Radware DDoS Reviews

We have been using Radware DDoS extensively for the past two years in our production network within the utility sector. Primarily, we use it for application layer filtering and for direct termination with our Internet Service Providers (ISPs). Initially, we encountered several challenges during the configuration process, primarily due to the lack of ready-made templates. However, over the last two years, we have successfully implemented filtering measures, effectively mitigating our DDoS attacks by removing unwanted traffic directed at our public IP addresses.

This system has been crucial in securing our operations and meeting our specific needs for our data center. All public domain URLs in the utility sector are hosted behind an Internet firewall, ensuring that the traffic directed to these public domains is properly managed through DDoS protection. That sums up our experience with this system.

Radware DDoS has been effective at mitigating advanced DDoS attacks such as burst or DNS attacks and encrypted SSL floods because we blocked all public domain IPs through access lists at my DC router, where all the ILLs are delivered from the ISP. We are getting IOCs, which are Indicators of Compromise from CERT-In, NCIIPC, and CS K-Cyber Swachhata Kendra, from central agencies.

My experience with the behavior-based detection technology for real-time attack detection and minimizing false positives is quite positive. The behavioral framework we have consists of three layers. The first layer focuses on DDoS protection, as we are implementing two policies for two ISPs simultaneously. In our environment, we are not using an active-standby setup; instead, we utilize both links from each ISP. Therefore, we are deploying two identical boxes, one connected to each ISP. These ISP links are directed towards our management service, where all public domain sites are hosted in our data center. Regarding the behavioral aspect, let's consider a scenario where there is suddenly a spike in packet traffic from a public domain. We typically monitor the daily bandwidth usage on the ISP side. For example, if the average bandwidth usage is around 200 Mbps, but one day we notice a surge to 400 Mbps, this may indicate unknown traffic hits. This is particularly concerning because we operate in the utility sector, where we collect electricity bills each month. We use handheld devices to fetch these bills from our system, processing them at the beginning of each month. This increase in traffic could likely stem from these sources, as they may be generating numerous unknown visits to our data center servers in an attempt to log in. 

To analyze this behavioral pattern, we first examine the trust levels associated with the bandwidth usage. We investigate the cause of the sudden increase in bandwidth and identify the unknown IP addresses responsible for the traffic. We then determine the locations of these IPs and formulate policies in our DDoS logon system to block any suspicious activity. Additionally, we address two other behavioral patterns: one through endpoint security for end-user services and another through anti-Advanced Persistent Threats (APT) measures. This comprehensive approach helps us safeguard our systems effectively.

Radware DDoS protects legitimate users during a DDoS attack. We have a behavioral filtering template that we enabled after subscription. Every month, we create a report analyzing the number of unknown hits generated from DDoS, identifying legitimate IPs from our customer base and unknown IPs from other countries. We conduct geo-fencing as the first level of protection, allowing only Indian region IPs to execute packets towards our management server. The second level involves using default templates to perform this activity efficiently.

The HTTP Layer 7 protection works effectively as the signatures are updated on a daily basis and automated from the Radware cloud. Zero-day protection happens automatically because the initial steps only require us to create the policy for filtering, but after that, it continuously does its job without any manual intervention.

The zero-day attack signatures for new types of attack threats and vulnerabilities are directly taken from the cloud and blocked. For DC network flow, the fast layer DDoS attack itself is removed from the entry point from the ISP side only. After that, the traffic lands with DDoS, coming from my perimeter firewall, providing another layer of filter and protection. After my perimeter firewall, the traffic goes to my anti-APT, where we perform another level of protection or filtering for DDoS.

There are areas where Radware DDoS could improve, specifically regarding centralized visibility. If someone is allowed access to one payment server but attempts to access the backend database and application servers from that source, we need to analyze the level of propagation. If they are performing suspicious activities such as random logins, it would be beneficial to have a centralized console that shows which IP is attempting which actions for greater visibility, enabling better analysis.

To sum it up, we suggest that clear visibility within a management console could significantly enhance Radware DDoS's usability. We use Radware DDoS and Check Point for our public site because understanding the origin and pattern of public hits is crucial. If the console could segregate packets by type—such as HTTPS, logger, database-related queries, or other behavioral data—and generate reports accordingly, it would better aid our analysis.

We have been using Radware DDoS for two years.

