Radware DDoS Reviews

We have been using Radware DDoS extensively for the past two years in our production network within the utility sector. Primarily, we use it for application layer filtering and for direct termination with our Internet Service Providers (ISPs). Initially, we encountered several challenges during the configuration process, primarily due to the lack of ready-made templates. However, over the last two years, we have successfully implemented filtering measures, effectively mitigating our DDoS attacks by removing unwanted traffic directed at our public IP addresses.

This system has been crucial in securing our operations and meeting our specific needs for our data center. All public domain URLs in the utility sector are hosted behind an Internet firewall, ensuring that the traffic directed to these public domains is properly managed through DDoS protection. That sums up our experience with this system.

Radware DDoS has been effective at mitigating advanced DDoS attacks such as burst or DNS attacks and encrypted SSL floods because we blocked all public domain IPs through access lists at my DC router, where all the ILLs are delivered from the ISP. We are getting IOCs, which are Indicators of Compromise from CERT-In, NCIIPC, and CS K-Cyber Swachhata Kendra, from central agencies.

My experience with the behavior-based detection technology for real-time attack detection and minimizing false positives is quite positive. The behavioral framework we have consists of three layers. The first layer focuses on DDoS protection, as we are implementing two policies for two ISPs simultaneously. In our environment, we are not using an active-standby setup; instead, we utilize both links from each ISP. Therefore, we are deploying two identical boxes, one connected to each ISP. These ISP links are directed towards our management service, where all public domain sites are hosted in our data center. Regarding the behavioral aspect, let's consider a scenario where there is suddenly a spike in packet traffic from a public domain. We typically monitor the daily bandwidth usage on the ISP side. For example, if the average bandwidth usage is around 200 Mbps, but one day we notice a surge to 400 Mbps, this may indicate unknown traffic hits. This is particularly concerning because we operate in the utility sector, where we collect electricity bills each month. We use handheld devices to fetch these bills from our system, processing them at the beginning of each month. This increase in traffic could likely stem from these sources, as they may be generating numerous unknown visits to our data center servers in an attempt to log in. 

To analyze this behavioral pattern, we first examine the trust levels associated with the bandwidth usage. We investigate the cause of the sudden increase in bandwidth and identify the unknown IP addresses responsible for the traffic. We then determine the locations of these IPs and formulate policies in our DDoS logon system to block any suspicious activity. Additionally, we address two other behavioral patterns: one through endpoint security for end-user services and another through anti-Advanced Persistent Threats (APT) measures. This comprehensive approach helps us safeguard our systems effectively.

Radware DDoS protects legitimate users during a DDoS attack. We have a behavioral filtering template that we enabled after subscription. Every month, we create a report analyzing the number of unknown hits generated from DDoS, identifying legitimate IPs from our customer base and unknown IPs from other countries. We conduct geo-fencing as the first level of protection, allowing only Indian region IPs to execute packets towards our management server. The second level involves using default templates to perform this activity efficiently.

The HTTP Layer 7 protection works effectively as the signatures are updated on a daily basis and automated from the Radware cloud. Zero-day protection happens automatically because the initial steps only require us to create the policy for filtering, but after that, it continuously does its job without any manual intervention.

The zero-day attack signatures for new types of attack threats and vulnerabilities are directly taken from the cloud and blocked. For DC network flow, the fast layer DDoS attack itself is removed from the entry point from the ISP side only. After that, the traffic lands with DDoS, coming from my perimeter firewall, providing another layer of filter and protection. After my perimeter firewall, the traffic goes to my anti-APT, where we perform another level of protection or filtering for DDoS.

There are areas where Radware DDoS could improve, specifically regarding centralized visibility. If someone is allowed access to one payment server but attempts to access the backend database and application servers from that source, we need to analyze the level of propagation. If they are performing suspicious activities such as random logins, it would be beneficial to have a centralized console that shows which IP is attempting which actions for greater visibility, enabling better analysis.

To sum it up, we suggest that clear visibility within a management console could significantly enhance Radware DDoS's usability. We use Radware DDoS and Check Point for our public site because understanding the origin and pattern of public hits is crucial. If the console could segregate packets by type—such as HTTPS, logger, database-related queries, or other behavioral data—and generate reports accordingly, it would better aid our analysis.

We have been using Radware DDoS for two years.

In terms of scalability, Radware DDoS excels. One device we procure is reliable and automates filtering by downloading signatures and providing behavioral analysis. It operates with predefined signature filtering without needing much from us other than receiving reports. I would rate its scalability as nine out of ten.

