The core use cases for Radware Cloud WAF Service are web application firewall functionality, DDoS protection, and protection against zero-day vulnerability and emerging threats.

The most valuable aspect of Radware Cloud WAF Service is that it supports mode detection and provides email alerts on sudden alert spikes and early warnings. The most advanced feature is the DDoS protection and the way this web handles DDoS attacks, as I am currently working in the SOC team and managing the Radware administration part.

Regarding zero-day attacks, Radware Cloud WAF Service helps us actively receive early warnings, and we raise those to the relevant teams. The services related to zero-day attacks and threat intelligence are very effective.

The dashboard of Radware Cloud WAF Service could be more interactive and user-friendly. While implementing it for the first time, it requires core technical knowledge, and without that knowledge, implementation can be quite challenging. However, the support from Radware is excellent when support cases are raised.

I have been using Radware Cloud WAF Service for three and a half years in my career after joining my current organization.

Regarding stability, I have not experienced any lagging, crashing, or downtime in my experience with Radware Cloud WAF Service.

Radware Cloud WAF Service is scalable; once we set up the entire service and it is up to date, we can onboard as many applications as our license allows.

I have contacted Radware's technical support many times, and their quality is very good as we receive timely support according to the case priority. Their engineers are skilled and capable enough to resolve issues quickly.

I have used alternatives to Radware Cloud WAF Service, specifically Akamai Web Service, which is a very popular service. One of its disadvantages is that it does not support custom ports like Radware does.

The entire process of onboarding the application for the first time with Radware Cloud WAF Service requires core technical knowledge, but with the support of Radware, it becomes much easier.

The pricing of Radware Cloud WAF Service is lower compared to Akamai, and while the price in the industry is acceptable, it is not too expensive.

The combination of negative and behavioral-based positive security models provided by Radware Cloud WAF Service is very important for my organization's security strategy, as the main purpose of Radware WAF is security.

Regarding maintenance, we receive quarterly reports, which are sufficient.

On a scale of 1-10, I rate Radware Cloud WAF Service an 8.

We have COTS and SaaS applications that are onboarded behind this Radware Cloud WAF Service. We are leveraging the Radware SaaS platform, and that is how it is being used; we have huge traffic hitting every day on the applications hosted behind it.

The Bot Manager operates on the concept of AI/ML and is essential for our security strategy. The security events and alerts generated by the Bot Manager are crucial, enabling us to stop numerous attacks from various sources. By using the Bot Manager, we've discovered important insights about our incoming bot traffic that we weren't aware of before. Previously, we did not have that functionality, but after enabling Bot Manager, we began receiving alerts and visibility into anomalies that we weren't aware of. This added visibility allows us to monitor identified traffic, with some already blocked while still keeping others under watch, protecting our applications from excessive traffic through Radware Cloud WAF Service.

The real-time BLA detection and mitigation processes have significantly enhanced our threat management with Radware Cloud WAF Service. Enabling various blades, including this real-time functionality, ensures we have visibility and can block undesired traffic effectively.

I have tried using the API discovery feature with the Radware Cloud WAF Service for almost all of our onboarded applications, and it's pretty straightforward. It provides useful results, and our application penetration testing team leverages it significantly, making it very helpful for gathering data during tests.

We have integrated Radware Cloud WAF Service with our SIEM tool to capture audit logs and security events. The integration process is quite simple, thanks to the available connectors and developed methodologies, making it one of the simplest integrations we've done, even though they have limited connectors and integrations at this point.

Incorporating Radware's combination of negative and behavioral-based positive security models is becoming essential for our security strategy as we delve into the AI world and machine learning. User analytics and behavior analysis are very important, with anomalies flagged by the analytics engine running behind the traffic hitting the Radware Cloud WAF Service.

What I appreciate the most about Radware Cloud WAF Service is that the UI is quick and very simple. Ease of administration is crucial since I'm the administrator looking after it. The functionality they have, starting from onboarding applications to managing them, is pretty straightforward; modifications, additions, or deletions are completed without complex codes or scripts. Additionally, the data populated post-onboarding includes both an executive view and detailed views for security analysts, which are incredibly helpful. If we compare this to other Cloud WAFs, we often don't get as much information for many security alerts, requiring deeper investigation. However, with Radware Cloud WAF Service, details are available when opening any security alerts, making the process more efficient.

Source blocking is a straightforward feature in the Radware Cloud WAF Service. We can easily block or whitelist traffic coming from certain geo-locations or specific IPs. I find that feature nicely implemented in a simple manner.

The web DDoS protection, particularly HTTP L7, is critical and has helped us immensely. It provides visibility, especially over port 80 and 443, as well as custom ports offered by Radware, and has proven essential for preventing denial-of-service attacks, whether distributed or isolated.

The automated analytics for looking at events is where there is room for improvisation in the Radware Cloud WAF Service. They are working on improving the automated capabilities of workflows and integrating AI, but it's not quite up to the mark yet. There's a lot of work to be done since various customers have different requirements, and any implemented automated features should provide expected results.

They need to improve the support side. Information should be more readily available on their support portal, especially knowledge-based articles for customers to resolve queries independently. The support portal used to be slow, and the UI experience was less than ideal, although it has improved over time. Additionally, the lack of an AI chatbot has been a downside, though we have been notified that functionality is in development now.

On the reporting side, customization options are limited; creating tailored reports is currently not possible, which is a significant drawback since full customization is crucial for effective data presentation.

I have been using Radware Cloud WAF Service for two and a half years.

In terms of stability, Radware Cloud WAF Service operates at 99.99% uptime. I have never witnessed any lagging, crashing, or downtime.

Scalability isn't an issue with Radware Cloud WAF Service; we can onboard as many applications as we need, and since it operates in the cloud, they effectively expand their resources as required.

I have contacted technical support with Radware Cloud WAF Service numerous times, mainly because I am the administrator overseeing all features. I regularly interact with their support team and customer success managers. The quality of support from Radware Cloud WAF Service is good; however, they must improve the speed of addressing customer queries, especially for straightforward questions. They adhere to policies but need to resolve blockers for customers much quicker. There's substantial room for improvement on their support side. I would give a score of seven out of ten for the quality of support received from Radware Cloud WAF Service based on my current experiences.

I have used alternatives to Radware Cloud WAF Service, including Akamai, which we leveraged for different purposes, but that service is being discontinued.

The initial deployment with Radware Cloud WAF Service was straightforward and lacked complexity. There wasn't much information needed, making it easy to set up.

There is no maintenance required on our end since Radware Cloud WAF Service is a cloud-based and SaaS product. They manage everything, and we only need to monitor our applications.

Pricing with Radware Cloud WAF Service depends on the applications we want to onboard and how negotiations go between our technical commercial teams and Radware. Based on all current deals, it has been a win-win situation for both parties, and I feel satisfied with the pricing.

When it comes to false positives with Radware Cloud WAF Service, we absolutely get a lot of them. Whenever we onboard new applications, it's expected to encounter numerous false positives, which will mature over time. We have tweaked our queries to improve the ratio of true positives versus false positives, and now we don't see as many false positives compared to when we started with Radware Cloud WAF Service. It is important to note that onboarding applications with high traffic will still likely yield some false positives, which is expected in the cybersecurity world, but we see it maturing over time.

With regards to protecting against zero-day attacks using Radware Cloud WAF Service, we haven't seen any such attacks being caught or flagged by the Radware team. While we do catch information from various sources, media, and other channels, we feel there isn't a reliable tool that can notify us of zero-day detections at the outset.

We don't use any CDN services with the Radware Cloud WAF Service at the moment. All our applications are on-prem, accessed from specific geo-locations, and currently, we don't require CDN services.