In terms of scalability, Radware DDoS excels. One device we procure is reliable and automates filtering by downloading signatures and providing behavioral analysis. It operates with predefined signature filtering without needing much from us other than receiving reports. I would rate its scalability as nine out of ten.

I have contacted technical support for Radware DDoS many times, and their support quality is the best I have encountered in my entire career. Their responses are quick, and the support surpasses my experience with other OEMs such as Check Point, Sophos, Fortinet, and Cisco, who can often be slow with their solutions.

I have faced issues and approached TAC, and their ability to provide skilled and technically sound support is impressive. They accurately address the service requests and come up with effective solutions faster than many other manufacturers. Their support is significantly better than other OEMs who often resort to trial-and-error methods.

Throughout my career, I have done DDoS filtering through ISPs, but currently, we have a dedicated appliance for DDoS, following recommendations from the DOT and Central Government of India for compliance with ISO 27001 certification.

The initial deployment process can be quite challenging.  The business analyst or and solution integrator often creates confusion, particularly in our location. The Solution Integrators are usually not able to explain everything clearly in one go, which means we often have to go through the information piece by piece. As a result, completing the initial setup and implementation can take nearly forty-five days. If there were a ready-made template available, it would greatly simplify the process. We need to identify the specific hardware requirements and develop a checklist for hardware compatibility and configuration that meets our cybersecurity policies. To comply with these policies, we are currently working on strategies to mitigate potential risks.

Getting a ready-made template for hardware considerations, including guidance on how to harden that hardware before moving to the production level, would be extremely helpful. Additionally, having recommended guidelines from Radware on enabling these policies could streamline our implementation process. In my opinion, this approach would allow us to complete the entire solution implementation within the recommended timeframe.

Maintenance involves ensuring that hardware is functioning properly, including checking subscriptions and enabling necessary blades. For example, last month, we had to enable geo-fencing to block all traffic except from India, which involved re-enabling a previously disabled geo-fencing blade. If there were a central management console that provided alerts about system health, such as fan RPMs and SMPS performance, it would help us maintain the Radware DDoS system proactively.

Typically, two to three people are required for deployment. Initially, we communicate with the application team to ensure proper TLS and SSL levels. After confirming application legitimacy, we assess the delivery and operation level, followed by database and server reviews before concluding that the application is ready to integrate with the DDoS devices.

We are going for seven-year support with a solution comprising two hardware boxes for redundancy and high availability, priced at around 2.4 crores. This pricing is manageable without any worry.

I have considered competing products in the market. We have raised a request for another solution besides Radware DDoS, as Cloudflare has been selected as L1 for another DR setup we are trying to establish. Management requests that we consider similar solutions, which is why Radware DDoS remains qualified as L1.

I would rate Radware DDoS a nine out of ten. 

Currently, I only use Radware DDoS. I have been carrying Radware DDoS for about 10 years already.

Radware DDoS can mitigate attacks from layer 4 to 7, which makes the organization more secured with a dedicated DDoS solution.

Using Radware HTTP or HTTPS protection actually protects my application at the application layer. I am confident that the applications running on my system are well protected from different types of DDoS attack.

Radware DDoS is very effective in mitigating distributed denial-of-service attacks. The solution is very mature, and since Radware DDoS can detect attacks within 18 seconds, it really helps the organization against those types of attacks.

Using behavioral-based detection, Radware DDoS can detect even unknown or zero-day attacks and mitigate those attacks within 18 seconds. That is the advantage of the behavioral-based feature of Radware DDoS.

Radware DDoS can pinpoint whether users are legitimate or illegitimate, meaning the traffic. That is one of the key features that Radware DDoS has.

On the appliance, maybe the hardware could be improved. Most of Radware DDoS appliances are physical, so they could improve that aspect.

In terms of the system and the functionality, Radware DDoS is constantly upgrading.

I have been working in the industry for 25 years already.

Deploying Radware DDoS is very easy. It is an inline appliance, so I just put it in line and then configure it using its Cyber Controller. Cyber Controller is the management interface for the Radware DDoS device or appliance.

It does not take much time to set up. If I already have the information in place, it does not take much time to configure Radware DDoS.

Including the downtime of the customer or deploying it, it will take maybe an hour or an hour and a half if all necessary configuration is already pre-configured.

The only thing needed is mounting the appliance because it is heavy.

Radware DDoS definitely reduced my operational cost.

