AWS WAF Other Advice

Rohit Kesharwani - PeerSpot reviewer
Manager, Engineering at 7-Eleven.

Integrating AWS WAF with other AWS services in our infrastructure is fairly easy. There are different tools through which we can do it.

AWS WAF is a fairly easy solution. Users need to build a few rules by themselves based on the vulnerability attack within the application.

Overall, I rate the solution a nine out of ten.

View full review »
AshishGautam - PeerSpot reviewer
IT Project Manager at Rajiv Gandhi Cancer Institute In India

I recommend Fortinet, as it is one of the best products, be it the virtual firewalls or the on-premises setup. If one wants to look for the on-premises setup, one must buy the hardware box.

I rate the overall tool a ten out of ten.

View full review »
Aravind D - PeerSpot reviewer
Senior Cloud Engineer at ASSA ABLOY Group

When we faced a DDoS attack before, we were not able to find the logs to identify the source of the attack. People who want to use the solution must have a basic knowledge about different attacks. Using the solution is easier if we know how the attacks happen. Overall, I rate the product a ten out of ten.

View full review »
Buyer's Guide
AWS WAF
March 2024
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
UU
Manager - Cyber Security and SOC at Continental Tire

I would recommend the solution to others. If a web application is completely hosted in AWS, then AWS WAF is a good choice. We can easily adopt it. Overall, I rate the solution a seven out of ten.

View full review »
RG
Chief Technology Officer at GyFTR - Vouchagram India Pvt Ltd

I recommend the solution for protecting web applications. 

I rate the solution a ten out of ten. 

View full review »
Adrian Milea - PeerSpot reviewer
Raiffeisen at Raiffeisen Bank Romania

I definitely recommend not only AWS. I also recommend Azure as an option. We have the integration with Office and the entire portfolio. The cloud, in general, it's a new thing to consider. For example, you have this GDPR with data in Europe. However, in the case of most of the clouds, you can select your regions and you have some control. 

I'd rate the solution nine out of ten. 

There are a huge amount of products. I'm not saying it's a bad or a good thing. However, it can be quite confusing. There are VPC, EC2, and other instances, and there are a lot of other services that you can use like Macie, where you can filter sensitive information. There are a lot of tools that require hands-on and new capabilities. For me, being at the beginning of this journey for cloud migration, I've been mostly quite happy with the results.

View full review »
Manikandan-R - PeerSpot reviewer
Senior Project Manager at Synopsys, Inc.

All our infrastructure is on AWS. My organization has been using AWS for the last eight years. Mid-size companies use ALB. We also use AWS Shield. Sometimes, we get alerts from AWS Shield. Our internal tools also send us alerts. We're completely on AWS. We do not integrate it with any other tool. Overall, I rate the product an eight out of ten.

View full review »
Aravindhan Suresh - PeerSpot reviewer
DevOps Engineer at Hippo Video

AWS WAF has three users within the company.

If I were to advise you on using AWS WAF, I'd tell you first to understand how the attack is happening. For example, is it a single server attack or multiple servers or regions? It would be best to find out which target is being attacked. You need to know the basics before using AWS WAF. You also need to know the rules. You need to understand how to secure your endpoints. Users should have a basic understanding of AWS WAF and its purposes before using it. You need basic cybersecurity knowledge.

I'm new to cybersecurity, so AWS WAF is the first cybersecurity product I used and based on my experience and usage, it's a ten out of ten. AWS WAF is a user-friendly, on-point tool, and I could understand it easily.

My company is an Amazon customer.

View full review »
IP
Group IT Manager at Civcns

We never had DDoS attacks. We do not check logs deeply. The service is a very small portion of our application server. It is not a business-critical service. We check logs only when we have any performance or connectivity issues. Overall, I rate the product a nine out of ten.

View full review »
Ashish  Paikrao - PeerSpot reviewer
Cloud Infrastructure Engineer at Pathlock

If a company needs an additional layer of security, it can use AWS WAF. I recommend the product to others. Overall, I rate the product a ten out of ten.

View full review »
Kavin Kalaiarasu - PeerSpot reviewer
Security Analyst at M2P Fintech

I would say that I think it's easy to use, easy to deploy, and has all the basic WAF features. It has no advanced features like bot mitigation or DDoS protection built-in. If it had bot mitigation or advanced security filter patching features, I would probably give it a higher rating, like a nine.

