AWS WAF vs. Cloudflare vs. Oracle Dyn Web Application Security Platform

AWS WAF

29 Reviews and Ratings

Cloudflare

556 Reviews and Ratings

Learn More

Oracle Dyn Web Application Security Platform

6 Reviews and Ratings

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
AWS WAF	Score 7.1 out of 10	N/A	Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.	$0.60 per 1 million requests
Cloudflare	Score 9.0 out of 10	N/A	Cloudflare’s connectivity cloud is a unified platform of cloud-native services designed to help enterprises regain control over their IT environments. Powered by an intelligent, programmable global cloud network, it is built to offer security, performance, visibility, and reliability.	$20 per month
Oracle Dyn WAF	Score 9.0 out of 10	N/A	Oracle Dyn Web Application Security Platform extends beyond just typical Web Application Firewall (WAF) capabilities to offer Access Control, Bot Management, application DDoS protection and API security.	N/A

Pricing

AWS WAF

Cloudflare

Oracle Dyn Web Application Security Platform

Editions & Modules

Resource Type - Request: $0.60
per 1 million requests
Resource Type - Rule: $1.00
per month (prorated hourly)
Resource Type - Web ACL: $5.00
per month (prorated hourly)

Pro: $20
per month
Business: $200
per month
Free: Free
Enterprise: Contact sales team

No answers on this topic

Offerings

Pricing Offerings
AWS WAF	Cloudflare	Oracle Dyn WAF
Free Trial
No	No	No
Free/Freemium Version
No	No	No
Premium Consulting/Integration Services
No	No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Pricing Info

Community Pulse
	AWS WAF	Cloudflare	Oracle Dyn Web Application Security Platform
Considered Multiple Products	AWS WAF Verified User Employee Chose AWS WAF When it comes to integration with AWS resources, we found that AWS WAF can easily integrate with CloudFront, API gateway, ALB, etc. When we analyzed other products, we found that the integration can be a little more difficult than just a click of a button. However, the pricing … Incentivized Helpful? maría jose gonzalez ortiz Software Developer Chose AWS WAF Unlike these other AWS tools, WAF provides real-time traffic control, rules that can be customized according to the needs of the user, and is based on an implementation in the cloud which avoids the use of memory on computers as well as an account with a very affordable cost … Incentivized Helpful?	Cloudflare Verified User Analyst Chose Cloudflare Cloudflare has more anti-threat features and is very easy to manage. AWS WAF is more complex to manage and does not contribute much against new threats. Furthermore, AWS WAF is not flexible when it comes to rules. Incentivized Helpful? Verified User Engineer Chose Cloudflare Overall we are using Cloudflare as well as AWS cloud across various domains in our organization. To some extent such as DNS management on Route53, CloudFront takes advantage of Cloudflare as it provides a straightforward UI for DNS management. But when it comes to traffic … Incentivized Helpful? Verified User C-Level Executive Chose Cloudflare Its more of having a protection from various threats under the same umbrella Incentivized Helpful? Milton Costa SRE Manager Chose Cloudflare The manageability is way better on Cloudflare. Incentivized Helpful? Randy Varela Red Team Lead Chose Cloudflare Cheaper and easier to manage. Incentivized Helpful?	Oracle Dyn WAF Verified User Engineer Chose Oracle Dyn Web Application Security Platform At the time we chose Zenedge, Dyn WAF was the clear leader. AWS WAF is almost 100% manual with no preset rules. Akamai and CloudFlare both excelled in CDN and Anti-DDoS services, but not in WAF services. Since that time, however, several competitors have appeared as well as … Incentivized Helpful? Jessica Davis Game Programmer Chose Oracle Dyn Web Application Security Platform After a long period of cyber security research and close encounters with distributed denial of service attacks, I chose to deploy Oracle Dyn Web Application Security Platform to safeguard our apps. Oracle Dyn provides my company with the security it needs for its important … Incentivized Helpful? Verified User Professional Chose Oracle Dyn Web Application Security Platform I already put this in earlier, but to repeat - they were easier to work with, more technically capable and knowledgeable and not just trying to sell us on something. Their willingness to solve for our problems and work with us made them the clear winner. Incentivized Helpful?

