Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Radware Cloud WAF

Radware

Reviews from AWS customer

13 AWS reviews

External reviews

179 reviews
from and

External reviews are not included in the AWS star rating for the product.

4-star reviews ( Show all reviews )

    reviewer2806845

Advanced protections have blocked most web attacks and now simplify daily threat management

  • March 03, 2026
  • Review from a verified AWS customer

What is our primary use case?

I use Radware Cloud WAF Service to protect customers from cyber attacks, mostly SQL injections, cross-site scripting, and degradation with DDoS attacks.

Almost every day, cyber attackers are trying to disrupt the correct functionality of the application for our customers, so I review the console in Radware Cloud WAF Service, searching for strange behavior. If I see something that is not in place, I mostly block via geolocation or IP address or by activating the advanced protection from the applications in the tenant for the customers.

Mostly, I also create different types of rules with Radware Cloud WAF Service, varying from redirections to blacklisting, to whitelisting, exceptions, rate limiting, and others to better protect the customers.

What is most valuable?

The best features Radware Cloud WAF Service offers are mostly the advanced protections because you only need to activate them, and they protect against a lot of today's most common OWASP attacks.

The advanced protections help me in my day-to-day work with Radware Cloud WAF Service because they are very effective as they attack mostly the OWASP Top 10, and they are easy to use because you only need to activate them, and by default, they block a vast gamut of cyber attacks today.

Before our customers purchased Radware Cloud WAF Service, they had a lot of breaches in their network, and after, we successfully lowered the attack rates, and by that, we protect their applications better.

Before Radware Cloud WAF Service, our customers had almost four or five million requests, and they were not always clean, but now with Radware Cloud WAF Service, we see that we block almost 95 or 96 percent of the attacks that we are receiving.

What needs improvement?

I think the things I want to improve in Radware Cloud WAF Service are, for example, the possibility to upload CSV files with IOCs, so we can load a lot of IOCs in one load instead of loading them one by one manually.

I also want the possibility of seeing traffic in real time because I only see a dashboard with the security events, but in regards to real time, I don't see something that tells me how the traffic behavior is.

For how long have I used the solution?

I have been using Radware Cloud WAF Service for almost three years now.

What do I think about the stability of the solution?

Radware Cloud WAF Service is mostly stable.

What do I think about the scalability of the solution?

I think Radware Cloud WAF Service scales pretty well because we add more applications or users, and we don't have a problem with that.

How are customer service and support?

I have a good experience with customer support for Radware Cloud WAF Service; they tend to respond quickly to our cases and they help us really well with the cases.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Cloudflare and Imperva before Radware Cloud WAF Service, and we switched mostly because the security in Radware Cloud WAF Service console is easier to administrate than in the other providers.

What was our ROI?

Unfortunately, I don't have metrics for return on investment because I only administrate the console.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup cost, and licensing for Radware Cloud WAF Service is good.

Which other solutions did I evaluate?

I evaluated Cloudflare and Imperva before choosing Radware Cloud WAF Service.

What other advice do I have?

I invite others looking into using Radware Cloud WAF Service to try it and see all the different protections that the console can provide. I would rate this solution an 8 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Yash Dasadia

Has managed high traffic efficiently and reduced false positives while maintaining strong API protection

  • September 12, 2025
  • Review from a verified AWS customer

What is our primary use case?

We use Radware Cloud WAF Service for WAF protection and API protection.

What is most valuable?

The best features of Radware Cloud WAF Service are its ability to manage high traffic, its scalability, and its reliability. Whenever we observe any detections or unusual traffic at a high rate, Radware manages the replication of web applications in such a way that no web applications are ever hampered, ensuring all traffic is managed effectively.

Radware Cloud WAF Service has significantly reduced our false positives, as Radware keeps its policies up to date with emerging tactics. This has led to very few false positives, which is one reason we have chosen to implement Radware WAF in our environment, given its favorable false positive ratio.

What needs improvement?

In Radware Cloud WAF Service, the areas that have room for improvement include the costing part, as we faced some issues during the implementation and POC of this WAF technology.

Additionally, the policy management can be improved, along with the graphical user interface for better visualization, so any new user can adapt to its graphics and find it easier to use.

For how long have I used the solution?

I have been using Radware Cloud WAF Service for around three plus years.

How are customer service and support?

I would rate the support a perfect 10 out of 10 because the support is good.

What was our ROI?

We have seen a good amount of return on investment with Radware Cloud WAF Service, roughly 50 to 60%. By reviewing our alerts and traffic, we can assess what traffic has been blocked and how much it has saved our applications and infrastructure.

Given our critical web applications and our substantial environment, where many applications are onboarded on WAF, overall, we can say it has yielded good returns on investment.

Which other solutions did I evaluate?

When I compare Radware Cloud WAF Service with other WAF software, I notice that while Radware's technology is strong, the only cons we faced were related to costing and some policies. Other solutions are available in the market, but they also have their drawbacks.

What other advice do I have?

We use the CDN services offered by Radware with Radware Cloud WAF Service. The combination of CDN and Radware Cloud WAF Service is easy to use, and the security it offers is good, especially with the WAF plus DDoS integration, which is ideal for media and all types of streaming.

I assess Radware Cloud WAF Service for blocking unknown threats and attacks as effective because it updates its mitigation policies with day-to-day strategies, incorporating new and emerging tactics. Additionally, it blocks some traffic based on AI, which enhances its ability to manage intrusion threats.

The automated analytics for looking at events is positive, as it has inbuilt automations that reduce our manual intervention. Due to this, there is a quick incident response in case of any high alert or critical case, ensuring that proper mitigations have been taken care of for any incident, which allows for a rapid response over any alert.

