Comprehensive and simple protection management thanks to the cloud
What do you like best about the product?
The ease of management of protection, as it is comprehensive and being cloud-based, it delegates many problems that on-premise infrastructures present today.
What do you dislike about the product?
That for some clients it is difficult to adapt their DMZ infrastructure to cloud solutions.
What problems is the product solving and how is that benefiting you?
Protection against DDoS and targeted attacks today is essential for all companies today. Providing confidence to the end customers of the companies.
Adaptive AI-Driven Protection with Integrated Security Services
What do you like best about the product?
Radware Cloud WAF stands out because it combines adaptive AI-driven protection with a broad set of integrated security services, making it more than just a traditional web application firewall. Beside It's ease of use than other similar products.
What do you dislike about the product?
There are a few drawbacks that come up repeatedly: Integration and implementation challenges, Documentation gaps and SSL management needs improvement.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF has solved several critical business problems related to web application and API security. Beside has solved Problems like Phishing and credential theft via web apps, - Bot traffic and automated abuse and Application downtime from DDoS attacks
Enhanced Protection with Machine Learning
What do you like best about the product?
What I like most about Radware Cloud WAF is its machine learning capability, as it simplifies and reduces the time for deploying new applications. Additionally, since it is not necessary to create manual rules, this reduces the deployment time of protection in new web applications and allows for the identification of some patterns that we would overlook manually. I also found that the initial setup was simple thanks to machine learning.
What do you dislike about the product?
the creation of custom rules is limited, making it necessary to escalate with the TAC in some cases
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF provides us with L7 protection using machine learning, reducing application deployment time and simplifying processes by avoiding the manual creation of rules. This, along with its ability to identify patterns that might go unnoticed, is what I like the most.
Simple UI, Enhances Visibility and Management
What do you like best about the product?
I appreciate that with Radware Cloud WAF, we can now see security events and query them, which was not possible before. I like that it makes it quite simple to create a rule to allow or block something. The rule creation process is beneficial because it's guided from an event and precompiles the rule fields for you to save as they are or customize. The initial setup was quite easy, and you get supported by their team.
What do you dislike about the product?
I would add a 'Security events' section underneath the 'Assets' view, to see security events for the specific application. You can do so by filtering the generic one, but this would be simpler if you already know what you're looking for.
What problems is the product solving and how is that benefiting you?
With Radware Cloud WAF, I can see and query security events, providing more control compared to AWS WAF v2. The rule creation process is simple, guided from an event and precompiling fields for adjustments.
Professional Security with User-Friendly Setup
What do you like best about the product?
I find Radware Cloud WAF very professional with a user-friendly UI. Notably, there was a big DDoS attack that was mitigated effectively. I also found the initial setup to be very easy.
What do you dislike about the product?
I wish the logs had more details.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF helps with DDOS attacks and bot traffic. It has a user-friendly UI, and it's professional. A major DDOS was mitigated.
Advanced protection modes and API discovery have optimized security and reduced operational costs
What is our primary use case?
For the WAF, in the last time I discussed with the Radware team only, we are searching for the API solution and all but we are not getting the API solution required for this on-prem solution. We did some modification and testing in the Radware product only, and we are using the Radware Alteon switch as an API Gateway also, in terms of features that an API Gateway would provide. Whatever the API things are there, it will be monitored and in the learning mode through Radware Cloud WAF Service.
We are using the API Discovery feature for the particular API for our BFSI segment, for the internal calling. Through this, we are allowing only the particular connection or particular request through only our API module. So through this Alteon model, it is working smoothly, rather than one-to-one with the other solution. It is working smoothly, and we require minimum latency, such as less than 10ms. We are achieving six to seven ms latency, so we are very much happy with the performance and the solution uses.
How has it helped my organization?
Radware Cloud WAF Service has helped to reduce our overhead costs. We are not required to procure the API manager or API gateway, which would have been another application required or overhead for us, but this reduction has been achieved through this Radware solution.
Radware Cloud WAF Service has helped to reduce our false positives. We can block the particular request based on response time or particular connection or request basis. Through an IP address or string, we can block and we can take suggestive action. The automation action is there.
Radware Cloud WAF Service provides automated analytics, which allows us to understand the behavior of the application and whatever the threats or strings are there that we are calling. Some strings are blocking, and if the other strings are required for the application basis, we can keep them in an allowed mode or in a protection mode or in a learning mode to understand the behavior of the application. As per the risks, we can apply for the protection or detection or any learning mode as per the application behavior.
What is most valuable?
The best features in Radware Cloud WAF Service are the protection mode, detection, and the learning mode, which I value because if you are not guaranteed or sure about the behavior of the application and all, you can keep the application in learning mode for a particular period, such as days, weeks, or some months. The learning mode shows how the application behavior is on a daily basis, hourly basis, or weekly basis. After that, you can take action.
