We are using Radware Cloud WAF Service to prevent our applications from attacks, such as DDoS and other attacks.
Radware Cloud WAF
RadwareExternal reviews
171 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Enhances security with effective application attack prevention and time-saving visualizations
What is our primary use case?
How has it helped my organization?
Using Radware Cloud WAF Service has saved us considerable time. It provides good visualization and traffic information, saving around four to six hours for investigating logs whenever we try to pull logs from any other tools.
Radware Cloud WAF Service is quite effective for blocking unknown threats and attacks. We have 10 to 15 applications onboarded with Radware, and it has proven to be good at blocking threats from external sources.
Radware Cloud WAF Service is able to protect against zero-day attacks. They are committed to preventing any potential attacks. It has the capability to analyze behavioral patterns, which allows them to implement preventive measures. I have received notifications from Radware confirming that they are fully optimized to address zero-day vulnerabilities at this time.
What is most valuable?
Radware Cloud WAF Service allow us to directly filter the data from whatever attack was performed, so we can directly filter the attack details from the event viewer section, which is very helpful to us. Another module that I appreciate about Radware Cloud WAF Service is that it provides custom port security. The other tools are not providing the custom port feature where Radware Cloud WAF Service is providing, and it will be very helpful to us.
The automated analytics for looking at events in Radware Cloud WAF Service are working for us; the automatic event correlation is very beneficial to analyze how the alerts and events occur and visualize the patterns of network traffic and other traffic going in and out from the application via Radware Cloud WAF Service.
The combination of negative and behavioral-based positive security models is important for our security strategy; since most of our applications work internally, behavioral-based analytics helps us address issues where methods such as POST and GET are not functioning, so we raise concerns with our internal team to whitelist applications, thus helping reduce blocking of traffic in our environment.
Radware Cloud WAF Service is effective, particularly in the custom service it provides and its capabilities in DDoS protection and bot manager facilities, making it effective for validating the correlation part of incidents.
What needs improvement?
Regarding areas in Radware Cloud WAF Service that have room for improvement, one thing we observed was that we received a notification where Radware Cloud WAF Service stopped working properly in our cloud environment without any prior notification. We got the alert around one and a half hours after the event occurred, so I would suggest that they should notify customers in such scenarios.
For how long have I used the solution?
I have been using Radware Cloud WAF Service for three to four years.
What do I think about the stability of the solution?
The stability of the Radware Cloud WAF Service rates around nine out of ten.
What do I think about the scalability of the solution?
The scalability of the Radware Cloud WAF Service deserves a full ten, as it is definitely scalable.
Organization-wise, we have more than 100 users using the service currently.
How are customer service and support?
The technical support for Radware Cloud WAF Service rates 10 out of 10; whenever we require support, it is perfectly timely.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment method of the Radware Cloud WAF Service is very easy; since most of our applications operate on custom ports, it helps us integrate and onboard them securely.
The solution does not require any maintenance from our side.
What other advice do I have?
I am not directly looking into the integration aspect of the Radware Cloud WAF Service, but I have discussed it with other team members who might be using the integration part to collect logs from Radware Cloud WAF Service to get correlation and alert triggers for incident management tools such as ServiceNow and Sentinel, but they are not using it frequently or fully optimized currently.
We have discovered bot traffic involving attacks such as SQL injection. Radware's Bot Manager is working to prevent such attacks, especially with SQL injection and XSS attempts from outside entities. Regarding compliance with PCI DSS, we don't have any issues currently; we are also compliant with ISO 27001, and our applications onboarded on the Radware Cloud WAF Service operate without compliance issues.
We are using the web DDoS protection such as HTTP, L7 in the Radware Cloud WAF Service, and it is effective for us; we experienced an attack from the external side last month, which Radware Cloud WAF Service effectively prevented.
Overall, I would rate the Radware Cloud WAF Service a nine out of ten.
Easy to use and understand WAF for beginners on WAF
What do you like best about the product?
Integrating the WAF on the Traffic flow was easy as the ability to bypass WAF controls and point the traffic to origin was a good option.