Radware Cloud WAF Service for integrating with other systems and applications in our business is seamless, as we have integrated Radware WAF with our SIEM monitoring tool, Microsoft Sentinel. We can get centralized logs for every tool on Sentinel, and it was easy to implement and integrate with it. Throughout the integration with Sentinel, we received excellent support and good documentation.

I assess Radware Cloud WAF Service for its ability to protect against zero-day attacks as competent since it adapts behavioral models. If it observes any vulnerability that Radware WAF hasn't recognized in its recent models, it trains its models based on behavior to manage zero-day exploits, ensuring that if any sudden bot traffic or API abuse occurs, Radware mitigates it and blocks all such traffic effectively.

The combination of negative and behavior-based positive security models is crucial for our organization's security strategy because Radware assumes everything is allowed unless it observes any malicious activity or anomaly. In such cases, WAF only blocks when something malicious or specific signatures are observed, making it reliable for our applications and ensuring none are hampered by any false positives.

We use Radware Bot Manager. With Radware Bot Manager, we have discovered issues such as web scraping and DDoS bots from our incoming bot traffic that we weren't aware of before, as it provides detections for that and actively blocks all such DDoS traffic and bot traffic based on its AML algorithms. We have also enabled API bot protection.

We use the web DDoS protection offered by Radware. Radware Cloud WAF Service has helped in our business continuity by ensuring that no legitimate traffic is blocked. Only when something suspicious based on L3, L4, or L7 DDoS attacks or such signatures is observed does Radware block malicious traffic, guaranteeing reliability and continuity for our web applications.

The solution requires maintenance when we want to configure or tweak any policy, which is when we seek support from the tech team.

Our team includes 30 engineers who use Radware WAF. We will recommend this product to other users because we have suggested it to our peers. Looking at the solution this tool has provided us, we find it beneficial enough to promote it to others.

On a scale of 1-10, I rate this solution a 9.

    Ankit Tadha

Has significantly improved threat visibility and reduced false positives through intelligent bot detection and real-time analysis

  • September 11, 2025
  • Review from a verified AWS customer

What is our primary use case?

My use case for Radware Cloud WAF Service is mainly for WAF bot protection.

What is most valuable?

The best features of Radware Cloud WAF Service that I prefer most include the bot protection. Its deployment was very smooth and flexible when I started deploying it. The reporting and visibility feature of the Bot Manager are noteworthy, as the dashboard gives clear insight into the traffic, activity, and block threats. The AI threat intelligence feature is quite impressive.

In terms of blocking unknown threats and attacks, I assess Radware Cloud WAF Service as quite impressive; if I have to rate it out of 10, I would rate it eight and a half.

The automated analytics for looking at events with Radware Cloud WAF Service is generally fine, and whenever we use it, it gives almost perfect results.

In API protection with Radware Cloud WAF Service, we have multiple applications that we are using currently, and whenever there is any threat related to an API, it helps us provide detailed insight. Additionally, whenever there is unusual API traffic, it helps us monitor and detect threats.

What needs improvement?

In Radware Cloud WAF Service, the areas that have room for improvement include customization and personalized integration, as we faced multiple issues with those aspects during our deployment.

For how long have I used the solution?

I have been using Radware Cloud WAF Service for approximately one and a half years.

What do I think about the stability of the solution?

Regarding stability, I can say that in the last one and a half years, I haven't seen any downtime, so I would rate that 10 out of 10.

What do I think about the scalability of the solution?

In terms of scalability, it's also a 10 out of 10 because we are using Radware Cloud WAF Service for more than 60,000 employees in our organization, and it works perfectly fine.

How are customer service and support?

I would rate Radware support nine out of 10; it's perfectly fine, and an engineer is available all the time, resolving our issues in a timely manner.

Which solution did I use previously and why did I switch?

When I compare Radware Cloud WAF Service with other WAF software, we used to use different WAF software before Radware, and now we've switched to Radware. There are multiple benefits, such as cost, efficiency, threat intelligence, and multiple features, so Radware is quite impressive compared to other WAF solutions.

What's my experience with pricing, setup cost, and licensing?

Regarding overhead costs, we used a different solution before Radware, so it's not quite expensive, but it is moderately expensive. Radware Cloud WAF Service does the job in a cost-effective way as.

Which other solutions did I evaluate?

The other WAF solutions I am referring to include Akamai and F5.

What other advice do I have?

In terms of false positives, Radware Cloud WAF Service helps reduce them to around 30 to 35%. Cloud WAF saves me time; before, there were multiple false positive incidents that used to create too much workload for an analyst, and now we can say it has improved efficiency by 10 to 12% on average.

Radware Cloud WAF Service integrates seamlessly with other applications and solutions, although we faced difficulties with two or three vendors; other than that, it was perfectly smooth.

Radware Cloud WAF Service's ability to protect against zero-day attacks is very good; the threat intelligence feature is excellent in the WAF. It helps us protect against zero-day threats significantly, and whenever a zero-day occurs, it notifies us as early as possible, helping us get it resolved.

I find the combination of negative and behavioral-based positive security models highly important, and if I were to rate it on a scale of 10, I would rate it as eight and a half to nine.

We have Radware Cloud WAF Service deployed on firewalls, such as an MSPL entire network, and even though we use the Source Blocking feature, I cannot say we fully utilize it. With the Source Blocking feature, the automated, proactive, and holistic approach based on cross-module correlation is working perfectly fine.

I use Radware Bot Manager. With Bot Manager, I haven't discovered anything new in terms of incoming bot traffic, but it helps us identify bot traffic and real traffic. Radware helps to distinguish between the two, improving things such as blocking the IPs or managing the traffic, ensuring that genuine service is available and easily accessible for real users.