On a scale from one to ten, I would give AWS WAF a seven.

View full review »
Akshit Malik - PeerSpot reviewer
Junior Associate - IT at a tech services company with 501-1,000 employees

Overall, I would rate the solution an eight out of ten. 

I would recommend that understanding how the rules work exactly and finding patterns based on those rules is the most important thing in AWS WAF. It's quite easy to deploy at first, but afterward, it's essential to know how to handle it properly. Enabling the managed tools of AWS can sometimes block legitimate requests too. So, it's important to understand the type of requests you want to allow and how to configure the rules accordingly. It's quite an interesting aspect of AWS WAF.

View full review »
Aditya Mehta - PeerSpot reviewer
Director at a consultancy with 51-200 employees

Overall, I rate AWS WAF a nine out of ten.

View full review »
KO
DevOps Engineer at SEKAI

Just evaluate these simple things you need. And don't try to put too many features at the beginning because you might not need them. Every application is designed differently. 

Every business and customer is also very different, so if your application is more susceptible to some kind of engineering traffic then it's going to be very expensive.

Overall, I would rate the solution an eight out of ten. 

View full review »
KU
Linux admin at Ameex Technologies

AWS WAF has been releasing the product on a test-case basis.

It's always good to take precautionary methods for the production website. If everything goes fine, do work in your staging and UAT, not in the production part. The aforementioned details are the precautionary methods we have to follow.

Overall, I rate the solution a ten out of ten.

View full review »
ND
Head of Digital Product Office at a energy/utilities company with 10,001+ employees

We use the public cloud deployment model. We use the Amazon cloud.

From a technology perspective, Amazon is very simple. It requires, in order for it to run effectively, quite a mature cloud-based culture within your organization, however. My advice to others would be to get their operating model internally right before going ahead with the implementation.

I would rate the solution nine out of ten.

View full review »
Harkamal-Singh - PeerSpot reviewer
Solution architect at NTT

I've been using a mix of AWS products, including AWS WAF.

I'm satisfied with AWS WAF, and I've had no issues with it. I can't really find fault in the product. It's a good product.

We have hundreds of AWS WAF users within our company. We also have plans of increasing the number of users of the product.

The advice I would give to people who want to start using AWS WAF is that it's a good option if they're migrating to the cloud. It can take up a lot of legacy systems, e.g. it's scalable. Most of my customers are on the cloud, and for anyone who's struggling, it would be good to start anytime. Start small and scale, rather than just going fully onto the cloud.

Users need to pay for the product license.

My rating for AWS WAF is eight out of ten.

View full review »
VS
Principal Engineer at a tech services company with 51-200 employees

On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a seven or an eight. I do not like to give it a solid rating as of now because we are still in the process of implementing it. Once we have completed the implementation, we will be able to give you a proper answer. As recent as two weeks we were still considering ManageEngine, but we did finally decide in our comparisons that it cannot provide all of the features that we are looking for.  

View full review »
Dale Ellwood - PeerSpot reviewer
IT Infrastructure Architect at GoSee Travel

I rate the solution a ten. It requires executives with technical knowledge to understand the use cases.

View full review »
PC
Independent Consultant at Unaikui

I use the latest version of the solution. I have used Oracle and Azure too. Overall, I rate the solution a five out of ten.

View full review »
Venkatesh VRH - PeerSpot reviewer
Cloud Security Manager at a computer software company with 501-1,000 employees

Overall, I'd rate it a seven out of ten because it's not automated and it's a bit complicated to implement or deploy the solution.

View full review »
Trivikram Rajendreaprabhu - PeerSpot reviewer
Senior security engeneer at a media company with 1,001-5,000 employees

I rate AWS WAF an eight out of ten. I would advise new customers to choose custom policies because they provide more flexibility in guarding against attacks on cloud infrastructures. Additionally, it protects both regional and global servers.

View full review »
AK
Security implmentation engineer at a security firm with 51-200 employees

We have decided to use Cloudflare to integrate with AWS, and most of our issues have been resolved. I would recommend the solution. However, it depends on the customer’s data confidentiality. If there are confidential data on the servers, they should not be on the cloud. They can use the cloud solution if the data is normal and not critical. Overall, I rate the product a seven out of ten.

