User-Friendly Platform with Clear, Thorough Device Configuration Guidance
What do you like best about the product?
The platform is user-friendly, and the graphical interfaces are easy to understand and use. The operating logic is comprehensive, and the device configuration is explained clearly and thoroughly in the operating manual provided by the vendor.
What do you dislike about the product?
Sometimes certain policy configuration dynamics are difficult to implement for users with little operational experience.
What problems is the product solving and how is that benefiting you?
It certainly provides effective protection against application-based attacks, which is essential for a company whose business model is based on an online application.
Intuitive Dashboards and Real-Time Monitoring with Clear Security Insights
What do you like best about the product?
The intuitive dashboards and real-time monitoring provide clear, easy-to-understand insights into both traffic and potential threats.
What do you dislike about the product?
The service feels expensive, which may not be a good fit for smaller, budget-conscious organizations.
What problems is the product solving and how is that benefiting you?
It protects web applications and APIs from sophisticated, evolving threats, including OWASP Top 10 risks, zero-day attacks, API threats, and DDoS.
Detailed control over web traffic and threats
What do you like best about the product?
The fact that Radware Cloud WAF provides such a great degree of control over application security policies is what I like most about it. I use it every day in our online business of retailing products to secure the checkout processes and the customer accounts. The number of features enables us to develop granular rules of various endpoints and user behaviors. Due to its usage frequency, it has become a fixed stack in our security stack. I also like the attack logs, which are detailed, and are useful during internal security analysis and audits.
What do you dislike about the product?
The reliance on the experienced staff is another problem. Some of the policy behaviors and log details cannot be comprehensible without advanced knowledge. The features are strong and may bewilder the less experienced analysts. The lack of knowledge may extend the response time due to its frequent use. This made us invest further in special training which made our process of dealing with our cybersecurity team more costly.
What problems is the product solving and how is that benefiting you?
It is dealing with the current menace of web attacks against our public applications. Prior to the adoption, we had experienced frequent bot traffic and attempted injection attacks on our customer portal. Protection policies are now regular and organized with regular usage frequency. The list of features enables us to use layered defenses on APIs and login systems. This has minimized emergency security increases and enhanced confidence between IT and executive management.
Powerful, Adaptive Security with Seamless Integration and Strong Support
What do you like best about the product?
Powerful and Adaptive Security Protection, Ease of Use and Operational Efficiency, Flexible Deployment and Seamless Integration, High-Quality Customer Support
What do you dislike about the product?
User Experience & Management,Configuration and UI Complexity, Slow Management Operations: Security & Support Concerns: History of WAF Bypass Vulnerabilities.
What problems is the product solving and how is that benefiting you?
Overwhelming Complexity and Sophistication of Modern Web Threats
Protection from Advanced and Zero-Day Attacks:
Security Gaps and Inefficiency in Hybrid and Multi-Cloud Environments
High Operational Overhead and Alert Fatigue
Clean, Modern Web UI That Makes Status and Metrics Easy to Visualize
What do you like best about the product?
The Web interface is now very clean and has a modern look. It's quite easy to visualize app status, expiring certs as well as general metrics and indicators.
What do you dislike about the product?
There has been a recent period where admin portals were under migration or some kind of merge, which cause a bit of confusion.
What problems is the product solving and how is that benefiting you?
Protecting our perimeter Web sites, which we have in a certain amount.
Easy and Effective Securing of Our Applications
What do you like best about the product?
I really appreciate the efficiency of Radware Cloud WAF in protecting applications. Its ease of use is a big advantage, as is the availability of technical support, which makes the onboarding process quite easy.
What do you dislike about the product?
There are certain bugs in the admin console that can be improved. Sometimes, the admin console does not show the settings that are actually applied.
What problems is the product solving and how is that benefiting you?
I use Radware Cloud WAF to protect our online applications against attacks and data exfiltration attempts, as well as for DDOS protection.
Adaptive ML Protection with 24/7 SOC Support in One Cloud Platform
What do you like best about the product?
From a customer perspective, the behavioral-based detection and machine learning capabilities make a clear, noticeable difference. The platform adapts to our application traffic patterns, which has significantly reduced false positives compared with the more static, rule-heavy WAF solutions we’ve used in the past. As a result, we spend less time tuning policies and more time focusing on strategic security initiatives.