Features

AWS WAF

Cloudflare

Oracle Dyn Web Application Security Platform

DDoS Protection

Comparison of DDoS Protection features of Product A and Product B
	AWS WAF - Ratings	Cloudflare 10.0 1 Ratings 0% above category average	Oracle Dyn Web Application Security Platform - Ratings
Automatic Scalability	00 Ratings	10.01 Ratings	00 Ratings
Mitigation SLA	00 Ratings	10.01 Ratings	00 Ratings
Security policy management	00 Ratings	10.01 Ratings	00 Ratings
WAF capabilities	00 Ratings	10.01 Ratings	00 Ratings
Request rate limiting	00 Ratings	10.01 Ratings	00 Ratings
Traffic filtering	00 Ratings	10.01 Ratings	00 Ratings
Bot detection	00 Ratings	10.01 Ratings	00 Ratings
Global threat intelligence	00 Ratings	10.01 Ratings	00 Ratings
Real-time analytics and reporting	00 Ratings	10.01 Ratings	00 Ratings

Best Alternatives
	AWS WAF	Cloudflare	Oracle Dyn Web Application Security Platform
Small Businesses	Cloudflare Score 9.0 out of 10	No answers on this topic	Cloudflare Score 9.0 out of 10
Medium-sized Companies	F5 Big-IP Advanced WAF Score 9.3 out of 10	IBM Cloud Internet Services Score 9.0 out of 10	F5 Big-IP Advanced WAF Score 9.3 out of 10
Enterprises	F5 Big-IP Advanced WAF Score 9.3 out of 10	Akamai App & API Protector Score 8.5 out of 10	F5 Big-IP Advanced WAF Score 9.3 out of 10
All Alternatives	View all alternatives	View all alternatives	View all alternatives

User Ratings
	AWS WAF	Cloudflare	Oracle Dyn Web Application Security Platform
Likelihood to Recommend	9.0 (9 ratings)	9.1 (184 ratings)	9.0 (5 ratings)
Likelihood to Renew	9.0 (1 ratings)	8.2 (4 ratings)	- (0 ratings)
Usability	9.0 (2 ratings)	8.6 (8 ratings)	- (0 ratings)
Availability	- (0 ratings)	9.1 (2 ratings)	- (0 ratings)
Performance	- (0 ratings)	9.1 (2 ratings)	- (0 ratings)
Support Rating	9.0 (2 ratings)	7.7 (149 ratings)	- (0 ratings)
Implementation Rating	- (0 ratings)	8.6 (2 ratings)	- (0 ratings)
Configurability	- (0 ratings)	9.0 (1 ratings)	8.0 (4 ratings)
Ease of integration	- (0 ratings)	9.0 (2 ratings)	- (0 ratings)
Product Scalability	- (0 ratings)	9.1 (2 ratings)	- (0 ratings)
Vendor post-sale	- (0 ratings)	7.0 (1 ratings)	- (0 ratings)
Vendor pre-sale	- (0 ratings)	8.0 (1 ratings)	- (0 ratings)

