If you were talking to someone whose organization is considering AWS WAF, what would you say?
How would you rate it and why? Any other tips or advice?
I think AWS WAF is a great solution. You can define big and a bit smaller architectures and scale out architecture as you need, due to the edge location. Its features are very amazing. I would definitely recommend AWS WAF. I asked my security director to move from our internal WAF to the AWS WAF because we can make global unique WAF services for our on-premise web servers and also our AWS web servers with one common rule and one common authority to manage these rules I would rate AWS WAF an eight out of ten.
My advice for anybody who is implementing this solution is not to simply look it up on Google before starting to use it. I would suggest taking some training courses, start to understand how it works internally, and then begin using it. Overall, it is a good product and it generally fits well for my purposes. I would rate this solution a seven out of ten.
The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products. I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva. I would rate this product a seven out of 10.
We use the public cloud deployment model. We use the Amazon cloud. From a technology perspective, Amazon is very simple. It requires, in order for it to run effectively, quite a mature cloud-based culture within your organization, however. My advice to others would be to get their operating model internally right before going ahead with the implementation. I would rate the solution nine out of ten.
We use the public cloud deployment model. I use everything AWS. I need it to work for me, and it does. I hope that the solution continues to improve, but for me, it's perfect right now. For those considering implementing the solution, I would advise that they understand how networks work because sometimes they can be quite complex. Many architects do not understand the basic concepts of networking. I would recommend the solution. I would rate it nine out of ten.
My advice is "go for it, use it." In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.
We have an above average security posture.
The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it. We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up. I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.
It's pretty good, as long as the pricing matches your budget. I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.
Everybody handles their own platform differently. Some people love what they have but haven't necessarily experienced anything else. This platform is a good one. If you have your own platform and you think it's better, that's fine. But get a taste of this one, try it and see how it feels in terms of security. Security has always been a problem and it will always be a problem. There's no security platform or software that is 100 percent. We don't know when a Zero-day will happen. Hackers are everywhere, they are creating things and innovating every day. As far as I am concerned right now, the platform is good. It's doing its job. I rate the solution at six out of ten. I don't want to give them 100 percent because sometimes things happen.