If you were talking to someone whose organization is considering AWS WAF, what would you say?
How would you rate it and why? Any other tips or advice?
I'm just a customer and an end-user. I don't have a business relationship or partnership with AWS. I have pretty good experience in AWS. I have a certificate in AWS. I'd rate the solution at a ten out of ten. We've been extremely satisfied with the solution.
I won't recommend it at the moment because I don't have a full picture to recommend it or say that it is bad or good. I'll probably just keep testing and go with it for probably another six months or a year, and then I can probably recommend it or not. Other vendors are also providing solutions for D-DOS protection and WAF. It would be nice to see something outside the box for AWS WAF to make it compete with other vendors. I would rate AWS WAF a seven out of ten. It does what it is supposed to do, probably not in the best way and not in the best UI, but it works. We like the pricing part, but management is the thing that we don't love the most. If things keep improving, we're definitely going to scale with AWS WAF.
On a scale of one to ten where one is the worst and ten is the best, I would rate this product as a seven-out-of-ten. A change in the pricing structure that favors the client and simplification is something they would have to do to improve to make that score closer to a ten.
On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a seven or an eight. I do not like to give it a solid rating as of now because we are still in the process of implementing it. Once we have completed the implementation, we will be able to give you a proper answer. As recent as two weeks we were still considering ManageEngine, but we did finally decide in our comparisons that it cannot provide all of the features that we are looking for.
We're using the latest version of the solution. When customers tend to use multi-cloud vendors and multi-cloud environments, they want solid security protection. That's where the third party comes into the purchase. If any customer is specific to some cloud like AWS or Azure, we won't recommend third party. We'll try to use AWS's own specific services so that it's smarter cost-wise and flexibility wise, so it adds value to the customer. However, when things go to a multi-cloud environment or a hybrid cloud architecture, that's when the third party comes into the picture. I would recommend this solution to companies who are looking for cloud solutions with firewall flexibility. AWS is very user-friendly and largely inexpensive, however, if an organization has the budget, there are lots of great products out there that do largely the same thing. I'd rate the solution eight out of ten.
I think AWS WAF is a great solution. You can define big and a bit smaller architectures and scale out architecture as you need, due to the edge location. Its features are very amazing. I would definitely recommend AWS WAF. I asked my security director to move from our internal WAF to the AWS WAF because we can make global unique WAF services for our on-premise web servers and also our AWS web servers with one common rule and one common authority to manage these rules I would rate AWS WAF an eight out of ten.
My advice for anybody who is implementing this solution is not to simply look it up on Google before starting to use it. I would suggest taking some training courses, start to understand how it works internally, and then begin using it. Overall, it is a good product and it generally fits well for my purposes. I would rate this solution a seven out of ten.
The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products. I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva. I would rate this product a seven out of 10.
We use the public cloud deployment model. We use the Amazon cloud. From a technology perspective, Amazon is very simple. It requires, in order for it to run effectively, quite a mature cloud-based culture within your organization, however. My advice to others would be to get their operating model internally right before going ahead with the implementation. I would rate the solution nine out of ten.
We use the public cloud deployment model. I use everything AWS. I need it to work for me, and it does. I hope that the solution continues to improve, but for me, it's perfect right now. For those considering implementing the solution, I would advise that they understand how networks work because sometimes they can be quite complex. Many architects do not understand the basic concepts of networking. I would recommend the solution. I would rate it nine out of ten.
My advice is "go for it, use it." In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.
We have an above average security posture.
The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it. We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up. I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.
It's pretty good, as long as the pricing matches your budget. I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.
Everybody handles their own platform differently. Some people love what they have but haven't necessarily experienced anything else. This platform is a good one. If you have your own platform and you think it's better, that's fine. But get a taste of this one, try it and see how it feels in terms of security. Security has always been a problem and it will always be a problem. There's no security platform or software that is 100 percent. We don't know when a Zero-day will happen. Hackers are everywhere, they are creating things and innovating every day. As far as I am concerned right now, the platform is good. It's doing its job. I rate the solution at six out of ten. I don't want to give them 100 percent because sometimes things happen.
Which is better and why?
We required a 24/7 automated vulnerability monitoring tool for securing our web applications. We are looking for options like Sitelock and Immuniweb.