearly one year.

I have contacted the customer support of Radware and generally received responses within the scheduled framework, ensuring that my tasks are completed on time. I am quite satisfied with their customer support.

Positive

The initial deployment involves a specific set of stages that are quite transparent. There are several steps we typically encounter during this process. While I wouldn't describe the configuration as overly complex, I would categorize it as moderate in difficulty. I would rate it as moderate. It’s not too challenging, but it does require some attention.

I would rate Radware Cloud WAF Service a nine out of ten.