Another major advantage is the fully managed service model. The 24/7 SOC support and proactive monitoring give us confidence that threats are being addressed in real time, even outside of business hours. That level of responsiveness is critical for protecting customer-facing applications.
We also appreciate the integrated approach. Having WAF, API protection, bot mitigation, and L7 DDoS protection consolidated into a single cloud platform simplifies our architecture and vendor management. It has improved visibility and reduced complexity across our security stack.
Overall, Radware Cloud WAF delivers effective protection with strong operational efficiency, which is exactly what we were looking for.
What do you dislike about the product?
One challenge is the platform’s learning curve and overall complexity. Configuring fine-tuned policies and fully understanding the feature set takes time and expertise. For teams without dedicated WAF specialists, getting the most out of advanced controls (such as customized behavioral policies or bot-mitigation tuning) can be resource-intensive.
Another concern is visibility and the reporting experience. While Radware provides robust telemetry, some users find the dashboards and analytics less intuitive and harder to tailor to business-specific reporting needs than competing tools with more user-friendly UIs. As a result, incident analysis and executive reporting can take longer than expected.
A third point is alert volume and the tuning overhead early in deployment. Even though machine learning can reduce false positives over time, the initial tuning phase may generate a high number of alerts that still require manual review, which can be burdensome for lean teams.
Finally, because this is a managed cloud service, there is less direct control over the underlying infrastructure and rule engines than with self-hosted or appliance-based options. For customers who want tight control over every aspect of policy deployment and performance optimization, this service model may feel somewhat restrictive.
What problems is the product solving and how is that benefiting you?
Ease of Use:
The platform delivers comprehensive protection, but the interface can feel complex at first. If you’re already familiar with web application security concepts, it’s manageable. For less experienced users, some menus and options take time to understand and navigate confidently. Usability improves noticeably once you’ve spent time in the platform, but it isn’t immediately intuitive.
Ease of Implementation:
Implementation was straightforward for the basics, such as pointing DNS and enabling protection. That said, fine-tuning policies to match our application’s normal behavior took more effort than we initially expected. The initial setup phase also ran longer than planned because we focused on minimizing false positives.
Customer Support:
Radware’s customer support and managed service responsiveness have been strong. The 24/7 support model, along with proactive monitoring, helps ensure issues are addressed quickly. When we had questions about specific attack types or needed policy recommendations, their team provided timely, practical guidance.
Frequency of Use:
We use the platform regularly, mainly to review alerts, adjust policies, and check reports. Our security team accesses the dashboard daily, and the alerting cadence has become more reasonable as the system has adapted to our traffic patterns.
Number of Features:
Radware Cloud WAF includes a broad feature set, including core WAF protections, API security, bot mitigation, L7 DDoS protection, and behavioral analytics. The overall feature list is extensive and aligns well with enterprise security requirements. Some of the more advanced capabilities, such as detailed behavioral policies, become especially valuable once you understand how to use them.
Ease of Integration:
Integration with our DNS, SIEM, and monitoring stack has been solid. We did need to adjust some internal workflows to fit Radware’s event formats, but the available APIs and documentation made that workable. Overall, we didn’t run into any major blockers during integration.
Problems It Is Solving and the Benefit:
Radware Cloud WAF addresses several key challenges for us. It blocks application-layer attacks (e.g., OWASP Top 10) in real time, which reduces risk without requiring constant manual intervention. Its behavioral learning and adaptive policies help reduce false positives over time, increasing confidence in alerts and cutting down on noisy events. The managed service model also means expert support is monitoring and tuning in the background, which reduces the operational burden on our internal team. In addition, the integrated bot mitigation and API security help protect against automated abuse and API-targeted threats that our legacy tools didn’t handle well.
Overall, the solution strengthens our security posture, reduces manual workload, and improves visibility into application threats that we previously lacked. There is a learning curve and some complexity in policy management, but for us the operational and security benefits outweigh those challenges.
Advanced protections have blocked most web attacks and now simplify daily threat management
What is our primary use case?
I use Radware Cloud WAF Service to protect customers from cyber attacks, mostly SQL injections, cross-site scripting, and degradation with DDoS attacks.
Almost every day, cyber attackers are trying to disrupt the correct functionality of the application for our customers, so I review the console in Radware Cloud WAF Service, searching for strange behavior. If I see something that is not in place, I mostly block via geolocation or IP address or by activating the advanced protection from the applications in the tenant for the customers.