User Testimonials
	AWS WAF	Cloudflare	Oracle Dyn Web Application Security Platform
Likelihood to Recommend	Amazon AWS Well Suited: 1. To prevent DDOS attacks: AWS WAF has a lot of managed rules to prevent DDOS attacks based on traffic origination from a particular IP or IP reputation etc. 2. To rate-limit requests: Well it sounds familiar like preventing DDOS attacks, but it can also be used to rate-limit requests originating from the same IP address. We have used this feature so that we can test multiple failure scenarios for our application. 3. To prevent Data crawling: The BOT control feature allows us to prevent BOTs from crawling data on our websites. Not Suited: 1. To integrate applications outside of AWS Cloud: As I mentioned in my previous comments, this type of integration requires a custom implementation of another AWS resource. Incentivized Verified User Anonymous Read full review	Cloudflare Cloudflare works well as security measure that gives peace of mind without needing to work too hard to get it functioning well. It provides great tools to customize the security experience as well. This is all the same for the caching tools as well. They have a lot of built in tools that make using the caching easy right out of the box, but they provide the customization options to get things just right for your site. Incentivized Verified User Anonymous Read full review	Oracle Their technical team is great, their portal is easily the best of those I have reviewed it against (including Akamai, CloudFlare, and Imperva), and they are a dedicated technology partner through and through. Incentivized Verified User Anonymous Read full review
Pros	Amazon AWS Protect any application against the most common attacks. Provides better visibility of web traffic. It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs. It is able to block common attacks such as SQL code injection. It allows defining specific rules for applications, thus increasing web security as they are developed. Incentivized Hanna Bedoya Software Developer Read full review	Cloudflare The best part is the content delivery network. Cloudflare has a large network of data centres around the world that helps cache and delivers content quickly to our customers. Cloudflare offers us with a fast and reliable DNS service and with the world class features such as Cloudflare workers, SSL verification, certificate management and web application firewall. When all of these are combined together, it provides very strict security for our organization. One of the most important feature that we use is the analytics and threat detection. It provides us with the real time insights of all the threats originating from multiple locations and landing on our websites. Incentivized Verified User Anonymous Read full review	Oracle Pre-populated rulesets - This allows engineers to quickly spin up new WAF instances without the need to configure extensive rulesets. Detailed audit logs - Logs show detailed information about traffic hitting the WAF as well as information the rules allowing or blocking the traffic. Change Management - Changes can be staged and applied when necessary, without interfering with current traffic. Incentivized Verified User Anonymous Read full review
Cons	Amazon AWS AWS WAF is a bit costly if used for single applications. they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack. CLI tool to test in offline mode if possible. Incentivized Zeel Pandya SAP ABAP Consultant Read full review	Cloudflare In some cases, using Cloudflare can actually lead to slower website speeds if the network is congested or if the website's traffic is particularly heavy. Some website owners may find that the level of customization offered by Cloudflare is limited, especially in comparison to other solutions. While Cloudflare is easy to set up and manage, it may be too complex for users who are not familiar with web technologies. Incentivized MS Manoj Kumar Sharma CIO & CTO Read full review	Oracle The purchase of Oracle Dyn into Oracle Dyn continues to develop the company, and while the process maturity is wonderful, it is worth mentioning. Many businesses were affected when their Express option was yanked from production too rapidly, resulting in significant costs and delays. Full 360-degree traffic and data visibility with ADC analytics integration. Incentivized Jessica Davis Game Programmer Read full review
Likelihood to Renew	Amazon AWS We have been using AWS WAF for the past 3 years in front of our websites. We find it useful in preventing data crawling, DDOS attacks, etc on our websites, and hence we are going to use it in the future as well. AWS WAF is one of the best Firewalls in business. Incentivized Verified User Anonymous Read full review	Cloudflare lower cost Incentivized Verified User Anonymous Read full review	Oracle No answers on this topic