We are not using the PCI DSS 4 extension compliance with Radware Cloud WAF Service, as we don't have any applications storing sensitive records.

I would rate Radware Cloud WAF Service a nine out of ten.

We are generally using the Radware Cloud WAF Service to secure our external web applications. We are not using the API Discovery feature as of now, but we are using the Web DDoS module of the Radware Cloud WAF Service.

Radware Cloud WAF Service has reduced the time needed for management. Overall, it saves us time. At the start, we had to give a lot of time to Radware Cloud WAF Service as we were unaware of the portal. Now, we have automated most parts, and we are just checking it once a day for about 10 to 15 minutes.

The combination of negative and behavioral-based positive security models for our security strategy was helpful. We had a number of requests that were not supposed to be entertained by the web server. Now, we are blocking them via the WAF. Regarding protecting against zero-day attacks, we have not received any zero-day attacks so far.

We use the source blocking feature with IP blocks. The solution's proactive and holistic approach based on cross-module correlation has effectively protected our applications. Earlier, we allowed most IPs to access our application, but now, with that module, we only allow certain IPs from which we genuinely expect requests, significantly reducing attack traffic and bandwidth utilization.

The mitigation has been very good. We have not seen many false positives compared to our previous experiences, and the mitigation has been good as of now.

The integration process was easy and smooth. However, many of our systems are not integrated with Radware Cloud WAF Service.

The best feature of the Radware Cloud WAF Service would be that it is easy to use. The panel itself is very easy to understand, and we can get along with the panel easily. Also, the security features provided by Radware Cloud WAF Service are very good as compared to other vendors. Apart from that, the features are good.

The log feature in Radware Cloud WAF Service has some limitations. Unfortunately, the portal does not provide much information. If there is an issue, we may need to raise a case with the vendor to obtain further details. Aside from that, the other features are quite good.

In the Radware Cloud WAF Service, areas that have room for improvement include the logs part. Currently, we only see logs for requests that are getting blocked. It would be helpful if there was a feature to view all application traffic logs. Also, the visibility on the configured rules in Radware Cloud WAF Service is not better; we do not have any visibility on those rules. The two areas are logs and the visibility of rules, which need improvement.

I have been using the Radware Cloud WAF Service for more than a year and a half.

Regarding stability, I would rate it an eight out of ten.

For scalability, I would rate it a nine out of ten.

Currently, we have six users working with the solution.

It has been good. I would rate their support as a nine out of ten.

Apart from the Radware Cloud WAF Service, we tried F5 Cloud WAF as well. As compared to F5, using Radware Cloud WAF Service was easy to use and easy to understand. All the security features we require are straight away given in the console. Creating an application and enabling the security features is not much harder as compared to F5.

The deployment of the solution was easy.

The solution does not require any maintenance.

We purchased the solution through a partner.

Overall, the Radware Cloud WAF Service has helped reduce our false positives significantly, reducing our bandwidth cost. We can say it has halved the bandwidth cost by blocking true positive attack traffic.

It was better and efficient compared to other vendors.

Regarding securing business continuity with the Web DDoS feature for HTTP L7, we had a couple of applications with a DNS entry receiving false alerts, which meant false traffic. This caused a huge consumption of our bandwidth, so we raised a case with Radware. They suggested we use the Web DDoS feature. By using that feature, we are blocking most of the true positive requests that we should not be entertaining on our bandwidth, saving costs on bandwidth as well.

We keep the controls on report mode, analyze the logs for about seven days, and if we find any true false positives, we check on them. After seven days, we move the controls to block mode.

We are not using the CDN service offered by Radware with the Cloud WAF Service.

I would recommend Radware Cloud WAF Service to other users. My overall rating for this solution is a nine out of ten.

My use case for Radware Cloud WAF Service is for blocking malicious IP addresses.

