Radware Cloud WAF Service Reviews

For all of our Israel posts, Radware Cloud WAF Service is the Web Application Firewall we replaced F5 with. We were searching for something with good service and cloud-based support, as I have a lot of websites in the cloud. It gives me more than I expected.

I really like the services. When I have attacks, Radware contacts me before I'm even aware there's a problem. They recognize if there's an attack from a certain country and ask if I want to block it. They provide all the necessary information, and there's always someone to talk to. They block every attack, and the team has the perfect protection for me. The solution helps reduce false positives by 30%, thanks to good implementation and exclusions. It gives me a lot of time because I don't need to manage it; Radware manages everything for me. I am very satisfied with the prevention from zero-day attacks, and Radware Bot Manager helps with bot traffic detection. They provide excellent compliance support. I highly recommend this product to others because I'm satisfied with the mitigation and proactive protection.

I would like to see an improvement in the twenty-four-seven support service.

More than seven years.

The stability is excellent, and I would rate it ten out of ten.

Scalability is also excellent, with a rating of ten out of ten.

The customer service and support are very good, and I would rate them ten out of ten.

Positive

I replaced F5 with Radware Cloud WAF Service because I needed something with good service on the cloud. The previous solution was not meeting my expectations.

The onboarding with the Radware team was good. They handled implementation and set up exclusions well to reduce false positives.

Radware Cloud WAF Service saves a lot of time for my employees since they no longer need to manage it directly. The solution manages everything, allowing my employees to focus on other applications.

The pricing is not cheap; it is expensive, but it is effective.

I highly recommend Radware Cloud WAF Service to others. I have recommended it to my colleagues in other companies, and they have also been satisfied with it. It's a very good product with excellent support and minimal false positives. Overall, it delivers everything required for protection. I would rate the overall solution ten out of ten.

Public Cloud

Other

We mainly use Radware Cloud WAF Service for DDoS protection. This includes protecting against DDoS attacks. We know if there is an issue, we can quickly set up a call with the Radware team.

Radware Cloud WAF Service has significantly improved our organization's time of protection and detection capabilities. The support provided by Radware is quick and efficient. We have updated our solution on many occasions, and the design of our network has changed, largely due to Radware providing us with solutions.

The most valuable feature is Radware's ability to quickly detect attacks, even though it doesn't always meet the quicker threshold. We can set up a call with the Radware team if needed. Another crucial aspect is the support we receive from Radware, which is very quick and efficient.

Some of the tools are a bit difficult to navigate, and the user interface could be more user-friendly. It is not the cheapest solution, so cost is something to consider.

I started using Radware Cloud WAF Service when I joined the company about a year and a half ago.

I have never come across downtime, bugs, or glitches when working with Radware Cloud WAF Service. From that point of view, it maintains a very stable operation.

Anytime we've had any issues, Radware has provided us a solution, indicating its high scalability.

I would rate Radware support a nine out of ten. They are always available to help us, which is invaluable in our line of work.

Positive

I wouldn't be able to give a number, but Radware Cloud WAF does save time for our staff due to the automation and excellent detection, which is invaluable.

I would rate the cost around seven out of ten. Radware provides many different options, but it may not be affordable for companies that aren't large.

The automatic detection from Radware Cloud WAF is invaluable, and the support is outstanding. I would rate the overall solution a nine out of ten, with the only issue being the user interface. The overall product rating is nine out of ten.

Hybrid Cloud

Other

We have COTS and SaaS applications that are onboarded behind this Radware Cloud WAF Service. We are leveraging the Radware SaaS platform, and that is how it is being used; we have huge traffic hitting every day on the applications hosted behind it.

