Radware Cloud WAF Service Reviews

The primary use case for Radware Cloud WAF Service is DDoS protection and web application firewalls. My clients use it for these purposes as they want to be protected by a web application firewall against attacks on their websites.

The most valuable features of Radware Cloud WAF Service include its automation and learning capabilities for protection, as well as its superior bot mitigation. The precise negative security on the web application firewall is also noteworthy. Additionally, the onboarding process is smooth, allowing customers the unique ability to use the web application firewall on the cloud.

Radware needs to improve the certificate renewal process for customers who want to be secured with HTTPS. Some other web application firewalls have a mechanism that allows automatic certificate uploads, which Radware could adopt. 

Also, improvements could be made to be more precise on the negative security perspective.

I have been using Radware Cloud WAF Service for about two years.

Radware Cloud WAF Service is very stable, with no experienced downtime on Radware's part. I give it a stability rating of eight out of ten.

Radware Cloud WAF Service is quite scalable, with a rating of eight out of ten.

The technical support for Radware Cloud WAF Service is excellent. They are knowledgeable, speak the technical language, respond quickly, and work collaboratively to overcome challenges. I rate the customer service nine out of ten.

Positive

The initial setup is straightforward, involving adding an A record in the customer's infrastructure and ensuring the right certificate is in place.

Radware Cloud WAF Service pricing falls on the pricier side with a rating of seven out of ten. It may not have helped reduce the total cost of ownership.

I evaluated other solutions like Incapsula, Impreva, and F5 before choosing Radware.

I advise conducting a POC to ensure that Radware Cloud WAF Service meets specific needs in terms of maintenance and understanding. It takes complex tasks, like web application firewall functions, and simplifies them for customer ease. 

I rate the overall solution eight to eight and a half out of ten.

Radware offers a cloud, software, and hardware-based solution. It deals with all three platforms. 

1. They have a hardware device on which their software can be installed. We can manage all the load balancing with it. 

2. Similarly, for the Radware software, we can install the OVA file on our server and configure all the admin backend servers on it to perform services. 

3. In the cloud, we can use their API service to create a virtual platform for clients on which they can deploy and run their applications.

Cloud WAF blocks unknown threats and attacks. We have a monitoring tool, and security patches are released monthly. We can deploy these signatures on the WAF, which identifies threats based on IPs. There are multiple signatures for various attacks, like bot attacks, that we can monitor.

There is a forensic dashboard where we can identify real-time events, hits, and blocks. If there are genuine requests being blocked, we can deploy a custom page with a case number for users to resolve issues. For example, if a user triggers the Web Application Firewall (WAF) due to a misinterpreted service, they will see a blocking page with a case number. There's also an option to refine the WAF settings if it blocks a genuine request.

I also work with the API discovery feature in the Cloud solution. Once the API is enabled and the application vendor provides the API key, we can deploy our application. If the API is correct, it functions properly; otherwise, issues are highlighted on the dashboard. For example, cross-site scripting is blocked at the label level.

API discovery is straightforward to use. There is an option to add the API stream. If the API is correct, it will be processed; otherwise, the API service is blocked.

The dashboard provides multiple features and analytics tools to identify API issues. If there is a cost issue with an API, it can be identified, and we can report it.

It's not difficult to work with the API discovery feature because everything is reflected on the forensic dashboard. There's an option within the dashboard, under the security section, where you define the correct API. You can also identify and exclude specific APIs if needed. There's only one option to add to the API stream. If the API is correct, it will be processed; otherwise, it's blocked.

It's not difficult to identify API issues because when we define the API call, and it is incorrect or not valid, it won't sync with the vendor's application. They identify this and generate a blocking request, which helps us easily identify the issue.

It's mostly for the Alteon service. The Alteon load balancing part, particularly the SSL offloading and WAF offloading, is crucial. Offloading allows us to monitor and identify issues easily. I believe the SSL offloading is the most valuable feature.

It's easy to use, and the configurations are similar across different vendors. Compared to F5 and Citrix, Radware is easier to communicate with and use. The configuration process is simple, involving the creation of groups and pools, much like in F5. The SSL offloading is also very easy. Overall, I think it's a good solution.

The service we use through the cloud is very easy. We have one dashboard to manage everything, which is convenient.

The analytic dashboard could be integrated with other platforms like Splunk. In Splunk, the dashboard shows multiple things, and I think Radware could improve its dashboard in that regard.

In the WAF part, there are multiple things that are initiated, such as updates and patches. There's a global issue right now that we need to monitor on our side. I think the ability to monitor server-level updates and patches should be integrated into the WAF.

I have been using it for three to four years. 

If we raise an issue, they usually identify and resolve it by the end of the day or the next day. There haven't been any escalated cases on the cloud. However, we did encounter one issue regarding the filter and signature. We created a policy to block access from Pakistan, Bangladesh, and other specific locations.

Although the policy was in place and checked, users from those locations were still able to access the application. This was a bug that we reported to the technical team. They identified an issue with their software version and provided us with a new version to update. After the update, the blocking feature worked correctly.

It's scalable. We can customize it as per our requirements. We can customize it in most cases.

In the State Bank of India project, we deployed it, and I believe two or three other banks are using Radware's WAF. Some applications are deployed globally, meaning they're used in Australia, America, and multiple countries. We have multiple deployment options for that. For example, the YONO application is deployed globally and used by many users in different countries. We can easily identify and track that traffic on the dashboard.

In addition, they have also deployed the DDoS service in WAF. So, in case of a DDoS attack or something similar, they can easily identify and monitor it.

It's software-only, so most of the time it works as intended. However, I did raise one request about a filter option in the dashboard not working perfectly. We identified that there was a version issue, and they fixed it in a new patch. They were able to easily identify and resolve the version issue.

They are not globally available but can manage and support us within a range of five to seven. They can usually provide support easily.

Neutral

I have worked on Citrix as well. Both Citrix and Radware are similar, but in Citrix, some things are more lengthy. Radware is better integrated and easier to understand, so anyone can use it.

