AWS WAF vs Barracuda WAF-as-a-Service comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between AWS WAF and Barracuda WAF-as-a-Service based on real PeerSpot user reviews.

Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed AWS WAF vs. Barracuda WAF-as-a-Service Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable features are the geo-restriction denials and the web ACL.""AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers.""The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match.""As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good.""The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements.""AWS WAF is very easy to use and configure on AWS.""The product's initial setup phase was very simple.""The ease of deployment of the product is valuable to me."

More AWS WAF Pros →

"It provides an ease of policy management.""The product's bot protection feature is valuable for our company.""The solution can be used for threat prevention or as a cloud-to-cloud backup system""The most valuable features of the solution are it is plug and play, has automated policies, a simple configuration, and is easy to create rules.""I like its ability to identify known attacks, including DDOS attacks. It's valuable because software must be able to stop known attacks. Application attacks are evolving all the time. When it comes to software-as-a-service, we need to have software that knows about all the latest attacks. It should also protect against major unknown attacks."

More Barracuda WAF-as-a-Service Pros →

Cons
"On the UI side, I would like it if they could bring back the geolocation view on the corner.""The cost must be reduced.""In a future release of this solution, I would like to see additional management features to make things simpler.""In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications.""The price could be improved.""AWS WAF would be better if it uses AI or machine learning to detect a potential attack or a potential IP that creates an attack even before it happens. I want AWS WAF to capture the IP and automatically write the rule to automate the entire process.""It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.""For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends."

More AWS WAF Cons →

"The stability of the product is an area of concern where improvements are required.""We found it a bit slow when accessing it through the web browser. The URL also exposed the user name and the hashed password. When I log into my Barracuda WAF user portal, I could see the username and the hashed password on the URL itself. So, it is not very secure, and it is important to take that off.""The solution can improve by bundling Security Operation Center (SOC) with the WAF-as-a-Service, it would provide a lot more value to customers.""It's a very specific solution that is only requested for a customer's web code or their global IT policy.""One significant area for improvement in Barracuda WAF-as-a-Service lies in its market positioning and pricing strategy."

More Barracuda WAF-as-a-Service Cons →

Pricing and Cost Advice
  • "It's an annual subscription."
  • "There are no costs in addition to the standard licensing fees."
  • "There are different scale options available for WAF."
  • "AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39."
  • "It has a variable pricing scheme."
  • "We are kind of doing a POC comparison to see what works best. Pricing-wise, AWS is one of the most attractive ones. It is fairly cheap, and we like the pricing part. We're trying to see what makes more sense operation-wise, license-wise, and pricing-wise."
  • "It's quite affordable. It's in the middle."
  • "The pricing should be more affordable, especially as it pertains to small clients."
  • More AWS WAF Pricing and Cost Advice →

  • "It's very difficult for me to give an estimate of the cost. All I know is that we sell the box itself as a service."
  • "I rate the product's price a five on a scale of one to ten, where one is low, and ten is high. There are no additional costs to be paid apart from the standard licensing fees attached to the solution."
  • "The product is expensive but it offers flexible pricing. It could be affordable."
  • More Barracuda WAF-as-a-Service Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Hi Varun I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF… more »
    Top Answer:Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit for… more »
    Top Answer:AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry.
    Top Answer:One significant area for improvement in Barracuda WAF-as-a-Service lies in its market positioning and pricing strategy. Additionally, it could operate in a local data center. This limitation hinders… more »
    Top Answer:We use the product for securing email systems, protecting websites, and safeguarding web-based applications and portals.
    Ranking
    Views
    18,216
    Comparisons
    14,268
    Reviews
    29
    Average Words per Review
    407
    Rating
    8.5
    Views
    687
    Comparisons
    479
    Reviews
    1
    Average Words per Review
    837
    Rating
    6.0
    Comparisons
    Also Known As
    AWS Web Application Firewall
    Barracuda WAF as a Service
    Learn More
    Overview

    AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.

    You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.

    AWS WAF Features

    Some of the solution's top features include:

    • Web traffic filtering: Get an extra layer of security by creating a centralized set of rules, easily deployable across multiple websites. These rules filter out web traffic based on conditions like HTTP headers, URIs, and IP addresses. This is very helpful for protection against exploits such as SQL injection and cross-site scripting as well as attacks from third-party applications.
    • Bot control: Malicious bot traffic can consume excessive resources and cause downtime. Gain visibility and control over bot traffic with a managed rule group. You can easily block harmful bots, such as scrapers and crawlers, and you can allow common bots, like search engines and status monitors.
    • Fraud prevention: Effectively defend your application against bot attacks by monitoring your application’s login page with a managed rule group that prevents hackers from accessing user accounts using compromised credentials. The managed rule group helps protect against credential stuffing attacks, brute-force login attempts, and other harmful login activities.
    • API for AWS WAF Management: Automatically create and maintain rules and integrate them into your development process.
    • Metrics for real-time visibility: Receive real-time metrics and captures of raw requests with details about geo-locations, IP addresses, URIs, user agents, and referrers. Integrate seamlessly with Amazon CloudWatch to set up custom alarms when events or attacks occur. These metrics provide valuable data intelligence that can be used to create new rules that significantly improve your application protections.
    • Firewall management: AWS Firewall Manager automatically scans and notifies the security team when there is a policy violation, so they can swiftly take action. When new resources are created, your security team can guarantee that they comply with your organization’s security rules.

    Reviews from Real Users

    AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.

    Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”

    Barracuda WAF-as-a-Service is a comprehensive solution designed to provide application security, DDoS protection, SSL authentication, protocol support, and application delivery. It is a plug-and-play solution with automated policies, simple configuration, and easy rule creation. 

    The solution can be used for threat prevention or as a cloud-to-cloud backup system based on email protection with cloud security. It is also a web application firewall and covers major protection and threat management functions. With Barracuda WAF-as-a-Service, customers can ensure the security of their web code and comply with global IT policies.

    Sample Customers
    eVitamins, 9Splay, Senao International
    Salvation Army
    Top Industries
    REVIEWERS
    Computer Software Company25%
    Manufacturing Company13%
    Energy/Utilities Company8%
    Media Company8%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm13%
    Manufacturing Company7%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Government12%
    Comms Service Provider11%
    Manufacturing Company10%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise20%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise21%
    Large Enterprise55%
    Buyer's Guide
    AWS WAF vs. Barracuda WAF-as-a-Service
    March 2024
    Find out what your peers are saying about AWS WAF vs. Barracuda WAF-as-a-Service and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    AWS WAF is ranked 1st in Web Application Firewall (WAF) with 51 reviews while Barracuda WAF-as-a-Service is ranked 25th in Web Application Firewall (WAF) with 5 reviews. AWS WAF is rated 8.2, while Barracuda WAF-as-a-Service is rated 7.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Barracuda WAF-as-a-Service writes "Easy to install platform with valuable policy management features ". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, Imperva Web Application Firewall, F5 Advanced WAF and Cloudflare Web Application Firewall, whereas Barracuda WAF-as-a-Service is most compared with Cloudflare Web Application Firewall and Microsoft Azure Application Gateway. See our AWS WAF vs. Barracuda WAF-as-a-Service report.

    See our list of best Web Application Firewall (WAF) vendors.

    We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.