The Bot Manager operates on the concept of AI/ML and is essential for our security strategy. The security events and alerts generated by the Bot Manager are crucial, enabling us to stop numerous attacks from various sources. By using the Bot Manager, we've discovered important insights about our incoming bot traffic that we weren't aware of before. Previously, we did not have that functionality, but after enabling Bot Manager, we began receiving alerts and visibility into anomalies that we weren't aware of. This added visibility allows us to monitor identified traffic, with some already blocked while still keeping others under watch, protecting our applications from excessive traffic through Radware Cloud WAF Service.

The real-time BLA detection and mitigation processes have significantly enhanced our threat management with Radware Cloud WAF Service. Enabling various blades, including this real-time functionality, ensures we have visibility and can block undesired traffic effectively.

I have tried using the API discovery feature with the Radware Cloud WAF Service for almost all of our onboarded applications, and it's pretty straightforward. It provides useful results, and our application penetration testing team leverages it significantly, making it very helpful for gathering data during tests. 

We have integrated Radware Cloud WAF Service with our SIEM tool to capture audit logs and security events. The integration process is quite simple, thanks to the available connectors and developed methodologies, making it one of the simplest integrations we've done, even though they have limited connectors and integrations at this point.

Incorporating Radware's combination of negative and behavioral-based positive security models is becoming essential for our security strategy as we delve into the AI world and machine learning. User analytics and behavior analysis are very important, with anomalies flagged by the analytics engine running behind the traffic hitting the Radware Cloud WAF Service.

What I appreciate the most about Radware Cloud WAF Service is that the UI is quick and very simple. Ease of administration is crucial since I'm the administrator looking after it. The functionality they have, starting from onboarding applications to managing them, is pretty straightforward; modifications, additions, or deletions are completed without complex codes or scripts. Additionally, the data populated post-onboarding includes both an executive view and detailed views for security analysts, which are incredibly helpful. If we compare this to other Cloud WAFs, we often don't get as much information for many security alerts, requiring deeper investigation. However, with Radware Cloud WAF Service, details are available when opening any security alerts, making the process more efficient.

Source blocking is a straightforward feature in the Radware Cloud WAF Service. We can easily block or whitelist traffic coming from certain geo-locations or specific IPs. I find that feature nicely implemented in a simple manner.

The web DDoS protection, particularly HTTP L7, is critical and has helped us immensely. It provides visibility, especially over port 80 and 443, as well as custom ports offered by Radware, and has proven essential for preventing denial-of-service attacks, whether distributed or isolated.

The automated analytics for looking at events is where there is room for improvisation in the Radware Cloud WAF Service. They are working on improving the automated capabilities of workflows and integrating AI, but it's not quite up to the mark yet. There's a lot of work to be done since various customers have different requirements, and any implemented automated features should provide expected results.

They need to improve the support side. Information should be more readily available on their support portal, especially knowledge-based articles for customers to resolve queries independently. The support portal used to be slow, and the UI experience was less than ideal, although it has improved over time. Additionally, the lack of an AI chatbot has been a downside, though we have been notified that functionality is in development now.

On the reporting side, customization options are limited; creating tailored reports is currently not possible, which is a significant drawback since full customization is crucial for effective data presentation.

I have been using Radware Cloud WAF Service for two and a half years.

In terms of stability, Radware Cloud WAF Service operates at 99.99% uptime. I have never witnessed any lagging, crashing, or downtime.

Scalability isn't an issue with Radware Cloud WAF Service; we can onboard as many applications as we need, and since it operates in the cloud, they effectively expand their resources as required.

I have contacted technical support with Radware Cloud WAF Service numerous times, mainly because I am the administrator overseeing all features. I regularly interact with their support team and customer success managers. The quality of support from Radware Cloud WAF Service is good; however, they must improve the speed of addressing customer queries, especially for straightforward questions. They adhere to policies but need to resolve blockers for customers much quicker. There's substantial room for improvement on their support side. I would give a score of seven out of ten for the quality of support received from Radware Cloud WAF Service based on my current experiences.

Neutral

I have used alternatives to Radware Cloud WAF Service, including Akamai, which we leveraged for different purposes, but that service is being discontinued.