I haven't directly compared them, but F5 is very popular globally. Both are similar, but Radware lags behind F5 in a few features.

In terms of user experience and management, Radware is easier. However, F5 has better performance. 

Both are cost-effective, but Radware is less expensive because F5 licenses are costly. Technically, Radware is easier to understand.  

We currently use the integrated WAF option on the same device in our application (SBI). There is no dedicated WAF solution. There are two options: license-based and integrated. Using the integrated part helps to identify blocks and other issues effectively.

Integrating with other systems and applications in the environment:

Integration is not difficult. In the dashboard, under the policy section, we can find virtual services and easily enable the API service. Once enabled, WAF monitoring should also be enabled. We can then identify the application's requirements, like JSON ID, cookies, headers, what should be whitelisted, body size, etc. 

We can gather this information from the application owner during deployment to determine what needs to be whitelisted, such as extensions, zip files, XML files, and cookies.

Once we deploy an application, it doesn't take too much time because the application is already deployed. We also use the load balancing feature, so we just need to enable the security web application service. There is an option for this under virtual services where we can also enable it for bot protection. I think anyone can easily manage it if they know about these things.

Radware is signature-based. The patches and signatures are important because we cannot easily monitor them ourselves. They are regularly updated, I think, weekly, so that's helpful. I think this regular update makes it easier for us.

We are a managed service provider (MSP) for Radware. The technical support is handled directly by Radware, but we manage the technical aspects.

We use integrated and cloud solutions because we manage multiple applications for multiple vendors. Some vendors are using the integrated WAF, which is good. The cloud part is also managed by us, not the customer. We deploy everything, including signatures and patches, if needed.

We can deploy it within a month. It's very easy to deploy and work with. If you create load balancing and WAF configurations, both are very simple. The deployment process is easy if you know how to configure it. Anyone who knows the basics of networking and security can easily deploy it. The dashboard and management are also simple. There is no confusion.

If you're creating a virtual service, you can easily create the virtual service port and configure the backend server. It's very simple.

In F5, when creating a group, you need to take one pool service. But in Radware, you can create one group and easily select it. The dashboard and configuration in Radware are very simple.

We mostly deploy in one-arm mode, but there's also a two-arm mode. In one-arm mode, all applications and servers are on the same subnet. We take a single IP from the subnet (e.g., 10.86.11.x). We need three IPs: one for management and two for deployment and virtual services. 

When deploying an application, we can use the same IP range. We deploy all backend servers on the virtual service. We select the backend servers and multiple ports based on the requirements. We then configure the services on the virtual service and review everything. For networking, we need to do NATing if the application is globally accessible, which is also very simple.

The dashboard and conciliation aspects are straightforward in Radware.

Just as in the same domain, we can deploy mainly in one-arm mode, or two-arm mode. There are two different modes. Okay? But typically, we deploy in one-arm mode. In this mode, all applications and services should be on the same subnet. We can take a single IP from the same subnet, for example, if you have a subnet of twenty-three, like 10.86.11.something. We require three IPs in total. One IP for management, and two others for deployment and the virtual service. If we deploy an application, we can use that same IP range. We take it. And on this virtual service, we can deploy to all back-end servers. We can select the back-end server and multiple ports based on the requirements. We can select the ports we need and configure the services on them. On the virtual service, we can configure all the services and review everything. For networking, we need a NATing part if the application is globally accessible so we can NAT through their public IP. It's a very simple deployment process.

For a new project, it might take longer than a month due to approvals and networking configurations. These processes, especially to get approvals for NATing and network paths, can be take time. That's why it takes almost two months. However, if everything is ready, deployment and testing can be completed within five to ten days.

Two resources are enough for the deployment. From a maintenance perspective, not much is needed.

It does bring ROI.

Radware is less expensive because F5 licenses are costly. F5 charges for each and every license. For every virtual service you create, you need to pay additional license fees. The licenses are more COSTLY compared to Radware. 

Radware also has lower annual maintenance costs (AMC) compared to F5. F5 is more expensive than Radware, but it's the leading product globally.

It's not very costly because everything is license-based, all things depend on the license and annual maintenance contract (AMC). If you have an AMC, the cost will be higher. Without an AMC, the cost is less because the product itself is less expensive. But if you have the AMC, the cost will be higher.

If companies provide the signatures and patches perfectly because we can't easily identify new viruses or threats, we rely on the solution company to regularly update their software and devices. Radware is one such company that updates its patches and signatures monthly. They allow us to review all the CVEs and update their patches accordingly. So, I think it's a good option.

Overall, I would rate it a seven out of ten because there are some issues in the cloud part, where it lags. 

We use Radware Cloud WAF Service to monitor and protect against data packet applications from websites and web applications.

Radware Cloud WAF Service excels at blocking unknown threats and attacks. It achieves this by providing real-time threat monitoring and reporting across all devices and platforms within our network regardless of the system we're using.

Cloud WAF's automated analytics simplify the process of identifying anomalies in network traffic. This is achieved by analyzing events and correlating them with captured data packets. The WAF can capture data at all seven layers of the OSI model, ensuring comprehensive network flow analysis.

Cloud WAF provides effective end-to-end protection for APIs.

Using the API discovery feature is easy.

The CDN Service works together with its Cloud WAF to secure our applications. Since most threats target the application layer, we leverage the Radware API to monitor activity and receive reports for further analysis and protection. Using Radware CDN Service, and Cloud WAF together is easy.

It offers a comprehensive range of benefits. It provides detailed reporting on network security, allowing us to monitor traffic across all routes. The WAF can then identify and block malicious activity within shared traffic, forwarding only clean traffic to our organization. This proactive approach effectively defines and protects our systems from harmful attacks.

Cloud WAF has helped reduce the number of false positives we receive through fine-tuning by 90 percent.

Radware Cloud WAF is a Cloud platform, so it allows for easy integration with other systems in our environment.