Radware Cloud WAF Service blocks threats effectively, providing a comprehensive report that shows the traffic and denied traffic from malicious IPs or specific countries, so I am satisfied.

Radware Cloud WAF Service has reduced the false positive rate, and it's beneficial for our organization. By using Radware Cloud WAF Service, 30% to 40% of false positives are reduced.

For zero-day attacks, Radware Cloud WAF Service integrates threat intel, which detects anomalous traffic and blocks it automatically, preventing attackers from entering our organization or attacking our domains. Source blocking is effective because it has good capability to handle things automatically without human intervention, as a human cannot handle all the alerts and traffic.

The real-time BLA detection and mitigation of Radware Cloud WAF Service strongly performs to mitigate and take action against contamination. Radware Cloud WAF Service is quite effective and handles all traffic to HTTP or HTTPS effectively.

My organization is quite large, so we have to monitor activities promptly. Since it's not possible for a human to detect and address every threat, we implemented Radware Cloud WAF Service, which automatically detects and prevents DDoS threats and traffic without human intervention, making it better for us and protecting our organization.

With the automated analytics of Radware Cloud WAF Service, if multiple logins occur from the same malicious IP in the same pattern, the AI automatically recognizes it and takes the appropriate action, such as blocking or allowing, which is beneficial for us.

Improvement areas could be some of the AI capabilities related to false positives. The required IP addresses sometimes get blocked, so that needs to be enhanced. The AI recognizing features can be improved. Recognition aspects could be refined; it's performing at almost 99%, so there's a small margin for improvement.

I have been using Radware Cloud WAF Service for three years in my organization.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

We have about 35 users working with this solution.

I would rate their customer support a ten out of ten.

It is easy. It takes 10 to 15 days.

The pricing for Radware Cloud WAF Service is moderate; it's not expensive. We can't say it's low and we can't say high; it's moderate, and I got that perfect point.

It is easier to use with a moderate cost than others.

To assess Radware Cloud WAF Service for blocking unknown threats and attacks, we have found that if an IP is identified as malicious, we can block it, and we utilize the graph chart provided. Using the CDN with Radware Cloud WAF Service is easy to implement and use; it's not a headache for us.

I would rate Radware Cloud WAF Service a nine out of ten.

My use case primarily involves the admin part, however, I haven't had a chance to do that yet. I'm using the tool for analysis purposes, such as monitoring application traffic trends and observing DDoS traffic and cloud requests, whatever hits we are getting from the internet on this application.

We also use the geofencing feature, which helps us significantly. During the recent conflict between India and Pakistan, we used the geofencing on our application onboarded on Radware Cloud WAF Service to block specific regions, preventing any unwanted traffic.

The features I find best about Radware Cloud WAF Service are its user-friendly GUI and the smooth deployment or onboarding process. I've interacted with colleagues in engineering who have noted that application onboarding is straightforward.

The dashboard allows me to see trends weekly, monthly, and daily for this particular application, enabling me to take action if I want to allow or block specific IPs or traffic.

I use Radware Cloud WAF Service daily for monitoring purposes, which saves approximately half an hour to one hour. In total, I can estimate around ten to 14 hours per week saved.

For automated analytics related to events, we can create details on the dashboard concerning automated analysis. I haven't explored it much but believe it would be useful for our respective business units since we've deployed various applications in Radware and they are regularly monitored by the application owners to ensure no impact on availability.

My assessment of Radware's solution to protect against zero-day attacks is perfect. I give it the highest marks of ten out of ten. Whenever such an issue occurs, we can directly add the relevant details or signatures for specific IPs in the rules, creating analytic rules to detect and prevent such incidents, which is commendable.

We are using the source blocking feature, which I consider one of my favorites. With geofencing, we proactively blocked many regions, and during that process, we raised a support case with Radware, which they addressed promptly by adding the IP list for blocking. After that, we learned how to block source IPs from the console, and I appreciated their good support.