Radware Bot Manager helps with compliance significantly; for instance, whenever there's a web application, it identifies bot traffic and genuine traffic, allowing us to block the bot traffic so that services for genuine users are more available. In Radware Cloud WAF Service, the real-time BLA detection and mitigation help us in a very effective way by saving time and making the solution efficient.

I use the Web DDoS for HTTP L7, and it helps us very much; it helps distinguish between malicious and genuine traffic. Approximately, there are multiple users for Cloud WAF; our organization contains a total of 60,000 to 65,000 employees who use the WAF, along with customer-facing sites that also use the service. The solution requires maintenance according to our policy, such as managing the blocking list and related tasks.

I would definitely recommend Radware Cloud WAF Service to other users because it features multiple tools that help reduce workload and manage bot traffic. Additionally, it assists in mitigating zero-day threats and notifying us further, providing numerous solutions to customer problems. Overall, I would rate the solution from 1 to 10 as eight and a half to nine.

    Pankaj Danej

Automated threat detection and mitigation secure our network effectively

  • September 04, 2025
  • Review from a verified AWS customer

What is our primary use case?

My use case for Radware Cloud WAF Service is for blocking malicious IP addresses.

How has it helped my organization?

Radware Cloud WAF Service blocks threats effectively, providing a comprehensive report that shows the traffic and denied traffic from malicious IPs or specific countries, so I am satisfied.

Radware Cloud WAF Service has reduced the false positive rate, and it's beneficial for our organization. By using Radware Cloud WAF Service, 30% to 40% of false positives are reduced.

For zero-day attacks, Radware Cloud WAF Service integrates threat intel, which detects anomalous traffic and blocks it automatically, preventing attackers from entering our organization or attacking our domains. Source blocking is effective because it has good capability to handle things automatically without human intervention, as a human cannot handle all the alerts and traffic.

The real-time BLA detection and mitigation of Radware Cloud WAF Service strongly performs to mitigate and take action against contamination. Radware Cloud WAF Service is quite effective and handles all traffic to HTTP or HTTPS effectively.

What is most valuable?

My organization is quite large, so we have to monitor activities promptly. Since it's not possible for a human to detect and address every threat, we implemented Radware Cloud WAF Service, which automatically detects and prevents DDoS threats and traffic without human intervention, making it better for us and protecting our organization.

With the automated analytics of Radware Cloud WAF Service, if multiple logins occur from the same malicious IP in the same pattern, the AI automatically recognizes it and takes the appropriate action, such as blocking or allowing, which is beneficial for us.

What needs improvement?

Improvement areas could be some of the AI capabilities related to false positives. The required IP addresses sometimes get blocked, so that needs to be enhanced. The AI recognizing features can be improved. Recognition aspects could be refined; it's performing at almost 99%, so there's a small margin for improvement.

For how long have I used the solution?

I have been using Radware Cloud WAF Service for three years in my organization.

What do I think about the stability of the solution?

It is stable. I would rate it a ten out of ten for stability.

What do I think about the scalability of the solution?

It is scalable. I would rate it a nine out of ten for scalability.

We have about 35 users working with this solution.

How are customer service and support?

I would rate their customer support a ten out of ten.

How was the initial setup?

It is easy. It takes 10 to 15 days.

What's my experience with pricing, setup cost, and licensing?

The pricing for Radware Cloud WAF Service is moderate; it's not expensive. We can't say it's low and we can't say high; it's moderate, and I got that perfect point.

Which other solutions did I evaluate?

It is easier to use with a moderate cost than others.

What other advice do I have?

To assess Radware Cloud WAF Service for blocking unknown threats and attacks, we have found that if an IP is identified as malicious, we can block it, and we utilize the graph chart provided. Using the CDN with Radware Cloud WAF Service is easy to implement and use; it's not a headache for us.

I would rate Radware Cloud WAF Service a nine out of ten.

    Rahul Tripathi

Enhances security with effective application attack prevention and time-saving visualizations

  • September 01, 2025
  • Review from a verified AWS customer

What is our primary use case?

We are using Radware Cloud WAF Service to prevent our applications from attacks, such as DDoS and other attacks.

How has it helped my organization?

Using Radware Cloud WAF Service has saved us considerable time. It provides good visualization and traffic information, saving around four to six hours for investigating logs whenever we try to pull logs from any other tools.

Radware Cloud WAF Service is quite effective for blocking unknown threats and attacks. We have 10 to 15 applications onboarded with Radware, and it has proven to be good at blocking threats from external sources.

Radware Cloud WAF Service is able to protect against zero-day attacks. They are committed to preventing any potential attacks. It has the capability to analyze behavioral patterns, which allows them to implement preventive measures. I have received notifications from Radware confirming that they are fully optimized to address zero-day vulnerabilities at this time.

What is most valuable?

Radware Cloud WAF Service allow us to directly filter the data from whatever attack was performed, so we can directly filter the attack details from the event viewer section, which is very helpful to us. Another module that I appreciate about Radware Cloud WAF Service is that it provides custom port security. The other tools are not providing the custom port feature where Radware Cloud WAF Service is providing, and it will be very helpful to us.

The automated analytics for looking at events in Radware Cloud WAF Service are working for us; the automatic event correlation is very beneficial to analyze how the alerts and events occur and visualize the patterns of network traffic and other traffic going in and out from the application via Radware Cloud WAF Service.

The combination of negative and behavioral-based positive security models is important for our security strategy; since most of our applications work internally, behavioral-based analytics helps us address issues where methods such as POST and GET are not functioning, so we raise concerns with our internal team to whitelist applications, thus helping reduce blocking of traffic in our environment.

Radware Cloud WAF Service is effective, particularly in the custom service it provides and its capabilities in DDoS protection and bot manager facilities, making it effective for validating the correlation part of incidents.

What needs improvement?