Usability	Amazon AWS The product is highly scalable. It is easy to configure the rules and thereby helps us to mitigate many vulnerabilities. The interface and programming of the firewall provisions were easy to setup. Amazon clearly spent a lot of time figuring this out and perfecting it. It allows users to do customized configurations based on their needs. It provides protection against a number of security issues like XSS, SQL injection, etc. I would definitely recommend this for protecting your infra as you scale, since this basically protects and filters all requests hitting your application server. Incentivized Saim Jamali Head of Software & Services Read full review	Cloudflare Everything is extremely concise and all settings apply immediately and take effect globally. There is no reason to explicitly plan/think in terms of individual regions as one would have to traditional cloud offerings (AWS, OCI, Azure). All Cloudflare products integrate seamless as part of a single pipeline that executes from request to response. Incentivized Cetin Sert CEO (Chief Executive Officer) Read full review	Oracle No answers on this topic
Reliability and Availability	Amazon AWS No answers on this topic	Cloudflare In 6+ years of relying on Cloudflare, I think we experienced one or two brief outages that were Cloudflare's fault. Incentivized Verified User Anonymous Read full review	Oracle No answers on this topic
Performance	Amazon AWS No answers on this topic	Cloudflare Their Argo for the global network is the core feature we love. Incentivized Jack Duan Founder & CEO Read full review	Oracle No answers on this topic
Support Rating	Amazon AWS If you're intending to use AWS WAF, I would say that you absolutely should sign up for support. AWS Support is excellent and they can help you in a really good way to solve your issues. Incentivized OM Oscar Martinez DevOps Read full review	Cloudflare Excellent product, Cloudflare is a true pioneer of the modern Internet, providing tools, services, and expertise that vastly improve the performance and security of web services. Any issues are resolved quickly with detailed RCA and follow-ups published publicly. I'm thankful to Cloudflare and use their services both at work and at home. Incentivized Verified User Anonymous Read full review	Oracle No answers on this topic
Implementation Rating	Amazon AWS No answers on this topic	Cloudflare Very well executed implementation where our team was able to handle the implementation with guidance. Incentivized VK virender kundu CM(MS&IT) Read full review	Oracle No answers on this topic
Alternatives Considered	Amazon AWS Easy of use. Setup and configuration is fairly quick. There are the usual advantages of it being a cloud solution where you can buy into the solution, configure it and set it up and get it up and running. If you are already a subscriber to AWS, having a native service has its advantages. Incentivized Verified User Anonymous Read full review	Cloudflare They have the most generous free offering, and after the free offering limit is reached - you're still getting plenty of value for the buck. They have very good reputation. They have an ever expanding list of tools that can support multiple scenarios under one roof. Incentivized Verified User Anonymous Read full review	Oracle After several years involved with the issue of cyber security and having been very close with distributed denial of service attacks, having used several companies to protect our applications, I decided to opt for Oracle Dyn Web Application Security Platform. Definitely, Oracle Dyn gives my organization the protection we need for our critical applications, far away from the other companies that offer similar services. Incentivized Verified User Anonymous Read full review
Scalability	Amazon AWS No answers on this topic	Cloudflare They are built for scale and have the capacity to handle all the traffic we could ever expect to get. Incentivized Verified User Anonymous Read full review	Oracle No answers on this topic
Return on Investment	Amazon AWS Implementing this AWS service has been really favorable because when creating custom rules we give more specific protection to our applications against vulnerabilities that cause them to be consuming other resources or running with errors. It allows us to control the traffic of our business applications, which is really favorable, given that in this way we can decide that you can access them and not. It is extremely advantageous that we can establish rules in a centralized way since it saves time, as well as it allows us to protect several applications at the same time by reusing the rules established above. It allows you to save time and money because we only pay for what is used. Incentivized maría jose gonzalez ortiz Software Developer Read full review	Cloudflare Immediate ROI on Registrar and DNS hosting while giving a single plane of glass to managing both with domain registrations at cost, and no cost DNS hosting WAF helped us move at risk servers/applications into a protected state allowing us to perform remediations at a measured pace and get them done right instead of band aide solutions. CDN proxying increase the speed of our website while simultaneously reducing server load. DMARC management and report interpretation allow use to identify weak points in our email systems, remediate and move to stricter policies without significantly increasing staff time spent managing it. Incentivized Verified User Anonymous Read full review	Oracle Has a user-friendly interface that is both informative and intuitive. The client's websites are monitored round-the-clock by a staff that provides quick response in the event of any difficulties. Deploying it is a breeze. Incentivized Jessica Davis Game Programmer Read full review
ScreenShots