The use case is protection for all web applications. This includes the applications we serve via critical workloads. We are utilizing Radware Cloud WAF Service for this protection.

In addition to protecting our production environment, we also implement Layer 7 protections, DDoS protections, and other security measures. We have established a detailed level of protection for all of our applications.

I am satisfied with Radware Cloud WAF Service's ability to block unknown threats and attacks, as the moment we enable protection for specific applications, it starts working. For instance, we receive results indicating whether there's any unusual activity. This system operates like Software as a Service (SaaS). You don't have to worry about the underlying algorithms or the conditions that need to be applied. It's essentially a plug-and-play solution, making it easy to use.

The automated analytics of Radware Cloud WAF Service are quite effective. They inspect and remediate DDoS attacks quickly by monitoring any suspicious activity and reporting it, demonstrating the power of their deployed algorithms.

I use the CDN service offered by Radware together with Radware Cloud WAF Service, and I find it feasible because it provides faster responses for users accessing our applications, especially when it's caching configurations and monitoring protection simultaneously.

Radware Cloud WAF Service has saved me more than 30% of my time, as it's very easy to spin up any application with just a few clicks.

I receive reports every 30 days. The live metrics are visible on their dashboard, showing the current status of all applications and the number of hits, including false positives.

The automated source blocking features of Radware Cloud WAF Service have a proactive and holistic approach. It effectively protects applications with default methods for any sort of protection, though some of those methods generate false positives that we need to adjust based on our needs.

In terms of compliance, we are following GDPR, and to adhere to this compliance, we have chosen the required region to ensure all incoming traffic is treated accordingly. I find Radware Cloud WAF Service good with respect to my compliance needs, providing services in all required regions.

I really appreciate the DDoS protection that Radware Cloud WAF Service provides, especially because it reacted well to multiple DDoS attacks on my applications in the last couple of months without any signs of issues being reported.

Their Network Operation Center (NOC) is very proactive in monitoring the health status and metrics continuously. Whenever they identify an issue, they do not delay in informing me or my team, making them very proactive.

Radware Cloud WAF Service has helped reduce false positives, but we do experience some false positives, such as when certain URIs or headers are incorrectly flagged as malicious, and we need Radware to refine those to treat as genuine traffic, achieving about a 25% reduction in false positives.

There is an area for improvement in Radware Cloud WAF Service, specifically regarding the visibility of default algorithms or source blocking systems that create false positives, as it would help if customers could see these blocks to isolate problems quickly without needing to reach out for tech support. There are various blocking systems in place, including some default algorithms that can block a lot of content. Unfortunately, this can lead to false positives, making it difficult to determine whether an issue is being caused by Radware WAF or something else. As a customer, we can't see what's happening behind the scenes because it's a SaaS service. I would suggest that if there are any blocks, they should be clearly visible to us. This would allow us to isolate the problem and understand whether it's related to the WAF or another source. Currently, these blockings are not transparent; they remain hidden until we reach out to the tech support teams. Often, we only find out about the issues from them, which leaves us unaware of the problems as they aren't displayed in the portal. These behind-the-scenes elements should be available. I understand it would have read-only access. That's acceptable, but it should be visible so we can isolate issues quickly.

We have been using it for the last one and a half years.

The service is always available to us. I would rate the stability of Radware Cloud WAF Service as a nine out of ten, as we rarely experience downtime, bugs, or glitches.

I rate the scalability of Radware Cloud WAF Service as a seven out of ten, fitting well with our approximately 8,000 users.

I rate the technical support of Radware Cloud WAF Service as an eight out of ten.

I find the deployment of Radware Cloud WAF Service to be moderate in complexity, as it takes months to complete based upon requirement

More than 8,000 users work with Radware Cloud WAF Service. While it does require maintenance, it is not a concern for us since it's a SaaS service, meaning they maintain everything on the backend while we focus on uptime.

The pricing for Radware Cloud WAF Service is cost-efficient for us, especially since we have opted for a big bundle that includes not only the Cloud WAF but also Radware other products.

We did not assess any other vendor as we have been using Radware from the beginning and are already familiar with its features, knowing it is fully integrated with our requirements and custom ports for web applications. While comparing Radware Cloud WAF Service with other WAF solutions, the biggest advantage is its seamless integration with my environment, and their tech support and NOC support are better than several other WAF services.

The combination of negative and behavioral-based positive security models is important for my security strategy, and we have defined a ratio of 70% to 30%, where it properly blocks what we define, and false positives are adjusted for all applications.

I would recommend Radware Cloud WAF Service to other users because it offers excellent WAF protection services that work like a plug-and-play solution without needing to worry about algorithms. However, the deployment time could be a drawback.

Overall, I would rate Radware Cloud WAF Service an eight out of ten.

We have both infrastructure protection and web application protection. Infrastructure protection is against network-level denial of service attacks, and we use the application protection for our web application firewall, which provides layer seven security.

