Try our new research platform with insights from 80,000+ expert users

Fortinet FortiWeb vs Imperva DDoS comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
71
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (14th)
Fortinet FortiWeb
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
93
Ranking in other categories
Web Application Firewall (WAF) (4th)
Imperva DDoS
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
77
Ranking in other categories
CDN (7th), Web Application Firewall (WAF) (23rd), Distributed Denial-of-Service (DDoS) Protection (9th)
 

Featured Reviews

Spencer Malmad - PeerSpot reviewer
It's easy to set up because you point the DNS to it, and it's working in under 15 minutes
Cloudflare is highly scalable. Cloudflare is a system with a web portal that the end users like me see. It's a console where we can adjust the DNS, caching, and security features all in that console. Cloudflare owns thousands of servers across the world that cache the data. It's a powerful solution. When clients sign up for Cloudflare, they're getting this monster content delivery network, security, and a web application firewall in one. It's all rolled into one, and it's massive. Unless you have your website hosted on a massive hosting provider, there's no way that you can deliver the amount of data that Cloudflare can provide to the end users. If you have static content, there's no way that you can ever match what Cloudflare can do. Obviously, there are competitors to Cloudflare that do the same, but I'm saying other types of solutions. Let's say you go with F5. Great, that's on-prem. That's in your colo. You can't deliver as much data to the internet as you can with a CDN. You don't have to spend $20,000 on a net scaler, F5, or whatever Cisco's selling now. You don't have to buy that. You pay them $50 a month or $150 a month. It's totally worth it because even in five years, you'll never get the performance value, not just the actual ROI. You have to consider how much throughput you can get with Cloudflare.
Kacem CHAMMALI - PeerSpot reviewer
Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb
The xFF, or X-Forwarded-For feature, IP reputation, and protected hostname. We can block access using the IP address, so no one can connect to our web server or website using the real IP. They need to use the FQDN instead. Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb and the option to protect the hostname. All traffic passes through FortiWeb. Machine learning capabilities in FortiWeb: I don't use machine learning all the time. In the initial phase of FortiWeb deployment, we use the learning process to detect the traffic passing through FortiGate to our website.
DerrickAkankwasa - PeerSpot reviewer
Provide DDoS protection and better security at effective rate
It is expanding its number of data centers for scrubbing traffic. Currently, there is only one POP for cleaning in South Africa. They might add another POP in North Africa, possibly in Nigeria or Egypt. Latency concerns customers, especially in regions like East and West Africa, where traffic has to travel to South Africa before returning. Increasing the number of POPs across the continent would help address these latency issues and improve overall service. While the platform is already quite strong, there’s always room for improvement, especially in keeping up with emerging trends and new types of attacks. Enhancing security capabilities could be beneficial. Integrating more advanced AI features could significantly improve its effectiveness and help customers leverage these tools more effectively. It would be great to see more focus on AI integration to handle and analyze data more efficiently.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is a stable solution. I rate the stability a ten out of ten...I rate the scalability a ten out of ten."
"DDoS attacks target unprotected machines. Cloudflare detects and stops these attacks using internal systems. It identifies incoming DDoS attacks, issuing challenges or blocking them immediately."
"The most valuable feature of Cloudflare DNS is security."
"It is easier to configure and develop documentation to see how we have configured firewalls."
"Cloudflare allows us to self-host services such as Rocket.Chat and Node-RED, in high-availability mode, thanks to round robin DNS which allows us to share one hostname between our two locations."
"The solution provides good load balancing and protection against DDoS attacks."
"Many websites require an SSL certificate because they sell stuff and want SSL. Cloudflare comes with an SSL certificate built in. It's automatic. You sign yourself up for Cloudflare, and an SSL certificate automatically protects your website. You don't necessarily need a certificate if you have a connection between your website and your host, the server, Cloudflare, and the host."
"Easier http to https redirect using page rules"
"The solution has a good sandbox feature."
"High-performance and detection engines, provide a high rate of exposure of web attacks."
"Fortinet FortiWeb has improved my organization by protecting our customer's web infrastructure environment."
"The reporting and token system is good."
"The most valuable features in Fortinet FortiWeb are sandboxing and threat prevention."
"It offers some feedback and suggestions that guide our system development while helping our vendors to update their applications and fix any issues or bugs."
"Both the internal firewall management and the cloud can be managed by a single console."
"The GUI is user-friendly."
"Provides Anti-DDoS protection, as well as other protections like SQL injection, Cross-Site Scripting, and antiscanner. These types of protection are valuable to the business due to the daily attacks on our portals, and that often cannot be seen without a tool like this."
"We have peace of mind that nobody will use malware on us or try to hack our website."
"It is an effective threat mitigation tool."
"The dashboard is good and user-friendly."
"On the site security, I can see which countries have incidents, whether it was a robot attack, a real human user, or non-human user."
"The most valuable features are DDoS protection."
"It is a stable solution."
"They're quite easy to install and quite easy to set up. Clients really like that. Especially when you're dealing with the cloud, it's really easy."
 

