Radware WAF Review
What do you like best about the product?
Best thing about WAF, Radware DDOS notification. As of now at my location we will get notification call with severity and attack details.
What do you dislike about the product?
SIEM integration is only pain point. Integration is bit difficult
What problems is the product solving and how is that benefiting you?
My application is exposed to internet is well protected by Radware WAF, due to this external user can access the application safely. and organization reputation will also be safe.
API discovery, bot defense, and DDoS capability optimize application security and development
What is our primary use case?
We are choosing Radware Cloud WAF Service over traditional WAF because it has API first behavioral protection, advanced bot defense, and layer 7 web DDoS capability. It was chosen because of the hybrid and Cloud native app environment. For internal and external customers, we have approximately 1300 plus customers in our data center colocation, and all of them are using Radware Cloud WAF Service.
There are various use cases for Radware Cloud WAF Service. One is about securing public-facing portals, internal applications, and APIs, including REST API and GraphQL API. The deployed assess provides services to internal IT customers and external customers. This WAF is configured in reverse proxy mode plus API security module, and it is integrated with CI/CD pipeline for secure application development.
We have been using Radware Cloud WAF Service as it supports integration with CDN services such as Akamai, Cloudflare, and AWS CloudFront. Radware has CDN nodes for optimized delivery and protection. However, we have been using AWS CloudFront currently, but I'm in discussion with the Radware team about acquiring more Cloud WAF licenses, along with Cloud DDoS, to enhance Cloud DDoS protection capability. They have recently launched Cyber Controller Plus, so I'm going to procure Cyber Controller Plus.;
What is most valuable?
Automatic API discovery and schema validation is something we have appreciated about Radware Cloud WAF Service. It has automatic API discovery, protection against injection, abuse, and credential stuffing. It also has token-based authentication and enforcement, along with rate limiting. Bot and threat protection is another excellent feature.
It eliminates manual API inventory and documents and streamlines the security policy creation. It reduced the work for developers and the SOC workload because with a large SOC team, it helped to offload and eliminate overhead costs, providing SOC people with better resources.
Automatic threat detection in blocking and detecting without manual intervention is essential. Scalability is another benefit because it has Cloud native architecture. Cloud native architecture is readily scalable, requiring no hardware maintenance.
What needs improvement?
I see areas in Radware Cloud WAF Service for improvement, specifically in its initial tuning period, because the machine learning model takes two to three weeks for baseline behavior establishment. Closely monitoring alerts during this period is essential to avoid false positives.
There's an alert noise issue; during the early stages, we received a high volume of alerts for minor issues, requiring collaboration with the SOC team to fine-tune thresholds and concentrate on genuine threats.
The documentation is not up to par, as while the platform's system is robust, the documentation, particularly for API integration, could be more developer-friendly with real-world use cases.
For how long have I used the solution?
We have been working with Radware Cloud WAF Service for almost four and half to five years now.
How are customer service and support?
My experience with the technical support of Radware Cloud WAF Service is that they are excellent, and I have established a strong relationship with the executive leadership up to Roy, the CEO. They provide excellent support.
How was the initial setup?
My experience with the pricing, setup costs, and licensing of Radware Cloud WAF Service is positive because I'm a Radware shop. I have all the Radware products, so my feedback is purely positive.
What was our ROI?
I have seen a return on investment with Radware Cloud WAF Service since I have been providing support and selling it as a service to customers.
Which other solutions did I evaluate?
When looking into Radware Cloud WAF Service, I evaluated F5 and Fortinet as other options.
What other advice do I have?
We have been using many products provided by Radware. API discovery in Radware Cloud WAF Service was straightforward. Although initially, our people were new to Radware, and we had some challenges in the initial phase with false positives and early learning phases, especially with custom applications. Over time, with its intuitive UI, we were able to implement it quickly; my team learned and started working on it.