Regarding areas in Radware Cloud WAF Service that have room for improvement, one thing we observed was that we received a notification where Radware Cloud WAF Service stopped working properly in our cloud environment without any prior notification. We got the alert around one and a half hours after the event occurred, so I would suggest that they should notify customers in such scenarios.

For how long have I used the solution?

I have been using Radware Cloud WAF Service for three to four years.

What do I think about the stability of the solution?

The stability of the Radware Cloud WAF Service rates around nine out of ten.

What do I think about the scalability of the solution?

The scalability of the Radware Cloud WAF Service deserves a full ten, as it is definitely scalable.

Organization-wise, we have more than 100 users using the service currently.

How are customer service and support?

The technical support for Radware Cloud WAF Service rates 10 out of 10; whenever we require support, it is perfectly timely.

How was the initial setup?

The deployment method of the Radware Cloud WAF Service is very easy; since most of our applications operate on custom ports, it helps us integrate and onboard them securely.

The solution does not require any maintenance from our side.

What other advice do I have?

I am not directly looking into the integration aspect of the Radware Cloud WAF Service, but I have discussed it with other team members who might be using the integration part to collect logs from Radware Cloud WAF Service to get correlation and alert triggers for incident management tools such as ServiceNow and Sentinel, but they are not using it frequently or fully optimized currently.

We have discovered bot traffic involving attacks such as SQL injection. Radware's Bot Manager is working to prevent such attacks, especially with SQL injection and XSS attempts from outside entities. Regarding compliance with PCI DSS, we don't have any issues currently; we are also compliant with ISO 27001, and our applications onboarded on the Radware Cloud WAF Service operate without compliance issues.

We are using the web DDoS protection such as HTTP, L7 in the Radware Cloud WAF Service, and it is effective for us; we experienced an attack from the external side last month, which Radware Cloud WAF Service effectively prevented.

Overall, I would rate the Radware Cloud WAF Service a nine out of ten.

    Shijir-Alt Tumurkhuyag

Effectively protects against threats and has user-friendly interface and quick support

  • August 15, 2025
  • Review from a verified AWS customer

What is our primary use case?

We are in the post-implementation phase of using Radware Cloud WAF Service right now, but we have been using a Radware solution for about six years in our company.

Right now, we are working on transitioning our systems to the cloud. We have just obtained the license and are currently testing the system as part of the implementation process. This started back in January of this year, and we are approaching one year of use. While we are in the post-implementation phase, our corporate structure has a lot of approval processes that require multiple steps. Because of this, we can't fully transition to the protection capabilities of Cloud WAF just yet. However, we are actively using and testing it, and we are taking note of all the results.

How has it helped my organization?

Our company works in banking, and every day we face malicious and suspicious requests incoming to our site. Radware Cloud WAF Service is helping protect against these threats effectively. When we were using physical hardware, it would become overloaded and go down, making it impossible to protect our site. Radware Cloud WAF Service protects all of the backend applications and services by defending against malicious and suspicious requests.

Automated analytics are easy to use. When we were using manual detection, it was difficult to detect certain traffic patterns. The automatic detection is very effective.

Radware Cloud WAF Service reduces false positives compared to our previous on-premises system. After implementing Radware Cloud WAF Service, I observed the alerts and noticed a significant reduction in false positive blocking. It has more advanced capabilities, including header request searching.

We have integrated it only with Splunk so far, and it's easy to integrate.

Bot Manager's configuration is straightforward. We input IP addresses, local IPs, and configure log sending to Splunk.

What is most valuable?

The interface is really cool, especially with the dark theme. It looks clean and organized, which I appreciate. It's not complicated at all.

Support is prompt and efficient. The response to our support tickets has been quick, and I'm really happy with that. Overall, I'm glad with my experience so far.

It is easy to use for me. I've already been working with the hardware and the portal for two years now. I know where everything is, so I find it easy.

What needs improvement?

They might need to add more integrations. Adding AI-based search capabilities would be beneficial, allowing us to search for the origins of bot attacks by country. The behavioral analysis could be made more efficient. While Bot Manager has many of these features already, there is room for further enhancement.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

The support team responds quickly to our tickets, and I am very satisfied with their service.

How was the initial setup?

The Radware deployment process was straightforward and easy to install. Our company has many approvals and processes, so it took over two weeks.

Our SOC team with ten people works with this solution. Our company has two teams working on security systems with three levels of engineers. I am a level two engineer handling configuration and monitoring. The level three engineers manage major updates and have comprehensive knowledge of the system.

Which other solutions did I evaluate?

We conducted POC testing with three systems: Akamai, Imperva, and Radware Cloud WAF Service. We only tested Imperva and Radware because Akamai did not meet our bank corporation's policies regarding reseller companies. Imperva had too many issues.

The Imperva cloud solution was located in Hong Kong, which was too far from Mongolia and caused internet connectivity issues. After testing it, we were not satisfied. We then tested Radware Cloud WAF Service and found it easier to use, particularly since we were already using Radware Bot Manager in the cloud.

What other advice do I have?

Currently, we are not using the API discovery feature as we are in the pre-implementation phase of API protection. We are focusing on getting Radware Cloud WAF Service into production first. After that, we plan to implement additional features such as API security and customer security.

In Mongolia, we do not have a CDN and are currently using Akamai CDN. The situation in Mongolia is restricted and somewhat complicated.

I would recommend this solution. Radware is the largest company in the security solutions industry. They have many prototypes and numerous integrations. This is an important aspect of the purchasing process. Another key point is their support; they provide a quick response to your inquiries. Their service is easy to use. With Radware's cloud solutions, they cover all aspects of security effectively. They are able to provide comprehensive coverage for your needs.

I would rate Radware Cloud WAF Service an eight out of ten.