Radware DDoS response time is in real-time. As mentioned earlier, it can detect vulnerability or attacks within 18 seconds and can generate its own signatures within that period.

I would rate Radware DDoS a 9 out of 10.

In my previous company, I used Radware DDoS for more than one and a half years, and it was positioned in front of the perimeter firewall.

Our main use case for Radware DDoS was to protect the external services, which were deployed on Big-IP F5, and then in front of that, a Check Point firewall was there, and in front of the Check Point firewall, Radware DDoS was there, protecting all the external services for that particular company I worked for.

I can give a specific example of an attack where Radware DDoS made a difference; we verified that an attacker tried to generate a TCP flood attack originating from multiple sources, and Radware DDoS was able to mitigate that based on the security features that were enforced on it.

Regarding our use case for Radware DDoS, it was enforced for each and every application, with TPS assigned there for verifying the requests coming from each single source, either based on a single source or distributed sources.

In my experience, the best features Radware DDoS offers include the ability to mitigate DDoS attacks such as TCP and SYN flood attacks; we can also mitigate UDP flood attacks, and while using TCP, it can verify the client and many other aspects, being implementable on Layer 7 for more granular information such as user-agent, which is possible if we import the private key of the particular service.

Out of all those features, the one that had the biggest impact for my team was the Layer 3 and Layer 4 DDoS implementation because it was more effective for us; we did not want to have decryption on the first layer of defense as it would introduce latency for our applications.

Radware DDoS has positively impacted my organization by sorting unwanted traffic, specifically malicious traffic targeting the applications, and it has taken the burden off the perimeter firewall during incidents.

For one particular incident, I believe that more than two million requests came through, and I think over twenty million requests were mitigated at the Radware DDoS level.

I believe Radware DDoS could be improved for cloud deployments with more granular controls that could provide valuable gains for the company, especially by verifying whether the client is genuine or not with additional metrics.

While I think the support is quite good and the user interface is acceptable, it does require a more friendly interface, although I cannot recall the exact improvements needed.

I have been in this field for more than four and a half years.

Radware DDoS is stable in my experience, with no downtime or reliability issues; on-premises performance exceeds expectations.

Radware DDoS's scalability is good; scaling up or down is easy without performance issues.

Customer support for Radware DDoS is fine; I would rate them nine out of ten. The learning curve for Radware DDoS was fine; it was easy for my team to get up and running.

I do not believe we had any other DDoS solution prior to Radware DDoS; we had F5 Cloud DDoS for cloud, which was good but still used Radware DDoS for on-premises.

I have seen a return on investment with Radware DDoS because it reduced our work by mitigating traffic before it reached the perimeter firewall, which lessened the need for extra security policies.

I am unsure if we evaluated other options before choosing Radware DDoS; my team likely did, but I was not part of that particular process.

My advice for others looking into using Radware DDoS is that if they are seeking a good solution while also considering budget, Radware DDoS is a suitable option.

I would rate Radware DDoS a seven out of ten because I believe that our board DDoS is much better.

I think we have covered all the aspects of Radware DDoS, but I feel the cloud requires more attention compared to on-premises. I gave this review a rating of seven out of ten.

My use case is that whatever traffic is coming from the internet, all that traffic is being monitored. It is sent to their scrubbing center, and from there, anything non-genuine gets blocked as per IOC, and the genuine traffic is sent to my inside applications.

Since implementing Radware DDoS Protection Service, I have been able to see DDoS attack sources and their origins. We didn't have the capacity to visualize DDoS attacks before. Blocking is also very fast compared to before, around 18 seconds of blocking time.

In my organization, I have observed many SQL injections and cross-site attacks, alongside heavy bandwidth utilization, which Radware DDoS Protection Service has been able to mitigate effectively.

Since implementing Radware DDoS Protection Service, I have experienced a transformation. I didn't have any DDoS mitigation tool previously, and my internet bandwidth was completely utilized by DDoS attacks. It is now filtering at the scrubbing center, especially during volumetric attacks.

Radware DDoS Protection Service ensures that legitimate users are not affected during DDoS attacks by communicating with my Anti-DDoS DefensePro tool. Based on configured policies, the scrubbing center can pass the traffic while already blocking the designated attackers' IPs.

Before implementing automation, my security monitoring team had to continually monitor DDoS attacks around the clock and send IPs for approval to the operations team for blocking, whereas now, it automatically blocks based on policies.