It has helped free up around 60 percent of the time for our IT team to focus on other projects and has helped reduce our total cost of ownership.

The benefits of Radware Cloud WAF Service became readily apparent soon after implementation. We experienced this firsthand through the prompt support we received and the solutions provided to address our most critical security threats.

The most valuable feature is the monitoring dashboard that we access through the portal.

The Cloud Portal has room for improvement.

I have been using Radware Cloud WAF Service for around five years.

I would rate the stability of Radware Cloud WAF Service ten out of ten.

I would rate the scalability of Radware Cloud WAF Service nine out of ten.

Our experience with Radware support has been positive. Our partnership with them grants us access to privileged customer tools and the customer community. This allows us to utilize valuable resources such as blogs and troubleshooting guides, ensuring we can effectively address any issues that may arise.

Positive

The implementation took three years to complete and we had three people involved.

We have seen around a 60 percent return on investment from Radware Cloud WAF Service.

Radware Cloud WAF Service falls within a mid-range price bracket compared to other web application firewall solutions.

I would rate Radware Cloud WAF Service ten out of ten.

We have around 500 customers utilizing the Radware Cloud WAF Service.

Radware provides a sufficient product that doesn't require maintenance from our end.

For comprehensive cloud and load balancing protection, I highly recommend Radware Cloud WAF Service to all organizations.

We provide our clients with Cloud WAF Service, which enables us to detect and report web shell attacks against their servers. 

The main benefit is that all traffic is shifted by the cloud service, which exists outside the customer's infrastructure. It's highly efficient. Many customers have problems inside the infrastructure that must be efficiently detected. With Cloud WAF we can notify our client when an attack is outside and detect when a web shell script is already running on the server. This information helps the client understand what's happening with the web shell.

We've reduced many false positives using Cloud WAF Service. The learning period is helpful. Radware sends a policy with a lot of information that helps the customer observe and design their policies to eliminate false positives.

Cloud WAF saves us a lot of time because we face many strong attacks. It helps us modify the back end and implement some policies to prevent more attacks.

The best feature is the SQL injection signatures, and another is the DDoS protection. Radware is more efficient than other solutions. It handles unknown threats very well. We face many bad requests with malware that are expensive to remedy. Radware's service center in the cloud helps a lot. 

Radware's bot manager can be improved because it's very complicated to implement for apps. Radware could also add alerts by WhatsApp or Telegram. It only sends notifications via email or SMS.

We have had issues with Cloud WAF one or two times, but the service works fine most of the time.

Cloud WAF scales very well. 

I rate Radware support nine out of 10. They have a simple platform for opening tickets, and they respond quickly. 

Our previous solution was hard to install, but Cloud WAF is straightforward because it's cloud-based. You add the certificate for the business and point it to the IP. Deployment is very fast. It takes 30 minutes to an hour.  Cloud WAF requires some maintenance when a customer changes their website or programs. We need to adjust the policies.

I rate Radware Cloud WAF Service eight out of 10. It is the best solution for stopping DDoS attacks. 

We are a data center company that hosts a variety of applications for our customers. We use these applications for two purposes: internal protection and external customer protection. Currently, all of our internal applications are hosted on the cloud and are safeguarded by the Cloud WAF service. Our customers also use the Cloud WAF service to protect their applications from external threats. 

We aim to provide our customers with 99.99 percent infrastructure availability and 99.95 percent service uptime. When we guarantee availability and security, we must ensure we have the strongest security measures in your environment. That is the highest priority for the company.

We've deployed Radware for various applications in our environment. We have also successfully used it in heterogeneous customer environments without any issues. We have some internet-facing applications like SAP and Oracle. Our company has custom Java-based and .NET-based applications. The clients' ERP environments may also be vulnerable because they are the company's heart. We deploy and host many ERP environments and protect them against external attacks.

Radware Cloud WAF Service's ability to block unknown threats and attacks is useful. Radware Cloud WAF Service's best feature is its ability to protect against and log a wide range of unknown threats as part of its offerings.

I can confidently say that Radware Cloud WAF Service serves as a comprehensive solution for both our current and prospective customers, generating revenue for us. This service guarantees high uptime and availability of all our business applications while reducing overall operational complexity.

Automated event analytics are effective. We have automated event monitoring, which provides us with excellent analytical dashboards that help us identify any issues. These dashboards report, track, monitor, and ultimately resolve the issues. Therefore, the mitigation process is highly effective when utilizing these analytical dashboards.

We implemented API protection as a security measure, which includes an API discovery feature. This feature helps protect APIs from attacks, making it a valuable aspect of Radware Cloud WAF Service.

The API discovery feature provides outstanding end-to-end API protection. APIs play a crucial role in applications, often requiring extensive investigation. Having automated discovery and protection against external threats makes this feature even more exceptional.

API discovery is a user-friendly feature that comes with an automated algorithm. The algorithm detects APIs and generates tailored security policies to identify and log any real-time API FOCA attacks. This makes it an outstanding feature. Additionally, Radware repair protection can access the automated algorithm to discover APIs and create personalized security policies that can detect and prevent API worker attacks in real-time.

The API discovery aided in the reduction of our overhead costs by around 20 percent. The APIs are protected in real-time, which enabled us to decrease operational complexity and costs significantly.

We provide data center services and offer both public and private cloud options to our customers. Our Radware Cloud WAF Service provides comprehensive protection against bots and APIs, safeguarding all the Internet-facing applications hosted on our platform. As a result of implementing this service, our organization has greatly benefited.

The Radware Cloud WAF Service has been instrumental in reducing our false positives by nearly 25 percent. This is due to its comprehensive API protection and bot offerings, which have reduced operational complexity. 

The cost of managing the overall solution decreased because we now require fewer personnel. With the tool's significant automation and numerous analytic dashboards, customers now feel more comfortable and have greater peace of mind than before.