On boarding the Application on WAF is easy and quick as compared to other WAF Portals. Lots of security controls in place which are updated automatically and periodically by the Radware. We do use portal on day to day basis as we have many application point on it.
On boarding the Application on WAF is easy and quick as compared to other WAF Portals. Lots of security controls in place which are updated automatically and periodically by the Radware. We do use portal on day to day basis as we have many application point on it.
What do you dislike about the product?
Lack of Log Views, You will not get any logs for pass through traffic on the WAF. As the security controls are many on the portal, getting full information on the block is difficult and have to raise case with the support team.
What problems is the product solving and how is that benefiting you?
The major CVE's which are detected and attackers try to check for the same on the application, using Radware Cloud WAF we are protected for most of the Major CVE's. Also after using this, we have seen significant reduction on the Internet bandwidth utilization.
Radware’s support has been prompt and effective, especially in handling critical security incidents.
What do you like best about the product?
Radware WAF is a strong product, offering real-time alerts and robust threat defense. It can automatically take containment actions to prevent further infections in the environment. It also provide the best customer support. I have using this on daily basis since 3 years. It is easy to implement and use. It's a very useful tool and every organization should have it.
What do you dislike about the product?
It has strong AI features, but it still needs better integration to be a perfect solution.
What problems is the product solving and how is that benefiting you?
My organization is quite large, so we need to monitor activities thoroughly and promptly. Since it's not feasible for humans to detect and address every threat, we implemented the Radware WAF service. It has been effective in automatically detecting and preventing DDoS threats and unusual traffic without human intervention, and it provides comprehensive reports. Additionally, its fast customer support is a significant advantage.
Radware cloud WAF solution experience by client
What do you like best about the product?
As an active user of Radware Cloud WAF, our organization relies heavily on its robust capabilities to monitor infrastructure and manage both WAF traffic and DDoS threats across our protected domains. The dashboard serves as our central command, offering a clear and comprehensive view of incoming internet traffic. This visibility empowers us to take timely and informed actions to safeguard domain security.
One standout feature we've leveraged recently is Geo-Fencing. With minimal effort, we were able to block traffic from specific regions based on country-level filters. Even more impressively, the platform allowed us to whitelist critical subnets from those regions, ensuring operational continuity without compromising security. The entire process was seamless and highly efficient.
We also want to highlight the Radware support team, whose proactive assistance has been consistently reliable. Their responsiveness and expertise have made a significant difference in our day-to-day operations.
Lastly, the user interface of the Radware console deserves praise. Its intuitive layout and well-organized feature set make it easy for clients to navigate and utilize the platform without hesitation. Whether you're a seasoned security professional or a first-time user, the GUI enhances usability and confidence.
One standout feature we've leveraged recently is Geo-Fencing. With minimal effort, we were able to block traffic from specific regions based on country-level filters. Even more impressively, the platform allowed us to whitelist critical subnets from those regions, ensuring operational continuity without compromising security. The entire process was seamless and highly efficient.
We also want to highlight the Radware support team, whose proactive assistance has been consistently reliable. Their responsiveness and expertise have made a significant difference in our day-to-day operations.
Lastly, the user interface of the Radware console deserves praise. Its intuitive layout and well-organized feature set make it easy for clients to navigate and utilize the platform without hesitation. Whether you're a seasoned security professional or a first-time user, the GUI enhances usability and confidence.
What do you dislike about the product?
1. Lack of Granular Role-Based Access Control (RBAC)
Radware Cloud WAF offers basic user management, but for large enterprises with multiple teams (DevOps, SecOps, Compliance), the RBAC model lacks fine-grained permissions. For example, you can't easily restrict access to specific policy sets or audit logs without giving broader admin rights. This can lead to operational risk or internal friction in shared environments.
2. No Native Threat Intelligence Feed Customization
While Radware integrates its own threat intelligence, it doesn't allow easy ingestion of third-party threat feeds (e.g., from Recorded Future, MISP, or internal honeypots). This limits organizations that want to enrich WAF rules with proprietary or sector-specific threat data, reducing adaptability in targeted attack scenarios.