In assessing Radware Cloud WAF Service for blocking unknown threats and attacks, we can block the particular request or on the response time or particular connection or request basis. Through an IP address or string, we can block and we can take suggestive action. The automation action is there.
API Discovery has helped to reduce our overhead costs. We are not required to procure the API manager or API gateway, which would have been another application required or overhead for us.
From the integration capabilities, we first integrated in a learning mode. After the learning mode, we kept in the protection mode and all, as per the application behavior. We tested performance, requiring minimum latency, such as less than 10 seconds. We checked with other applications, such as the performance testing application. We enabled the WAF rules as per the requirement and protection requirement and then tested through the other application, checking the performance and latency. Once the latency was achieved, or if any issues were there, then we made changes or modifications to the WAF rules as per the testing result.
In assessing Radware Cloud WAF Service's ability to protect against zero-day attacks, there is AppWall, Bot Manager, API protection, and client-side protection. All the features are there, and we can trust this application.
The combination of negative and behavioral-based positive security models is important for our organization's security strategy because it is blocking the unauthorized API also, and it also validates the user, device, and applications in real-time.
My experience with it is that it is blocking unauthorized API uses. It will not pass the unauthorized API, which will reduce server utilization and provide the proper response through this existing server. It validates user, device, and application behavior, as well as unauthorized API uses.
The automated source blocking feature's proactive and holistic approach based on cross-module correlation has been effective in protecting our applications. It works properly, takes the required action, and provides detailed action of what we have taken. However, some intimation or communication will be required, such as reporting. The automation reporting is required on the dashboard so we can get detailed reports of what action is taken and at what time, allowing us to improve our application as per their action and analytics.
We are using the WAF HTTP L7 DDoS Protection.
Radware Cloud WAF Service helps in securing our business continuity by improving API security and also providing behavioral-based security. This combination enhances protection.
What needs improvement?
In the starting mode, API Discovery was a little bit challenging for us, but after utilization and after day-to-day uses, we are stable and able to tackle the solution. We understand how to operate and manage the solution. There should be a limitation of KB articles or training sessions or training videos or certification. If it will be there online or through their portal for existing clients, then it will be beneficial.
Radware Cloud WAF Service means there is no physical hardware requirement here, and it's fully managed, which brings many benefits to the table and helps improve the way our organization functions.
We are using two or three applications through the cloud, making our DC-DR application also secure. We do not have any requirement on the cloud as per the on-prem. We can manage our DC-DR application or far DR application. The only thing required is training material, education, or certification so we can understand or access KB articles.
For how long have I used the solution?
I have been working with Radware Cloud WAF Service for the last six to seven months only.
How are customer service and support?
When it comes to tech support of Radware, they support Radware Cloud WAF Service well, and I would rate them an eight. They pass calls to their authorized SI partners, and due to limitations of knowledge, they invest 24 to 48 hours for troubleshooting before it is passed to the Radware team. Once the Radware team addresses it, issues are typically resolved within one to two hours, and out of 10 issues, nine are resolved promptly. Out of 10, one may take one week or two weeks due to significant issues requiring their engineering or higher team for resolution.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We have evaluated other options and solutions, including the firewall of Fortinet, which has a solution, and Imperva and F5, which we have also evaluated. We checked Cloudflare as well, but for our requirement and usage, along with Radware Alteon switches and the LLB, we think that we will go only with Radware.
What was our ROI?
We have seen ROI with the WAF product, achieving it already in three and a half years, specifically a 3.3.
Which other solutions did I evaluate?
In noticing any differences in pros and cons of Radware in comparison to other competitors, Radware would rank second out of three. If another brand is on the first, we go with Radware due to trust, as we have been using it for the last 10 years. For support and price base, we think Radware is best for us as per our requirement. Other brands may have some top features, but we know that after a few months or weeks, Radware is going to introduce those features.
What other advice do I have?
False positives mean we have set certain rules, so whatever the rules are there matching, they are allowing the services or whatever the transaction or request is there. Other requests are being blocked immediately. Whatever the requests allowed, the genuine requests are sent only.
We are using the automated source blocking feature in Radware Cloud Application Protection.
We are using Radware's Bot Manager, but not that much, because we are not using any automated bot in our application.
We have not discovered anything about incoming bot traffic that we were not aware of before using the Bot Manager. In the last 10 years, we have been using Radware only.
Real-time BLA detection and mitigation means we can safeguard our content, and proper visibility of traffic is there, identifying bot content or any other contents, providing visibility through Bot Manager only. We can say we are getting the proper visibility through Bot Manager regarding effective human traffic or non-human traffic.