Being a cloud service, it removes the maintenance tasks for system uptime and the maintenance of on-prem appliances. It gives security analysts much more time for SOC work in analyzing alerts and threats. With on-premises solutions, there is a lot of maintenance involved to ensure that everything is functioning properly. Much time is dedicated to maintaining on-premises products. In contrast, as a cloud product, we don't have to worry about issues related to high availability or managing multiple instances of security solutions. Maintenance tasks such as operating system upgrades and other related issues are handled for us. This allows us to focus our efforts on SOC analysis work without the burden of these maintenance responsibilities.

It helps reduce the number of false positives and also addresses sophisticated attacks that may not be detected by our traditional systems on-premises.

Alerts help us quickly narrow down the issue, allowing us to spend less time on analysis and more time addressing active threats as they occur. Automation plays a significant role in this process.

Bot Manager has been quite positive. I find it to be more than just your traditional method of examining signatures or even looking at user agent headers. It goes beyond that; it analyzes the behavioral patterns of requests. Bots have become more advanced, often trying to imitate human behavior as closely as possible. With this bot protection, certain traffic gets blocked and flagged as bot traffic. However, when I review the requests from a human perspective, it can be challenging to identify what was actually bot traffic. Fortunately, the system provides a description of why a particular request was blocked and flagged as bot traffic. Bot traffic is a lot compared to normal human traffic, about 50% more. That alone frees up a lot of compute for our applications. The performance of the applications is significantly better because the bot's traffic is effectively filtered in the cloud. Only clean traffic reaches the applications, ensuring optimal performance.

The detection for bad bots and layer seven anomaly detection is ingrained within the logic. First of all, it examines normal signatures and user agents. Additionally, there is a significant reliance on AI-driven signatures that it looks out for. It also incorporates threat intelligence, which may include insights from various sources. Another important aspect is IP reputation, which is gathered from other clients with whom these bots have interacted. Overall, I think this solution is very effective; it has worked well for us and is actually blocking the traffic as advertised.

We rely heavily on Web DDoS protection, with about ninety percent of our services being application-based. Therefore, ensuring their security is very important to us. Radware provides the security we need and guarantees that the traffic reaching our web applications and servers is clean. This gives us peace of mind. While we monitor our systems closely, knowing that Radware Cloud WAF Service has our back is essential. Overall, it plays a crucial role in our business continuity as a security solution.

As compared to the traditional WAF that had on-prem systems, Radware Cloud WAF Service has many functionalities, such as AI-driven functionalities. It has features such as API security that protect against advanced attacks, including business logic attacks. It comes with additional functionalities such as bot protection and AI-driven threat signatures, along with threat intelligence, making it much more than the traditional WAF that we have on-prem. This is a key advantage I've seen since we onboarded it.

The dashboard of Radware Cloud WAF Service has room for improvement. While it works effectively, it can feel complex and might need some initial guidance, but once users become familiar with it, the operation becomes smooth.

We have been using Radware Cloud WAF Service since the beginning of this year. It has not yet been a full year.

I would rate the stability of Radware Cloud WAF Service a nine out of ten. While the functionality is a 10 out of 10, occasional internet connectivity issues cause temporary access problems.

The scalability of Radware Cloud WAF Service rates as a perfect ten out of ten, as we haven't encountered any scaling issues.

In the security team, four of us work with this solution. We have about 4,000 employees.

Technical support from Radware rates as a nine out of ten, as their support is very good.

Radware Cloud WAF Service is the first cloud WAF solution we have used. We were using only an on-premises physical appliance.

As compared to our on-premises solution, Radware Cloud WAF Service offers better protection and can even provide significantly better security. In baseline protection, it matches our on-premises solution but has additional functionalities, including AI-driven signatures. This upgrade brings many more security features that we didn't have before. Overall, I would rate it much higher.

Radware Cloud WAF Service works well. There are many instances that we could not flag bot traffic using our traditional on-premises WAF. We use them concurrently. We compare the clean rate of what passes through the cloud instance with what passes through our on-premises instance. It has freed up many of the compute resources we have on-premises. Thus, much of the malicious traffic is stripped away at the cloud level before the clean traffic reaches our on-premises sites.

The deployment of the Radware Cloud WAF Service was quite easy and took about two to three days, thanks to the helpful and responsive support team from Radware.

Apart from fine-tuning the security policies, much of the maintenance work is effectively handled in the background by the Radware team. As a result, there is very little to no maintenance required on our end.

We were supported by Radware's onboarding team. They prepared our dashboard.

The Radware Cloud WAF Service saves us a significant amount of time, estimating around 30% to 40%.

With our on-prem solution, we spent a lot of time on maintenance tasks, OS updates, and ensuring appliances ran smoothly, but with Cloud WAF, all that is managed by the cloud team, allowing us to focus on alert analysis.

