AWS WAF Review

Provides good OWASP top 10 protection but needs improvement in security efficiency related to bad bots

What is our primary use case?

I'm a manager and in charge of IT infrastructure and information security for an airline company. We're a customer of AWS WAF. We use the product to protect the websites that our customers access to book flights. It provides the sites with DDoS protection and OWASP top 10 application security.

What is most valuable?

The best features are the security firewall and the features that protect against database injections or scripting, and against overall OWASP top 10, but I have concerns about the cloud front which doesn't handle bot attacks properly, so it's not as effective as I would like it to be.

What needs improvement?

A significant improvement would be built in bots protection enhancement, or seamless integration with other products. For now, there are limited feature to protect against an attack from the bad bots so users go to third party solutions, which just complicates integration and operation.

A helpful additional feature would be to have a fully unified unique product, including the DDoS, with sophisticated attack capabilities including anti bot management. They should also take a look at reviewing the complexity of the integration with other third-party vendor solutions.

For how long have I used the solution?

I've been using the product for the last two years. We upgraded recently and I'm using the latest version. 

How are customer service and technical support?

Technical support is good. 

How was the initial setup?

Deployment is easy, it's not complex.The complexity is when you need it for integration with other third-party products. We also use CDN, part of the web solution from Amazon. 

What's my experience with pricing, setup cost, and licensing?

The price of the product is fair enough and one of the product's advantages. Their price is good compared to other vendors. 

What other advice do I have?

The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products.

I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva.

I would rate this product a seven out of 10. 

Which deployment model are you using for this solution?

Public Cloud
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More AWS WAF reviews from users
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,431 professionals have used our research since 2012.
Add a Comment
ITCS user