    Augustine Abule

Eliminates maintenance tasks and strengthens security with AI-driven and API security functionalities

  • June 18, 2025
  • Review from a verified AWS customer

What is our primary use case?

We have both infrastructure protection and web application protection. Infrastructure protection is against network-level denial of service attacks, and we use the application protection for our web application firewall, which provides layer seven security.

How has it helped my organization?

Being a cloud service, it removes the maintenance tasks for system uptime and the maintenance of on-prem appliances. It gives security analysts much more time for SOC work in analyzing alerts and threats. With on-premises solutions, there is a lot of maintenance involved to ensure that everything is functioning properly. Much time is dedicated to maintaining on-premises products. In contrast, as a cloud product, we don't have to worry about issues related to high availability or managing multiple instances of security solutions. Maintenance tasks such as operating system upgrades and other related issues are handled for us. This allows us to focus our efforts on SOC analysis work without the burden of these maintenance responsibilities.

It helps reduce the number of false positives and also addresses sophisticated attacks that may not be detected by our traditional systems on-premises.

Alerts help us quickly narrow down the issue, allowing us to spend less time on analysis and more time addressing active threats as they occur. Automation plays a significant role in this process.

Bot Manager has been quite positive. I find it to be more than just your traditional method of examining signatures or even looking at user agent headers. It goes beyond that; it analyzes the behavioral patterns of requests. Bots have become more advanced, often trying to imitate human behavior as closely as possible. With this bot protection, certain traffic gets blocked and flagged as bot traffic. However, when I review the requests from a human perspective, it can be challenging to identify what was actually bot traffic. Fortunately, the system provides a description of why a particular request was blocked and flagged as bot traffic. Bot traffic is a lot compared to normal human traffic, about 50% more. That alone frees up a lot of compute for our applications. The performance of the applications is significantly better because the bot's traffic is effectively filtered in the cloud. Only clean traffic reaches the applications, ensuring optimal performance.

The detection for bad bots and layer seven anomaly detection is ingrained within the logic. First of all, it examines normal signatures and user agents. Additionally, there is a significant reliance on AI-driven signatures that it looks out for. It also incorporates threat intelligence, which may include insights from various sources. Another important aspect is IP reputation, which is gathered from other clients with whom these bots have interacted. Overall, I think this solution is very effective; it has worked well for us and is actually blocking the traffic as advertised.

We rely heavily on Web DDoS protection, with about ninety percent of our services being application-based. Therefore, ensuring their security is very important to us. Radware provides the security we need and guarantees that the traffic reaching our web applications and servers is clean. This gives us peace of mind. While we monitor our systems closely, knowing that Radware Cloud WAF Service has our back is essential. Overall, it plays a crucial role in our business continuity as a security solution.

What is most valuable?

As compared to the traditional WAF that had on-prem systems, Radware Cloud WAF Service has many functionalities, such as AI-driven functionalities. It has features such as API security that protect against advanced attacks, including business logic attacks. It comes with additional functionalities such as bot protection and AI-driven threat signatures, along with threat intelligence, making it much more than the traditional WAF that we have on-prem. This is a key advantage I've seen since we onboarded it.

What needs improvement?

The dashboard of Radware Cloud WAF Service has room for improvement. While it works effectively, it can feel complex and might need some initial guidance, but once users become familiar with it, the operation becomes smooth.

For how long have I used the solution?

We have been using Radware Cloud WAF Service since the beginning of this year. It has not yet been a full year.

What do I think about the stability of the solution?

I would rate the stability of Radware Cloud WAF Service a nine out of ten. While the functionality is a 10 out of 10, occasional internet connectivity issues cause temporary access problems.

What do I think about the scalability of the solution?

The scalability of Radware Cloud WAF Service rates as a perfect ten out of ten, as we haven't encountered any scaling issues.

In the security team, four of us work with this solution. We have about 4,000 employees.

How are customer service and support?

Technical support from Radware rates as a nine out of ten, as their support is very good.

Which solution did I use previously and why did I switch?

Radware Cloud WAF Service is the first cloud WAF solution we have used. We were using only an on-premises physical appliance.

As compared to our on-premises solution, Radware Cloud WAF Service offers better protection and can even provide significantly better security. In baseline protection, it matches our on-premises solution but has additional functionalities, including AI-driven signatures. This upgrade brings many more security features that we didn't have before. Overall, I would rate it much higher.

Radware Cloud WAF Service works well. There are many instances that we could not flag bot traffic using our traditional on-premises WAF. We use them concurrently. We compare the clean rate of what passes through the cloud instance with what passes through our on-premises instance. It has freed up many of the compute resources we have on-premises. Thus, much of the malicious traffic is stripped away at the cloud level before the clean traffic reaches our on-premises sites.

How was the initial setup?

The deployment of the Radware Cloud WAF Service was quite easy and took about two to three days, thanks to the helpful and responsive support team from Radware.

Apart from fine-tuning the security policies, much of the maintenance work is effectively handled in the background by the Radware team. As a result, there is very little to no maintenance required on our end.

What about the implementation team?

We were supported by Radware's onboarding team. They prepared our dashboard.

What was our ROI?

The Radware Cloud WAF Service saves us a significant amount of time, estimating around 30% to 40%.

With our on-prem solution, we spent a lot of time on maintenance tasks, OS updates, and ensuring appliances ran smoothly, but with Cloud WAF, all that is managed by the cloud team, allowing us to focus on alert analysis.

What other advice do I have?

For false positives, you need to properly tune the detection rules. In the beginning, it operates in a learning mode, which Radware refers to as "reporting mode." This mode simply reports on what is happening but doesn’t actively block any threats. When you transition to active protection, it’s crucial to take care when defining your threat signatures. If you don't, there can be some false positives. However, with excellent support from the onboarding team, we were able to resolve those issues very quickly, and after that, everything went smoothly. In the initial stages, it can be a bit tricky. There are some false positives, but they can be adjusted and fine-tuned. Once in a while, a false positive occurs, but we now have the knowledge on how to mitigate that.

