Please share with the community what you think needs improvement with Reblaze.
What are its weaknesses? What would you like to see changed in a future version?
The WAF features are not as granular as we would expect from a WAF system. There should be more granularity and in-depth rules, out-of-the-box.
We have multiple products behind different instances of Reblaze. We have one instance for staging and then we have a production instance for multiple products. One of the things that we have requested is a unified view panel, so that we can see each of the instances in a unified view. That way, we won't have to go bouncing from instance to instance.
Perhaps the automatic reporting could be better. I would like to have seen more automated reports. Maybe it has been improved in the last year and I'm just not aware of it. But from a managerial point of view, you want a summary report, a weekly report: How many attacks were blocked? How much bandwidth was saved due to the caching mechanism? What were the top-ten attacks that were tested on the network, etc? I could most likely have found all that data if I logged in to the system and ran different reports. It would be very helpful to get a management report on a weekly basis.
There is room for improvement in helping us understand session management. If I'm a user, I'm one person, I can access the web app in a variety of ways. I can come with one IP, then another IP, with another user agent, with another browser. I'm the same user. We want Reblaze to catch and identify everything. We want to see the various devices doing one activity and to see, in a timeline, what's happened. We would like to see a more human-readable display to understand what's happening in the web app. When I analyze our traffic on Reblaze, I do a lot of processing in my mind because I know how things are working. But I have to think: "Oh, this is a person, this is an ISP, this is something else." I process that and understand. But I want Reblaze to do that for me.
They have an interface that you have to adjust to. That is a bit of a downfall because I expect an interface to be very intuitive for someone who knows little about security. But if you know about security, the interface is wonderful. Also, they could improve the reporting alerts, showing alerts on-the-fly. I would also like them to initiate more solutions, such as offering advice about architectures that can help manage cyber risks better.
The next release should have next-generation automation.
Up to now the only cons I could find is sometimes getting change management back on track, because it's a company that evolves, and sometimes I don't have the same needs that they have. But besides that, up until now, I am really pleased with their service and I've also recommended them to some of my clients. So I would like to see an improvement in their change advisory board concept. There are many things that they are asking to change or modify that are not necessarily on their business agenda.