Cons

"The product needs to improve its automation."
"It should be easier to collect the logs with companies like Sumo. However, based on my discussions with the salespeople, I understand that's how they make their money. With the enterprise product, they want people doing those kinds of enterprise features to do the logging. They want them to pay a lot of money, and that's where I have an issue with them. That should be a default. You should be able to get the log no matter what. The logging should be universal."
"It would be helpful if the solution could continue evolving to compete with the other solutions on the market."
"I think the APIs are a little bit hard for us to work with. The APIs could be more open so that we could integrate better with our SolarWinds or our monitoring solution."
"The tool needs to improve caching of servers. The product needs to include PFX certificate as well."
"Areas like how assessment, discovery, and payload are dealt with and how it all comes into your organization can be considered when trying to make suggestions to Cloudflare for improvements."
"The product support needs to be accessible from more places, a wider area of coverage."
"It would be good if Cloudflare could have more servers for better traffic routing or an increase in the traffic routed. This is what I'd like to improve in Cloudflare."
"When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it."
"In my experience, Fortinet FortiWeb could improve the intelligent features to acknowledge whether any threat or incident that's running happened. Then give us the ability to escalate it to layer 2 or layer 3 in the network operations."
"The GUI could be better. It's limited."
"When there is downtime at their data center, it becomes a transit point issue for us, causing downtime in our environment as well."
"​Their support needs improvement."
"The false positives are annoying.​"
"Their documentation is fairly complete, but it's sometimes a little bit difficult to search for exactly what you're looking for to resolve an issue. There have been times when we've gone to try to search for areas that we needed to get information on, and it has not always been extremely clear exactly how a particular thing needs to be set up."
"We have had problems with deployments where we've had to contact technical support to resolve them."
"A limited tool if you're looking to customize."
"Analytics in the area of risk need to be improved to supply more information to the users for creating better environments."
"Imperva always needs to adjust to new versions of cyber attacks, it needs to be faster, improve the resiliency of the software of the solution."
"It would be better if we were able to manage and apply changes to multiple websites/web applications, and search WAF logs for multiple websites, via the Incapsula dashboard."
"I would like to have support for SSL management and secure DNS."
"Its price could be improved. It is quite expensive. It will be good if we could export the configuration. Currently, to control the configuration, we need to go to each website, which is not very convenient."
"Incapsula services also provides load balancing services for their service IP address environment. So far, with monitoring their services, the IP address was only changed once."
"Pricing can be improved, as it is quite expensive."
 

Pricing and Cost Advice

"There are no additional costs beyond the standard licensing fees."
"I believe their performance has improved, but I'd like to refrain from discussing the pricing aspect related to the cloud. The pricing, in my opinion, could be simplified, and I think they should consider reevaluating the pricing for support, as it can be quite high. At times, this cost can make it challenging to choose CARFAGuard or opt for the support."
"So far I use free tier and happy with it. You can subscribe to business package if needed."
"In terms of licensing costs, we don't pay for licensing for Cloudflare. We only establish communication, then for peering, Cloudflare takes care of the cross-connection in different data centers."
"The cost primarily depends on the size of the organization."
"I give the price a five out of ten."
"It's a premium model. You can start at zero and work your way up to the enterprise model, which has a very high pricing level."
"The tool is a premium product, so it is very expensive."
"If one is cheap and ten is expensive, I rate the tool an eight."
"The cost isn't expensive."
"The price is competitive."
"It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise."
"It is fine now. We had to earlier negotiate the price."
"If one is very cheap and ten is very expensive, I rate the product price as three or four."
"FortiWeb is more expensive than some competing products."
"​It really pays off to buy licences for multiple years​."
"The cost is on par with other solutions such as Cloudflare and Akamai."
"There is a license or subscription renewal that our customers pay."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a five out of ten."
"We have an issue with Imperva Incapsula in the Iraqi market because of the high price."
"It is expensive."
"Pricing could be more competitive."
"It is a very expensive solution. The price is very high. A lot of customers tell us that they would love to use Imperva more. I have some customers who have 50 websites, but they have only 10 websites on Imperva because of the price. They would love to have all their websites running through Imperva, but they can't. They have to choose the more critical websites to protect because the price is very high. It is a very good product, but it is too expensive. If you buy a plan for 20 megabytes and you don't consume all of your 20 megabytes, it is okay, but if you consume more, you are charged for the superior traffic."
"We are satisfied with the pricing."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
824,145 professionals have used our research since 2012.
 

Comparison Review

it_user68487 - PeerSpot reviewer
Nov 6, 2013
CloudFlare vs Incapsula: Web Application Firewall
CloudFlare vs Incapsula: Round 2 Web Application Firewall Comparative Penetration Testing Analysis Report v1.0 Summary This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web…
 

Top Industries

By visitors reading reviews
Educational Organization
25%
Computer Software Company
13%
Comms Service Provider
7%
Financial Services Firm
7%
Educational Organization
43%
Computer Software Company
9%
Financial Services Firm
8%
Government
4%
Financial Services Firm
17%
Computer Software Company
14%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What do you like most about Fortinet FortiWeb?
The WAF profiles has been effective at mitigating web-based threats.
What is your experience regarding pricing and costs for Fortinet FortiWeb?
The pricing of Fortinet FortiWeb is affordable and competitive.
What needs improvement with Fortinet FortiWeb?
I see no room for improvement at the moment.
What do you like most about Imperva Incapsula?
We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping.
What is your experience regarding pricing and costs for Imperva DDoS?
The pricing is rated a ten on a scale where ten is very expensive. The solution is only cloud-based and does not prov...
What needs improvement with Imperva DDoS?
Pricing can be improved, as it is quite expensive. Additionally, support response times for emails can sometimes be d...
 

Also Known As

Cloudflare DNS
No data available
Imperva Incapsula
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
Hitachi, BNZ, Bitstamp, Moz, InnoGames, BTCChina, Wix, LivePerson, Zillow and more.
Find out what your peers are saying about Fortinet FortiWeb vs. Imperva DDoS and other solutions. Updated: December 2024.
824,145 professionals have used our research since 2012.