I don't have any information on using Radware Bot Manager right now. For compliance, we have another team, the audit team, that monitors compliance processes related to application availability. They are the primary owners of the compliance for applications onboarded to Cloud WAF, and I do not track their specific changes.

We are using Web DDoS protection, specifically for HTTP L7, and I find it very efficient. There are no application issues as we create analytics rules to monitor traffic, and the implementation or configuration of such rules is straightforward.

Radware Cloud WAF Service is proactive, with notifications about scheduled maintenance provided by the Radware team, which helps us prepare in advance. If any issues arise, we can reach out to the support team, which is beneficial.

I've not explored deeply enough to identify areas for improvement in Radware Cloud WAF Service, but I can mention the retention policy. I'm not sure about how much historical traffic data we can access. Knowing the ability to view traffic from six months back would be beneficial for audit and compliance purposes, especially if an attack happens on an application. There was a request in the past that we couldn't fulfill due to this limitation, so I'd like to know more about the retention policy.

I have been using the solution since I joined the company in January 2023, so I have been using this tool for the past two years.

I would rate the stability of the service as a nine out of ten, which is quite good.

Regarding scalability, I can give it a mark of nine out of ten based on my experiences, as it meets our needs effectively.

My cybersecurity team consists of over 100 users, and multiple business units access Cloud WAF with their applications. I can estimate that approximately 150 to 200 people use it.

On a scale from one to ten, I would rate the technical support that Radware provides for Cloud WAF Service a perfect ten.

In terms of return on investment, we've saved around 30% to 40% of time and resources. We get major insights from the analytics rules and dashboards, allowing us to pinpoint main issues. This detailed summary of particular hits and application traffic is incredibly helpful. This efficiency also means we don't need to hire extra resources, as the Radware Cloud WAF Service interface is user-friendly.

I would definitely recommend Radware Cloud WAF Service to other users and organizations given the features we've utilized and the excellent support we've received, earning it full marks. Overall, I would rate Radware Cloud WAF Service a nine out of ten, as it performs excellently.

Radware Cloud WAF Service is utilised for analysis. As part of a SOC team and Incident Response Manager role, the team investigates incoming traffic to onboarded applications, identifies potentially malicious traffic, and takes appropriate action. This includes creating and modifying WAF rules and making decisions about which traffic is allowed or blocked, as well as IP blocking and related measures.

Radware Cloud WAF Service effectively blocks unknown threats and attacks, with no issues regarding its blocking capabilities.

The automated analytics meet my expectations for event analysis.

Its real-time, behavior-based anomaly detection benefits our threat management by reliably detecting and blocking malicious traffic.

Radware Cloud WAF Service is easy to use and requires little experience or resources. Basic tasks can be completed with minimal effort.

Radware Cloud WAF Service could improve its application onboarding process, as it only supports ports 80, 443, and 1024–65535; key ports like 993 and 995 needed for SMTP are unsupported, limiting email app protection. For IP whitelisting, the current setup allows all traffic from a specific allowed(whitelisted) IP without detection, which exposes threat. A more granular approach—allowing both page- and IP-specific access while detecting threats—is recommended.

The service earns eight out of ten for reducing false positives, but some legitimate traffic is still blocked due to header parameters. Whitelisting helps, but further improvements and AI-driven behavior analysis could enhance accuracy.

I have been using Radware Cloud WAF Service for more than two years.

The stability of Radware Cloud WAF Service is perfect; I would rate it a ten out of ten.

I find the scalability of Radware Cloud WAF Service to be perfect, rating it a ten out of ten.

I would rate their technical support an eight out of ten.

We have several other tools for threat management, but we primarily rely on Radware Cloud WAF Service. It effectively identifies, detects, and blocks malicious traffic. This is the main feature we are looking for, and Radware Cloud WAF Service performs exceptionally well in this regard.

Implementing Radware Cloud WAF Service saves 20–30 minutes per traffic analysis incident.