The time consumption in our processes has decreased compared to before because the internal ticketing process required approval from respective authorities, while now it is completely automated, allowing immediate blocking.

The solution effectively prevents attacks much earlier, making monitoring less burdensome than before.

Compared to other products, Radware DDoS Protection Service provides superior performance, as it blocks attacks within 18 seconds.

Previously, managing one incident took around three hours for complete approval and implementation, but now the Anti-DDoS tool immediately blocks particular IPs within 18 seconds.

With the SecOps dashboards for monitoring and reporting metrics, we can continuously monitor our Security Operations Center 24/7. We have absolute visibility.

The dashboard can provide historical information on objects and networks for three months, and we also have a backup tool that retains data for six years, per my industry policies.

The best feature of Radware DDoS Protection Service is the automation. Previously, manual intervention was necessary, and for incoming attacks, we had to inform the respective security and operations teams, whereas now, it is an automated process that blocks attacks based on policies by default.

This automation has significantly improved my organization's security compared to before. We didn't have that much automation previously, but now, with multiple policies, we can prevent attacks effectively.

I want to improve the blocking time; it should be within 10 seconds because 18 seconds allows multiple transactions in the financial industry. I want the blocking time to be better than 18 seconds.

I have been using the solution for the last six months.

Radware DDoS Protection Service is stable. For the last six months, I have not faced any issues, so it is a good solution.

In my opinion, there is no downtime experienced with Radware DDoS Protection Service due to external network redundancy.

It is scalable and user-friendly. My team members understand the policies and dashboards easily.

I would rate their customer support positively. Before using Radware, I experienced some delays with another product, but with Radware, we have immediate connections with high-level technical support.

I would rate Radware's customer support an eight out of ten because when we had initial configuration issues, support resolved the issues after a couple of escalations.

Positive

Before Radware DDoS Protection Service, I didn't have any DDoS solution at all, just manual processes.

The deployment of Radware DDoS Protection Service is very simple. It is user-friendly.

Radware DDoS Protection Service does not require separate maintenance, and there is minimal downtime during maintenance periods, such as during firmware upgrades of the Anti-DDoS tool.

There are five members in my team who work with Radware DDoS Protection Service.

I didn't check pricing of other providers in depth but verified with two, and found Radware to be significantly cheaper compared to F5.

I chose Radware because, as per Gartner, it is recognized in the market as the number one anti-DDoS solution.

I would recommend Radware DDoS Protection Service fully because I have observed improvements in bandwidth speed.

I would rate Radware DDoS Protection Service a ten out of ten.

My main use case for Radware DDoS is preventing our applications from attackers, and that is the main goal.

I find that Radware DDoS is very useful and helpful, and I have nothing else to add about my main use case or how I use it day-to-day.

As for the support team, we have configured all of the required things to stop or mitigate an attack with Radware DDoS.

In my experience, the best features Radware DDoS offers include very good support, as the team helps us whenever we require it. What makes the support stand out for me is that they solved a tricky problem quickly, which is an example of when they helped me.

Radware DDoS is the best tool, as it protects our applications just as we intended it to.

Radware DDoS has positively impacted my organization.

I believe there is no need to improve anything about Radware DDoS.

I am saying that there is no need to change anything, and I have nothing more to add about needed improvements.

I have been using Radware DDoS for the last one year.

Whenever a DDoS attack is happening, your team rectifies the situation for us, and that is the main thing for us as a particular metric we have seen since using Radware DDoS.

Radware DDoS is a perfect tool and there is no need to add anything else about the features besides support.

As of now, I notice there is no need to change anything, and using the WAF, I feel more safe for our applications.

The main use case for Radware DDoS Protection Service is to protect our websites, mail server, and DNS servers published on the internet.

In terms of that protection, it has been performing very well; I have not noticed specific instances where it stood out.

The best features Radware DDoS Protection Service offers for my organization are the ERT feeds.

The ERT feeds, which are based on Radware intelligence services, have been beneficial to my organization because they block a lot of malicious IP addresses and botnets.

Radware DDoS Protection Service has positively impacted my organization because we are more protected against attacks from the internet.

I think Radware DDoS Protection Service could be improved by enhancing the network analytics features.

I have been using Radware DDoS Protection Service for three years.

In terms of protection, Radware DDoS Protection Service performs very well, and I have not noticed specific instances where it stood out.

