Simple UI, Enhances Visibility and Management
What do you like best about the product?
I appreciate that with Radware Cloud WAF, we can now see security events and query them, which was not possible before. I like that it makes it quite simple to create a rule to allow or block something. The rule creation process is beneficial because it's guided from an event and precompiles the rule fields for you to save as they are or customize. The initial setup was quite easy, and you get supported by their team.
What do you dislike about the product?
I would add a 'Security events' section underneath the 'Assets' view, to see security events for the specific application. You can do so by filtering the generic one, but this would be simpler if you already know what you're looking for.
What problems is the product solving and how is that benefiting you?
With Radware Cloud WAF, I can see and query security events, providing more control compared to AWS WAF v2. The rule creation process is simple, guided from an event and precompiling fields for adjustments.
Professional Security with User-Friendly Setup
What do you like best about the product?
I find Radware Cloud WAF very professional with a user-friendly UI. Notably, there was a big DDoS attack that was mitigated effectively. I also found the initial setup to be very easy.
What do you dislike about the product?
I wish the logs had more details.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF helps with DDOS attacks and bot traffic. It has a user-friendly UI, and it's professional. A major DDOS was mitigated.
Advanced protection modes and API discovery have optimized security and reduced operational costs
What is our primary use case?
For the WAF, in the last time I discussed with the Radware team only, we are searching for the API solution and all but we are not getting the API solution required for this on-prem solution. We did some modification and testing in the Radware product only, and we are using the Radware Alteon switch as an API Gateway also, in terms of features that an API Gateway would provide. Whatever the API things are there, it will be monitored and in the learning mode through Radware Cloud WAF Service.
We are using the API Discovery feature for the particular API for our BFSI segment, for the internal calling. Through this, we are allowing only the particular connection or particular request through only our API module. So through this Alteon model, it is working smoothly, rather than one-to-one with the other solution. It is working smoothly, and we require minimum latency, such as less than 10ms. We are achieving six to seven ms latency, so we are very much happy with the performance and the solution uses.
How has it helped my organization?
Radware Cloud WAF Service has helped to reduce our overhead costs. We are not required to procure the API manager or API gateway, which would have been another application required or overhead for us, but this reduction has been achieved through this Radware solution.
Radware Cloud WAF Service has helped to reduce our false positives. We can block the particular request based on response time or particular connection or request basis. Through an IP address or string, we can block and we can take suggestive action. The automation action is there.
Radware Cloud WAF Service provides automated analytics, which allows us to understand the behavior of the application and whatever the threats or strings are there that we are calling. Some strings are blocking, and if the other strings are required for the application basis, we can keep them in an allowed mode or in a protection mode or in a learning mode to understand the behavior of the application. As per the risks, we can apply for the protection or detection or any learning mode as per the application behavior.
What is most valuable?
The best features in Radware Cloud WAF Service are the protection mode, detection, and the learning mode, which I value because if you are not guaranteed or sure about the behavior of the application and all, you can keep the application in learning mode for a particular period, such as days, weeks, or some months. The learning mode shows how the application behavior is on a daily basis, hourly basis, or weekly basis. After that, you can take action.
In assessing Radware Cloud WAF Service for blocking unknown threats and attacks, we can block the particular request or on the response time or particular connection or request basis. Through an IP address or string, we can block and we can take suggestive action. The automation action is there.
API Discovery has helped to reduce our overhead costs. We are not required to procure the API manager or API gateway, which would have been another application required or overhead for us.
From the integration capabilities, we first integrated in a learning mode. After the learning mode, we kept in the protection mode and all, as per the application behavior. We tested performance, requiring minimum latency, such as less than 10 seconds. We checked with other applications, such as the performance testing application. We enabled the WAF rules as per the requirement and protection requirement and then tested through the other application, checking the performance and latency. Once the latency was achieved, or if any issues were there, then we made changes or modifications to the WAF rules as per the testing result.
In assessing Radware Cloud WAF Service's ability to protect against zero-day attacks, there is AppWall, Bot Manager, API protection, and client-side protection. All the features are there, and we can trust this application.
