We changed our name from IT Central Station: Here's why

AWS WAF OverviewUNIXBusinessApplication

AWS WAF is #5 ranked solution in top Web Application Firewalls. PeerSpot users give AWS WAF an average rating of 8 out of 10. AWS WAF is most commonly compared to Microsoft Azure Application Gateway: AWS WAF vs Microsoft Azure Application Gateway. The top industry researching this solution are professionals from a computer software company, accounting for 26% of all views.
What is AWS WAF?

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.

AWS WAF was previously known as AWS Web Application Firewall.

AWS WAF Buyer's Guide

Download the AWS WAF Buyer's Guide including reviews and more. Updated: January 2022

AWS WAF Customers

eVitamins, 9Splay, Senao International

AWS WAF Video

Archived AWS WAF Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
MohammedAbourafia
Manager, IT Infrastructure & Information Security at flyadeal
Real User
Provides good OWASP top 10 protection but needs improvement in security efficiency related to bad bots
Pros and Cons
  • "The security firewall plus the features that protect against database injections or scripting,"
  • "For now, there is no feature to protect against attack of the bad bots"

What is our primary use case?

I'm a manager and in charge of IT infrastructure and information security for an airline company. We're a customer of AWS WAF. We use the product to protect the websites that our customers access to book flights. It provides the sites with DDoS protection and OWASP top 10 application security.

What is most valuable?

The best features are the security firewall and the features that protect against database injections or scripting, and against overall OWASP top 10, but I have concerns about the cloud front which doesn't handle bot attacks properly, so it's not as effective as I would like it to be.

What needs improvement?

A significant improvement would be built in bots protection enhancement, or seamless integration with other products. For now, there are limited feature to protect against an attack from the bad bots so users go to third party solutions, which just complicates integration and operation.

A helpful additional feature would be to have a fully unified unique product, including the DDoS, with sophisticated attack capabilities including anti bot management. They should also take a look at reviewing the complexity of the integration with other third-party vendor solutions.

For how long have I used the solution?

I've been using the product for the last two years. We upgraded recently and I'm using the latest version. 

How are customer service and technical support?

Technical support is good. 

How was the initial setup?

Deployment is easy, it's not complex.The complexity is when you need it for integration with other third-party products. We also use CDN, part of the web solution from Amazon. 

What's my experience with pricing, setup cost, and licensing?

The price of the product is fair enough and one of the product's advantages. Their price is good compared to other vendors. 

What other advice do I have?

The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products.

I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva.

I would rate this product a seven out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Digital Product Office at a energy/utilities company with 10,001+ employees
Real User
An excellent solution that's extremely scalable, very stable, and has great AI functionality
Pros and Cons
  • "The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match."
  • "The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively."

What is our primary use case?

We primarily use the solution for its rich insights to improve customer experience.

What is most valuable?

The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match.

The AI functionality and the machine learning are very good.

What needs improvement?

The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively.

For how long have I used the solution?

I've been using the solution for almost a year.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The solution is extremely scalable.

How are customer service and technical support?

We have Amazon managed services, and, as part of our agreement, we have the lower end of that managed service. The solution is not a business-critical system for us, so we have a four hour SLA for resolution. That's pretty good. We're very satisfied with technical support.

Which solution did I use previously and why did I switch?

Previous to this solution, we used Microsoft Azure.

Amazon allows you to provision more services once you have the initial platform in place. Using Amazon Marketplace, it's so simple to provide additional services and functionality so it allows you to grow the capability of the platform with very little integration into other systems because it's all built into the marketplace. With Azure, it's only capable of some products and they don't have APIs available to integrate as well as Amazon does. 

How was the initial setup?

The initial setup was straightforward. Deployment took about three months. For the setup of the platform, we had six people. For the maintenance of the platform, we now have three people maintaining it.

What about the implementation team?

We brought Amazon on to set everything up for us. They made implementation very easy. 

What other advice do I have?

We use the public cloud deployment model. We use the Amazon cloud.

From a technology perspective, Amazon is very simple. It requires, in order for it to run effectively, quite a mature cloud-based culture within your organization, however. My advice to others would be to get their operating model internally right before going ahead with the implementation.