I have no experience with the configuration process since a colleague of mine configured the service with the support of Radware.

I find Radware DDoS Protection Service helpful and do not use any other solution.

On a scale of one to ten, I rate Radware DDoS Protection Service a nine because it is very easy to use and very effective as a service. However, there is room for improvement in the network analytics feature.

My main use case for Radware DDoS is security and protection.

A quick, specific example of how I use Radware DDoS for security and protection is that we have enabled the DDoS and bot protection for our main website.

In my opinion, the best feature that Radware DDoS offers is bot protection.

When I mention bot protection, what stands out to me is its accuracy.

Radware DDoS also features easy integration, easy use, and a good user interface.

Radware DDoS has positively impacted my organization by improving our security.

After implementing Radware DDoS, my security has improved as I notice less bot traffic and spam traffic for our sales, our emails, and everywhere.

To improve Radware DDoS, it would be great to have more performance and more CDN features and all integrations.

I wish there were more functionality for microservices, websites, and configurations regarding the static files and content and CDN.

I have been using Radware DDoS for around three years.

Radware DDoS is not stable. I have encountered stability issues such as performance issues, network timeout with ESP, slowness per regions, and no CDN feature which gives us a clear picture.

The scalability of Radware DDoS is managed by Radware; I have no knowledge of how it is scalable.

The customer support is good, but it is slow and sometimes there is no resolution.

I previously used CloudFlare and AWS CloudFront before Radware DDoS.

I purchased Radware DDoS through the AWS Marketplace.

I use AWS as my cloud provider.

Before choosing Radware DDoS, I evaluated CloudFlare and AWS CloudFront.

My advice to others looking into using Radware DDoS is that the basic functionality is great, but additional features require more effort, integration time, and support communication.

Radware DDoS is a great product for basic functionality that you can use, but generally, there are some pros and cons. For example, CloudFlare has issues such as downtimes, whereas Radware was a stable option. However, we had some performance issues and some support cases that delayed us, but it is still good.

My overall rating for this product is 6.

We use Radware's Cloud DDoS Protection Service to safeguard Cloud Graph with Layer Seven protection.

To mitigate Layer Seven DDoS attacks on our servers, we implemented Radware Cloud DDoS Protection Service.

Radware Cloud DDoS Protection Service does an excellent job at blocking threats quickly.

The Cloud DDoS management system provides clear and easy-to-understand visibility into incidents.

The management system is user-friendly.

The Cloud DDoS management system provides comprehensive insights and detailed visibility, simplifying attack analysis.

Before implementing Radware Cloud DDoS Protection, our organization experienced frequent downtime due to numerous attacks, particularly targeting specific assets. Migrating to Radware Cloud has eliminated downtime, allowing our business to operate uninterrupted even during attacks. The benefits were immediate, and we now receive timely notifications from the ERT team at the onset of any attack.

The web DDoS protection has significantly reduced our false positive rate.

Web DDoS Protection allows legitimate users to continue using our site even if it is under attack.

Radware immediately provides attack notifications, and the ERT team offers updates. If an attack disrupts our site, technical support can restore service within 20 hours.

I appreciate Radware Cloud DDoS Protection Service for its responsive ERT team and the ease of migrating our sites to the platform. The intuitive user interface makes the entire process seamless and efficient.

The time it takes to upload a site to the cloud is critical when under attack. If a site is down, a quick response to migrate the site to the cloud is essential. It currently takes about 15 to 20 minutes for the process to complete, which should be minimized.

I have been using the Radware Cloud DDoS Protection Service for one year.

Radware Cloud DDoS Protection Service is stable, and we don't experience bugs or glitches.

I would rate the scalability of Radware Cloud DDoS Protection Service ten out of ten.

The technical support responds quickly, but sometimes the resolution takes time.

Neutral

The initial setup was complex due to our organization's network being complicated, not because of Radware Cloud. We had an issue with the DNS migration during the deployment. The deployment took around 20 minutes.

Two people from Radware and two people from our organization were involved, totaling four people.

I would rate Radware Cloud DDoS Protection Service ten out of ten.

Our five-person team is the only people in our organization who use Radware Cloud DDoS Protection Service.

Radware does the maintenance every two weeks.

I recommend Radware Cloud DDoS Protection Service because the system works well, the web interface is intuitive and easy to use, and the technical support is okay.