I would rate the integration of Radware Cloud WAF Service a nine out of ten. This solution has user-friendly integration algorithms and features that make it easy to integrate with other applications. Once we become familiar with the product, the interfaces are straightforward to use. The software has an API, which enables different applications to communicate with each other, making it the best part of the solution. Therefore, API protection is included in the software, allowing applications to interact with each other seamlessly. Consequently, customers can feel more confident when using Radware Cloud WAF Service.

Radware Cloud WAF Service reduced the effort of our IT team, therefore, freeing up their time for other projects.

Radware Cloud WAF Service helped reduce our TCO because we can now offer this service to our customers. This has resulted in generating additional revenue, contributing to the overall cost savings.

After three months of implementing the Radware Cloud WAF Service and selecting the product, we began to see time to value.

We have recently upgraded our cloud WAF to Radware Cloud WAF Service to include WAF and ADA protection, as well as watch management and Layer 7. What makes this a comprehensive offering from Radware is that it combines WAF, ADA, bot management, and API protection, which is not currently available from any other provider in the market. The most valuable aspect of our service is its ability to safeguard applications from external threats, including the API. This sets the solution apart from other web operators in the market.

The lower-level technical team at Radware could improve their approach to problem-solving as they are sometimes very slow. While the higher management is highly active and supportive, the lower management and staff may take longer to provide support, leading to delays. Proactively improving their response time could enhance their overall performance. Otherwise, customers may need to escalate issues to the higher-ups, which could be avoided.

I have been using Radware Cloud WAF Service for over three years.

Radware Cloud WAF Service is stable. We have not had any performance issues.

I give Radware Cloud WAF Service a nine out of ten for scalability.

Radware Cloud WAF is a cloud-based solution, so it's scalable. We have a 5GB contract and can always increase. If it had been on-premises, Radware would be a less-scalable solution. We can easily add capacity if needed.

We have Radware's ERT premium support which is great.

We signed the highest-level SLA with Radware called ERT Premium Services, which guarantees a five-minute response from Radware 24/7. Radware India also provides support. We call management if we have an issue, and they take care of it. Radware also has an excellent knowledge base and community forums.

A few months ago, we had an attack at night and needed immediate support. I called the director of Radware India, and he immediately lined up the entire support team within a few minutes. They resolved the issue as soon as the ticket entered their system. In five minutes, we got support from the most senior employee of Radware India. When we were implementing the Radware DDoS, the management maintained communication with us and helped us get started fast.

It was the same with the Radware load balancer. We subscribed to the new load balancers, which we needed to provide additional capacity for our company over the next five years, and management was there to guide us in the right direction.

Positive

Compared to previous solutions, Radware Cloud WAF Service is a reliable product, especially when combined with senior management support. If we obtain both, such as contacting the senior manager, the Managing Director of Redwood in India, we can expect a response in a matter of minutes. This is the service's greatest advantage.

The initial setup was straightforward because we had the help of the Radware specialists. The implementation strategy involved conducting a brief proof of concept for a few applications within the entire solution. Once the POC was successful, we proceeded to deploy it in the test environment. After testing, we moved it to production within three months.

Our L1, L2, and L3 support, with the assistance of Radware, completed the deployment in five weeks on the back end.

Radware Cloud WAF Service is deployed in the cloud for internal applications hosted on Yotta, as well as for customers who chose to use this service.

The entire deployment took around six weeks, from the planning stage to the final rollout. We deployed the architecture, created the MSSP, configured the links, and created the domain names. We developed the implementation strategy with Radware and its partner. We first deployed the solution for approximately 20 or so internal applications. In phase two, we opened the solution up to customers.

After deployment, Radware WAF doesn't require much maintenance aside from updates and periodic maintenance windows on the vendor side.

Radware's partner helped with the implementation.

We experienced a positive return on investment of up to 50 percent, due to our ability to reduce false positives. This led to a significant decrease in the effort required to manage the solution and a reduction in the overall cost of ownership. Additionally, the solution generated revenue from customers as we can now identify and address external threats to their environment. As a result, we also receive renewals. This is the most significant benefit of the solution.

When compared to Akamai and F5, Radware's pricing and licensing are highly competitive. In fact, Radware offers the best price along with excellent licensing pricing. Moreover, we received ERP premium support as a part of the package, which would otherwise be a service that incurs a high cost.

We conducted an evaluation of F5 Advanced WAF and Akamai Web Application Protector, both of which performed well. However, the standout feature was Radware's five-minute SLA on their premium ERT support. This evaluation considers three factors: the product, the SLA, and the management support. Radware offers the highest level of ERP payment support with a response time of five minutes. Additionally, if any issues arise, we have the option to escalate to Radware's senior management, and we can expect a response from Radware's MD within a few minutes. When considering the product, SLA, and management support as a whole, we believe that Radware Cloud WAF Service is the best option.

I give Radware Cloud WAF Service a nine out of ten.

As of now, we have not had to maintain the solution.

I recommend Radware Cloud WAF Service for any organization which wants to be free from external threats.

A year ago, people were only talking about the WAF application firewall. Today, we refer to WAAP, which provides increased protection against threats and vulnerabilities. Radware came out with this innovative offering called WAAP, including, WAF, API and bot protection, and DDoS. This is an innovative solution. If you want peace of mind, Cloud WAF is a one-stop shop for your security needs. Radware WAAP is a comprehensive security solution.

After a security breach on one of our web applications, we transitioned to a cloud-based web application firewall solution. We chose Radware Cloud WAF Service to protect our critical web applications.

I would rate Radware Cloud WAF Service's ability to block unknown threats and attacks as nine out of ten.

Radware Cloud WAF Service initially operated in a learning mode for the first week after deployment, gathering data. Once it switched to action mode, we began to experience the service's full benefits.

Cloud WAF has helped reduce our false positives by 20 percent.

We have implemented Cloud WAF in conjunction with Alteon, and we are currently integrating a bot manager and web application DDoS protection. The integration was easy because we were accompanied by Radware.