The combination of negative and behavioral-based positive security models is important for our organization's security strategy because it is blocking the unauthorized API also, and it also validates the user, device, and applications in real-time.
My experience with it is that it is blocking unauthorized API uses. It will not pass the unauthorized API, which will reduce server utilization and provide the proper response through this existing server. It validates user, device, and application behavior, as well as unauthorized API uses.
The automated source blocking feature's proactive and holistic approach based on cross-module correlation has been effective in protecting our applications. It works properly, takes the required action, and provides detailed action of what we have taken. However, some intimation or communication will be required, such as reporting. The automation reporting is required on the dashboard so we can get detailed reports of what action is taken and at what time, allowing us to improve our application as per their action and analytics.
We are using the WAF HTTP L7 DDoS Protection.
Radware Cloud WAF Service helps in securing our business continuity by improving API security and also providing behavioral-based security. This combination enhances protection.
What needs improvement?
In the starting mode, API Discovery was a little bit challenging for us, but after utilization and after day-to-day uses, we are stable and able to tackle the solution. We understand how to operate and manage the solution. There should be a limitation of KB articles or training sessions or training videos or certification. If it will be there online or through their portal for existing clients, then it will be beneficial.
Radware Cloud WAF Service means there is no physical hardware requirement here, and it's fully managed, which brings many benefits to the table and helps improve the way our organization functions.
We are using two or three applications through the cloud, making our DC-DR application also secure. We do not have any requirement on the cloud as per the on-prem. We can manage our DC-DR application or far DR application. The only thing required is training material, education, or certification so we can understand or access KB articles.
For how long have I used the solution?
I have been working with Radware Cloud WAF Service for the last six to seven months only.
How are customer service and support?
When it comes to tech support of Radware, they support Radware Cloud WAF Service well, and I would rate them an eight. They pass calls to their authorized SI partners, and due to limitations of knowledge, they invest 24 to 48 hours for troubleshooting before it is passed to the Radware team. Once the Radware team addresses it, issues are typically resolved within one to two hours, and out of 10 issues, nine are resolved promptly. Out of 10, one may take one week or two weeks due to significant issues requiring their engineering or higher team for resolution.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We have evaluated other options and solutions, including the firewall of Fortinet, which has a solution, and Imperva and F5, which we have also evaluated. We checked Cloudflare as well, but for our requirement and usage, along with Radware Alteon switches and the LLB, we think that we will go only with Radware.
What was our ROI?
We have seen ROI with the WAF product, achieving it already in three and a half years, specifically a 3.3.
Which other solutions did I evaluate?
In noticing any differences in pros and cons of Radware in comparison to other competitors, Radware would rank second out of three. If another brand is on the first, we go with Radware due to trust, as we have been using it for the last 10 years. For support and price base, we think Radware is best for us as per our requirement. Other brands may have some top features, but we know that after a few months or weeks, Radware is going to introduce those features.
What other advice do I have?
False positives mean we have set certain rules, so whatever the rules are there matching, they are allowing the services or whatever the transaction or request is there. Other requests are being blocked immediately. Whatever the requests allowed, the genuine requests are sent only.
We are using the automated source blocking feature in Radware Cloud Application Protection.
We are using Radware's Bot Manager, but not that much, because we are not using any automated bot in our application.
We have not discovered anything about incoming bot traffic that we were not aware of before using the Bot Manager. In the last 10 years, we have been using Radware only.
Real-time BLA detection and mitigation means we can safeguard our content, and proper visibility of traffic is there, identifying bot content or any other contents, providing visibility through Bot Manager only. We can say we are getting the proper visibility through Bot Manager regarding effective human traffic or non-human traffic.
From a features perspective, functionality-wise, most of the features are there in Radware Cloud WAF Service, such as API, Bot, or zero trust. We think we have these features, but the requirement for education or KB articles is currently essential. Radware is providing top-notch features compared to competitors, and only this feature and how to use it is required.