I would rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,143 professionals have used our research since 2012.
Advisory and IT Transformation Consultant at Services dot cloud
Consultant
A straightforward setup with a quick deployment with good auto-management features
Pros and Cons
  • "The initial setup was very straightforward. Deployment took about ten minutes or less."
  • "They should work to define more threats, add more security, and make it more compliant with more security companies."

What is our primary use case?

The primary use of the solution is for perimeter security. I use it to secure my application and infrastructure.

What is most valuable?

Fast deployment and auto-manage are the most valuable aspects of the solution. The auto-manage primarily reacts and has to do all the little things like putting in the ACL, etc. 

What needs improvement?

The solution could be faster in detecting threats.

They should work to define more threats, add more security, and make it more compliant with more security companies.

The solution could always be more automated.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is easily scalable.

How are customer service and technical support?

I have a number for WAF, but I've never used technical support.

Which solution did I use previously and why did I switch?

I previously used a different solution. The complex setup and installation were the main differences between that and WAF. I've worked with system compliance for many years, and it usually involves complex solutions. You have to know the CLF, etc. Cisco, for example, is so complex that you need to know many things. Whereas with WAF, you have to put up your host, your network, and you have the solution up and running.

How was the initial setup?

The initial setup was very straightforward. Deployment took about ten minutes or less. You only need one person to handle deployment and maintenance.

What about the implementation team?

I implemented the solution myself.

What other advice do I have?

We use the public cloud deployment model.

I use everything AWS. I need it to work for me, and it does. I hope that the solution continues to improve, but for me, it's perfect right now.

For those considering implementing the solution, I would advise that they understand how networks work because sometimes they can be quite complex. Many architects do not understand the basic concepts of networking.

I would recommend the solution. I would rate it nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Developer at a tech services company with 1-10 employees
Real User
The customized billing is key for us

What is our primary use case?

Application security is our primary use case.

What is most valuable?

The customized billing is the most valuable feature.

What needs improvement?

In a future release of this solution, I would like to see additional management features to make things simpler.

What other advice do I have?

It's pretty good, as long as the pricing matches your budget. I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.

What is our primary use case?

Application security is our primary use case.

What is most valuable?

The customized billing is the most valuable feature.

What needs improvement?

In a future release of this solution, I would like to see additional management features to make things simpler.

What other advice do I have?

It's pretty good, as long as the pricing matches your budget.

I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder at a consultancy with 1-10 employees
Consultant
It is a one-click WAF with no effort needed, but we need more support as we go global

What is our primary use case?

The primary use case is application security. We are using the latest version.

How has it helped my organization?

It is a one-click WAF with no effort needed.

What is most valuable?

Protection and WAF.

What needs improvement?

We need more support as we go global. The UI could use improvement.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is Amazon. Everything is scalable. It is beyond what we need.

How are customer service and technical support?

We hardly received technical support on this product.

How was the initial setup?

It was super easy to set up. We did it with one click.

Which other solutions did I evaluate?

We chose this solution because…

What is our primary use case?

The primary use case is application security.

We are using the latest version.

How has it helped my organization?

It is a one-click WAF with no effort needed.

What is most valuable?

Protection and WAF.

What needs improvement?

We need more support as we go global.

The UI could use improvement.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is Amazon. Everything is scalable. It is beyond what we need.

How are customer service and technical support?

We hardly received technical support on this product.

How was the initial setup?

It was super easy to set up. We did it with one click.

Which other solutions did I evaluate?

We chose this solution because it is cloud native Amazon.

What other advice do I have?

We have an above average security posture.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Engineer at a tech vendor with 501-1,000 employees
Real User
Integrates well with our existing AWS solution, but the UI is lacking
Pros and Cons
  • "It's simple, easy to use."
  • "The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on."

What is our primary use case?

We use it to protect our backend services.

How has it helped my organization?

Because it integrates with the existing AWS solution, we get a lot of support without having to do much extra work. It has helped increase staff productivity and has probably saved at least one engineer, not having to have an engineer on staff for it.

What is most valuable?

  • It's simple, easy to use.
  • Integration.

What needs improvement?

The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on. Also, more fine-tuning would be convenient.

What do I think about the stability of the solution?

We haven't had any problems with it.

What do I think about the scalability of the solution?

We haven't run into any scale issues at the moment.

How are customer service and technical support?

AWS, in general, has good support.

Which solution did I use previously and why did I switch?