The initial deployment with Radware Cloud WAF Service was straightforward and lacked complexity. There wasn't much information needed, making it easy to set up.

There is no maintenance required on our end since Radware Cloud WAF Service is a cloud-based and SaaS product. They manage everything, and we only need to monitor our applications.

Pricing with Radware Cloud WAF Service depends on the applications we want to onboard and how negotiations go between our technical commercial teams and Radware. Based on all current deals, it has been a win-win situation for both parties, and I feel satisfied with the pricing.

When it comes to false positives with Radware Cloud WAF Service, we absolutely get a lot of them. Whenever we onboard new applications, it's expected to encounter numerous false positives, which will mature over time. We have tweaked our queries to improve the ratio of true positives versus false positives, and now we don't see as many false positives compared to when we started with Radware Cloud WAF Service. It is important to note that onboarding applications with high traffic will still likely yield some false positives, which is expected in the cybersecurity world, but we see it maturing over time. 

With regards to protecting against zero-day attacks using Radware Cloud WAF Service, we haven't seen any such attacks being caught or flagged by the Radware team. While we do catch information from various sources, media, and other channels, we feel there isn't a reliable tool that can notify us of zero-day detections at the outset.

We don't use any CDN services with the Radware Cloud WAF Service at the moment. All our applications are on-prem, accessed from specific geo-locations, and currently, we don't require CDN services. 

We are not using the PCI DSS 4 extension compliance with Radware Cloud WAF Service, as we don't have any applications storing sensitive records.

I would rate Radware Cloud WAF Service a nine out of ten.

We use Radware Cloud WAF Service primarily for monitoring purposes within our organization.

I like the security features when looking at the dashboard where I can see a lot of attacks that are rejected and blocked. It's one of the best features, and I approve of this solution. Radware Cloud WAF Service ensures our systems are stable, running smoothly, and blocking all attacks effectively.

There should be more customization options for the dashboard, as it is currently fixed and cannot be modified. Additionally, the API is limited to data retrieval and does not support programmatic modifications. It would be beneficial if we could perform POST requests and integrate our applications more effectively.

I have been using Radware Cloud WAF Service for five months.

I rate the stability of Radware Cloud WAF Service as nine out of ten. There have been no issues with downtime, bugs, or glitches.

The scalability of Radware Cloud WAF Service is very good, and I would rate it nine out of ten in terms of handling the capacity and volume.

I would rate the technical support from Radware as a nine out of ten.

Positive

We previously used Imperva but switched to Radware Cloud WAF Service primarily due to pricing. Both products are top-ranking solutions, but Radware is cheaper.

The initial setup of Radware Cloud WAF Service was easy.

We received support from Radware, which made the implementation process easy.

The ROI for Radware Cloud WAF Service is prominent as it is twenty percent more cost-effective compared to Imperva.

When comparing the pricing of Radware Cloud WAF Service, I would rate it as seven out of ten, with one being cheap and ten being expensive.

Yes, we switched from Imperva to Radware Cloud WAF Service.

Overall, I would rate Radware Cloud WAF Service as eight out of ten. The areas for improvement include customization and API functionality. I would recommend Radware Cloud WAF Service because it is a good solution, and we are satisfied with the benefits it offers.

Public Cloud

Other

We use Radware Cloud WAF Service for cloud web application firewall (WAF) functionality. It serves as our platform for overseeing 17 applications currently. Additionally, we use the API Discovery feature for applications with exposed endpoints, integrating protection and maintaining security. We also utilize Radware's Bot Manager for managing incoming bot traffic.

Radware Cloud WAF Service effectively blocks unknown threats and attacks, providing strong security with a low false-positive rate. With the Radware Cloud WAF Service, we have not faced any incidents in six years. The automated analytics module is quite effective in tracking events related to attacks, IP addresses, and countries. API Discovery is also highly valuable, enabling us to protect our applications with end-to-end API protection, while also reducing overhead costs.

Radware could improve technical support by resolving cases in fewer days. This would enhance the overall experience with the product.

We have been using Radware Cloud WAF Service for approximately six years.

The stability of Radware Cloud WAF Service is excellent, and I would rate it as a ten.

For scalability, I would rate Radware Cloud WAF Service as a ten, showing it is highly scalable.

The customer service is exceptional and would be rated as a ten, although there is room for improvement in response times.

Positive

We compared Radware to F5 and Cloud Flare. Ultimately, we chose Radware for its pricing, technology, skills, and features that align well with our institution.

We have seen a return on investment of about thirty percent, allowing us to save time, money, and resources.

The pricing is average in terms of cost efficiency.

We compared Radware with F5 and Cloud Flare.

I recommend Radware Cloud WAF Service to others. The overall rating I give the solution is ten.

Public Cloud

Other

The bank uses different channels, such as mobile banking, Internet banking, and Creditnet, and we adopted Cloud WAF to prevent blockages and attacks. We have passed the policy review stage and are ready to begin blocking. Right now, we are in reporting mode and heading to the blocking stage.

The bank has benefited from improved security and visibility. Two months ago, there was scouting at a national level in Bolivia from Brazil, and it was difficult to find. Cloud WAF gave us that visibility, and as soon as we had a bit of suspicion, we started to block things, mostly traffic. That has benefited us a lot, especially in having more peace of mind and visibility of events and possible attacks.

The network team started with RadWare Alteon, and after that, they began to consider WAF and Cloud WaF.  After a month of putting together infrastructure and having clarity, we have already begun to notice the benefit of visibility.

We do have greater visibility of false positives, but we understand that RadWare cannot make the change. It depends more on internal processes to validate false positives. It does provide support by detecting them, and then we need to coordinate internally. For example, we noticed many false positives in SQL injection—around 60 to 70 percent of the false positives were there—so we already have a basis for mitigating them in other channels. 

Cloud WAF has freed up our IT staff's time, saving us around 40 percent. For example, because we have visibility on the network level, we do not have to figure things out. If an event occurs in some SIEM or an attack occurs, we can act quickly to prevent the attack and loss of information or economic impact. 

From my side, it is a little easier to automatically see these events, show the teams, and coordinate this whole issue rather than spending time investigating, checking logs, and seeing those types of elements on servers, in the DMZ, or in the same application. 

I like that Cloud WAF provides me with lots of information. All the events and all the possible attacks appear in front of you, and false positives appear through different channels. The solution's automated analytics are excellent. I have several events that appear automatically.

The blocking part seems good. Since I'm just starting on the team, I don't know much about the tool. I'm discovering all its features right now, and they showed me some video tutorials.

We haven't seen any issues with integrating Cloud WAF at the same level of product. For example, we haven't had any problems integrating it with Alteon. I don't have direct experience integrating it with firewalls or other tools, but based on what others are saying, there haven't been any compatibility issues with other applications the bank uses. 

Cloud WAF's management portal lacks many indicators, and the interface could be more user-friendly. It should provide more detailed information on events, possible solutions, and what each event means. While it does give you the event and block part, it doesn't give you a solution. Let's say, for example, someone wants to go into an SQL injection and find a possible solution other than the blocking part, there are no details. It would be good to have possible solutions or the ability to create an automated report to send to the developers in the portal.

Also, they should offer more Spanish-language tutorial videos. There is only one tutorial in Spanish, which is difficult for us as Latin American customers. 

I've been using RadWare Cloud WAF for about two to three months.

Cloud WAF is very stable. We haven’t had any problems at the portal, tool, or service levels. 

We are just starting to figure out Cloud WAF's potential, but we already want to increase the usage in our company.

I rate Radware support eight out of 10. I have seen a lot of willingness from their side to help us, but you need to open the ticket and look for the details in English, and most support is in English, so explaining issues to them is challenging.