For advice or recommendations for other organizations considering Radware Cloud WAF Service, we suggest taking monthly or weekly sessions or webinars for new features. This way, everyone will be aware of the new features, and they can send communications about webinars or new feature introductions. Our team can join these sessions and evaluate the features.
Top-Tier Bot Mitigation and API Security for Enterprise Apps
What do you like best about the product?
Unified Security: It brings together four key tools—WAF, Bot Management, API Security, and DDoS Protection—into a single dashboard, making it easier for a security team to manage everything and streamlining their overall workflow.
What do you dislike about the product?
I often have to jump between different dashboards just to compare WAF alerts with Bot Manager alerts, which makes it harder to get a quick, unified view.
What problems is the product solving and how is that benefiting you?
Data Scraped by Scripts: It identifies and blocks automated tools (like the “Suspicious Tool” shown in your log) that try to steal data by cycling through account numbers.
Zero-Day Attacks: It uses AI to detect new, never-before-seen hacking methods that don’t have a “signature” yet.
Radware Cloud WAF Strong Protection with Opportunities
What do you like best about the product?
Its real‑time detection and automatic mitigation capabilities are highlighted as major advantages, enabling quick responses without requiring constant manual tuning
What do you dislike about the product?
Noticeable learning curve, particularly during initial setup and policy tuning.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF helps address challenges related to both common and advanced web attacks, including SQL injection, XSS, bot traffic, and zero‑day threats. The solution blocks these attacks in real time, significantly reducing incidents and improving response times
Complete and Easy to Use Protection
What do you like best about the product?
I like that Radware Cloud WAF is a very user-friendly and understandable solution. It is easy to manage, which makes its configuration simple from the start when adding a portal to enabling protections. Additionally, searching for events is very user-friendly and understandable, which I value greatly.
What do you dislike about the product?
Maybe more configurations need to be added at the front end level, because many have to be done at the back end level and then they take a bit of time.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF resolves Security Injection and DDoS attacks, and allows me to have clarity on the events.
Reliable, Scalable Web Protection with Strong Visibility and Automation
What do you like best about the product?
What I like best about Radware Cloud WAF is how effectively it combines advanced protection with practical day-to-day usability. The real-time attack detection and automated mitigation features have noticeably reduced the time we spend manually investigating and responding to threats. In particular, the behavioral-based protection and bot mitigation tools catch suspicious traffic early, which has helped us prevent several potential incidents before they impacted our applications.
The centralized dashboard makes a big difference in our workflow. Instead of juggling multiple tools, we can quickly review traffic patterns, analyze alerts, and generate reports from a single interface. This visibility has improved our incident response process and made it easier to communicate security insights to non-technical stakeholders.
Another standout benefit is its scalability and performance. During traffic spikes, the platform maintains consistent protection without slowing down our applications, which has improved user experience and uptime. An unexpected advantage has been how smoothly it integrates with our existing infrastructure — deployment was straightforward, and ongoing management requires minimal overhead. Overall, it delivers reliable, enterprise-grade security while streamlining our security operations.
What do you dislike about the product?
One issue we’ve experienced with Radware Cloud WAF is occasional console unreachability, where the management interface becomes temporarily inaccessible. During these moments, it can be frustrating not being able to immediately access logs or configuration settings, especially when quick visibility is important for troubleshooting.
Another area for improvement is the learning curve around advanced configuration. While the basic setup is straightforward, some of the more granular security policies and custom rule tuning can be complex and require deeper expertise. The alerting system can also generate a high volume of notifications at times, which may require additional fine-tuning to avoid alert fatigue.
Additionally, reporting customization could be more flexible. Although the built-in reports are useful, creating highly tailored reports for specific business or compliance needs can take extra effort. Overall, while the platform is strong in security and performance, improving console reliability, simplifying advanced configurations, and enhancing reporting flexibility would make the experience even better.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF is solving our core challenge of protecting web applications from evolving cyber threats while keeping performance and availability intact. Before implementing it, we spent significant time manually monitoring suspicious traffic and reacting to incidents. With its automated threat detection and mitigation, many attacks are now blocked in real time, which has reduced our security workload and minimized risk exposure.