I have contacted technical support for Radware DDoS many times, and their support quality is the best I have encountered in my entire career. Their responses are quick, and the support surpasses my experience with other OEMs such as Check Point, Sophos, Fortinet, and Cisco, who can often be slow with their solutions.

I have faced issues and approached TAC, and their ability to provide skilled and technically sound support is impressive. They accurately address the service requests and come up with effective solutions faster than many other manufacturers. Their support is significantly better than other OEMs who often resort to trial-and-error methods.

Throughout my career, I have done DDoS filtering through ISPs, but currently, we have a dedicated appliance for DDoS, following recommendations from the DOT and Central Government of India for compliance with ISO 27001 certification.

The initial deployment process can be quite challenging.  The business analyst or and solution integrator often creates confusion, particularly in our location. The Solution Integrators are usually not able to explain everything clearly in one go, which means we often have to go through the information piece by piece. As a result, completing the initial setup and implementation can take nearly forty-five days. If there were a ready-made template available, it would greatly simplify the process. We need to identify the specific hardware requirements and develop a checklist for hardware compatibility and configuration that meets our cybersecurity policies. To comply with these policies, we are currently working on strategies to mitigate potential risks.

Getting a ready-made template for hardware considerations, including guidance on how to harden that hardware before moving to the production level, would be extremely helpful. Additionally, having recommended guidelines from Radware on enabling these policies could streamline our implementation process. In my opinion, this approach would allow us to complete the entire solution implementation within the recommended timeframe.

Maintenance involves ensuring that hardware is functioning properly, including checking subscriptions and enabling necessary blades. For example, last month, we had to enable geo-fencing to block all traffic except from India, which involved re-enabling a previously disabled geo-fencing blade. If there were a central management console that provided alerts about system health, such as fan RPMs and SMPS performance, it would help us maintain the Radware DDoS system proactively.

Typically, two to three people are required for deployment. Initially, we communicate with the application team to ensure proper TLS and SSL levels. After confirming application legitimacy, we assess the delivery and operation level, followed by database and server reviews before concluding that the application is ready to integrate with the DDoS devices.

We are going for seven-year support with a solution comprising two hardware boxes for redundancy and high availability, priced at around 2.4 crores. This pricing is manageable without any worry.

I have considered competing products in the market. We have raised a request for another solution besides Radware DDoS, as Cloudflare has been selected as L1 for another DR setup we are trying to establish. Management requests that we consider similar solutions, which is why Radware DDoS remains qualified as L1.

I would rate Radware DDoS a nine out of ten. 

Currently, I only use Radware DDoS. I have been carrying Radware DDoS for about 10 years already.

Radware DDoS can mitigate attacks from layer 4 to 7, which makes the organization more secured with a dedicated DDoS solution.

Using Radware HTTP or HTTPS protection actually protects my application at the application layer. I am confident that the applications running on my system are well protected from different types of DDoS attack.

Radware DDoS is very effective in mitigating distributed denial-of-service attacks. The solution is very mature, and since Radware DDoS can detect attacks within 18 seconds, it really helps the organization against those types of attacks.

Using behavioral-based detection, Radware DDoS can detect even unknown or zero-day attacks and mitigate those attacks within 18 seconds. That is the advantage of the behavioral-based feature of Radware DDoS.

Radware DDoS can pinpoint whether users are legitimate or illegitimate, meaning the traffic. That is one of the key features that Radware DDoS has.

On the appliance, maybe the hardware could be improved. Most of Radware DDoS appliances are physical, so they could improve that aspect.

In terms of the system and the functionality, Radware DDoS is constantly upgrading.

I have been working in the industry for 25 years already.

Deploying Radware DDoS is very easy. It is an inline appliance, so I just put it in line and then configure it using its Cyber Controller. Cyber Controller is the management interface for the Radware DDoS device or appliance.

It does not take much time to set up. If I already have the information in place, it does not take much time to configure Radware DDoS.

Including the downtime of the customer or deploying it, it will take maybe an hour or an hour and a half if all necessary configuration is already pre-configured.

The only thing needed is mounting the appliance because it is heavy.

Radware DDoS definitely reduced my operational cost.

Radware DDoS response time is in real-time. As mentioned earlier, it can detect vulnerability or attacks within 18 seconds and can generate its own signatures within that period.

I would rate Radware DDoS a 9 out of 10.

In my previous company, I used Radware DDoS for more than one and a half years, and it was positioned in front of the perimeter firewall.