Radware Cloud WAF Service is integrated with SIEM and our SOC team of 75 people. Initially, during the early phase, false positives were common because SIEM was learning the traffic pattern, monitoring the logs, and adjusting the sensitivity. We accomplished policy tuning efficiently by manually fine-tuning the security parameters after analyzing the pattern and adjusting the threshold to reduce noise.
Radware Cloud WAF Service has been doing excellent work in protecting against zero-day attacks. We are using the automated source blocking feature. It has significantly helped our compliance efforts and helps maintain business continuity with its DDoS protection capabilities, which we utilize through real-time behavior-based detection using machine learning.
I rate Radware Cloud WAF Service eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Powerful and Customizable Cloud WAF with Room for Improved Usability
What do you like best about the product?
What I like best: The highly customizable rule engine and its effectiveness in blocking sophisticated attacks remain top positives. The responsive customer support has also been valuable when navigating complex configurations. What's most helpful: The granular control over security policies, combined with reliable bot management and the support team's expertise, provides significant value in maintaining a strong security posture. We use it constantly, making its effectiveness crucial. Upsides: Strong security efficacy, particularly against advanced threats and bots, coupled with helpful customer support. The frequent use underscores its importance in our daily operations.
What do you dislike about the product?
What I dislike: The initial implementation and integration with our existing infrastructure were not as straightforward as desired, requiring significant configuration and troubleshooting. While support is helpful, the complexity adds overhead. The reporting interface still lacks the intuitive depth we need for quick analysis. What's least helpful: The less-than-seamless initial integration process and the ongoing need for expert tuning can be time-consuming. The reporting limitations hinder proactive threat analysis. Downsides: Complexity in initial implementation and integration, a steeper learning curve for effective management, and reporting that could be more user-friendly.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF is primarily solving the problem of protecting our web applications and APIs from a wide array of cyber threats. This includes:
* Mitigating application layer attacks: Such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities.
* Blocking malicious bots and automated traffic: Preventing scraping, credential stuffing, and denial-of-service attempts at the application level.
* Ensuring application availability and performance: By filtering out malicious traffic and preventing attacks that could lead to downtime or performance degradation.
How this benefits us:
* Reduced security incidents: We've seen a significant decrease in successful application-layer attacks, minimizing the risk of data breaches and service disruptions.
* Improved security posture: It provides a critical layer of defense, complementing our other security controls and enhancing our overall resilience.
* Lower operational overhead: By automatically blocking many threats, it reduces the workload on our security operations team, allowing them to focus on more strategic initiatives.
Business problems it helps solve:
* Maintaining customer trust and brand reputation: By preventing security incidents, we safeguard our users' data and maintain their confidence in our services.
* Ensuring business continuity: Protecting application availability is crucial for our online operations and revenue streams. Radware Cloud WAF helps prevent costly downtime.
* Meeting compliance requirements: It aids in meeting certain security compliance standards by providing necessary application-level protection.
* Protecting revenue and preventing financial losses: By blocking malicious activities like fraud and preventing service outages, it directly contributes to protecting our bottom line.
My opinion regarding Radware Cloud WAF
What do you like best about the product?
I am having very good experience with Radware Cloud WAF. It is providing very good and enhanced support towards application level threats like SQL Injection, XSS,CSRF etc...Ease of Use is also good part of the Radware cloud WAF as provides very easy and user friendly GUI. Their Customer support is very good and they support us in any ad-hoc activities.
What do you dislike about the product?
Sometime it is very difficult for me to finetune and refine the alerts.
What problems is the product solving and how is that benefiting you?
Our organization is developing websites very rapidly and security is also important for the same. To secure our web facing applications we have decided to purchase the Radware Cloud WAF.
Radware Cloud WAF : Next level web protection with zero hassle
What do you like best about the product?
My experience with Radware Cloud WAF is excellent. What impressed me most is its comprehensive protection against all OWASP TOP-10 vulnerabilities And the platform gives auto-generated securities policies for newly onboard applications which saves lots of time and efforts of any Administrator. Another standout feature is its zero day protection, which gives extra layer of confidence when dealing with unpredictable threats.overall I can say it is complete suite of WEB and Mobile application protection.