I notice that Radware Cloud WAF Service has drawbacks when compared to other WAF solutions, particularly because we were checking other solutions that support custom ports for application onboarding. Many custom-built applications run on different ports, and that is something that needs to be addressed; it should support custom ports. Other WAFs in the market currently support custom ports, which poses a major drawback for Radware Cloud WAF Service.

We are using Radware Cloud WAF Service to prevent our applications from attacks, such as DDoS and other attacks.

Using Radware Cloud WAF Service has saved us considerable time. It provides good visualization and traffic information, saving around four to six hours for investigating logs whenever we try to pull logs from any other tools.

Radware Cloud WAF Service is quite effective for blocking unknown threats and attacks. We have 10 to 15 applications onboarded with Radware, and it has proven to be good at blocking threats from external sources.

Radware Cloud WAF Service is able to protect against zero-day attacks. They are committed to preventing any potential attacks. It has the capability to analyze behavioral patterns, which allows them to implement preventive measures. I have received notifications from Radware confirming that they are fully optimized to address zero-day vulnerabilities at this time.

Radware Cloud WAF Service allow us to directly filter the data from whatever attack was performed, so we can directly filter the attack details from the event viewer section, which is very helpful to us. Another module that I appreciate about Radware Cloud WAF Service is that it provides custom port security. The other tools are not providing the custom port feature where Radware Cloud WAF Service is providing, and it will be very helpful to us.

The automated analytics for looking at events in Radware Cloud WAF Service are working for us; the automatic event correlation is very beneficial to analyze how the alerts and events occur and visualize the patterns of network traffic and other traffic going in and out from the application via Radware Cloud WAF Service.

The combination of negative and behavioral-based positive security models is important for our security strategy; since most of our applications work internally, behavioral-based analytics helps us address issues where methods such as POST and GET are not functioning, so we raise concerns with our internal team to whitelist applications, thus helping reduce blocking of traffic in our environment.

Radware Cloud WAF Service is effective, particularly in the custom service it provides and its capabilities in DDoS protection and bot manager facilities, making it effective for validating the correlation part of incidents.

Regarding areas in Radware Cloud WAF Service that have room for improvement, one thing we observed was that we received a notification where Radware Cloud WAF Service stopped working properly in our cloud environment without any prior notification. We got the alert around one and a half hours after the event occurred, so I would suggest that they should notify customers in such scenarios.

I have been using Radware Cloud WAF Service for three to four years.

The stability of the Radware Cloud WAF Service rates around nine out of ten.

The scalability of the Radware Cloud WAF Service deserves a full ten, as it is definitely scalable.

Organization-wise, we have more than 100 users using the service currently.

The technical support for Radware Cloud WAF Service rates 10 out of 10; whenever we require support, it is perfectly timely.

The deployment method of the Radware Cloud WAF Service is very easy; since most of our applications operate on custom ports, it helps us integrate and onboard them securely.

The solution does not require any maintenance from our side.

I am not directly looking into the integration aspect of the Radware Cloud WAF Service, but I have discussed it with other team members who might be using the integration part to collect logs from Radware Cloud WAF Service to get correlation and alert triggers for incident management tools such as ServiceNow and Sentinel, but they are not using it frequently or fully optimized currently.

We have discovered bot traffic involving attacks such as SQL injection. Radware's Bot Manager is working to prevent such attacks, especially with SQL injection and XSS attempts from outside entities. Regarding compliance with PCI DSS, we don't have any issues currently; we are also compliant with ISO 27001, and our applications onboarded on the Radware Cloud WAF Service operate without compliance issues.

We are using the web DDoS protection such as HTTP, L7 in the Radware Cloud WAF Service, and it is effective for us; we experienced an attack from the external side last month, which Radware Cloud WAF Service effectively prevented.

Overall, I would rate the Radware Cloud WAF Service a nine out of ten.