Cloud WAF has helped free up our IT team for other projects.

The most valuable feature of Radware Cloud WAF Service is the visibility into attacks that are being cut off instantly.

It would be ideal if Radware could offer a bundled package that includes Cloud WAF, web DDoS protection, bot manager, and Alteon for a more comprehensive security solution.

I have been using Radware Cloud WAF Service for two and a half years.

Radware Cloud WAF Service is scalable.

Radware Cloud WAF Service met our scaling requirements.

The technical support is great. I have nothing bad to say about them.

Positive

The initial deployment process went smoothly and was completed in three weeks by a five-person team consisting of two representatives from our organization and three from Radware.

The pricing is fair. We pay for what we need.

After evaluating Radware Cloud WAF Service against other options and confirming its leading position in Gartner's Magic Quadrant for Web Application Firewalls, we chose it for our web security needs.

I would rate Radware Cloud WAF Service nine out of ten.

No maintenance is required on our end.

Radware Cloud WAF Service does what is expected and reduces the number of attacks on our web applications.

Initially, all our services were on-premises, but we decided to move many of them to the Azure cloud to make them accessible to our customers. However, we discovered that certain attacks were going undetected and the native tools in Azure cloud were inadequate for protecting against them. As a result, our expenses were increasing due to resource exhaustion. To address this issue, we consulted with our vendors and found a Cloud WAF hardware solution. Once we implemented Radware Cloud WAF Service and combined it with application controls, bot protection, and DDoS services, our expenses were reduced by 80 percent. This was a remarkable achievement.

I report every month on any incidents involving our public assets. One particular use case that I focus on is geo attacks, which help identify who is attempting to access these resources from locations outside of our Southeast US customer base. This helps reduce unnecessary noise. We also have private APIs that are only accessible to specific vendors, and it's important to secure them with an access list. Although it is a basic measure, it allows me to monitor who is attempting to access those resources. The unknown threat aspect of it is not a frequent occurrence.

Radware Cloud WAF Service provides excellent automated analytics for event analysis. Its visibility feature alone is a selling point for the product. When we initially invest in cloud services, it can be difficult to monitor activity. We only receive a bill indicating increased CPU and RAM usage. The analytics provided by Radware Cloud WAF Service has been extremely helpful in this regard.

Radware Cloud WAF Service has significantly reduced our Azure bill by filtering out unnecessary CPU, compute, and bandwidth usage on the front end. Previously, we experienced a lot of errors and serious issues due to APIs being exposed, and our developers could not always understand why these errors occurred. However, once we implemented Radware Cloud WAF Service, it significantly reduced the noise and eliminated malicious data. As a result, our developer logs now look good, and we can identify who is targeting us and their intentions through the provided metrics. It has been incredibly helpful from a management perspective as we can present them with dashboard metrics showing how the tool is blocking and protecting us. They appreciate this information.

Radware Cloud WAF Service has helped reduce our false positives by 90 percent.

We quickly recognized the value of the Radware Cloud WAF Service upon deployment. However, we needed to ensure that the business owners understood the changes being made. Upon activating the spot protection and geolocation service, we noticed a significant decrease in illegitimate traffic. Prior to the implementation, we were receiving an overwhelming amount of hits, averaging between 150,000 to 160,000 per hour on certain pages. Once the services were activated, this number decreased to only 2,000 to 3,000 hits per hour, indicating that a majority of the previous traffic was not legitimate. This allowed us to reduce our footprint in Azure and do so immediately. It is evident that the internet is filled with a vast amount of illegitimate traffic, with many individuals scanning for open services. The implementation of Radware Cloud WAF Service helped eliminate this issue within a day.

Before the introduction of Azure cloud-native tools, monitoring visibility was inadequate, making it difficult to identify the cause of resource attacks. With the current visibility dashboard, we can now obtain insight into the nature of attacks, identify attackers, and detect top IP or threat regions. This dashboard has proven to be helpful in improving our ability to identify and respond to attacks.

Radware Cloud WAF Service has significantly reduced the number of attacks and improved our visibility. However, there are some areas where it could improve its maturity. Previously, the interface, Bot manager, and Cloud WAF were separate interfaces, but they have now been merged into one dashboard. However, the current setup is somewhat cumbersome, and there is room for improvement in this area.

Radware Cloud WAF Service has limited integrations, and I would like to see it integrate with our use of Azure DevOps. Specifically, I would like it to be able to automatically detect and protect new APIs and changes made to existing ones, utilizing the API discovery and protection features. Currently, there is no integration for this. If we use a SIM, we can receive email alerts or check the dashboard for information on the types of attacks, but this is not an ideal or modern approach to alerting. It would be beneficial for the service to integrate with top enterprise tools like SIEM, allowing for more efficient and effective alerting and logging. Unfortunately, there are currently no native tie-ins for some of the products we use, requiring us to set up email notifications to our SIM. Therefore, integrating with enterprise tools for alerting and SIM purposes would be greatly appreciated.

I wish to have improved integrations with larger vendor tools, such as alerting systems or SIMs, to enable us to pull and query performance metrics for analysis. As a fairly large organization, we require a tool that can consolidate data from multiple applications into a single location for better visibility and decision-making. Unfortunately, we are currently unable to extract this data into any of our existing systems.

I have been using Radware Cloud WAF Service for two years.

I have only experienced one outage with Radware Cloud WAF Service in the past two years, so I would say that it is very reliable and stable.

The interfaces have significantly improved, but we had numerous queries about their functionalities and how to enable specific capabilities for monitoring purposes. We had to spend a considerable amount of time trying to understand the process, such as what we needed to turn on and how to turn it on, as well as interpreting the log entries. As a result, we had to contact support multiple times, which involved a lot of back and forth. Additionally, during certain periods, our services were targeted by heavy DDoS attacks, and we had to rely on support heavily to mitigate them. There were a few instances where we had to request significant assistance from support.