A lot of applications are currently hosted on-premises. With a Cloud WAF, you need to redirect traffic to the cloud instance, and then the traffic is routed back. Initially, our main challenge was addressing internal threats, specifically insider threats. These applications are accessible both within our environment and to external users. However, since we began using cloud protection, it has primarily catered to external source traffic, leaving internal source traffic unprotected. Fortunately, Radware quickly developed a secure pathway functionality that can also redirect internal traffic to be inspected in the cloud. This feature is something we haven't implemented yet, but it is definitely on our agenda for implementation very soon.

The application protection from Radware Cloud WAF Service has API security, which protects the APIs we define against the different OWASP Top 10 API security threats.

I would rate the Radware Cloud WAF Service as a nine out of ten. Overall, it is a very effective solution that meets our expectations and blocks traffic as advertised.

    Tanuj-Garg

API discovery, bot defense, and DDoS capability optimize application security and development

  • May 09, 2025
  • Review from a verified AWS customer

What is our primary use case?

We are choosing Radware Cloud WAF Service over traditional WAF because it has API first behavioral protection, advanced bot defense, and layer 7 web DDoS capability. It was chosen because of the hybrid and Cloud native app environment. For internal and external customers, we have approximately 1300 plus customers in our data center colocation, and all of them are using Radware Cloud WAF Service.

There are various use cases for Radware Cloud WAF Service. One is about securing public-facing portals, internal applications, and APIs, including REST API and GraphQL API. The deployed assess provides services to internal IT customers and external customers. This WAF is configured in reverse proxy mode plus API security module, and it is integrated with CI/CD pipeline for secure application development.

We have been using Radware Cloud WAF Service as it supports integration with CDN services such as Akamai, Cloudflare, and AWS CloudFront. Radware has CDN nodes for optimized delivery and protection. However, we have been using AWS CloudFront currently, but I'm in discussion with the Radware team about acquiring more Cloud WAF licenses, along with Cloud DDoS, to enhance Cloud DDoS protection capability. They have recently launched Cyber Controller Plus, so I'm going to procure Cyber Controller Plus.;

What is most valuable?

Automatic API discovery and schema validation is something we have appreciated about Radware Cloud WAF Service. It has automatic API discovery, protection against injection, abuse, and credential stuffing. It also has token-based authentication and enforcement, along with rate limiting. Bot and threat protection is another excellent feature.

It eliminates manual API inventory and documents and streamlines the security policy creation. It reduced the work for developers and the SOC workload because with a large SOC team, it helped to offload and eliminate overhead costs, providing SOC people with better resources.

Automatic threat detection in blocking and detecting without manual intervention is essential. Scalability is another benefit because it has Cloud native architecture. Cloud native architecture is readily scalable, requiring no hardware maintenance.

What needs improvement?

I see areas in Radware Cloud WAF Service for improvement, specifically in its initial tuning period, because the machine learning model takes two to three weeks for baseline behavior establishment. Closely monitoring alerts during this period is essential to avoid false positives. 

There's an alert noise issue; during the early stages, we received a high volume of alerts for minor issues, requiring collaboration with the SOC team to fine-tune thresholds and concentrate on genuine threats. 

The documentation is not up to par, as while the platform's system is robust, the documentation, particularly for API integration, could be more developer-friendly with real-world use cases.

For how long have I used the solution?

We have been working with Radware Cloud WAF Service for almost four and half to five years now.

How are customer service and support?

My experience with the technical support of Radware Cloud WAF Service is that they are excellent, and I have established a strong relationship with the executive leadership up to Roy, the CEO. They provide excellent support.

How was the initial setup?

My experience with the pricing, setup costs, and licensing of Radware Cloud WAF Service is positive because I'm a Radware shop. I have all the Radware products, so my feedback is purely positive.

What was our ROI?

I have seen a return on investment with Radware Cloud WAF Service since I have been providing support and selling it as a service to customers.

Which other solutions did I evaluate?

When looking into Radware Cloud WAF Service, I evaluated F5 and Fortinet as other options.

What other advice do I have?

We have been using many products provided by Radware. API discovery in Radware Cloud WAF Service was straightforward. Although initially, our people were new to Radware, and we had some challenges in the initial phase with false positives and early learning phases, especially with custom applications. Over time, with its intuitive UI, we were able to implement it quickly; my team learned and started working on it.

Radware Cloud WAF Service is integrated with SIEM and our SOC team of 75 people. Initially, during the early phase, false positives were common because SIEM was learning the traffic pattern, monitoring the logs, and adjusting the sensitivity. We accomplished policy tuning efficiently by manually fine-tuning the security parameters after analyzing the pattern and adjusting the threshold to reduce noise.

Radware Cloud WAF Service has been doing excellent work in protecting against zero-day attacks. We are using the automated source blocking feature. It has significantly helped our compliance efforts and helps maintain business continuity with its DDoS protection capabilities, which we utilize through real-time behavior-based detection using machine learning.

I rate Radware Cloud WAF Service eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Wilmer Beltran

Features geo-blocking, protection against unknown threats, automated analytics, and excellent support

  • April 21, 2023
  • Review from a verified AWS customer

What is our primary use case?

Our company infrastructure is supported in AWS, and we use Cloud WAF to protect most of our applications, including mobile apps, our main website, and other business-related apps. 

We have many applications in the AWS cloud, including API gateways and balancers, so the backend is made up of all our apps and network load balancer. We use the solution as a frontend protection tool, and the integration is simple, uncomplicated, and works fine.  