For false positives, you need to properly tune the detection rules. In the beginning, it operates in a learning mode, which Radware refers to as "reporting mode." This mode simply reports on what is happening but doesn’t actively block any threats. When you transition to active protection, it’s crucial to take care when defining your threat signatures. If you don't, there can be some false positives. However, with excellent support from the onboarding team, we were able to resolve those issues very quickly, and after that, everything went smoothly. In the initial stages, it can be a bit tricky. There are some false positives, but they can be adjusted and fine-tuned. Once in a while, a false positive occurs, but we now have the knowledge on how to mitigate that.

A lot of applications are currently hosted on-premises. With a Cloud WAF, you need to redirect traffic to the cloud instance, and then the traffic is routed back. Initially, our main challenge was addressing internal threats, specifically insider threats. These applications are accessible both within our environment and to external users. However, since we began using cloud protection, it has primarily catered to external source traffic, leaving internal source traffic unprotected. Fortunately, Radware quickly developed a secure pathway functionality that can also redirect internal traffic to be inspected in the cloud. This feature is something we haven't implemented yet, but it is definitely on our agenda for implementation very soon.

The application protection from Radware Cloud WAF Service has API security, which protects the APIs we define against the different OWASP Top 10 API security threats.

I would rate the Radware Cloud WAF Service as a nine out of ten. Overall, it is a very effective solution that meets our expectations and blocks traffic as advertised.

We are choosing Radware Cloud WAF Service over traditional WAF because it has API first behavioral protection, advanced bot defense, and layer 7 web DDoS capability. It was chosen because of the hybrid and Cloud native app environment. For internal and external customers, we have approximately 1300 plus customers in our data center colocation, and all of them are using Radware Cloud WAF Service.

There are various use cases for Radware Cloud WAF Service. One is about securing public-facing portals, internal applications, and APIs, including REST API and GraphQL API. The deployed assess provides services to internal IT customers and external customers. This WAF is configured in reverse proxy mode plus API security module, and it is integrated with CI/CD pipeline for secure application development.

We have been using Radware Cloud WAF Service as it supports integration with CDN services such as Akamai, Cloudflare, and AWS CloudFront. Radware has CDN nodes for optimized delivery and protection. However, we have been using AWS CloudFront currently, but I'm in discussion with the Radware team about acquiring more Cloud WAF licenses, along with Cloud DDoS, to enhance Cloud DDoS protection capability. They have recently launched Cyber Controller Plus, so I'm going to procure Cyber Controller Plus.;

Automatic API discovery and schema validation is something we have appreciated about Radware Cloud WAF Service. It has automatic API discovery, protection against injection, abuse, and credential stuffing. It also has token-based authentication and enforcement, along with rate limiting. Bot and threat protection is another excellent feature.

It eliminates manual API inventory and documents and streamlines the security policy creation. It reduced the work for developers and the SOC workload because with a large SOC team, it helped to offload and eliminate overhead costs, providing SOC people with better resources.

Automatic threat detection in blocking and detecting without manual intervention is essential. Scalability is another benefit because it has Cloud native architecture. Cloud native architecture is readily scalable, requiring no hardware maintenance.

I see areas in Radware Cloud WAF Service for improvement, specifically in its initial tuning period, because the machine learning model takes two to three weeks for baseline behavior establishment. Closely monitoring alerts during this period is essential to avoid false positives.

There's an alert noise issue; during the early stages, we received a high volume of alerts for minor issues, requiring collaboration with the SOC team to fine-tune thresholds and concentrate on genuine threats.

The documentation is not up to par, as while the platform's system is robust, the documentation, particularly for API integration, could be more developer-friendly with real-world use cases.

We have been working with Radware Cloud WAF Service for almost four and half to five years now.

My experience with the technical support of Radware Cloud WAF Service is that they are excellent, and I have established a strong relationship with the executive leadership up to Roy, the CEO. They provide excellent support.

My experience with the pricing, setup costs, and licensing of Radware Cloud WAF Service is positive because I'm a Radware shop. I have all the Radware products, so my feedback is purely positive.

I have seen a return on investment with Radware Cloud WAF Service since I have been providing support and selling it as a service to customers.

When looking into Radware Cloud WAF Service, I evaluated F5 and Fortinet as other options.

We have been using many products provided by Radware. API discovery in Radware Cloud WAF Service was straightforward. Although initially, our people were new to Radware, and we had some challenges in the initial phase with false positives and early learning phases, especially with custom applications. Over time, with its intuitive UI, we were able to implement it quickly; my team learned and started working on it.

Radware Cloud WAF Service is integrated with SIEM and our SOC team of 75 people. Initially, during the early phase, false positives were common because SIEM was learning the traffic pattern, monitoring the logs, and adjusting the sensitivity. We accomplished policy tuning efficiently by manually fine-tuning the security parameters after analyzing the pattern and adjusting the threshold to reduce noise.

Radware Cloud WAF Service has been doing excellent work in protecting against zero-day attacks. We are using the automated source blocking feature. It has significantly helped our compliance efforts and helps maintain business continuity with its DDoS protection capabilities, which we utilize through real-time behavior-based detection using machine learning.

I rate Radware Cloud WAF Service eight out of ten.