Radware Cloud WAF offers basic user management, but for large enterprises with multiple teams (DevOps, SecOps, Compliance), the RBAC model lacks fine-grained permissions. For example, you can't easily restrict access to specific policy sets or audit logs without giving broader admin rights. This can lead to operational risk or internal friction in shared environments.
2. No Native Threat Intelligence Feed Customization
While Radware integrates its own threat intelligence, it doesn't allow easy ingestion of third-party threat feeds (e.g., from Recorded Future, MISP, or internal honeypots). This limits organizations that want to enrich WAF rules with proprietary or sector-specific threat data, reducing adaptability in targeted attack scenarios.
What problems is the product solving and how is that benefiting you?
I will make this in very simple pointers:
1.Effortless Domain Onboarding
2.Geo-Fencing Efficiency
3.Exceptional Support Team
4.Centralized Traffic Visibility with useful information
These capabilities have collectively enhanced our ability to monitor, respond, and adapt to evolving security challenges with confidence and agility. We look forward to continued collaboration and innovation with the Radware team.
1.Effortless Domain Onboarding
2.Geo-Fencing Efficiency
3.Exceptional Support Team
4.Centralized Traffic Visibility with useful information
These capabilities have collectively enhanced our ability to monitor, respond, and adapt to evolving security challenges with confidence and agility. We look forward to continued collaboration and innovation with the Radware team.
Monitored real-time threats with effective live data analysis for improved security measures
What is our primary use case?
My use case for the Radware Cloud WAF Service involves checking the WAF related to DDoS traffic from the public IP to the organization, which outlines how much impact there is on the WAF. We check the traffic to see what fluctuations occur from the outside and inside, particularly in regards to DDoS types of attacks as mentioned my basic monitoring workflow.
Monitoring Workflow:
- Traffic Analysis: I monitor traffic from public IPs to your organization, focusing on fluctuations that may indicate DDoS attacks.
- Impact Assessment: We evaluate how these attacks affect the WAF, especially in terms of utilization and attack surface.
- Escalation: If anomalies or high-impact events are detected, we raise a case with Redware support.
- Integration with SIEM: We already done, integrating with a SIEM tool can help correlate WAF data with other security logs for deeper insights.
- Historical Trend Analysis: Compare current traffic with historical data to identify patterns or recurring threats.
- Trends and Dashboard: We have creating a dashboard or report template to visualize the traffic and attack trends on live monitoring use.
How has it helped my organization?
The Radware's combination of negative and behavioral based positive security models is beneficial. This behavior is good for timely checks against threats utilizing live monitoring during attack surfaces from public environments, particularly for ISP-relevant traffic or recognizing malicious abnormal activities, which is effective in our environment.
What is most valuable?
In the Radware Cloud WAF Service, the best features I find are that it's easy to use and that it's easy to identify what procedures are ongoing within this environment. We can see live data regarding the public IP's impact on our organization and what actions we can check.
We also find the dashboard helpful; we can monitor multiple business units in Adani from the same page through the Radware dashboard services and its other functions. We feel safe using Radware, and we are happy with it.
We use the API Discovery feature. Regarding how Radware Cloud WAF Service has helped with compliance efforts, compliance actions are done by other tools for the Adani Group, however, we check WAF integrations with our domains through the Radware portal.
We have created a small dashboard monitoring various group-wise applications and domains, including corporate business units, ensuring all websites and public IPs are accounted for. The compliance processes are predefined. We remain compliant. We use additional tools alongside Radware and BITs; both tools provide similar functionalities, and we check Radware for risk mitigation related to any threat intel.
This has quite an impact on our business; all applications and domains are mapped via API with Radware Cloud WAF Service. We receive scores, alerts about impacts, and informational notifications via email for necessary follow-up actions.
What needs improvement?
To make the solution a ten out of ten, we need improvements in AI capabilities, which Radware Cloud WAF Service currently has yet it still has room for integration. Considering what can be improved, customization could be enhanced, and support could be a tad faster; more reporting capabilities or additional intuitive AI features would also be constructive.
Honestly, I currently do not face any challenges that I can articulate for improvement; everything functions according to the service we have.
