Wallarm NG WAF Review

Helps us to monitor attacks to our sites and prevents a lot of them

What is our primary use case?

Protection of modern web applications from attackers. Wallarm WAF is a very useful solution for this.

How has it helped my organization?

Improves nothing.

Helps us to monitor situations in regards to attacks to our sites and prevents a lot of them.

What is most valuable?

The most powerful feature is the ability to first learn what type of query to make to your web application when it is attacked and what type of query creates a false positive to your app. You can first learn Wallarm in monitoring mode, then turn it on blocking mode. It is a cool feature and helps a lot to not block real users and only block robots and attackers.

What needs improvement?

The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Yes, but with newer versions, the number of issues with stability has been going down.

What do I think about the scalability of the solution?

Not yet.

How are customer service and technical support?

They have good technical support. It is still not perfect, but much better than in the first version of product.

Which solution did I use previously and why did I switch?

Yes, it was ModSecurity, but their WAF is not flexible and gives a lot of false positives because you need to create regular expressions for a lot of queries. It is hard and not useful. 

How was the initial setup?

The first setup was not so trivial as we suspect. There were problems with monitoring. There were problems with the setup, but the guys already solved these problems, and now it is fine. 

At first, we started use Wallarm instead of our web server, but later start using Wallarm as a reverse proxy for the whole web application in our network and it is better solution for us.

What's my experience with pricing, setup cost, and licensing?

Pricing must be cheaper than the competition and the licensing must be good.

Which other solutions did I evaluate?

Before we switched to Wallarm's first version, we tested Imperva WAF but Wallarm's results were much better than Imperva and we choose Wallarm with a big discount for first year of usage. It was really good for our needs.

What other advice do I have?

Set up Wallarm as a reverse proxy. Do not replace your web server. Use Wallarm first in monitoring mode, then learn from Wallarm which type of request is false positive and which type of request is not. This process takes a couple of weeks for very highly-loaded web applications (few millions of unique visitors in one month). Then you can turn Wallarm into blocking mode and everything will be fine. Do not forget to build a monitoring system, the wave, and API for it.

Before we started using Wallarm, I already knew Ivan (CEO) and Stepan (COO) from a couple of years before. Ivan had his own security company and Stepan was working on a Russian security magazine called Xakep. They told us that they wanted to create a new WAF and already had a working version of it. They asked me to test it. We did tests, and it was really good. After few month after testing, we signed an agreement. Our choice was made not because we knew these guys for a long time, but because the product was really cool and we were glad to start using it as one of the first on the market!

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment