We just raised a $30M Series A: Read our story

Wallarm NG WAF OverviewUNIXBusinessApplication

What is Wallarm NG WAF?

Protect any API. In any environment. Against any threats.

Wallarm is the platform Dev, Sec, and Ops teams choose to build cloud-native applications securely, monitor them for modern threats, and get alerted when threats arise. Whether you protect some of the legacy apps or brand new cloud-native APIs, Wallarm multi-cloud platform provides key components to secure your business against emerging threats.

-> Robust protection for the entire application portfolio

Mitigate threats against OWASP Top 10 threats, business logic abuse, bad bots, account takeover (ATO), and more. Get the robust API protection that no other WAF can provide.

-> Quick integrations

Setup cross-team workloads via your existing DevOps and security toolchain (SOARs, SIEMs). Setup triggers and noise-free alerts in Slack and other messengers, PagerDuty, and more.

-> Blocking mode and compliance with no hassle

Forget issues with false positives. Wallarm’s new libDetection and core signature-less attack detection provide low false positives from day one.

-> Unparalleled visibility into malicious traffic

Gain full insights about attacks and attackers in the responsive Wallarm Console. Enjoy the Dashboard, reach search, and reporting capabilities.

-> Automated Incident Response

Reduce manual analysis and noise level. Automated Threat Verification can dissect potentially harmful attacks from millions of random scans and report vulnerabilities.

-> Understand Your Attack Surface

You can’t protect what you don’t know. Utilize the attack surface and shadow resources to track changes. Identify misconfiguration issues and vulnerable applications and resources.

Wallarm NG WAF is also known as Wallarm NG-WAF.

Buyer's Guide

Download the Web Application Firewall (WAF) Buyer's Guide including reviews and more. Updated: October 2021

Wallarm NG WAF Customers

Panasonic. Miro. Rappi. Wargaming. Gannett. Omio. Acronis. Workforce Software. Tipalti. SEMRush.

Wallarm NG WAF Video

Archived Wallarm NG WAF Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
ITCS user
Information Security Engineer at a tech vendor with 51-200 employees
Real User
Helps us to monitor attacks to our sites and prevents a lot of them

Pros and Cons

  • "Helps us to monitor situation in regards to attacks to our sites and prevents a lot of them."
  • "The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine."

What is our primary use case?

Protection of modern web applications from attackers. Wallarm WAF is a very useful solution for this.

How has it helped my organization?

Improves nothing.

Helps us to monitor situations in regards to attacks to our sites and prevents a lot of them.

What is most valuable?

The most powerful feature is the ability to first learn what type of query to make to your web application when it is attacked and what type of query creates a false positive to your app. You can first learn Wallarm in monitoring mode, then turn it on blocking mode. It is a cool feature and helps a lot to not block real users and only block robots and attackers.

What needs improvement?

The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Yes, but with newer versions, the number of issues with stability has been going down.

What do I think about the scalability of the solution?

Not yet.

How are customer service and technical support?

They have good technical support. It is still not perfect, but much better than in the first version of product.

Which solution did I use previously and why did I switch?

Yes, it was ModSecurity, but their WAF is not flexible and gives a lot of false positives because you need to create regular expressions for a lot of queries. It is hard and not useful. 

How was the initial setup?

The first setup was not so trivial as we suspect. There were problems with monitoring. There were problems with the setup, but the guys already solved these problems, and now it is fine. 

At first, we started use Wallarm instead of our web server, but later start using Wallarm as a reverse proxy for the whole web application in our network and it is better solution for us.

What's my experience with pricing, setup cost, and licensing?

Pricing must be cheaper than the competition and the licensing must be good.

Which other solutions did I evaluate?

Before we switched to Wallarm's first version, we tested Imperva WAF but Wallarm's results were much better than Imperva and we choose Wallarm with a big discount for first year of usage. It was really good for our needs.

What other advice do I have?

Set up Wallarm as a reverse proxy. Do not replace your web server. Use Wallarm first in monitoring mode, then learn from Wallarm which type of request is false positive and which type of request is not. This process takes a couple of weeks for very highly-loaded web applications (few millions of unique visitors in one month). Then you can turn Wallarm into blocking mode and everything will be fine. Do not forget to build a monitoring system, the wave, and API for it.

Before we started using Wallarm, I already knew Ivan (CEO) and Stepan (COO) from a couple of years before. Ivan had his own security company and Stepan was working on a Russian security magazine called Xakep. They told us that they wanted to create a new WAF and already had a working version of it. They asked me to test it. We did tests, and it was really good. After few month after testing, we signed an agreement. Our choice was made not because we knew these guys for a long time, but because the product was really cool and we were glad to start using it as one of the first on the market!