Positive

Previously, we utilized Azure Application Gateway, which included a built-in WAF capability. However, due to its cumbersome nature and limited capabilities, approximately 10 percent of Radware Cloud WAF Service, we switched to Radware. Azure CloudApp lacked reporting functionality, making it difficult for us to identify attack sources, methods, and user agents.

In comparison to Azure Application Gateway, Radware Cloud WAF Service has the ability to detect all types of attacks. While using Azure, there were a few attacks that utilized a unique combination of user agent strengths which Azure Cloud WAF was unable to detect. Due to limitations in the user registry and signature attack type, it could not comprehend how to prevent these attacks. Therefore, we opted to switch to Radware Cloud WAF Service, which was better suited to meet our security needs.

Setting up Cloud WAF was straightforward, but the bot protection was a bit of a mess initially. When the product was first launched, separate dashboards were provided for both services, giving the impression that they had separate support from the company. However, over the last two years, they have been consolidated into a single dashboard, making deployment and management much easier. Despite the initial difficulty with bot protection, Cloud WAF was ultimately easy to deploy. We required two people for the deployment.

The implementation was completed in-house.

We assessed Citrix Web App and Imperva DDoS, and Microsoft urged us to test their latest version of Cloud WAF. However, we declined their offer and instead opted for Radware Cloud WAF Service because it was effortless to implement. We were able to turn it on and have it working on the same day without requiring extensive integration, which was necessary for the other options we considered. We preferred a plug-and-play solution with a minimal learning curve. Radware Cloud WAF Service met these requirements and has been functioning well.

I give Radware Cloud WAF Service a nine out of ten.

We are interested in utilizing the API discovery feature, but since we frequently make changes to our APIs using a DevOps pipeline, our APIs change on a regular basis, almost every two weeks. Our company's current goal is automation, and all changes to the environments must be done through a coded pipeline with variables. Unfortunately, the API discovery feature may slow down our automation capabilities, making it difficult to push changes every two weeks unless the interface is improved. While we would like to take advantage of the API mapping and different attack techniques, we cannot use the feature until it becomes more mature and integrated with our automated pipeline.

We deploy the solution across one location.

The ability to log in and review data and logs is a crucial feature for me when choosing a Cloud WAF. While most services have similar capabilities, the differentiator lies in how well they can parse and present the data. I had trouble with Citrix as it was difficult to obtain and interpret the data to prevent attacks. However, Imperva has an excellent interface for pulling data, which helps us make informed decisions. Radware stood out as the best in both areas, with their dashboard being user-friendly and responsive. The implementation was also straightforward as all the necessary information was readily available. It only took a few hours to set up a new site, making it easy to go live quickly.

We have been using this solution for a number of use cases. For example, we use it for SQL inspection, cross-site scripting. We also have load sharing and we create our own custom rules for our situation, based on our business. For instance, products, articles, and other parameters that we manage in our applications are packaged in Radware.

We also tested the Bot Manager for a month and it seemed quite useful, but due to a matter of project priorities, we could not implement it.

Radware Cloud WAF visibly improves our security posture and reduces the risks of an attack. It also helps us a lot in avoiding information leakage. These advantages are particularly true for us because the applications that we have protected are outsourced developments, they are not in-house. Radware helps us guarantee a level of security for our infrastructure such as our databases.

The API Discovery is also very good because the application is outsourced, which means that we don't have the code. API Discovery allowed me to discover precisely how to orchestrate the API so that I could see the results. Based on them, we were able to raise new cases. It's nice not to have that limitation. We are using API Discovery on a trial basis for one month, but I believe that if we enable it next year we will see a decrease in traffic and consumption.

In addition, it has helped reduce false positives by 30 percent. In the second year, the change hasn't been very noticeable because the cases that we started with in the previous year have already been configured and saved. In other words, we are increasing the system's capacity, fixing the rules, but we are not erasing the previous ones.

It has also helped free up the IT team because several risk points are automatically covered. For example, we have a SIEM to which we send the Radware logs and the integration with the SIEM, as well as sending these logs, was simple, a matter of five minutes. The logs that Radware sends are complete and we can create use cases based on our needs. I estimate it has saved 50 percent of my time.

Among the most valuable features is the ease of managing the platform. It is user-friendly.

The platform has also worked quite well when it comes to blocking unknown threats and attacks. A great example over the last year was a new threat that our system perceived. Radware responded very well for the use cases that we created, as well as to the SQL injection-type of threat. When we received Cloud WAF we enabled the automated rules. That's good because basic rules are already built-in and can't be modified, so if an analyst doesn't have abundant knowledge or experience and couldn't manage such a threat, he would find a lot of help from Cloud WAF itself. The platform has a great security system and is well-managed.

The automated analytics for looking at events are also good. The support that we can generate every week is also good. And the API Discovery feature is extremely easy to use. You simply click on it to activate it.

We also use the CDN services offered by Radware and it hasn't really been complicated because it's quite user-friendly and, when I've had any questions, support has always been there to help me resolve them immediately.

I rate it well for integrating with other systems and applications and I would recommend it to other companies. We have integrated it with various solutions. We have AWS and private clouds as well, so the DNS redirection was obviously more on our side. But setting up and provisioning Radware itself is extremely simple. It didn't take us more than 10 minutes, and even less to load certificates. It's extremely easy. Other solutions take longer.

They have a portal for webinar training but because we are in a Spanish-speaking country, it is difficult for us to watch them. Not all of us are fluent in English, but most of the courses and webinars are in English. That part could be improved, with more options for people for whom English is not their native language.

I have been using Radware Cloud WAF Service for two years.

It is very stable. We have not had a cut or suffered from unavailability of the service.

The scalability of the solution is also good. It has allowed us to build sites in different clouds and to integrate with other security tools.

One aspect that has drawn my attention the most is the support. It is very successful and the response to something I want to modify is very fast. They are excellent.

For example, if a rule has been blocked or I need to delete an expired certificate and, for some reason, it has prevented me from doing so, the customer service response has always been fast and assertive.