For how long have I used the solution?
I have been using the Radware Cloud WAF Service for about 1.6 years now.
What do I think about the stability of the solution?
For stability, I can give it a score of nine out of ten, with a possibility of considering it a ten due to its reliability.
Regarding stability, I would rate it a nine out of ten; we've received notifications when maintenance is ongoing, usually informed timely, which is commendable.
What do I think about the scalability of the solution?
About scalability, we haven't examined it at a full 100%, however, for our current needs, it meets 100% of them without pressing requirements for enhancement.
How are customer service and support?
Support for Radware Cloud WAF Service is good; I'm using it on a daily basis and receive 24/7 support, timely reminders, and assistance. However, where improvements could be made includes aspects like API calls and related tasks; daily improvements are noted along with suggestions from our team.
How would you rate customer service and support?
Positive
How was the initial setup?
Deployment of Radware Cloud WAF Service is easy, and we regularly use it. It provides an intuitive understanding of how to raise API calls and integrate other requirements. We map our dashboards easily, reviewing and utilizing its functionality effectively.
The Radware solution requires maintenance which our R team oversees. As for regular maintenance, there are no current issues, and the upgrading part is managed by the team who provides the necessary updates based on our needs.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, I don't find it expensive; it's reasonably priced and aligns with our requirements, so I see it as fair compared to other more expensive tools.
What other advice do I have?
The learning capacity is good, and every feature provided is available; we just haven't fully utilized all aspects of Radware's offerings.
I would rate the Radware Cloud WAF Service a nine out of ten; it is solid and efficient from my perspective.
Powerfull and modern cloud WAF
What do you like best about the product?
Radware Cloud WAF is very simple and fast to implement.
What do you dislike about the product?
Only event logs are shown on the interface you need to give s3 bucket ot sftp server to get all logs including access logs.
What problems is the product solving and how is that benefiting you?
Radware Cloud WAF solve the fact our web portals werent protected by an application Firewall before.
Radware Protects Applications with Real-Time OWASP and DDOS Threat Detection
What do you like best about the product?
Radware cloud application protection services has provided us with strong, reliable application security against OWASP. The solution reduce risk from DDOS attack, bot attack and application vulnerabilities.
What do you dislike about the product?
WAF should support custom ports as well.
What problems is the product solving and how is that benefiting you?
Radware cloud application protection services has provided us with strong, reliable application security against OWASP. The solution reduce risk from DDOS attack, bot attack and application vulnerabilities.
Effectively protects against threats and has user-friendly interface and quick support
What is our primary use case?
We are in the post-implementation phase of using Radware Cloud WAF Service right now, but we have been using a Radware solution for about six years in our company.
Right now, we are working on transitioning our systems to the cloud. We have just obtained the license and are currently testing the system as part of the implementation process. This started back in January of this year, and we are approaching one year of use. While we are in the post-implementation phase, our corporate structure has a lot of approval processes that require multiple steps. Because of this, we can't fully transition to the protection capabilities of Cloud WAF just yet. However, we are actively using and testing it, and we are taking note of all the results.
How has it helped my organization?
Our company works in banking, and every day we face malicious and suspicious requests incoming to our site. Radware Cloud WAF Service is helping protect against these threats effectively. When we were using physical hardware, it would become overloaded and go down, making it impossible to protect our site. Radware Cloud WAF Service protects all of the backend applications and services by defending against malicious and suspicious requests.
Automated analytics are easy to use. When we were using manual detection, it was difficult to detect certain traffic patterns. The automatic detection is very effective.
Radware Cloud WAF Service reduces false positives compared to our previous on-premises system. After implementing Radware Cloud WAF Service, I observed the alerts and noticed a significant reduction in false positive blocking. It has more advanced capabilities, including header request searching.
We have integrated it only with Splunk so far, and it's easy to integrate.
Bot Manager's configuration is straightforward. We input IP addresses, local IPs, and configure log sending to Splunk.
What is most valuable?
The interface is really cool, especially with the dark theme. It looks clean and organized, which I appreciate. It's not complicated at all.