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user666765
Head of Application Security at a computer software company with 1,001-5,000 employees
Vendor
Deployment is simple. Machine learning techniques lower the false-positives alerts rate.

What is most valuable?

Deployment simplicity helps our maintenance guys to set up quickly.
Their machine learning techniques significantly lower the false-positive alerts rate.

How has it helped my organization?

The use of a WAF becomes especially relevant in the case of concrete vulnerabilities, such as those uncovered via penetration tests or source code reviews. Even if it were possible to fix the vulnerability in the application promptly and with a reasonable amount of effort, the modified version can generally only be deployed at the next maintenance interval; often 2-4 weeks later (a patch dilemma).

For a WAF with whitelisting, vulnerabilities can be fixed promptly (hotfix) so that they cannot be exploited before the next scheduled maintenance. WAFs are especially fast in this aspect, meaning they can collaborate with source code analysis tools, so that detected external vulnerabilities can automatically result in a recommended rule set for the WAF.

A WAF is particularly important in securing productive web applications which themselves in turn consist of multiple components and which cannot be quickly changed by the operator; e.g., in the case of poorly documented applications or regarding third-party products without sufficient maintenance cycles.

A WAF is the only option for promptly closing external vulnerabilities.

What needs improvement?

It is only about stability issues. But it is a usual problem for all new products. At this moment, we have no incidents with Wallarm that has been up for eight months.

For how long have I used the solution?

I have used Willarm for one year.

What do I think about the stability of the solution?

There were several stability issues during the first pilot. At this moment, we have had no incidents with Wallarm that has been up for eight months.

What do I think about the scalability of the solution?

The product is nicely scalable.

How are customer service and technical support?

Technical support is great; guys respond in minutes.

Which solution did I use previously and why did I switch?

Wallarm was our first WAF solution.

How was the initial setup?

Deployment was very simple and non-abusive.

What's my experience with pricing, setup cost, and licensing?

Wallarm is an expensive solution, but they are worth the money.

Which other solutions did I evaluate?

We have tested and evaluated several WAF solutions, and chose Wallarm. They are the only solution that fits our success criteria and business objectives:

  • WAF must have a low (<5%) false negative rate and be ready to protect from all well-known web attacks.
  • WAF must have a low (<0.05%) false positive rate.
  • WAF must not have any performance issues that impact projects under its protection.
  • Deployment takes < 1d for any web project.
  • WAF must have an ability to scale well horizontally and not to be a bottleneck to our services.
  • Keep monetization level at the same level, after all protection mechanisms enabled.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Find out what your peers are saying about Wallarm, Imperva, Amazon and others in Web Application Firewall (WAF). Updated: October 2021.
543,424 professionals have used our research since 2012.
Serj Burdin
Head of IT department at a computer software company with 201-500 employees
Real User
Leaderboard
It blocks most attacks on our web application.

What is most valuable?

Vulnerability scanner and WAF are valuable features. It blocks most attacks on our web application.

How has it helped my organization?

It provides one more layer in our security, i.e., firewall, IDS/IPS, WAF.

What needs improvement?

Wallarm uses a learning mechanism to detect attacks and to avoid false positives. If Wallarm blocks some illegitimate request, then you can go to the management console and mark this request as false positive. After that this and similar requests, it should not be blocked again but sometimes this does not work properly. It happens pretty rarely though.

For how long have I used the solution?

I have been using Wallarm since 2014.

What do I think about the stability of the solution?

There was an issue with the memory leak, but it was fixed.

What do I think about the scalability of the solution?

There were no scalability issues.

How are customer service and technical support?

I would give the support a very high rating. We have a chat with the support representative and the response is very fast (within 10 minutes).

Which solution did I use previously and why did I switch?

Previously, we have used open-source ModSecurity, but it was not effective. Then, we tried Wallarm and it was good for us.

How was the initial setup?

Setup is very easy; it just requires a few steps to launch the system.

The documentation is pretty good and the support responded fast.

What's my experience with pricing, setup cost, and licensing?

Pricing is transparent and clear. I don’t know what to advise.

Which other solutions did I evaluate?

We didn’t try any other product.

What other advice do I have?

I recommend Wallarm to my other colleagues.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
AL
Senior Information Security Engineer at a tech services company with 201-500 employees
Real User
Leaderboard
Perimeter control and the active vulnerability scanner are the most valuable features.

What is most valuable?

Perimeter control and active vulnerability scanner are the most valuable features. These features helped us to find some issues which would be very hard to find manually.