View full review »
Prasanth MG - PeerSpot reviewer
Software Engineer at Readyly

I advise others to set their security principles while building the software itself, as WAF is not entirely reliable. I rate it an eight out of ten.

View full review »
TM
AWS Security Specialist at a computer software company with 1,001-5,000 employees

You need to consider the use cases before implementing the solution. I rate it a ten out of ten. 

View full review »
CK
Infrastructure Engineer

I would advise someone considering AWS WAF to start with testing on AWS but be cautious of data transfer costs, especially if the project is longer than four months because that is when the additional cost appears. You should assess if it's suitable for your specific use case and make sure to test it before committing to avoid unexpected expenses when moving to the cloud. Overall, I would rate the solution a six out of ten.

View full review »
HM
CVO at Megaaisec

Overall, I rate the solution an eight out of ten.

View full review »
Prakash-Kumar - PeerSpot reviewer
CEO at Axcess.io

I give the solution a ten out of ten.

The solution is a public cloud platform and we have millions of users.

View full review »
AF
Advisory and IT Transformation Consultant at a tech services company with 10,001+ employees

My advice to others is they should give AWS WAF a try. It works well, secures the applications, and it improves them against attacks.

View full review »
AB
Solution Architect at a non-profit with 10,001+ employees

The solution may be expensive for smaller customers and vendors, although it would be recommended for large ones who can afford it. 

Our organization has only a few years, consisting of the internal team, who are making use of the solution. 

I rate AWS WAF as a six out of ten. 

View full review »
RG
Physical Designer at Semtech Corporation

I won't recommend it at the moment because I don't have a full picture to recommend it or say that it is bad or good. I'll probably just keep testing and go with it for probably another six months or a year, and then I can probably recommend it or not. 

Other vendors are also providing solutions for D-DOS protection and WAF. It would be nice to see something outside the box for AWS WAF to make it compete with other vendors.

I would rate AWS WAF a seven out of ten. It does what it is supposed to do, probably not in the best way and not in the best UI, but it works. We like the pricing part, but management is the thing that we don't love the most. If things keep improving, we're definitely going to scale with AWS WAF.

View full review »
MA
Manager, IT Infrastructure & Information Security at flyadeal

The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products.

I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva.

I would rate this product a seven out of 10. 

View full review »
SA
Superintendent of Cloud Platforms at a manufacturing company with 1,001-5,000 employees

I would rate AWS WAF a seven out of ten. 

View full review »
DS
Jefe subdepartamento Operaciones at a government with 10,001+ employees

I'm just a customer and an end-user. I don't have a business relationship or partnership with AWS.

I have pretty good experience in AWS. I have a certificate in AWS.

I'd rate the solution at a ten out of ten. We've been extremely satisfied with the solution.

View full review »
LD
Regional Security Team Lead at a computer software company with 1,001-5,000 employees

I would advise others to ensure they understand what can be done internally and then what you need expertise for externally. If you have the expertise internally, it can be easily configured. Keep the SIEM configuration as simple as possible, rather than trying to modify and configure too many things.

I would rate this solution an eight out of ten. 

View full review »
TM
AWS Security Specialist at a tech services company with 501-1,000 employees

The product does not require any maintenance. You need to ensure how you consider your rules. You have to make sure that all of your considerations for your protection are done really well. Do regular updates to improve on the different threats and intrusion.

I would recommend the product because it is very flexible and you are able to use it with multiple services within AWS.

I would rate AWS WAF a solid ten out of ten.

View full review »
Uddeshya Kumar - PeerSpot reviewer
Cloud Product Engineer at SecLogic Limited

We use almost 40 services. Overall, I rate the product an eight out of ten.

View full review »
AS
Network Analyst

Everybody handles their own platform differently. Some people love what they have but haven't necessarily experienced anything else. This platform is a good one. If you have your own platform and you think it's better, that's fine. But get a taste of this one, try it and see how it feels in terms of security.

Security has always been a problem and it will always be a problem. There's no security platform or software that is 100 percent. We don't know when a Zero-day will happen. Hackers are everywhere, they are creating things and innovating every day. As far as I am concerned right now, the platform is good. It's doing its job.