From a features perspective, functionality-wise, most of the features are there in Radware Cloud WAF Service, such as API, Bot, or zero trust. We think we have these features, but the requirement for education or KB articles is currently essential. Radware is providing top-notch features compared to competitors, and only this feature and how to use it is required.
For advice or recommendations for other organizations considering Radware Cloud WAF Service, we suggest taking monthly or weekly sessions or webinars for new features. This way, everyone will be aware of the new features, and they can send communications about webinars or new feature introductions. Our team can join these sessions and evaluate the features.
Top-Tier Bot Mitigation and API Security for Enterprise Apps
What do you like best about the product?
Unified Security: It brings together four key tools—WAF, Bot Management, API Security, and DDoS Protection—into a single dashboard, making it easier for a security team to manage everything and streamlining their overall workflow.
What do you dislike about the product?
I often have to jump between different dashboards just to compare WAF alerts with Bot Manager alerts, which makes it harder to get a quick, unified view.
What problems is the product solving and how is that benefiting you?
Data Scraped by Scripts: It identifies and blocks automated tools (like the “Suspicious Tool” shown in your log) that try to steal data by cycling through account numbers.
Zero-Day Attacks: It uses AI to detect new, never-before-seen hacking methods that don’t have a “signature” yet.
Radware Cloud WAF Strong Protection with Opportunities
What do you like best about the product?
Its real‑time detection and automatic mitigation capabilities are highlighted as major advantages, enabling quick responses without requiring constant manual tuning
What do you dislike about the product?
Noticeable learning curve, particularly during initial setup and policy tuning.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF helps address challenges related to both common and advanced web attacks, including SQL injection, XSS, bot traffic, and zero‑day threats. The solution blocks these attacks in real time, significantly reducing incidents and improving response times
Reliable, Scalable Web Protection with Strong Visibility and Automation
What do you like best about the product?
What I like best about Radware Cloud WAF is how effectively it combines advanced protection with practical day-to-day usability. The real-time attack detection and automated mitigation features have noticeably reduced the time we spend manually investigating and responding to threats. In particular, the behavioral-based protection and bot mitigation tools catch suspicious traffic early, which has helped us prevent several potential incidents before they impacted our applications.
The centralized dashboard makes a big difference in our workflow. Instead of juggling multiple tools, we can quickly review traffic patterns, analyze alerts, and generate reports from a single interface. This visibility has improved our incident response process and made it easier to communicate security insights to non-technical stakeholders.
Another standout benefit is its scalability and performance. During traffic spikes, the platform maintains consistent protection without slowing down our applications, which has improved user experience and uptime. An unexpected advantage has been how smoothly it integrates with our existing infrastructure — deployment was straightforward, and ongoing management requires minimal overhead. Overall, it delivers reliable, enterprise-grade security while streamlining our security operations.
What do you dislike about the product?
One issue we’ve experienced with Radware Cloud WAF is occasional console unreachability, where the management interface becomes temporarily inaccessible. During these moments, it can be frustrating not being able to immediately access logs or configuration settings, especially when quick visibility is important for troubleshooting.
Another area for improvement is the learning curve around advanced configuration. While the basic setup is straightforward, some of the more granular security policies and custom rule tuning can be complex and require deeper expertise. The alerting system can also generate a high volume of notifications at times, which may require additional fine-tuning to avoid alert fatigue.
Additionally, reporting customization could be more flexible. Although the built-in reports are useful, creating highly tailored reports for specific business or compliance needs can take extra effort. Overall, while the platform is strong in security and performance, improving console reliability, simplifying advanced configurations, and enhancing reporting flexibility would make the experience even better.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF is solving our core challenge of protecting web applications from evolving cyber threats while keeping performance and availability intact. Before implementing it, we spent significant time manually monitoring suspicious traffic and reacting to incidents. With its automated threat detection and mitigation, many attacks are now blocked in real time, which has reduced our security workload and minimized risk exposure.
It has also improved our visibility into application traffic. The detailed analytics and logging help us quickly identify abnormal behavior, investigate incidents faster, and make more informed security decisions. This has streamlined our incident response process and reduced downtime.
Another key benefit is ensuring consistent uptime during traffic spikes or attempted attacks. The platform absorbs and filters malicious traffic without affecting legitimate users, which has helped us maintain application reliability and user trust. Overall, it’s providing proactive protection, operational efficiency, and greater confidence in the security of our online services.
User-Friendly, But Slow to Apply Changes
What do you like best about the product?
I like the user-friendly interface of Radware Cloud WAF. Everything is clear.
What do you dislike about the product?
Any changes take time to be applied, which is a bit annoying.
What problems is the product solving and how is that benefiting you?
I use Radware Cloud WAF for DDOS Level 7 protection against attacks. Its user-friendly interface makes everything clear, although changes take time to apply, which can be a bit annoying.