Positive

The biggest return on investment comes from improved security and avoiding information losses or DDoS attacks. We gain security and the certainty that we will always be operational. The number of attacks has been reduced, and there is a contingency area here that measures the indicators, including the TCO. It's hard to tell, but it looks like approximately 30 to 40 percent.

I rate Radware Cloud WAF eight out of 10. The interface could be a little more detailed. It would be great if Cloud WAF could provide us with alternative solutions to pass along to the developers, infrastructure, security, and all the teams involved in critical events. For example, you have no alternatives if you have a crisis that can be attended to this week or in the next two weeks. You can only block it or not, making things a bit more complicated.

I don't know the tool well yet, but from what I have seen it could be improved by simplifying the team coordination. Also, the categorization could be better because there are only four or five categories: injection, vulnerabilities, etc. If we had more details and options it would benefit us a lot. 

I recommend future users learn a little about the tool before using it and have training. It is extensive, so it's critical to know about the events. This tool opened my eyes. We were not covered through all the protocols, we weren’t really safe, this tool gave me a much-needed security.

Foreign Language: (Spanish)

Nos beneficiamos de una mayor seguridad y visibilidad.

¿Cuánto tiempo lleva usando esta solución?

He estado usando RadWare Cloud WAF durante aproximadamente dos o tres meses.

¿Cuál es su principal caso de uso de esta solución? (Incluya detalles sobre su entorno).

El banco utiliza diferentes canales, como banca móvil, banca por Internet y Credinet, adoptamos Cloud WAF para evitar bloqueos y ataques. Hemos pasado la etapa de revisión de políticas y estamos listos para comenzar a bloquear. En este momento, estamos en modo de informe y nos dirigimos a la etapa de bloqueo.

Comparta cómo Radware Cloud WAF Service ha mejorado su organización. Si no fue así, explique por qué.

El banco se ha beneficiado de una mayor seguridad y visibilidad. Hace dos meses hubo scouting a nivel nacional en Bolivia desde Brasil y fue difícil de encontrar. Cloud WAF nos dio esa visibilidad y tan pronto como tuvimos un poco de sospecha, comenzamos a bloquear cosas, principalmente tráfico. Eso nos ha beneficiado mucho, sobre todo en tener más tranquilidad y visibilidad de eventos y posibles ataques.

El equipo de redes comenzó con RadWare Alteon y después de eso, comenzaron a considerar WAF y Cloud WaF. Después de un mes de armar la infraestructura y tener claridad, comenzamos a notar el beneficio de la visibilidad.

Tenemos una mayor visibilidad de los falsos positivos, pero entendemos que el cambio no depende de RadWare. Depende más de procesos internos para validar los falsos positivos. Brinda apoyo al detectarlos y luego necesitamos coordinarnos internamente. Por ejemplo, notamos muchos falsos positivos en la inyección SQL (alrededor del 60 al 70 por ciento de los falsos positivos estaban allí), por lo que ya tenemos una base para mitigarlos en otros canales.

Cloud WAF ha liberado tiempo de nuestro personal de TI, ahorrándonos alrededor del 40 por ciento. Por ejemplo, como tenemos visibilidad a nivel de red, no tenemos que resolver las cosas desde cero. Si ocurre algún evento en algún SIEM o se produce un ataque, podemos actuar rápidamente para evitar el ataque y la pérdida de información o impacto económico.

Por mi parte, es un poco más fácil ver estos eventos de manera automatizada, mostrarselos a los equipos y coordinar todo este asunto en lugar de perder tiempo investigando, revisando registros y buscando ese tipo de elementos en los servidores, en la DMZ o en la misma aplicación.

¿Qué características le han parecido más valiosas y por qué?

Me gusta que Cloud WAF me proporciona mucha información. Todos los eventos y todos los posibles ataques aparecen frente a ti, y aparecen falsos positivos a través de diferentes canales. Los análisis automatizados de la solución son excelentes. Tengo varios eventos que aparecen automáticamente.