I rate the solution at six out of ten. I don't want to give them 100 percent because sometimes things happen.

View full review »
RB
Engineer at a renewables & environment company with 501-1,000 employees

For people who don't have any WAF currently, and who just need something basic, it's not a bad idea to go with AWS WAF for starters. But if you are someone who is looking for a fully-fledged and self-managed WAF, you should look elsewhere for a better tool. You should certainly not stick with AWS WAF if you are serious about managing your security and mitigating your risks.

Overall, I would recommend AWS WAF to others, but only under the conditions I have mentioned. If you have the budget and the resources, however, go for something else.

I would rate AWS WAF a five out of ten.

View full review »
CL
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees

My advice is "go for it, use it."

In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.

View full review »
it_user1376373 - PeerSpot reviewer
Cloud security Consultant at 8KMiles

We're using the latest version of the solution.

When customers tend to use multi-cloud vendors and multi-cloud environments, they want solid security protection. That's where the third party comes into the purchase. If any customer is specific to some cloud like AWS or Azure, we won't recommend third party. We'll try to use AWS's own specific services so that it's smarter cost-wise and flexibility wise, so it adds value to the customer.

However, when things go to a multi-cloud environment or a hybrid cloud architecture, that's when the third party comes into the picture. 

I would recommend this solution to companies who are looking for cloud solutions with firewall flexibility. AWS is very user-friendly and largely inexpensive, however, if an organization has the budget, there are lots of great products out there that do largely the same thing.

I'd rate the solution eight out of ten.

View full review »
BM
Engineer at a tech vendor with 501-1,000 employees

The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it.

We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up.

I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.

View full review »
AF
Advisory and IT Transformation Consultant at a tech services company with 10,001+ employees

We use the public cloud deployment model.

I use everything AWS. I need it to work for me, and it does. I hope that the solution continues to improve, but for me, it's perfect right now.

For those considering implementing the solution, I would advise that they understand how networks work because sometimes they can be quite complex. Many architects do not understand the basic concepts of networking.

I would recommend the solution. I would rate it nine out of ten.

View full review »
JP
Principal Consultant at a tech services company with 10,001+ employees

My advice for anybody who is implementing this solution is not to simply look it up on Google before starting to use it. I would suggest taking some training courses, start to understand how it works internally, and then begin using it.

Overall, it is a good product and it generally fits well for my purposes.

I would rate this solution a seven out of ten.

View full review »
RH
President at a tech services company with 1-10 employees

On a scale of one to ten where one is the worst and ten is the best, I would rate this product as a seven-out-of-ten. A change in the pricing structure that favors the client and simplification is something they would have to do to improve to make that score closer to a ten.  

View full review »
it_user753234 - PeerSpot reviewer
IT Governance at PeerSpot

I think AWS WAF is a great solution. You can define big and a bit smaller architectures and scale out architecture as you need, due to the edge location. Its features are very amazing. 

I would definitely recommend AWS WAF. I asked my security director to move from our internal WAF to the AWS WAF because we can make global unique WAF services for our on-premise web servers and also our AWS web servers with one common rule and one common authority to manage these rules

I would rate AWS WAF an eight out of ten.

View full review »
MK
Principal Cloud Architect at a tech services company with 51-200 employees

The first version of AWS WAF was not mature but the second version is very mature.

I would recommend this solution to others because instead of choosing a third-party solution which will take time, and you will have to be in negotiations. It is good to start with AWS WAF for their minimal primary security firewall to save their workload. AWS WAF is available on-demand from day one.

I rate AWS WAF a seven out of ten.

View full review »
FP
Developer at a tech services company with 1-10 employees

It's pretty good, as long as the pricing matches your budget.

I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.

View full review »
ZF
Cloud architect at a tech vendor with 1-10 employees

Overall, this is a good product and I recommend it. My advice for anybody who is just getting started with it is to follow the instructions.

I would rate this solution an eight out of ten.

View full review »
VU
Founder at a consultancy with 1-10 employees

We have an above average security posture.

View full review »
AS
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees

I would recommend this solution to others.

I rate AWS WAF a seven out of ten.

View full review »
Buyer's Guide
AWS WAF
March 2024
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.