Our main use case for Radware DDoS was to protect the external services, which were deployed on Big-IP F5, and then in front of that, a Check Point firewall was there, and in front of the Check Point firewall, Radware DDoS was there, protecting all the external services for that particular company I worked for.

I can give a specific example of an attack where Radware DDoS made a difference; we verified that an attacker tried to generate a TCP flood attack originating from multiple sources, and Radware DDoS was able to mitigate that based on the security features that were enforced on it.

Regarding our use case for Radware DDoS, it was enforced for each and every application, with TPS assigned there for verifying the requests coming from each single source, either based on a single source or distributed sources.

In my experience, the best features Radware DDoS offers include the ability to mitigate DDoS attacks such as TCP and SYN flood attacks; we can also mitigate UDP flood attacks, and while using TCP, it can verify the client and many other aspects, being implementable on Layer 7 for more granular information such as user-agent, which is possible if we import the private key of the particular service.

Out of all those features, the one that had the biggest impact for my team was the Layer 3 and Layer 4 DDoS implementation because it was more effective for us; we did not want to have decryption on the first layer of defense as it would introduce latency for our applications.

Radware DDoS has positively impacted my organization by sorting unwanted traffic, specifically malicious traffic targeting the applications, and it has taken the burden off the perimeter firewall during incidents.

For one particular incident, I believe that more than two million requests came through, and I think over twenty million requests were mitigated at the Radware DDoS level.

I believe Radware DDoS could be improved for cloud deployments with more granular controls that could provide valuable gains for the company, especially by verifying whether the client is genuine or not with additional metrics.

While I think the support is quite good and the user interface is acceptable, it does require a more friendly interface, although I cannot recall the exact improvements needed.

I have been in this field for more than four and a half years.

Radware DDoS is stable in my experience, with no downtime or reliability issues; on-premises performance exceeds expectations.

Radware DDoS's scalability is good; scaling up or down is easy without performance issues.

Customer support for Radware DDoS is fine; I would rate them nine out of ten. The learning curve for Radware DDoS was fine; it was easy for my team to get up and running.

Positive

I do not believe we had any other DDoS solution prior to Radware DDoS; we had F5 Cloud DDoS for cloud, which was good but still used Radware DDoS for on-premises.

I have seen a return on investment with Radware DDoS because it reduced our work by mitigating traffic before it reached the perimeter firewall, which lessened the need for extra security policies.

I am unsure if we evaluated other options before choosing Radware DDoS; my team likely did, but I was not part of that particular process.

My advice for others looking into using Radware DDoS is that if they are seeking a good solution while also considering budget, Radware DDoS is a suitable option.

I would rate Radware DDoS a seven out of ten because I believe that our board DDoS is much better.

I think we have covered all the aspects of Radware DDoS, but I feel the cloud requires more attention compared to on-premises. I gave this review a rating of seven out of ten.

We primarily use Radware DDoS Protection Service for ensuring network security and protecting against cyber threats. Our level two support engineers are hands-on with the service, utilizing it for network protection and incident visibility.

The most valuable feature of Radware DDoS Protection Service is its reporting capability. It allows us to see live attacks and understand the incoming traffic. The support from Radware is also exceptional, as they are always willing to jump on a call to help solve issues and improve our network design. Additionally, the service effectively blocks threats in real time, offering wide protection and preventing false positives.

I suggest improvements to the user interface to make it easier to use and to find the necessary data for analysis. Although the data is present, accessing it for analysis could be more simplified.

I have been using Radware DDoS Protection Service for all of the year and a half that I have been at the current company.

We have never encountered any issues with stability. There are no problems with lagging or crashing.

Scalability is well-supported by Radware. With their help, we have updated our network design to ensure scalability.

Radware's support is first class. Their responses are quick, and they are very engaging, providing assistance almost instantly when needed.

Neutral

In my previous ISP, I experienced different services, but Radware stands out as a luxury to have.

The initial setup was difficult for me because I didn't receive training. The interface is advanced, and this contributed to the challenges I faced at the beginning. However, with Radware's support, I was able to learn and adapt quickly.

Radware pricing is on the high end, suitable more for larger organizations. They have different options, but I feel it's a costly solution.

I wasn't part of the decision-making process when Radware was chosen at my current company, but in my previous ISP, I had exposure to different services.

I recommend gathering the necessary budget to go with Radware services. The cheapest option may save money initially but could cost more in the long run. I rate the solution 10 out of 10.

My main use case for Radware DDoS is preventing our applications from attackers, and that is the main goal.

I find that Radware DDoS is very useful and helpful, and I have nothing else to add about my main use case or how I use it day-to-day.

