Our primary use case is for protection of all our web applications.
Application Security Engineer at a insurance company with 10,001+ employees
One of the best solutions on the market for protecting all your web applications
Pros and Cons
- "The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security."
- "I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic."
What is our primary use case?
How has it helped my organization?
Imperva Web Application Firewall is a very good solution and very feasible for any corporation. We can almost accommodate everything with this solution. We were able to accommodate almost all our use cases with this. This is one of the best solutions I have found so far.
What is most valuable?
The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security.
What needs improvement?
In terms of what could be improved, I would say reporting on the cloud side.
Additionally, I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic.
In the next release I would like to see more API security.
Buyer's Guide
Imperva Web Application Firewall
March 2025

Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Imperva Web Application Firewall for almost five years.
We currently use a hybrid version but we are moving towards purely 100% cloud where we will shortly get rid of all the appliances.
What do I think about the stability of the solution?
Its stability is very good. In all aspects, it is very good. It is beyond my expectations actually.
What do I think about the scalability of the solution?
In terms of scaling, Imperva Web Application Firewall is amazing. The product is really good so far.
We have very few users with direct usage - 10 users approximately.
There is zero maintenance.
How are customer service and support?
Their customer support is very good. They are very quick.
Which solution did I use previously and why did I switch?
I previously used F5 and something else whose name I don't remember.
We made the switch to Imperva because it is one of the best solutions on the market.
How was the initial setup?
The initial setup is very easy.
It just took a few days.
What about the implementation team?
We used the consultant. Our experience with them was not bad. But as I mentioned, things are not difficult here. It is fairly easy.
What other advice do I have?
My advice to anyone considering Imperva Web Application Firewall is that they can safely go to this environment without having a second thought. I have done so much testing. I did so many use cases. It never failed so far.
On a scale of one to ten, I would give Imperva Web Application Firewall a 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Security Architect at a individual & family service with 1,001-5,000 employees
Stable and easy-to-manage solution with good technical support service
Pros and Cons
- "The solution is scalable."
- "It is complicated to integrate the solution's on-cloud version with other platforms."
What needs improvement?
It is complicated to integrate the solution's on-cloud version with other platforms.
For how long have I used the solution?
I have been using the solution for six years.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
The solution is scalable. We have 20 applications hosted on its on-premises version and around five applications on mobile infrastructure. A team of three administrators manages the operations.
How are customer service and support?
The solution's technical support is good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used F5 and Barracuda before. Both solutions are easy to use.
How was the initial setup?
The solution's initial setup is easy and takes two or three days to complete.
What about the implementation team?
We implemented the solution with the help of its reseller.
What other advice do I have?
The solution is stable and easy to manage. I rate it a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Imperva Web Application Firewall
March 2025

Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
Acquisitions Leader at a healthcare company with 10,001+ employees
Reliable, and has easy backup and restore functions
Pros and Cons
- "The most important feature I have found to be the ease in how to do the backup and restores."
- "The process to upgrade from one version to another can be a lot simpler than it is currently."
What is our primary use case?
We are using this solution for backing up all of our day-to-day use data and the ability to restore it when we want. For example, when there is a catastrophe or disaster.
What is most valuable?
The most important feature I have found to be the ease in how to do the backup and restores.
What needs improvement?
The process to upgrade from one version to another can be a lot simpler than it is currently.
For how long have I used the solution?
I have been using this solution for six years.
What do I think about the stability of the solution?
When it comes to stability the solution work well.
What do I think about the scalability of the solution?
The solution in my experience has been scalable. In my organization we have approximately 10,000 users using the solution, the whole company uses it.
How was the initial setup?
The initial setup was straightforward. We have a team that does the maintenance of the solution.
What's my experience with pricing, setup cost, and licensing?
There is a license for this solution and we purchase the license annually with no additional fees.
What other advice do I have?
My advice is to follow the three, two, one backup rule, this solution is very suitable for this. Make sure you are defining your mean time for recovery of the backup, and try to see that it makes the mean time.