La parte del bloqueo me parece buena. Como recién estoy comenzando en el equipo, no sé mucho sobre la herramienta. Estoy descubriendo todas sus características ahora mismo y me mostraron algunos videotutoriales.

No hemos visto ningún problema con la integración de Cloud WAF con otras soluciones de RadWare. Por ejemplo, no hemos tenido ningún problema para integrarlo con Alteon. No tengo experiencia directa en su integración con firewalls u otras herramientas, pero según lo que dicen otros, no ha habido ningún problema de compatibilidad con otras aplicaciones que utiliza el banco.

¿En qué áreas se podría mejorar el producto o servicio?

¿Qué características adicionales deberían incluirse en la próxima versión?

El portal de gestión de Cloud WAF carece de muchos indicadores y la interfaz podría ser más fácil de usar. Debería proporcionar información más detallada sobre los eventos, las posibles soluciones y lo que significa cada evento. Si te brinda la parte de evento y bloqueo, pero no te brinda una solución. Por ejemplo, si alguien quiere realizar una inyección SQL y encontrar una posible solución distinta a la parte de bloqueo, no puede ya que no existen detalles. Sería bueno tener posibles soluciones o la capacidad de crear un informe automatizado para enviarlo a los desarrolladores en el portal.

Además, deberían ofrecer más videos tutoriales en español. Sólo hay un tutorial en español, lo cual es difícil para nosotros como clientes latinoamericanos.

Alternativas y consejos:

¿Utilizó anteriormente una solución diferente? De ser así, ¿por qué la cambió?

Antes de elegir, ¿evaluaste otras opciones? ¿De ser asi, cuales?

¿Tiene algún comentario o consejo adicional sobre esta solución?

Califico a Radware Cloud WAF con ocho sobre 10. La interfaz podría ser un poco más detallada. Sería fantástico si Cloud WAF pudiera brindarnos soluciones alternativas para transmitirlas a los desarrolladores, la infraestructura, la seguridad y todos los equipos involucrados en eventos críticos. Por ejemplo, no tienes alternativas si tienes una crisis que puede ser atendida esta semana o en las próximas dos semanas. Sólo tienes dos opciones: bloquear o no bloquear, lo que complica un poco las cosas.

Aún no conozco bien la herramienta, pero por lo que he visto se podría mejorar simplificando la coordinación del equipo. Además la categorización podría ser mejor porque solo hay cuatro o cinco categorías: inyección, vulnerabilidades, etc. Si tuviéramos más detalles y opciones nos beneficiaría mucho.

Recomiendo a futuros usuarios conocer un poco la herramienta antes de utilizarla y capacitarse. Es extensa, por lo que es fundamental conocer los eventos. Esta herramienta me abrió los ojos. No estábamos cubiertos ante todos los protocolos, no estábamos realmente seguros, esta herramienta nos brindó una seguridad muy necesaria.

Rendimiento

¿Cuáles son sus impresiones sobre la escalabilidad de esta solución?

Apenas estamos empezando a descubrir el potencial de Cloud WAF, pero ya queremos aumentar su uso en nuestra empresa.

¿Cuáles son sus impresiones sobre la estabilidad de esta solución?

Cloud WAF es muy estable. No hemos tenido ningún problema a nivel de portal, herramienta o servicio.

¿Cuál es su retorno de la inversión?

El mayor retorno de la inversión es la mejora en seguridad y el poder evitar pérdidas de información o ataques DDoS. Ganamos seguridad y la certeza de que siempre estaremos operativos. Se ha reducido el número de ataques, aquí existe un área de contingencia que mide los indicadores, incluyendo el TCO. Es difícil saberlo, pero parece que se ha reducido aproximadamente entre el 30 y el 40 por ciento.

Configuración y soporte

¿Lo implementó a través de un equipo de proveedores o uno interno? Si se trata de un equipo de proveedores, ¿cómo calificaría su nivel de experiencia?

