Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.
$0.60
per 1 million requests
WatchGuard Network Security
Score 8.6 out of 10
N/A
WatchGuard Network Security is a network security and firewall software. WatchGuard includes secure Wi-Fi, multi-factor authentication, and network intelligence products and services designed for SMB’s.
Well Suited: 1. To prevent DDOS attacks: AWS WAF has a lot of managed rules to prevent DDOS attacks based on traffic origination from a particular IP or IP reputation etc. 2. To rate-limit requests: Well it sounds familiar like preventing DDOS attacks, but it can also be used to rate-limit requests originating from the same IP address. We have used this feature so that we can test multiple failure scenarios for our application. 3. To prevent Data crawling: The BOT control feature allows us to prevent BOTs from crawling data on our websites. Not Suited: 1. To integrate applications outside of AWS Cloud: As I mentioned in my previous comments, this type of integration requires a custom implementation of another AWS resource.
WatchGuard Network Security is probably appropriate in a middle-sized businesses. It allows for great flexibility and customization without sacrificing the ease of use. It probably lacks most of the features an enterprise customer would require, such as various in depth routing features. For a smaller customer, it might be needlessly complex and harder to get started with.
Protect any application against the most common attacks.
Provides better visibility of web traffic.
It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
It is able to block common attacks such as SQL code injection.
It allows defining specific rules for applications, thus increasing web security as they are developed.
AWS WAF is a bit costly if used for single applications.
they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
Sometimes, it is not very intuitive. You'll not know how to use certain features unless you read the documentation.
Some settings in the firebox are not visible unless you enter edit mode. This can cause inadvertent issues if you make a change when you just want to review the settings.
The use of blocks in the design of the Firewatch interface can be confusing. A better design could have been used.
We have been using AWS WAF for the past 3 years in front of our websites. We find it useful in preventing data crawling, DDOS attacks, etc on our websites, and hence we are going to use it in the future as well. AWS WAF is one of the best Firewalls in business.
I'm giving this note to WatchGuard Network Security due to its ease of daily support (after acquiring necessary knowledge in the solution), which allows agility in configuration changes, its integration of several reliable security features (such as SSL VPN, VPN Virtual Interfaces between companies, and others) and functional and stability in operation, with no downtime in the equipment due to problems or malfunctions
The product is highly scalable. It is easy to configure the rules and thereby helps us to mitigate many vulnerabilities. The interface and programming of the firewall provisions were easy to setup. Amazon clearly spent a lot of time figuring this out and perfecting it. It allows users to do customized configurations based on their needs. It provides protection against a number of security issues like XSS, SQL injection, etc. I would definitely recommend this for protecting your infra as you scale, since this basically protects and filters all requests hitting your application server.
Although it might take some time to figure out, we have been able to use WatchGuard's online reference library and tech support to create/implement/modify all of our filtering rules and exceptions needed. There really has not been a shortcoming other than perhaps a learning curve.
Availability has always been a strong point of this product, it is rare that watchguard does not have a solution for customers' network monitoring needs.
The performance of WatchGuard Network Security is very good, in the years that we have used the solution we have only had a single error and Watchguard itself was able to solve it. Furthermore, when purchasing any product, the partner always evaluates the capacity of the solution to recommend the most appropriate product for our needs.
If you're intending to use AWS WAF, I would say that you absolutely should sign up for support. AWS Support is excellent and they can help you in a really good way to solve your issues.
We have only had to contact them once during the initial set up to help bring the internet back on line. After that for the most part our systems have been automated, and could easily be checked form their online FAQ and Knowledge base that they provide. Everything else is easily handled from their browser based interface
We participate to a in person training and the three days of learning was really useful and complete to gain skill to solve the major part of the problem we encounter during our life. And more the in person training give us the opportunity to create a network with other WatchGuard partner.
I had my key information for setting up the firewall, and they assisted me in finding the settings and appropriate places to enter data. They also helped troubleshoot when I didn't understand some of their feature concepts, and we got it running.
Easy of use. Setup and configuration is fairly quick. There are the usual advantages of it being a cloud solution where you can buy into the solution, configure it and set it up and get it up and running. If you are already a subscriber to AWS, having a native service has its advantages.
Our tech had previous experience with WatchGuard Network Security and the Fortinet devices we were using weren't functioning to the standards we needed them to. As costs have increased with WatchGuard Network Security and across the board, we are looking for a different vendor from WatchGuard Network Security at renewal. WatchGuard Network Security offers a great product, but it costs.
This product is very scalable since previously everything related to Watchguard was on premises but that has now changed with the inclusion of watchguard cloud. Now the product has evolved to have full control of firewalls at the cloud level.
Implementing this AWS service has been really favorable because when creating custom rules we give more specific protection to our applications against vulnerabilities that cause them to be consuming other resources or running with errors.
It allows us to control the traffic of our business applications, which is really favorable, given that in this way we can decide that you can access them and not.
It is extremely advantageous that we can establish rules in a centralized way since it saves time, as well as it allows us to protect several applications at the same time by reusing the rules established above.
It allows you to save time and money because we only pay for what is used.