Support is prompt and efficient. The response to our support tickets has been quick, and I'm really happy with that. Overall, I'm glad with my experience so far.
It is easy to use for me. I've already been working with the hardware and the portal for two years now. I know where everything is, so I find it easy.
What needs improvement?
They might need to add more integrations. Adding AI-based search capabilities would be beneficial, allowing us to search for the origins of bot attacks by country. The behavioral analysis could be made more efficient. While Bot Manager has many of these features already, there is room for further enhancement.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is scalable.
How are customer service and support?
The support team responds quickly to our tickets, and I am very satisfied with their service.
How would you rate customer service and support?
Positive
How was the initial setup?
The Radware deployment process was straightforward and easy to install. Our company has many approvals and processes, so it took over two weeks.
Our SOC team with ten people works with this solution. Our company has two teams working on security systems with three levels of engineers. I am a level two engineer handling configuration and monitoring. The level three engineers manage major updates and have comprehensive knowledge of the system.
Which other solutions did I evaluate?
We conducted POC testing with three systems: Akamai, Imperva, and Radware Cloud WAF Service. We only tested Imperva and Radware because Akamai did not meet our bank corporation's policies regarding reseller companies. Imperva had too many issues.
The Imperva cloud solution was located in Hong Kong, which was too far from Mongolia and caused internet connectivity issues. After testing it, we were not satisfied. We then tested Radware Cloud WAF Service and found it easier to use, particularly since we were already using Radware Bot Manager in the cloud.
What other advice do I have?
Currently, we are not using the API discovery feature as we are in the pre-implementation phase of API protection. We are focusing on getting Radware Cloud WAF Service into production first. After that, we plan to implement additional features such as API security and customer security.
In Mongolia, we do not have a CDN and are currently using Akamai CDN. The situation in Mongolia is restricted and somewhat complicated.
I would recommend this solution. Radware is the largest company in the security solutions industry. They have many prototypes and numerous integrations. This is an important aspect of the purchasing process. Another key point is their support; they provide a quick response to your inquiries. Their service is easy to use. With Radware's cloud solutions, they cover all aspects of security effectively. They are able to provide comprehensive coverage for your needs.
I would rate Radware Cloud WAF Service an eight out of ten.
Advanced protections ensure application security with ease of doing operation
What do you like best about the product?
I really liked the way they integrate all features like security, rules, loadbalancing, network etc with each application . this became easy to operate on any application individually and also corelate it with security events
In the past couple of months, it has successfully mitigated multiple DDoS attacks on my applications without causing any performance degradation or service disruption.
In the past couple of months, it has successfully mitigated multiple DDoS attacks on my applications without causing any performance degradation or service disruption.
What do you dislike about the product?
while they have many security inspection like network , application protection, which detect and act in first place , but still some of security features are hidden and no visible to us . which result delay in troubleshooting when any block happens. This also needs to visible to isolate problem timey manner and act.
What problems is the product solving and how is that benefiting you?
Radware cloud waf , providing the separate surface attack in cloud, which help to isolate the actual production infra and since it first pop ,which also does not create dependencies because good features and integrate troubleshooting tools
Advanced protections ensure application security and improve threat response
What is our primary use case?
The use case is protection for all web applications. This includes the applications we serve via critical workloads. We are utilizing Radware Cloud WAF Service for this protection.
In addition to protecting our production environment, we also implement Layer 7 protections, DDoS protections, and other security measures. We have established a detailed level of protection for all of our applications.
How has it helped my organization?
I am satisfied with Radware Cloud WAF Service's ability to block unknown threats and attacks, as the moment we enable protection for specific applications, it starts working. For instance, we receive results indicating whether there's any unusual activity. This system operates like Software as a Service (SaaS). You don't have to worry about the underlying algorithms or the conditions that need to be applied. It's essentially a plug-and-play solution, making it easy to use.
The automated analytics of Radware Cloud WAF Service are quite effective. They inspect and remediate DDoS attacks quickly by monitoring any suspicious activity and reporting it, demonstrating the power of their deployed algorithms.
I use the CDN service offered by Radware together with Radware Cloud WAF Service, and I find it feasible because it provides faster responses for users accessing our applications, especially when it's caching configurations and monitoring protection simultaneously.