As for the support team, we have configured all of the required things to stop or mitigate an attack with Radware DDoS.

In my experience, the best features Radware DDoS offers include very good support, as the team helps us whenever we require it. What makes the support stand out for me is that they solved a tricky problem quickly, which is an example of when they helped me.

Radware DDoS is the best tool, as it protects our applications just as we intended it to.

Radware DDoS has positively impacted my organization.

I believe there is no need to improve anything about Radware DDoS.

I am saying that there is no need to change anything, and I have nothing more to add about needed improvements.

I have been using Radware DDoS for the last one year.

Whenever a DDoS attack is happening, your team rectifies the situation for us, and that is the main thing for us as a particular metric we have seen since using Radware DDoS.

Radware DDoS is a perfect tool and there is no need to add anything else about the features besides support.

As of now, I notice there is no need to change anything, and using the WAF, I feel more safe for our applications.

The main use case for Radware DDoS Protection Service is to protect our websites, mail server, and DNS servers published on the internet.

In terms of that protection, it has been performing very well; I have not noticed specific instances where it stood out.

The best features Radware DDoS Protection Service offers for my organization are the ERT feeds.

The ERT feeds, which are based on Radware intelligence services, have been beneficial to my organization because they block a lot of malicious IP addresses and botnets.

Radware DDoS Protection Service has positively impacted my organization because we are more protected against attacks from the internet.

I think Radware DDoS Protection Service could be improved by enhancing the network analytics features.

I have been using Radware DDoS Protection Service for three years.

In terms of protection, Radware DDoS Protection Service performs very well, and I have not noticed specific instances where it stood out.

I have no experience with the configuration process since a colleague of mine configured the service with the support of Radware.

I find Radware DDoS Protection Service helpful and do not use any other solution.

On a scale of one to ten, I rate Radware DDoS Protection Service a nine because it is very easy to use and very effective as a service. However, there is room for improvement in the network analytics feature.

We are a data center company. We have our own cloud, and we need to protect this cloud from DDoS attacks. That is why we have subscribed to Cloud DDoS as well as on-premise DDoS from Radware.

The solution is very good at blocking threats in real time.

We are using the management system. Through this management system, we can route the traffic to the scrubbing center. Because the scrubbing center is in India, latency is extremely low, and mitigation is very fast. This is the best part. The management system is initially very difficult because you do not know where to see and what to see. It took us around 5 months to become familiar with the management system. After that, things became crystal clear. The initial five months were difficult.

We get real-time alerts and real-time dashboards for all the issues and threats that keep coming. We can protect ourselves from attacks. Because they are visible on the dashboard, we can mitigate them.

We can mitigate attacks in a few seconds.

We have the SLA for attack detection. We have the SLA for attack mitigation. We proactively get alerts on volumetric attacks. We also have SSL-based attack protection. We have service availability SLA. We are able to provide standalone DDoS services as well as the DDoS solution in statefulness. These are a few of the things. In addition, we have on-demand volumetric mitigation. We always have volumetric mitigation. We have an attack model that is limited to the attack capacity, and we also have another model for unlimited DDoS attack capacity. These are all the basic differentiators and advantages that we are getting by default with this solution.

The false positives were quite high, but we have seen an almost 30% reduction in false positives in the last six months.

If we are under attack, initially, there is a slight impact in terms of user experience, but as the mitigation starts happening, this impact goes away. The user experience improves immediately after the attack is mitigated. So, when an attack happens, the legit users will experience a slight impact, but as soon as mitigation starts happening, this impact is reduced. In a way, the users do not get much impacted because the mitigation is very fast. With other solutions, mitigation is slow, whereas with the Radware DDoS solution, mitigation is very fast, so the impact time is much less.

We have got the highest level of service. We have the ERT premium services. The response time has not at all been an issue for us. We get a very good response.

It takes less than 10 seconds to detect an incident. The average time to mitigate an incident is from 3 seconds to 15 seconds.

Radware's scrubbing center is within India, so their SLAs are very good. Mitigation happens very fast. We do not have the scrubbing centers of other service providers in India, so mitigation happens outside. That is why there is a delay in the mitigation of DDoS attacks with other service providers. In the case of Radware, the scrubbing center is in India. That is the best part.

The most important part is that Radware DDoS integrates seamlessly and provides anomaly identification, real-time notifications, and security against DDoS attacks. It also helps us with multi-layer volumetric attacks. It shields us from global botnet threats. 