Cuéntanos tu experiencia con el servicio de soporte al cliente.

Califico el soporte de Radware con ocho de 10. He visto mucha disposición de su parte para ayudarnos, pero es necesario abrir el ticket y buscar los detalles en inglés, y la mayor parte del soporte es en inglés, a veces explicar el problema es un reto.

¿Cómo calificaría esta solución en una escala del 1 al 10 en cuanto al servicio de soporte?

8.

We are generally using the Radware Cloud WAF Service to secure our external web applications. We are not using the API Discovery feature as of now, but we are using the Web DDoS module of the Radware Cloud WAF Service.

Radware Cloud WAF Service has reduced the time needed for management. Overall, it saves us time. At the start, we had to give a lot of time to Radware Cloud WAF Service as we were unaware of the portal. Now, we have automated most parts, and we are just checking it once a day for about 10 to 15 minutes.

The combination of negative and behavioral-based positive security models for our security strategy was helpful. We had a number of requests that were not supposed to be entertained by the web server. Now, we are blocking them via the WAF. Regarding protecting against zero-day attacks, we have not received any zero-day attacks so far.

We use the source blocking feature with IP blocks. The solution's proactive and holistic approach based on cross-module correlation has effectively protected our applications. Earlier, we allowed most IPs to access our application, but now, with that module, we only allow certain IPs from which we genuinely expect requests, significantly reducing attack traffic and bandwidth utilization.

The mitigation has been very good. We have not seen many false positives compared to our previous experiences, and the mitigation has been good as of now.

The integration process was easy and smooth. However, many of our systems are not integrated with Radware Cloud WAF Service. 

The best feature of the Radware Cloud WAF Service would be that it is easy to use. The panel itself is very easy to understand, and we can get along with the panel easily. Also, the security features provided by Radware Cloud WAF Service are very good as compared to other vendors. Apart from that, the features are good.

The log feature in Radware Cloud WAF Service has some limitations. Unfortunately, the portal does not provide much information. If there is an issue, we may need to raise a case with the vendor to obtain further details. Aside from that, the other features are quite good.

In the Radware Cloud WAF Service, areas that have room for improvement include the logs part. Currently, we only see logs for requests that are getting blocked. It would be helpful if there was a feature to view all application traffic logs. Also, the visibility on the configured rules in Radware Cloud WAF Service is not better; we do not have any visibility on those rules. The two areas are logs and the visibility of rules, which need improvement.

I have been using the Radware Cloud WAF Service for more than a year and a half.

Regarding stability, I would rate it an eight out of ten.

For scalability, I would rate it a nine out of ten.

Currently, we have six users working with the solution.

It has been good. I would rate their support as a nine out of ten.

Apart from the Radware Cloud WAF Service, we tried F5 Cloud WAF as well. As compared to F5, using Radware Cloud WAF Service was easy to use and easy to understand. All the security features we require are straight away given in the console. Creating an application and enabling the security features is not much harder as compared to F5.

The deployment of the solution was easy.

The solution does not require any maintenance.

We purchased the solution through a partner.

Overall, the Radware Cloud WAF Service has helped reduce our false positives significantly, reducing our bandwidth cost. We can say it has halved the bandwidth cost by blocking true positive attack traffic.

It was better and efficient compared to other vendors.

Regarding securing business continuity with the Web DDoS feature for HTTP L7, we had a couple of applications with a DNS entry receiving false alerts, which meant false traffic. This caused a huge consumption of our bandwidth, so we raised a case with Radware. They suggested we use the Web DDoS feature. By using that feature, we are blocking most of the true positive requests that we should not be entertaining on our bandwidth, saving costs on bandwidth as well.

We keep the controls on report mode, analyze the logs for about seven days, and if we find any true false positives, we check on them. After seven days, we move the controls to block mode.

