AWS WAF Room for Improvement

Vinamra Singhai
Principal Engineer at Nineleaps Technology
We have not implemented WAF completely. We are working around that issue right now in the AWS. We are creating log files and then we are using Kibana for analysis. Out WAF deployment is not perfected yet so it is not implemented as our long-term solution. It will take another month to complete the setup. I do not have the big picture on it yet in a live environment, so my view of what will need to be improved under load is limited. I think one thing that should be available is that if there are technical problems in the AWS, then there should be automated alerts to AWS. Calling support is not that easy. It would be better to automatically send emails to them to report that there is a bug in their programming. I have an idea for a new feature to consider. I think the security area and other things that they provide are good, and I know there are third-party integrations. It provides a lot of value. The problem is that the 'value' of the solution makes it very costly. That is a big thing. $20,000 for this solution seems like a lot. Right now we are limited to only MySQL and PostgreSQL databases. There should be other options and also a way to check the security of it. I think AWS should develop and make available some kind of a management screen so we can see the logs, which servers are using the service, and how the security is performing. All we can see right now is if there are any security breaches. This is not enough information to evaluate the performance of the system. For example, there are a lot of people using MongoDB databases. Over the last two years, a lot of them got hacked. Mongo should have had a way to alert end users if its facilities get hacked. A manager or some administrator should receive an email saying that this or that account got hacked and there was a security breach. This would be enough notification to prompt taking other appropriate actions. There should also be a report or alerts which tell us that the configuration is having security issues. I think there is something called PVE security rules which might be implemented. Of course, Cisco's security rules could also be implemented. Once the rules are implemented, we know for certain if they are providing a secure connection or not. We need some type of check on the configuration that can create alerts for potential security issues and to have proper notifications. View full review »
Venkatesh VRH
Cloud security Consultant at 8KMiles
There isn't room for improvement per se. the cloud is constantly evolving and changing however, so we'll see what the future brings. When users choose the free service, there isn't great support available to them. This is because, when it comes to any issues, due to the fact that it says that when the rules are defined by the users, it becomes their responsibility. When there are any problems or threats, which don't get mitigated or the threat is not being properly managed, since the rules are owned by the user, they take responsibility for everything. It would be helpful if AWS could take a bit of responsibility here and help users understand where things went wrong. Support wise, I don't think they are that good compared to individual vendors. When it comes to vendors, it becomes their product, and being a product owner, they take more responsibility and ownership of issues. AWS doesn't do that at all. View full review »
Network Analyst
I would like them to fortify the system more. In every software platform there are issues or bugs, even though presently, there aren't many known and it is running without problems. They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats. It's better for the system if the platform is more proactive in detecting threats immediately, so that technicians or people on the security team will know that a threat is coming in. View full review »
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: July 2020.
441,672 professionals have used our research since 2012.
Head of Digital Product Office at a energy/utilities company with 10,001+ employees
The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively. View full review »
Manager, IT Infrastructure & Information Security at flyadeal
A significant improvement would be built in bots protection enhancement, or seamless integration with other products. For now, there are limited feature to protect against an attack from the bad bots so users go to third party solutions, which just complicates integration and operation. A helpful additional feature would be to have a fully unified unique product, including the DDoS, with sophisticated attack capabilities including anti bot management. They should also take a look at reviewing the complexity of the integration with other third-party vendor solutions. View full review »
President at a tech services company with 1-10 employees
The complexity of deploying turnkey solutions could be simplified. They actually have too many different things that you can tinker with and too many different ways to do the same thing. It may be helpful if the product were to be more directed and if it used best practices with technical and non-technical users in mind. View full review »
Advisory and IT Transformation Consultant at Services dot cloud
The solution could be faster in detecting threats. They should work to define more threats, add more security, and make it more compliant with more security companies. The solution could always be more automated. View full review »
Carlo Lainer
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications. View full review »
Principal Consultant at a tech services company with 10,001+ employees
I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps. View full review »
Engineer at a tech vendor with 501-1,000 employees
The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on. Also, more fine-tuning would be convenient. View full review »
Thierry Gaudin
IT Governance at Globecast
Sometimes it's a bit difficult to check the rules because when you apply a rule, sometimes it's too much and we need to rewrite the rules and make compromises on the rules because it will block too many things. It's a bit difficult to apply the right rules for the right security. View full review »
Founder at a consultancy with 1-10 employees
We need more support as we go global. The UI could use improvement. View full review »
Developer at a tech services company with 1-10 employees
In a future release of this solution, I would like to see additional management features to make things simpler. View full review »
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: July 2020.
441,672 professionals have used our research since 2012.