How Are Application Protection Solutions Rated?
Application protection solutions are tools and technologies designed to secure applications against threats during runtime and after deployment. They help prevent attacks such as reverse engineering, tampering, code injection, and data theft. These solutions are essential for applications running in untrusted environments, such as on end-user devices or in distributed cloud infrastructure.
There are two main types of ratings for application protection solutions:
- User ratings reflect real-world experiences from those who deploy and maintain application protection solutions. These ratings are typically aggregated from customer reviews on software marketplaces, third-party evaluation platforms, or industry forums. However, user ratings can be influenced by subjective factors, such as individual expectations or isolated incidents.
- Analyst ratings assess solutions based on objective performance criteria, security benchmarks, and formal certifications. These evaluations are often conducted by industry analysts, independent labs, or regulatory bodies. They typically examine protection strength against specific attack vectors, compliance with security standards, platform coverage, and update frequency.
This article will focus on user ratings on platforms like Gartner Peer Insights.
Learn more in our detailed guide to application protection tools.
In this article:
| Product |
Avg. Score |
User Pros |
User Cons |
| Radware Cloud Application Protection Services |
4.7 |
Behavioral-based detection, flexible configuration, unified platform, effective geo-filtering, clear dashboard |
Complex setup, limited RBAC, console performance issues, restricted admin access, small user community |
| F5 Web Application and API Protection |
4.6 |
Unified dashboard, easy setup, flexible environment support, detailed logging, strong threat protection |
Confusing UI, complex config, unintuitive SIEM logs, stability issues, rigid licensing |
| Akamai App and API Protector |
4.8 |
Easy deployment, responsive support, good documentation, strong bot defense, seamless integration |
Difficult troubleshooting, high cost, support needed for complex cases, occasional downtimes, contract limitations |
| Imperva WAF |
4.4 |
Easy onboarding, strong default rules, effective learning mode, regular CVE updates, responsive support |
No dark mode, cipher support issues, limited DDoS protection, occasional technical issues |
| Cloudflare WAF |
4.5 |
Customizable rules, intuitive dashboard, strong performance, fast updates, broad usability |
Slow support, over-restrictive defaults, missing Layer 3/4 features, Terraform gaps |
1. Radware Cloud Application Protection Services
Radware Cloud Application Protection Services offer an integrated, AI-powered security solution designed to stop modern threats across all vectors. By combining multiple protection modules into a single platform, Radware ensures that attack data is shared in real time, enabling faster, coordinated responses. Its AI engine enhances every layer of defense, allowing the system to detect and adapt to new threat patterns automatically.
The solution now includes LLM Firewall protection, which extends security to generative AI tools by protecting large language models at the prompt level. With full coverage across environments (on-premises, cloud, hybrid, and Kubernetes) Radware provides automated, behavior-based defense against zero-day attacks, API threats, bots, DDoS assaults, and more.
Key Features:
- Comprehensive: Covers all OWASP vectors, including new protections for LLM threats
- Automated: Uses AI-driven algorithms to update security policies with minimal false positives
- Frictionless and Adaptive: Fits into DevOps workflows and adapts to app and platform changes
- Consistent: Delivers uniform protection across public, private, hybrid, and container environments
- Low Operational Overhead: Backed by managed services and 24x7 Emergency Response Team
- In-Depth Visibility: Offers analytics, automation, and controls for better decision-making and threat management
User Ratings
Aggregate user rating score on Gartner Peer Insights: 4.7
Common themes in positive reviews:
- Strong behavioral-based threat detection with automated mitigation
- Flexible configuration of security features without needing to enable CDN or caching
- Unified platform with WAF, bot protection, API security, and real-time analytics
- Geo-fencing and traffic filtering features are easy to use and effective
- Clear dashboard with useful threat and traffic visibility
Common themes in negative reviews:
- Initial setup and advanced configurations can be complex
- Limited role-based access control and permission granularity
- Console performance issues can delay policy updates
- Smaller community size and limited staging/simulation features reduce self-service options
2. F5 Web Application and API Protection
F5's Web Application and API Protection solution provides a unified platform for securing applications across on-premises, cloud, and hybrid environments. It addresses risks from zero-day vulnerabilities, automated attacks, and misconfigured APIs by offering layered protection.
Key Features
- Zero-day vulnerability mitigation: Protects against emerging threats with virtual patching and continuous threat monitoring
- Full-lifecycle API security: Discovers and secures APIs from development to production using AI-driven insights
- Bot management: Detects and blocks malicious automation while preserving legitimate user activity
- DDoS protection: Defends against multi-vector denial-of-service attacks across all infrastructure layers
- Consistent policy enforcement: Ensures unified security controls across hybrid and multicloud deployments
User Ratings
Aggregate user rating score on Gartner Peer Insights: 4.6
Common themes in positive reviews:
- Unified dashboard with real-time logs and centralized policy management
- Easy setup and user-friendly interface for WAF operations
- Flexible integration across environments and cloud platforms
- High visibility into traffic and security events through detailed logging
- Effective protection against a broad range of web and API threats
Common themes in negative reviews:
- UI can be confusing or outdated, with steep learning curve
- Complex configuration and difficult certificate renewal process
- Logging format to SIEM is not intuitive compared to competitors
- Issues with product stability, scalability, and vendor support
- Licensing model lacks clarity and flexibility for testing or upgrades
3. Akamai App and API Protector
Akamai App and API Protector provides unified security for websites, applications, and APIs through an adaptive platform. It combines web application firewall (WAF), bot management, DDoS protection, and API security. Its security engine learns from evolving attack patterns, enabling real-time threat defense.