How has it helped my organization?

The most significant benefit of using Cloud WAF is the robust protection it provides, particularly against Layer 7 attacks. We've been protected against attacks on our website, and in the case of one DDoS attack, Radware supported us in detecting the attack behavior and blocking the threat. The block took five to ten minutes, we configured the solution to account for the specific behavior of the attack, and we re-established our website. 

The product significantly reduced our false positives, as we previously had many. We had more false positives just after the implementation, but following some reconfiguration and changing some features with the help of Radware's implementation team, the tool works fine. We only have a few false positives; we've seen a reduction of around 80%.  

Cloud WAF helps to free up our IT staff for other projects and saves us significant time. I manage the solution and log into the console around once a week; it takes very little time to configure. The tool doesn't require continuous supervision, just infrequent configuration changes, five times a month.  

What is most valuable?

Geo-blocking is one of the most valuable features we use the most; most of our users are in North, Central, and South America, so we use geo-blocking to block access from other countries.

In our experience, Cloud WAF effectively prevents unknown threats and attacks. We have received reports of attacks in the past, but the product successfully blocked them. In a few instances, we contacted Radware support for assistance in blocking specific attacks. Despite experiencing around three incidents over the past four years, we are satisfied with the solution's performance and have not encountered any further issues.  

The solution's automated analytics for looking at events works great, as it has a model that can analyze the traffic and respond to an attack. We can also configure the tool to block or allow specific traffic based on the analytics.

What needs improvement?

We receive many reports from our security team of IPs flagged by our security tools, such as Palo Alto. I cannot add the file containing the IPs to get them blocked; instead, I have to contact Radware support and open a ticket for them to do it. I need to be able to block flagged IPs myself, as it currently takes more time to open a ticket, contact the support team, and wait four to six hours for a response. I want to be able to upload a file with 2,000-3,000 IPs in the console and then apply and save the configuration.

For how long have I used the solution?

We've been using the solution for four to five years. 

What do I think about the stability of the solution?

The solution is highly stable; we never had a direct issue with the tool in four years, so it's very solid. 

What do I think about the scalability of the solution?

The solution is highly scalable; we can apply multiple servers and add applications to Radware almost immediately. 

How are customer service and support?

We have contacted support on multiple occasions, and they are excellent, though it depends upon the case. If we have a P1 issue, we can contact support by calling them directly, which takes up to 15 minutes. For non-critical regular tickets, these can take between four and six hours, which is good. If we have multiple issues, we can enter a Zoom call with support, and they will help us to block malicious traffic, for example. I rate them nine out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was very straightforward, and we implemented with a team of three or four staff. The product doesn't require any maintenance on our side; we sometimes receive emails informing us Radware will carry out maintenance, but it never affects the company.

What's my experience with pricing, setup cost, and licensing?

We are based in El Salvador and don't have a direct license with Radware; we purchase the license through resellers. The pricing is reasonable, as I managed an Akamai product in a previous position, and Cloud WAF is competitively priced.

What other advice do I have?

I rate the solution nine out of ten. 

Radware is very valuable to our business, the deployment is simple, and it only took a couple of weeks to see that value. 

My advice to others considering the solution is that it's a good tool. Regarding security, it's an excellent and feature-rich product that can protect your website, is easy to configure, and has strong support. The Radware technical support staff are very experienced and knowledgeable about their product. We can also generate periodic reports, and Cloud WAF is a great solution that will help improve your work.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    reviewer2165241

A plug-and-play solution with a minimal learning curve that offers good visibility into attacks

  • April 21, 2023
  • Review from a verified AWS customer

What is our primary use case?

Initially, all our services were on-premises, but we decided to move many of them to the Azure cloud to make them accessible to our customers. However, we discovered that certain attacks were going undetected and the native tools in Azure cloud were inadequate for protecting against them. As a result, our expenses were increasing due to resource exhaustion. To address this issue, we consulted with our vendors and found a Cloud WAF hardware solution. Once we implemented Radware Cloud WAF Service and combined it with application controls, bot protection, and DDoS services, our expenses were reduced by 80 percent. This was a remarkable achievement.

How has it helped my organization?

I report every month on any incidents involving our public assets. One particular use case that I focus on is geo attacks, which help identify who is attempting to access these resources from locations outside of our Southeast US customer base. This helps reduce unnecessary noise. We also have private APIs that are only accessible to specific vendors, and it's important to secure them with an access list. Although it is a basic measure, it allows me to monitor who is attempting to access those resources. The unknown threat aspect of it is not a frequent occurrence.

Radware Cloud WAF Service provides excellent automated analytics for event analysis. Its visibility feature alone is a selling point for the product. When we initially invest in cloud services, it can be difficult to monitor activity. We only receive a bill indicating increased CPU and RAM usage. The analytics provided by Radware Cloud WAF Service has been extremely helpful in this regard.

Radware Cloud WAF Service has significantly reduced our Azure bill by filtering out unnecessary CPU, compute, and bandwidth usage on the front end. Previously, we experienced a lot of errors and serious issues due to APIs being exposed, and our developers could not always understand why these errors occurred. However, once we implemented Radware Cloud WAF Service, it significantly reduced the noise and eliminated malicious data. As a result, our developer logs now look good, and we can identify who is targeting us and their intentions through the provided metrics. It has been incredibly helpful from a management perspective as we can present them with dashboard metrics showing how the tool is blocking and protecting us. They appreciate this information.

Radware Cloud WAF Service has helped reduce our false positives by 90 percent.