We are not using the CDN service offered by Radware with the Cloud WAF Service. 

I would recommend Radware Cloud WAF Service to other users. My overall rating for this solution is a nine out of ten.

Public Cloud

Other

My use case for Radware Cloud WAF Service is mostly defending web applications against web application-related attacks, and it is mostly related to bots. I have onboarded multiple websites onto Radware Cloud WAF Service, so by default, it prevents SQL injection, cross-site scripting, and other attacks, and it even detects any bots and fake account creations on our main website.

The best feature in Radware Cloud WAF Service is its bot management, as there are many fake account creations on our website, and this feature is great. I also use Radware Cloud WAF Service for load balancing and DDoS-type attacks, fulfilling multiple use cases.

The effectiveness of automated blocking in the Radware Cloud WAF Service stems from its ability to automatically block known botnets, proxies, and malicious IPs from the global threat intelligence feed, making it highly beneficial. 

Our environment is safe due in part to behavior and anomaly detection, which provides IP-based, subnet-based, and country-based blocking.

I use the automated source blocking feature in Radware Cloud WAF Service. From my experience regarding incoming bot traffic, I discovered there were DDoS attacks in some areas, with multiple botnets being created, which were automatically blocked by Radware Cloud WAF Service due to the recognition of known botnets.

My thoughts on the automated analytics for looking at events in Radware Cloud WAF Service are positive; it learns automatically based on behaviors and threat intelligence IP addresses, blocking anomalies. If an anomaly is found, we get a detection and it is automatically blocked, while the model learns the traffic patterns of onboarded applications, aiding in the fine-tuning of security policies.

I use the API discovery feature for IP blocking. My impressions of the end-to-end API protection within Radware Cloud WAF Service are that both communications are encrypted, providing security during API discovery, which also offers authentication before accessing anything. After successful authentication, it is helpful for access and authentication, as well as traffic prevention.

I use the CDN services offered by Radware together with Cloud WAF Service for load balancing. Using CDN together with Radware Cloud WAF Service is easy, as everything can be implemented at one point, protecting against web application attacks and DDoS attacks. This integration is quite good.

Radware Cloud WAF Service has helped reduce false positives, although I have not encountered many use cases, since we have around seven to ten applications onboarded. We have numerous instances in the prevention of malicious IPs and blocking web attacks, but for false positives, I can say it is about ten to 20 percent.

The real-time BLA detection and mitigation in Radware Cloud WAF Service has affected threat management positively; while it might sometimes trigger false positives, it effectively detects behavior and helps block threats about 50% of the time.

In Radware Cloud WAF Service, areas for improvement include behavioral and anomaly detection, where it could be better by reducing false positives. The AI feature can also improve; while the API is fine, behavioral and anomaly detection sometimes learns automatically from the traffic, potentially triggering false alerts.

I have been using Radware Cloud WAF Service for around two to three years.

Regarding the stability of the solution, I have observed some downtime in the portal, however, not in other respects, so I would rate it a seven out of ten.

I would rate the scalability of Radware Cloud WAF Service a nine out of ten, as it is pretty good.

I would rate the technical support of Radware Cloud WAF Service a seven to eight out of ten.

Positive

My thoughts on Radware Cloud WAF Service's integration with other systems and applications are mostly positive; it's a pretty easy setup, as we just need to provide our applications and get ready to onboard. It is not complicated, and we just need to enable different services.

I am not much aware of the pricing; however, I've seen different WAF pricing, and this seems to be okay, cheaper.

When comparing Radware Cloud WAF Service with other WAF solutions, I find that some features are missing in other companies, which makes Radware Cloud WAF Service different. 

Additionally, the support that Radware Cloud WAF Service provides is good, unlike some others where the support is lacking.

I definitely recommend this product to other users, as it is a good product for those needing to protect their applications from fake account creations and web application attacks. 

On a scale of one to ten, I rate Radware Cloud WAF Service a nine out of ten.