Mostly, I also create different types of rules with Radware Cloud WAF Service, varying from redirections to blacklisting, to whitelisting, exceptions, rate limiting, and others to better protect the customers.
What is most valuable?
The best features Radware Cloud WAF Service offers are mostly the advanced protections because you only need to activate them, and they protect against a lot of today's most common OWASP attacks.
The advanced protections help me in my day-to-day work with Radware Cloud WAF Service because they are very effective as they attack mostly the OWASP Top 10, and they are easy to use because you only need to activate them, and by default, they block a vast gamut of cyber attacks today.
Before our customers purchased Radware Cloud WAF Service, they had a lot of breaches in their network, and after, we successfully lowered the attack rates, and by that, we protect their applications better.
Before Radware Cloud WAF Service, our customers had almost four or five million requests, and they were not always clean, but now with Radware Cloud WAF Service, we see that we block almost 95 or 96 percent of the attacks that we are receiving.
What needs improvement?
I think the things I want to improve in Radware Cloud WAF Service are, for example, the possibility to upload CSV files with IOCs, so we can load a lot of IOCs in one load instead of loading them one by one manually.
I also want the possibility of seeing traffic in real time because I only see a dashboard with the security events, but in regards to real time, I don't see something that tells me how the traffic behavior is.
For how long have I used the solution?
I have been using Radware Cloud WAF Service for almost three years now.
What do I think about the stability of the solution?
Radware Cloud WAF Service is mostly stable.
What do I think about the scalability of the solution?
I think Radware Cloud WAF Service scales pretty well because we add more applications or users, and we don't have a problem with that.
How are customer service and support?
I have a good experience with customer support for Radware Cloud WAF Service; they tend to respond quickly to our cases and they help us really well with the cases.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I used Cloudflare and Imperva before Radware Cloud WAF Service, and we switched mostly because the security in Radware Cloud WAF Service console is easier to administrate than in the other providers.
What was our ROI?
Unfortunately, I don't have metrics for return on investment because I only administrate the console.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Radware Cloud WAF Service is good.
Which other solutions did I evaluate?
I evaluated Cloudflare and Imperva before choosing Radware Cloud WAF Service.
What other advice do I have?
I invite others looking into using Radware Cloud WAF Service to try it and see all the different protections that the console can provide. I would rate this solution an 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Application layer defense that supports stable digital operations
What do you like best about the product?
The most notable thing is that it builds up business continuity in the face of huge sales campaigns. The quantity of features devoted to the DDoS mitigation and the protection of the applications is an important factor in maintaining our storefront on its feet. Consistency in frequency of use is given the fact that I cross check security posture prior to launch of every campaign. This needed to be implemented in conjunction with our hosting provider, but after it was successful, it resulted in a better environment that ensures revenue and brand reputation.
What do you dislike about the product?
One of the weaknesses is that fining tuning security policies may create false positives and end up blocking legitimate customers in the short run. Since the frequency of use is high, I frequently go through flagged sessions to prevent loss of sales. In the process of implementation, specification of exact traffic rules necessitated additional validation. Although the features are impressive, navigating the sophisticated levels of security may require extra internal knowledge and this puts extra work load on our IT team during the peak season of business.
What problems is the product solving and how is that benefiting you?
The current issue of automated attacks on the login, checkout, and promotional pages is solved by Radware Cloud WAF. Fake transactions and credential stuffing made it lose money and customer complaints prior to its adoption. Through heavy enforcement and daily usage, we are now early finding fraud. Related to the many features that concentrate on bot control and application protection secure revenue and enable my team to work on expansion strategies rather than handle security events.
Robust Protection with Slight Learning Curve
What do you like best about the product?
I like Radware Cloud WAF for its powerful bot protection and clear visibility through detailed dashboards. This makes it easy to understand traffic behavior and blocked threats, adding a lot of practical value by providing control and clarity over what's happening in the network across our web applications.
What do you dislike about the product?
There are few areas based on reviews and user feedback that could be improved to make the experience smoother. It's noted that while it's protecting the network strongly, the solution can be producing false positives sometimes.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF solves the problem of blocking critical web attacks like SQL injections and cross-site scripting, provides real-time traffic visibility, and offers strong application layer DDoS protection.