Positive

The solution we had before was from Trustware. We changed to Radware because of its cost and because the support for our old solution was not optimal in response time. Also, the configuration wasn't as flexible. Setting up the rules took a long time.

The initial setup was super simple, uploading the certificates was super fast,  and redirecting to the DNSs was extremely simple. It was a matter of five or 10 minutes. Entering the blocking stage only took a few seconds.

We started with a platform that had fewer clients and did so at times with fewer transactions. We then did functionality testing before provisioning. After that, we entered a learning stage of 10 to 15 days so that Radware could learn the patterns that are handled in the applications, such as input and output parameters. Once those parameters were validated with the development area, the next thing was the blocking.

For the technical administration, we have four users who manage it, but I am the main manager. There isn't any maintenance. There are updates made by Radware, but for us, it has been practically transparent. The one thing we do is refine the rules due to new attacks and malicious threats.

We did it with the supplier. There were two people involved: me, representing our company, and a Radware consultant who was running the project.

Obviously, the ROI is the security it provides. It keeps our services available and complete. And a good reputation for our brand is much more than a return on investment.

I do not see it from the point of view of reducing our TCO, since it is a service that has to be available 24/7 in our retail services. This guarantees that customers will be able to carry out their purchases at any time of the day.

There was no delay in time to value, from before provisioning to after.

The pricing has been quite manageable for our line of business. The license letter was done once and we no longer have to reload the annual renewal. That has been handled quite well during these two years.

I have worked previously with other solutions. I started working with Radware two years ago and I really like this solution because it is very user-friendly. Another advantage is that there is one portal/dashboard. I  don't need two portals to manage the Bot Manager and other aspects. I can view, configure, and do everything through just one, which makes administration easier.

We evaluated other options and, if I remember correctly, one of them was Fortinet, but they didn't seem as effective as Radware. But the price was the biggest difference. Radware had the best price for our type of network and level of scaling.

When we tried the Bot Manager in one of our applications it did not have an effect because its work style didn't fit the application. But in the second application, it did work and it has been striking. It was useful for us to create new blocking rules in certain cases that we had not mapped from the time the project was launched.

My advice is to try the API. It's actually very simple and it helps a lot when identifying new risks that can be mapped with various rules.

The most important thing is the response time. It also benefits the tools a lot because slower solutions mean several minutes of service unavailability.

In the two years since we started using Radware, it has responded very well and we have not had any incidents of code indexing or denial of service. We have not had a single incident that has compromised our service availability, which is pretty good.

Foreign Language: (Spanish)

¿Cuál es nuestro caso de uso principal?

Hemos estado usando esta solución para varios casos de uso. Por ejemplo, lo usamos para la inspección de SQL, secuencias de comandos entre sitios. También tenemos carga de trabajo compartida y creamos nuestras propias reglas personalizadas para nuestra situación, en función de nuestro negocio. Por ejemplo, los productos, artículos y otros parámetros que gestionamos en nuestras aplicaciones están empaquetados en Radware.

También probamos el Bot Manager durante un mes y nos pareció bastante útil, pero por una cuestión de prioridades del proyecto no pudimos implementarlo.

¿Cómo ha ayudado a mi organización?

Radware Cloud WAF mejora visiblemente nuestra postura de seguridad y reduce los riesgos de un ataque. También nos ayuda mucho a evitar la fuga de información. Estas ventajas son particularmente ciertas para nosotros porque las aplicaciones que hemos protegido son desarrollos subcontratados, no son internos. Radware nos ayuda a garantizar un nivel de seguridad para nuestra infraestructura, como a nuestras bases de datos.

La API Discovery también es muy buena para las aplicaciónes que están subcontratadas, ya que al ser subcontratadas significa que no tenemos el código. API Discovery me permitió descubrir con precisión cómo orquestar la API para poder ver los resultados. En base a ellos, pudimos plantear nuevos casos. Es bueno no tener esa limitación. Estamos usando API Discovery a modo de prueba durante un mes, pero creo que si lo habilitamos el próximo año, veremos una disminución en el tráfico y el consumo.

Además, ha ayudado a reducir los falsos positivos en un 30 por ciento. En el segundo año el cambio no se ha notado mucho porque los casos que empezamos el año anterior ya están configurados y guardados. Es decir, estamos aumentando la capacidad del sistema, arreglando las reglas, pero no borrando las anteriores.

También ha ayudado a liberar al equipo técnico porque varios puntos de riesgo se cubren automáticamente. Por ejemplo, tenemos un SIEM al que enviamos los logs de Radware, la integración con el SIEM además de enviar estos logs, es sencilla, se hace en cinco minutos. Los registros que envía Radware están completos y podemos crear casos de uso según nuestras necesidades. Estimo que ha ahorrado el 50 por ciento de mi tiempo.

¿Qué es lo más valioso?

Entre las características más valiosas está la facilidad de manejo de la plataforma. Es fácil de usar.

La plataforma también ha funcionado bastante bien cuando se trata de bloquear amenazas y ataques desconocidos. Un gran ejemplo de esto es que durante el último año nuestro sistema percibió una nueva amenaza. Radware respondió muy bien a los casos de uso que creamos, así como al tipo de amenaza de inyección SQL. Cuando recibimos Cloud WAF, habilitamos las reglas automatizadas. Esto es bueno porque las reglas básicas que ya están integradas no se pueden modificar, por lo que si un analista no tiene muchos conocimientos o experiencia y no puede manejar una amenaza de este tipo, podrá encontrar mucha ayuda en Cloud WAF. La plataforma tiene un gran sistema de seguridad y está bien administrada.

Los análisis automatizados para observar eventos también son buenos. El apoyo que podemos generar cada semana también es bueno. Y el API Discovery es extremadamente fácil de usar. Simplemente haces clic en él para activarlo.

