Jul 13, 2017
Firstly, implementing WAF is an excellent decision. With application logic and date being at the core of the technology stack value, WAF is the most reasonable place to monitor application traffic and defend from hacker's attacks.
I have recently published a blog post on the issues one needs to consider when selecting a WAF.
In addition, here are some thoughts on the specific questions you are asking
Both F5 and Imperva are excellent WAF offerings with long track records and both will likely do a good job detecting known OWASP 10 threats. That said, both F5 and iMPERVA are signature based WAF technologies. For zero-day threats for which no signatures exist, no protection is provided until someone creates a signature and is able to write a rule for protection. For more agile 0 day threat protection you may want to consider a machine-learning driven solution which creates application-specific security rules automatically.
As far as administration is concerned, F5 natively integrates with the application delivery system (ADC) which makes deployment & routing administration easier.
The other aspect of the administration is addressing false positivies that WAF generates to avoid interfering with normal application operations. Because of false positives, many of the iMPERVA and F5 customers deploy these solutions in non-blocking mode with the main goal of providing visibility.
Deciding which detected incidents require action is what requires the bulk of administration by security experts with deep knowledge of web application code and web application security.
On the subject of costs and benefits, a lot of the benefits of the traditional WAF systems are centered around compliance. These are often hard to quantify but are the cost of doing business.
Other than that, costs of WAF, as with most security solution, come less from the cost of the licenses and more from the cost of administering the solution and putting in integrations with other systems to derive real benefits. Again, machine learning-based system can help here with an automated and continuous approach. Essentially such system performs the jobs of a Red Team and a Blue Team in AI.
Overall, both iMPERVA and F5 are good solutions, but before making your final decision consider if you want to go with a signature-based WAF or deploy a machine-learning driven solution like Wallarm.