What do you dislike about the product?
There is no such thing to dislike about Radware Cloud WAF. My overall experience with Radware Cloud WAF is highly satisfactory.
What problems is the product solving and how is that benefiting you?
In my organisations we has faced numerous security breach attempts targeting our web application and their critical functionality. To overcome these threats, we have taken protective step by developing Radware Cloud WAF. Ensuring robust protection against similar attacks and safeguarding our digital infrastructure.
The Radware Waf for top 10 owasp
What do you like best about the product?
In radware waf we can mitigation owasp top 10 attack and its predefined signature upto date in real time. So it will help to protect the application level.
What do you dislike about the product?
There is no any dislike about radware cloud waf, because we are using from last two years
What problems is the product solving and how is that benefiting you?
Mitigate the top 10 owasp attack and prevent from the unwanted attack
Exploring Radware Cloud WAF - To mitigate application layer attacks
What do you like best about the product?
The radware cloud waf have real time signature based solutions, which is good to protect from top 10 owasp attack, it is good for hybrid deployment, and the dashboard facility is easy to management and properly categorised.
What do you dislike about the product?
There are no such things to dislike about the Radware Cloud WAF till now.
What problems is the product solving and how is that benefiting you?
In our organisation we are using 50 plus applications, which required more secure in applications layer so , radware waf is the best solution to protect from top 10 owasp attack , and easy to find tune using payload value
Radware Cloud WAF Enhances Protection with Rapid Detection and Exceptional Support.
What do you like best about the product?
Radware's ability to rapidly detect attacks is a standout feature, even if it doesn't always meet the fastest response times. The option to quickly set up a call with their team when needed is also beneficial. Moreover, the support provided by Radware is exceptionally quick and efficient, making it a crucial aspect of their service.
What do you dislike about the product?
While Radware Cloud WAF offers top security features, there are areas for improvement. Some tools can be challenging to navigate, and the user interface could be more user friendly. Additionally, the cost of the solution is a significant consideration, as it may not be the most budget-friendly option available.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF Service has improved our organisation's protection and detection capabilities. Over time, we have made several updates and adjustments to our network architecture, which were greatly facilitated by Radware's comprehensive solutions. We primarily use Radware Cloud WAF for robust DDoS protection, effectively shielding our systems from these types of attacks.
Radware Cloud WAF - Excellent Defense Against OWASP Top 10
What do you like best about the product?
Radware cloud WAF is highly effective and reliable Web Application Firewall (WAF). It provides excellent protection against web bases threats or application layer threats. Mitigations of such threats is also easy and very smooth with the help of Radware Cloud WAF. It also covers almost all the OWASP Top 10 attacks. Provides verities of customizations for policy to detect SQL Injection, Cross Site Scripting, Remote File Inclusion, CSRF etc...
What do you dislike about the product?
There are no such things as my experience is very good with the Radware Cloud WAF.
What problems is the product solving and how is that benefiting you?
Rapidly growing of applications layer attacks on our web applications and same attempt has been observed from our security team also.
So, to avoid and to mitigate those threat traffic to enter in our environment we have decided to purchase the Radware Cloud WAF.
Experiencing User Friendly Security with Radware Cloud Waf
What do you like best about the product?
I am having very amazing experience while using Radware Cloud WAF. It provides full protection against all the OWASP TOP -10 attacks including other applications layer attacks as well.In Radware Cloud WAF also provides easy to understand security events in details so it will be very useful to security administrator to identify genuine attacks and also removes false positive attacks.Also provides us policy level customisation with help of implementing positive security model and negative security model.
What do you dislike about the product?
No such Things as me and our organization like having very smooth operation with Radware Cloud WAF.
What problems is the product solving and how is that benefiting you?
Our organization is rapidly growing their web applications and web application layer is the first target of any attacker for the compromise.We are also observing the same kind of attempts on our application so we have setup WAF to mitigate the same.