También usamos los servicios de CDN que ofrece Radware y realmente no ha sido complicado porque es bastante fácil de usar y cuando he tenido alguna pregunta, el soporte siempre ha estado ahí para ayudarme a resolverla de inmediato.

Lo califico bien para integrarse con otros sistemas y aplicaciones y lo recomendaría a otras empresas. Lo hemos integrado con varias soluciones. También tenemos AWS y nubes privadas, por lo que la redirección de DNS obviamente estuvo más de nuestro lado. Pero configurar y aprovisionar Radware en sí mismo es extremadamente simple. No tardamos más de 10 minutos, y cargar los certificados nos tomó mucho menos. Es extremadamente fácil. Otras soluciones toman más tiempo.

¿Qué necesita mejorar?

Tienen un portal de seminarios web para capacitación, pero como estamos en un país de habla hispana, se nos hace difícil verlos ya que no todos hablamos inglés con fluidez. La mayoría de los cursos y seminarios web son en inglés. Esa parte podría mejorarse, con más opciones para las personas para quienes el inglés no es su idioma nativo.

¿Por cuánto tiempo he usado la solución?

He estado usando Radware Cloud WAF Service durante dos años.

¿Qué pienso sobre la estabilidad de la solución?

Es muy estable. No hemos tenido cortes de red ni sufrido indisponibilidad del servicio.

¿Qué opino de la escalabilidad de la solución?

La escalabilidad de la solución también es buena. Nos ha permitido construir sitios en diferentes nubes e integrarnos con otras herramientas de seguridad.

¿Cómo son el servicio de atención al cliente y el soporte?

Uno de los aspectos que más me ha llamado la atención es el soporte. Tiene mucho éxito y la respuesta a algo que quiero modificar es muy rápida. son excelentes

Por ejemplo, si me han bloqueado una regla o necesito borrar un certificado caducado y, por algún motivo, me lo ha impedido, la respuesta del servicio de atención al cliente siempre ha sido rápida y asertiva.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo

¿Qué solución usé anteriormente y por qué cambié?

La solución que teníamos antes era de Trustware. Cambiamos a Radware por su costo y porque el soporte para nuestra antigua solución no era óptimo en tiempo de respuesta. Además, la configuración de Trustware no era tan flexible y establecer las reglas llevó mucho tiempo.

¿Cómo fue la configuración inicial?

La configuración inicial fue súper simple, la carga de los certificados fue súper rápida y la redirección a los DNS fue extremadamente simple. Era cuestión de cinco o diez minutos. Nos tomó sólo unos segundos entrar en la etapa de bloqueo.

Empezamos la implementación con una plataforma que tenía menos clientes y lo hacíamos en los tiempos que menos tenían transacciones. Luego hicimos pruebas de funcionalidad antes del aprovisionamiento. Después de eso, entramos en una etapa de aprendizaje de 10 a 15 días para que Radware pudiera aprender los patrones que se manejan en las aplicaciones, como los parámetros de entrada y salida. Una vez validados estos parámetros con el área de desarrollo, lo siguiente fue el bloqueo.

Para la administración técnica tenemos cuatro usuarios que la manejan, pero yo soy el administrador principal. No hay mantenimiento. Hay actualizaciones hechas por Radware, pero para nosotros ha sido prácticamente transparente. Lo único que hacemos es refinar las reglas debido a nuevos ataques y amenazas maliciosas.

¿Y el equipo de implementación?

Lo hicimos con el proveedor. Había dos personas involucradas: yo, en representación de nuestra empresa, y un consultor de Radware que dirigía el proyecto.

¿Cuál fue nuestro Retorno de Inversión ?

Obviamente, el Retorno de Inversión es la seguridad que proporciona. Mantiene nuestros servicios disponibles y completos. Y una buena reputación de nuestra marca es mucho más que un retorno de la inversión.

No lo veo desde el punto de vista de reducir nuestro TCO, ya que es un servicio que tiene que estar disponible 24/7 en nuestros servicios de retail. Esto garantiza que los clientes puedan realizar sus compras en cualquier momento del día.
No hubo demora en el tiempo de valorización, desde antes del aprovisionamiento hasta después.

¿Cuál es mi experiencia con los precios, el costo de configuración y las licencias?

El precio ha sido bastante manejable para nuestra línea de negocio. La carta de licencia se hizo una vez y ya no tenemos que recargar la renovación anual. Eso se ha manejado bastante bien durante estos dos años.

¿Qué otras soluciones evalué?

He trabajado anteriormente con otras soluciones. Empecé a trabajar con Radware hace dos años y me gusta mucho porque es muy fácil de usar. Otra ventaja es que hay solo un portal/tablero. No necesito dos portales para administrar el Bot Manager y otros aspectos. Puedo ver, configurar y hacer todo a través de uno solo, lo que facilita la administración.

Evaluamos otras opciones y si no recuerdo mal, una de ellas era Fortinet, pero no parecían tan efectivas como Radware. El precio fue la mayor diferencia. Radware tenía el mejor precio para nuestro tipo de red y nivel de escalabilidad.

¿Qué otro consejo tengo?

Cuando probamos el Bot Manager en una de nuestras aplicaciones no surtió efecto porque su estilo de trabajo no se ajustaba a la aplicación. Pero en la segunda aplicación sí funcionó y ha sido llamativo. Nos resultó útil para crear nuevas reglas de bloqueo en ciertos casos que no teníamos mapeados desde que se lanzó el proyecto.

Mi consejo es probar la API. En realidad, es muy simple y ayuda mucho a la hora de identificar nuevos riesgos que se pueden mapear con varias reglas.

Lo más importante es el tiempo de respuesta. También beneficia mucho a las herramientas porque las soluciones más lentas significan varios minutos de indisponibilidad del servicio.

En los dos años que llevamos usando Radware ha respondido muy bien y no hemos tenido ningún incidente de indexación de código o denegación de servicio. No hemos tenido un solo incidente que haya comprometido la disponibilidad de nuestro servicio, lo cual es bastante bueno.