Key Features
- Adaptive threat protection: Uses machine learning to detect and respond to zero-day threats, CVEs, and OWASP-related attacks
- All-in-one security stack: Combines WAF, L7 DDoS protection, bot mitigation, and API security in a single solution
- Real-time request inspection: Defends against DDoS, malicious bots, and application-level attacks with continuous analysis
- Self-tuning capabilities: Automatically adjusts protections and reduces manual tuning through AI-driven insights
- API discovery and sensitive data protection: Identifies exposed APIs and protects critical data without additional tooling
User Ratings
Aggregate user rating score on Gartner Peer Insights: 4.8
Common themes in positive reviews:
- Easy to configure and deploy across environments
- Strong customer support with responsive assistance
- Clear documentation that supports quick onboarding
- Reliable bot detection and attack mitigation capabilities
- Smooth integration with existing systems and workflows
Common themes in negative reviews:
- Troubleshooting blocked requests can be time-consuming
- Pricing may be high for some use cases or contracts
- Complex issues often require support team involvement
- Occasional service downtimes reported
- Standard contract limitations noted by some users
4. Imperva WAF
Imperva WAF provides protection for web applications and APIs across cloud, hybrid, or on-premises environments while maintaining accuracy and low false positive rates. Backed by Imperva’s global SOC and Threat Research Labs, the WAF benefits from continuously updated, pre-tested rule sets that require no manual tuning.
Key Features
- Blocking mode: Over 90% of customers use it in blocking mode thanks to pre-tested managed rules and near-zero false positives
- Automated rule updates: Rules are written and tested by Imperva Threat Research, with daily and real-time updates pushed to production environments
- Multi-environment deployment: Protects applications in public/private cloud, on-premises, hybrid, or legacy environments
- Machine learning–driven analytics: Correlates thousands of security events into actionable, context-rich narratives to reduce alert fatigue
- OWASP protection: Defends against OWASP Top 10 vulnerabilities like SQL injection, and XSS
User Ratings
Aggregate user rating score on Gartner Peer Insights: 4.4
Common themes in positive reviews:
- Easy onboarding and configuration, including SSL setup
- Strong default rulebase with flexible customization options
- Effective learning mode for adapting to application traffic
- Regular updates for CVE protection and threat intelligence
- Responsive support and integration assistance from Imperva and partners
Common themes in negative reviews:
- Interface lacks dark mode and has limited visual customization
- Some issues with support for modern encryption ciphers
- Limited DDoS mitigation capabilities noted by some users
- Occasional technical issues like RAM leaks or AD integration limitations
- Minor compatibility issues with specific application servers reported
5. Cloudflare WAF
Cloudflare WAF delivers protection against web threats using a global network, real-time threat intelligence, and machine learning. Built into Cloudflare’s connectivity cloud, the WAF blocks zero-day exploits, OWASP Top 10 attacks, and automated threats without adding complexity to deployment or management.
Key Features
- Global threat intelligence: Leverages data from over 100 million HTTP requests per second to detect and block the latest attacks
- Machine learning-based detection: Uses analysis to automatically identify and mitigate emerging threats, including zero-days
- Fast deployment and ease of use: Enables quick setup with minimal configuration; no training or professional services required
- OWASP and custom rulesets: Combines Cloudflare-managed rules with customizable policies to address organization-specific risks
- Security capabilities: Includes exposed credential checks, rate limiting, and content scanning for uploaded files
User Ratings
Aggregate user rating score on Gartner Peer Insights: 4.5
Common themes in positive reviews:
- Highly customizable security rules and configurations
- Easy to implement and manage through an intuitive dashboard
- Strong protection and performance, even under attack
- Frequent updates and integration across Cloudflare services
- Useful for a broad range of organizations, with some features available at no cost
Common themes in negative reviews:
- Support responsiveness is inconsistent, with long resolution times
- Strict security settings can cause access issues if not tuned properly
- Limited functionality in some areas, like Layer 3/4 protection
- Some WAF features are missing or not yet supported in tools like Terraform
- Support interactions may lack depth, requiring more input from users
Conclusion
Application protection ratings offer a practical framework for evaluating security solutions in a crowded market. By combining technical assessments with user feedback, organizations gain a clearer understanding of product capabilities, operational impact, and long-term value. This dual perspective supports more informed decision-making, helping teams select tools that not only address current threats but also scale with future security and compliance needs.