Radware Cloud WAF Service has saved me more than 30% of my time, as it's very easy to spin up any application with just a few clicks.
I receive reports every 30 days. The live metrics are visible on their dashboard, showing the current status of all applications and the number of hits, including false positives.
The automated source blocking features of Radware Cloud WAF Service have a proactive and holistic approach. It effectively protects applications with default methods for any sort of protection, though some of those methods generate false positives that we need to adjust based on our needs.
In terms of compliance, we are following GDPR, and to adhere to this compliance, we have chosen the required region to ensure all incoming traffic is treated accordingly. I find Radware Cloud WAF Service good with respect to my compliance needs, providing services in all required regions.
What is most valuable?
I really appreciate the DDoS protection that Radware Cloud WAF Service provides, especially because it reacted well to multiple DDoS attacks on my applications in the last couple of months without any signs of issues being reported.
Their Network Operation Center (NOC) is very proactive in monitoring the health status and metrics continuously. Whenever they identify an issue, they do not delay in informing me or my team, making them very proactive.
What needs improvement?
Radware Cloud WAF Service has helped reduce false positives, but we do experience some false positives, such as when certain URIs or headers are incorrectly flagged as malicious, and we need Radware to refine those to treat as genuine traffic, achieving about a 25% reduction in false positives.
There is an area for improvement in Radware Cloud WAF Service, specifically regarding the visibility of default algorithms or source blocking systems that create false positives, as it would help if customers could see these blocks to isolate problems quickly without needing to reach out for tech support. There are various blocking systems in place, including some default algorithms that can block a lot of content. Unfortunately, this can lead to false positives, making it difficult to determine whether an issue is being caused by Radware WAF or something else. As a customer, we can't see what's happening behind the scenes because it's a SaaS service. I would suggest that if there are any blocks, they should be clearly visible to us. This would allow us to isolate the problem and understand whether it's related to the WAF or another source. Currently, these blockings are not transparent; they remain hidden until we reach out to the tech support teams. Often, we only find out about the issues from them, which leaves us unaware of the problems as they aren't displayed in the portal. These behind-the-scenes elements should be available. I understand it would have read-only access. That's acceptable, but it should be visible so we can isolate issues quickly.
For how long have I used the solution?
We have been using it for the last one and a half years.
What do I think about the stability of the solution?
The service is always available to us. I would rate the stability of Radware Cloud WAF Service as a nine out of ten, as we rarely experience downtime, bugs, or glitches.
What do I think about the scalability of the solution?
I rate the scalability of Radware Cloud WAF Service as a seven out of ten, fitting well with our approximately 8,000 users.
How are customer service and support?
I rate the technical support of Radware Cloud WAF Service as an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
I find the deployment of Radware Cloud WAF Service to be moderate in complexity, as it takes months to complete based upon requirement
More than 8,000 users work with Radware Cloud WAF Service. While it does require maintenance, it is not a concern for us since it's a SaaS service, meaning they maintain everything on the backend while we focus on uptime.
What's my experience with pricing, setup cost, and licensing?
The pricing for Radware Cloud WAF Service is cost-efficient for us, especially since we have opted for a big bundle that includes not only the Cloud WAF but also Radware other products.
Which other solutions did I evaluate?
We did not assess any other vendor as we have been using Radware from the beginning and are already familiar with its features, knowing it is fully integrated with our requirements and custom ports for web applications. While comparing Radware Cloud WAF Service with other WAF solutions, the biggest advantage is its seamless integration with my environment, and their tech support and NOC support are better than several other WAF services.
What other advice do I have?
The combination of negative and behavioral-based positive security models is important for my security strategy, and we have defined a ratio of 70% to 30%, where it properly blocks what we define, and false positives are adjusted for all applications.
I would recommend Radware Cloud WAF Service to other users because it offers excellent WAF protection services that work like a plug-and-play solution without needing to worry about algorithms. However, the deployment time could be a drawback.
Overall, I would rate Radware Cloud WAF Service an eight out of ten.
showing 41 - 50