We were using just the built-in Amazon intrusion detection stuff. Then we decided to go for an actual full-blown WAF. We weren't using any actual WAF before. WAF is a general solution that we knew that we needed. It's a standard security measure.

How was the initial setup?

It was relatively simple, for the integration.

What's my experience with pricing, setup cost, and licensing?

There are different scale options available for WAF.

What other advice do I have?

The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it.

We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up.

I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Real User
Blocks threats to our external applications and has caught everything so far
Pros and Cons
  • "The most valuable feature is the way it blocks threats to external applications."
  • "In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications."

What is our primary use case?

It is our web application firewall.

How has it helped my organization?

We do have a lot of external applications which are exposed to the internet and WAF provides protection for them. We haven't seen a decrease in the mean time to respond to threats because it has caught everything.

The solution has also increased staff productivity by as much as 50 percent.

What is most valuable?

The most valuable feature is the way it blocks threats to external applications.

What needs improvement?

In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We haven't had any problems with the stability at all.

What do I think about the scalability of the solution?

Up to now, the scalability has been good.

How are customer service and technical support?

I haven't had to use technical support yet.

Which solution did I use previously and why did I switch?

Our previous solution was also a WAF but it was not a scalable environment like the cloud is. Everybody is moving to the cloud. We were stuck on an appliance in our data center and we decided to move. We went with this solution because of the stability and quick response.

How was the initial setup?

The setup was a bit complex because our environment is a bit different. It was tough but it was good in the end.

What about the implementation team?

We used a consultant for the deployment and it was a great experience with them.

What's my experience with pricing, setup cost, and licensing?

There are no costs in addition to the standard licensing fees.

What other advice do I have?

My advice is "go for it, use it."

In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Analyst
Real User
Makes sure files are protected, but the solution should be more proactive in detecting threats
Pros and Cons
  • "The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system."
  • "They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats."

What is our primary use case?

It's all about the security of the cloud system.

How has it helped my organization?

It has improved our organization a lot because before we were having problems with access management. Things have gotten better using this product. It's protecting the files. It has been the best step for us.

We are no longer having problems with unauthorized access, where somebody breaches the system or comprises documents. Nothing like that has happened over the past year that we have been using this product. We're doing well and I believe we will continue to do well with this product.

Staff productivity has been high since we started using it. It has saved 80 to 90 percent of their time in some cases.

What is most valuable?

The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system. These are the best.

What needs improvement?

I would like them to fortify the system more. In every software platform there are issues or bugs, even though presently, there aren't many known and it is running without problems.

They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats. It's better for the system if the platform is more proactive in detecting threats immediately, so that technicians or people on the security team will know that a threat is coming in.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's stable, it's a strong system. The stability is going to be even better because they're still trying to improve on it, and they bringing out more features.

What do I think about the scalability of the solution?

Scalability is one of the features. It has to be scalable to be able to effectively secure the system.

How are customer service and technical support?

Amazon Web Services has very good technical support. Whenever you encounter a problem you just call the support team. You'll be able to walk them through the problem and then they'll solve it.

Which solution did I use previously and why did I switch?

Our company didn't have structured security controls before this. We were encountering a lot of problems when it came to security, protection of the documents and system. They restructured the whole system. This is the platform that was recommended to us. Since we started using it, it has been great.

How was the initial setup?

The initial setup was rather complex.

What about the implementation team?

Most of the time we try to use a consultant for deployment. Our experience with them has been good. They know their jobs. They try to incorporate more features, teach us how to do things. It's a learning process and they're always there to make sure that we understand the stuff. They get things going.

What's my experience with pricing, setup cost, and licensing?

It's an annual subscription. There are no additional fees beyond the standard licensing.

What other advice do I have?

Everybody handles their own platform differently. Some people love what they have but haven't necessarily experienced anything else. This platform is a good one. If you have your own platform and you think it's better, that's fine. But get a taste of this one, try it and see how it feels in terms of security.

Security has always been a problem and it will always be a problem. There's no security platform or software that is 100 percent. We don't know when a Zero-day will happen. Hackers are everywhere, they are creating things and innovating every day. As far as I am concerned right now, the platform is good. It's doing its job.

I rate the solution at six out of ten. I don't want to give them 100 percent because sometimes things happen.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free AWS WAF Report and get advice and tips from experienced pros sharing their opinions.