We are getting proactive notifications on threats and mitigation. We are getting real-time security updates. We get very comprehensive reporting and analytics and guaranteed performance and SLA. For us, this is very important because if we do not have a guaranteed SLA, the product has no meaning. 

The best part is that Radware DDoS has a scrubbing center within India. Whenever a DDoS attack happens, it is able to route all its traffic through the scrubbing center. This helps in guaranteeing seamless and hassle-free protection against DDoS attacks.

Radware's management is very proactive, but Radware's lower-level staff is not proactive. You need to do a lot of follow-ups. This is one point that they need to improve. If they improve this, they will be world-class because everything else is so good. 

It has been 3.5 years.

We found the system stable. It is an Israeli company. Most of the time, their products are stable.

It is a cloud solution, so it is scalable. The mitigation capacity with Radware is extremely high, so we do not have to worry about that at all.

When there is a problem and you contact their lower-level staff, they take their own sweet time to act. However, if you call their management, the resolution is very fast. Their management is very proactive and alert. In India, we have a relationship with the highest management of Radware, so things happen very fast for us, but this should not be the case. We should not be contacting their management for every issue. We should be only contacting the lower level staff. It is not a scalable model. I would rate their support an 8 out of 10.

Positive

I have used F5, and I have used Akamai. I have also used Arbor. These are the three solutions I have used in my career but not in my current company.

Radware is better. The reason we have gone with it is that we have an excellent product, an excellent management team, and an excellent SLA.

It is a cloud solution, but I also have an on-premise solution, so I have a hybrid solution.

Its deployment was not difficult. If you plan it properly, it is not difficult. It is very easy.

It does not require any maintenance from our side. Sometimes, some patches come in. They deploy those patches. We do not have to do anything.

We had a service provider of Radware called RAH Infotech. They have been there with us.

We had a 2 member team that was responsible along with the partner.

Its pricing is competitive. The licensing model is also very competitive. It is customizable, so there is no issue at all. They have given us whatever we have asked in terms of the pricing model and SLA.

I would rate it a 7 out of 10 for pricing. It is neither very high nor low. It is what is required.

We evaluated other services. Radware management was very approachable. That was one positive point. They helped us with the best solution with the best SLA.

If you are looking for a stable solution, then Radware is an obvious choice.

Overall, I would rate this solution a 9 out of 10.

We use Radware's Cloud DDoS Protection Service to safeguard Cloud Graph with Layer Seven protection.

To mitigate Layer Seven DDoS attacks on our servers, we implemented Radware Cloud DDoS Protection Service.

Radware Cloud DDoS Protection Service does an excellent job at blocking threats quickly.

The Cloud DDoS management system provides clear and easy-to-understand visibility into incidents.

The management system is user-friendly.

The Cloud DDoS management system provides comprehensive insights and detailed visibility, simplifying attack analysis.

Before implementing Radware Cloud DDoS Protection, our organization experienced frequent downtime due to numerous attacks, particularly targeting specific assets. Migrating to Radware Cloud has eliminated downtime, allowing our business to operate uninterrupted even during attacks. The benefits were immediate, and we now receive timely notifications from the ERT team at the onset of any attack.

The web DDoS protection has significantly reduced our false positive rate.

Web DDoS Protection allows legitimate users to continue using our site even if it is under attack.

Radware immediately provides attack notifications, and the ERT team offers updates. If an attack disrupts our site, technical support can restore service within 20 hours.

I appreciate Radware Cloud DDoS Protection Service for its responsive ERT team and the ease of migrating our sites to the platform. The intuitive user interface makes the entire process seamless and efficient.

The time it takes to upload a site to the cloud is critical when under attack. If a site is down, a quick response to migrate the site to the cloud is essential. It currently takes about 15 to 20 minutes for the process to complete, which should be minimized.

I have been using the Radware Cloud DDoS Protection Service for one year.

Radware Cloud DDoS Protection Service is stable, and we don't experience bugs or glitches.

I would rate the scalability of Radware Cloud DDoS Protection Service ten out of ten.

The technical support responds quickly, but sometimes the resolution takes time.

Neutral

The initial setup was complex due to our organization's network being complicated, not because of Radware Cloud. We had an issue with the DNS migration during the deployment. The deployment took around 20 minutes.

Two people from Radware and two people from our organization were involved, totaling four people.

I would rate Radware Cloud DDoS Protection Service ten out of ten.

Our five-person team is the only people in our organization who use Radware Cloud DDoS Protection Service.

Radware does the maintenance every two weeks.

I recommend Radware Cloud DDoS Protection Service because the system works well, the web interface is intuitive and easy to use, and the technical support is okay.