It has also improved our visibility into application traffic. The detailed analytics and logging help us quickly identify abnormal behavior, investigate incidents faster, and make more informed security decisions. This has streamlined our incident response process and reduced downtime.
Another key benefit is ensuring consistent uptime during traffic spikes or attempted attacks. The platform absorbs and filters malicious traffic without affecting legitimate users, which has helped us maintain application reliability and user trust. Overall, it’s providing proactive protection, operational efficiency, and greater confidence in the security of our online services.
User-Friendly, But Slow to Apply Changes
What do you like best about the product?
I like the user-friendly interface of Radware Cloud WAF. Everything is clear.
What do you dislike about the product?
Any changes take time to be applied, which is a bit annoying.
What problems is the product solving and how is that benefiting you?
I use Radware Cloud WAF for DDOS Level 7 protection against attacks. Its user-friendly interface makes everything clear, although changes take time to apply, which can be a bit annoying.
Robust Security, Needs UI Improvements
What do you like best about the product?
I find Radware Cloud WAF to be a very reliable and suitable solution for mid to large range organizations. It strictly follows automated pattern-driven tools to track traffic and DDoS traffic. The solution uses OWASP top 10 risk patterns to avoid meticulous maximum possible mitigations from the upper layer of the OSI reference model. It's beneficial for supporting a data center's traffic patterns. I like that it allows for manual traffic design, so you can control how traffic exits and re-enters your hosting server behind the WAF. This is crucial.
What do you dislike about the product?
I find the dashboard could be more intuitive and user-friendly because it's somehow too complicated for new users, with too many hidden options. Some advanced features also have a learning curve, and it can be challenging to understand the impact on production traffic, since the WAF sits inline. Integration with DevOps is also critical and not as easy as I would like. Additionally, the reporting part needs to be simplified to be more understandable for other members.
What problems is the product solving and how is that benefiting you?
I use Radware Cloud WAF for DDoS protection, zero-day attack prevention, reliable reverse proxy with hardware support, and automated signature pattern detection. It stabilizes our infrastructure and provides real-time traffic visibility, which is crucial for managing customer interactions.
Radware Cloud WAF: flexible, reliable and certified protection for regulated environments
What do you like best about the product?
Radware Cloud WAF has proven to be a solid and reliable solution in daily operations, effectively protecting web applications from OWASP Top-10 threats, zero-day attacks, and DDoS events without adding unnecessary operational complexity. Encrypted traffic management is particularly reassuring: TLS certificates and private keys are managed with very stringent security measures, significantly reducing one of the main risk areas typically associated with WAF services.
The presence of numerous international security certifications, and most importantly in Italy, the certification issued by the ACN (Italian National Agency for Information Security) for Radware's WAF and anti-DDoS services, further strengthens confidence in the platform.
Overall, Radware has proven to be a satisfactory and reliable choice for our regulated enterprise environments where security, compliance and business continuity are essential.
Because of these features, it's a solution we rely on not only to protect our assets, but also one we confidently offer to our Customers as an additional security layer within our SaaS platform.
Finally, I can confirm that we have always found the sales representative and technical support team to be extremely helpful and professional.
What do you dislike about the product?
The true value of a solution like Radware Cloud WAF is primarily appreciated by organizations with strong compliance requirements and a need for a high level of application security. In these contexts, the depth of protection, together with certified and robust security controls and governance capabilities, provides clear benefits and naturally justify both the cost of the solution and the associated operational effort.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF has provided us with a concrete and effective way to mitigate the risk of DDoS attacks, which are becoming increasingly common and impactful. One of the key benefits is that the solution can be configured and integrated without requiring changes to the application layer, allowing us to strengthen security while preserving existing architectures and development processes.
It has also proven particularly valuable in addressing the ever-increasing speed with which new vulnerabilities are identified, especially in scenarios where security fixes are not immediately available, by offering an effective protection layer at the edge.
At the same time, Radware represents a well-recognized, internationally certified security solution, allowing us to meet the expectations of the most demanding Customers and to offer an additional, high-level security measure within our SaaS platform.