We quickly recognized the value of the Radware Cloud WAF Service upon deployment. However, we needed to ensure that the business owners understood the changes being made. Upon activating the spot protection and geolocation service, we noticed a significant decrease in illegitimate traffic. Prior to the implementation, we were receiving an overwhelming amount of hits, averaging between 150,000 to 160,000 per hour on certain pages. Once the services were activated, this number decreased to only 2,000 to 3,000 hits per hour, indicating that a majority of the previous traffic was not legitimate. This allowed us to reduce our footprint in Azure and do so immediately. It is evident that the internet is filled with a vast amount of illegitimate traffic, with many individuals scanning for open services. The implementation of Radware Cloud WAF Service helped eliminate this issue within a day.

What is most valuable?

Before the introduction of Azure cloud-native tools, monitoring visibility was inadequate, making it difficult to identify the cause of resource attacks. With the current visibility dashboard, we can now obtain insight into the nature of attacks, identify attackers, and detect top IP or threat regions. This dashboard has proven to be helpful in improving our ability to identify and respond to attacks.

What needs improvement?

Radware Cloud WAF Service has significantly reduced the number of attacks and improved our visibility. However, there are some areas where it could improve its maturity. Previously, the interface, Bot manager, and Cloud WAF were separate interfaces, but they have now been merged into one dashboard. However, the current setup is somewhat cumbersome, and there is room for improvement in this area.

Radware Cloud WAF Service has limited integrations, and I would like to see it integrate with our use of Azure DevOps. Specifically, I would like it to be able to automatically detect and protect new APIs and changes made to existing ones, utilizing the API discovery and protection features. Currently, there is no integration for this. If we use a SIM, we can receive email alerts or check the dashboard for information on the types of attacks, but this is not an ideal or modern approach to alerting. It would be beneficial for the service to integrate with top enterprise tools like SIEM, allowing for more efficient and effective alerting and logging. Unfortunately, there are currently no native tie-ins for some of the products we use, requiring us to set up email notifications to our SIM. Therefore, integrating with enterprise tools for alerting and SIM purposes would be greatly appreciated.

I wish to have improved integrations with larger vendor tools, such as alerting systems or SIMs, to enable us to pull and query performance metrics for analysis. As a fairly large organization, we require a tool that can consolidate data from multiple applications into a single location for better visibility and decision-making. Unfortunately, we are currently unable to extract this data into any of our existing systems.

For how long have I used the solution?

I have been using Radware Cloud WAF Service for two years.

What do I think about the stability of the solution?

I have only experienced one outage with Radware Cloud WAF Service in the past two years, so I would say that it is very reliable and stable.

How are customer service and support?

The interfaces have significantly improved, but we had numerous queries about their functionalities and how to enable specific capabilities for monitoring purposes. We had to spend a considerable amount of time trying to understand the process, such as what we needed to turn on and how to turn it on, as well as interpreting the log entries. As a result, we had to contact support multiple times, which involved a lot of back and forth. Additionally, during certain periods, our services were targeted by heavy DDoS attacks, and we had to rely on support heavily to mitigate them. There were a few instances where we had to request significant assistance from support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we utilized Azure Application Gateway, which included a built-in WAF capability. However, due to its cumbersome nature and limited capabilities, approximately 10 percent of Radware Cloud WAF Service, we switched to Radware. Azure CloudApp lacked reporting functionality, making it difficult for us to identify attack sources, methods, and user agents.

In comparison to Azure Application Gateway, Radware Cloud WAF Service has the ability to detect all types of attacks. While using Azure, there were a few attacks that utilized a unique combination of user agent strengths which Azure Cloud WAF was unable to detect. Due to limitations in the user registry and signature attack type, it could not comprehend how to prevent these attacks. Therefore, we opted to switch to Radware Cloud WAF Service, which was better suited to meet our security needs.

How was the initial setup?

Setting up Cloud WAF was straightforward, but the bot protection was a bit of a mess initially. When the product was first launched, separate dashboards were provided for both services, giving the impression that they had separate support from the company. However, over the last two years, they have been consolidated into a single dashboard, making deployment and management much easier. Despite the initial difficulty with bot protection, Cloud WAF was ultimately easy to deploy. We required two people for the deployment.

What about the implementation team?

The implementation was completed in-house.

What's my experience with pricing, setup cost, and licensing?

Radware provides same features and coverage as competitors for a significant discount.

Which other solutions did I evaluate?

We assessed Citrix Web App and Imperva DDoS, and Microsoft urged us to test their latest version of Cloud WAF. However, we declined their offer and instead opted for Radware Cloud WAF Service because it was effortless to implement. We were able to turn it on and have it working on the same day without requiring extensive integration, which was necessary for the other options we considered. We preferred a plug-and-play solution with a minimal learning curve. Radware Cloud WAF Service met these requirements and has been functioning well.

What other advice do I have?

I give Radware Cloud WAF Service a nine out of ten.

We are interested in utilizing the API discovery feature, but since we frequently make changes to our APIs using a DevOps pipeline, our APIs change on a regular basis, almost every two weeks. Our company's current goal is automation, and all changes to the environments must be done through a coded pipeline with variables. Unfortunately, the API discovery feature may slow down our automation capabilities, making it difficult to push changes every two weeks unless the interface is improved. While we would like to take advantage of the API mapping and different attack techniques, we cannot use the feature until it becomes more mature and integrated with our automated pipeline.

We deploy the solution across one location.

The ability to log in and review data and logs is a crucial feature for me when choosing a Cloud WAF. While most services have similar capabilities, the differentiator lies in how well they can parse and present the data. I had trouble with Citrix as it was difficult to obtain and interpret the data to prevent attacks. However, Imperva has an excellent interface for pulling data, which helps us make informed decisions. Radware stood out as the best in both areas, with their dashboard being user-friendly and responsive. The implementation was also straightforward as all the necessary information was readily available. It only took a few hours to set up a new site, making it easy to go live quickly.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

showing 1 - 10