How has it helped my organization?

It’s hard to say how it has improved the way my organization functions.

What needs improvement?

The flexibility of active scanner settings: Most settings can only be changed through technical support at this moment.

For how long have I used the solution?

Test period: autumn 2015 - summer 2016 Production: summer 2016 - till now

What do I think about the scalability of the solution?

We have not had scalability issues.

How are customer service and technical support?

Technical support is 6 or 7 out of 10. Sometimes we have had trouble with…

What is most valuable?

Perimeter control and active vulnerability scanner are the most valuable features. These features helped us to find some issues which would be very hard to find manually.

How has it helped my organization?

It’s hard to say how it has improved the way my organization functions.

What needs improvement?

The flexibility of active scanner settings: Most settings can only be changed through technical support at this moment.

For how long have I used the solution?

Test period: autumn 2015 - summer 2016
Production: summer 2016 - till now

What do I think about the scalability of the solution?

We have not had scalability issues.

How are customer service and technical support?

Technical support is 6 or 7 out of 10. Sometimes we have had trouble with communication and understanding.

Which solution did I use previously and why did I switch?

This is our first solution.

How was the initial setup?

Setup was normal. We had issues when we migrated to the Wallarm NGINX module.

What's my experience with pricing, setup cost, and licensing?

It is worth it.

Which other solutions did I evaluate?

We didn’t look at other solutions, but we had a long trial period.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user662952
VP, Engineering and Operations at a tech vendor with 501-1,000 employees
Vendor
Active threat detection and adaptive rules are the most valuable for us.

What is most valuable?

I would say that the active threat detection feature and adaptive rules are the most valuable for us.

With active threat detection, we are no longer over-swamped with tons of useless events. As all the payloads from malicious requests are analysed with a cloud scanner, we don’t need to do this manually. We also built up an incident management process when Wallarm confirmed that some of the attacks are exposing actual vulnerabilities.

Adaptive security rules allowed us to use WAF in blocking mode which was almost impossible previously.

How has it helped my organization?

We added a real-time protection layer for all the web-facing applications and APIs in our CI/CD pipelines. As every one of the applications are updated almost every day, it was impossible to use any tools based on signatures or static rules.

What needs improvement?

It needs more customization in PDF reports.

For how long have I used the solution?

Our company has had a contract since February 9, 2016. Previously, our engineers also used the product in other organizations (banks, etc.).

What do I think about the stability of the solution?

We had some issues with a post-analytics engine last year. But they were quickly fixed. That didn't affect traffic analysis.

What do I think about the scalability of the solution?

We have not yet had any scalability issues, and as Wallarm node instances scale horizontally (we have orchestration tools to make it in a fraction of a second), it hardly can be an issue.

How are customer service and technical support?

Technical support is 9/10. They provide customer-focused support. What’s interesting is that they have a live chat with us, so we get answers in real-time.

Which solution did I use previously and why did I switch?

We tried to use open-source mod_security for some of the projects, but there was a lot of pain with the complicated rules/signatures and non-stop false positives. As far as I know, we ended up turning it off because of endless complaints from the Ops and Support teams.

How was the initial setup?

Technically, setup was more than straightforward. We already used NGINX load balancers, so it was a smooth shift to NGINX with a Wallarm module.

Our DevOps guys worried a bit about a post-analytics engine which is required to be installed and has significant requirements for the RAM. It was a new component which they needed to cover with monitoring tools.

What's my experience with pricing, setup cost, and licensing?

As Wallarm charges on a per-instance basis, you need to keep in mind your future scale. In our case, the customer traffic is increasing year-to-year.

My piece of advice is to ask for a bundle of 10-50-100 instances (they have a special offer) and not to be limited in scalability because of the agreement issues.

They also made a discount for a 2+ prepaid contract.

Which other solutions did I evaluate?

We tried mod_security. Imperva was not a good fit as we can’t use hardware boxes or VM images in a cloud environment. Incapsula and other cloud-provided solutions did not work for us as we can’t share our traffic and SSL keys with any third-party vendors; we have a lot of customers’ data and obligations.

Wallarm’s hybrid approach of deployment with NGINX-based nodes is a good fit for us as it creates almost no tension between the Security and Ops teams.

What other advice do I have?

It's better to evaluate Wallarm nodes (WAF functions) on production traffic to understand false positive rates under real conditions. Otherwise, it's hard to evaluate the adaptiveness of the rules.

You can also start a pilot with only the scanner to get some insights about issues on your network perimeter. In our case, they shared some results even before the agreement was signed.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.