I rate Imperva Web Application Firewall a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at CyberApp
Dual perspective of positive and negative security makes for optimal protection
Pros and Cons
- "Compared to other web application firewalls in the market, Imperva does things in the most accurate way."
- "I think that better bot protection is needed in this solution."
What is our primary use case?
For some time now, I have been the CTO of a consulting company and our main issue is web application security. We also handle database security.
This is one of the solutions that we implement for our clients.
The primary use of this solution is the protection of applications.
What is most valuable?
This product has a logical perspective of negative and positive security. Negative meaning all of the blacklisted websites, and the positive is the profiling of the website itself. Impera can see and activate the policy, based on what it has learned. Imperva learns things like how dynamic content is dealt with, and what the permitted values are. When you combine these two perspectives, the negative and the positive, you get the optimal protection of the application.
What needs improvement?
When you want to move to a higher version of the platform, it is not in the GUI and not very easy to do. I expect that this will be available in the next version.
I think that better bot protection is needed in this solution. Bot protection is one of the features in Imperva that lets you recognize if their request is coming from a human or coming from a bot. In this context, a bot is a mechanism being used by the attacker. Good bot protection will reduce a lot of the attacks coming into the applications.
For how long have I used the solution?
I have been using this solution for about eight years.
What do I think about the stability of the solution?
This solution is pretty stable.
What do I think about the scalability of the solution?
If you build this solution properly then you have scalability.
How are customer service and technical support?
We do not use technical support very often. It is only in cases where we get something that looks like a bug. Their team is good.
How was the initial setup?
The initial setup of this solution is user-friendly and pretty straightforward.
However, the setup, in order to bring the application into inspection, is kind of complex. You need to know what you're doing. It takes approximately four hours to install, setup, and configure this platform.
What about the implementation team?
My team and I handle the integration of this solution for our clients.
The number of people required depends on the environment. Sometimes it is one person, whereas other times there are two.
We have three people who take care of maintaining this solution for our customers.
What's my experience with pricing, setup cost, and licensing?
The cost of this solution depends on the platform. For example, you may be buying virtual or you may be buying appliances. It also depends on the number of environments and the bandwidth that is required.
Which other solutions did I evaluate?
Compared to other web application firewalls in the market, Imperva does things in the most accurate way.
What other advice do I have?
Overall, Imperva is a pretty good product.
I am working with the development team for Imperva in Israel, and I have submitted some feature requests for things that I think should be changed. Everything that should be fixed, we have a discussion on it and it is probable that these things will be fixed.
My advice to anybody who is implementing this solution is to first go and learn the attack surfaces because you need to protect the assets from attack. In order to do this, you need to understand the attacks. Let's say that a good defense is a good offense.
The biggest lesson that I have learned from working with this solution is to back up the system all of the time. Do it step by step, and be very precise. Have plans for each and every move, all of the time.
I would rate this solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber and Information Security Officer at a energy/utilities company with 10,001+ employees
We can define custom policies, apply real-time changes and granular configuration
Pros and Cons
- "Learning mode and custom policies are helpful features."
- "Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance."
- "The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year."
How has it helped my organization?
Protects and secures all our web sites.
What is most valuable?
- Learning mode.
- Custom policies.
- Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance.
What needs improvement?
The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
No issues with scalability.
How is customer service and technical support?
10 out of 10 for local support, seven out of 10 for Imperva Professional Services.
How was the initial setup?
Straightforward. Easy to install and config.
Which other solutions did I evaluate?
F5.
What other advice do I have?
I rate it a 10 out of 10 because of the ability to apply real-time changes or creations, export and import applications learned, and it's very easy to use. It also features system logs or incidents, granular configuration in relation to a SIEM. It is the best product on the market, in my opinion. Cyber security leader.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Cyber Security Specialist Architect at Cyberlinx
Provides out-of-the-box security for web applications
Pros and Cons
- "There is a quick switch between any of the the nodes if something goes wrong, where there's a there's an attack against a specific area. The security setup is reasonably easy. It's not a problem to do setups and rules and integrations. And, yeah, just the the back end team is also very willing to insist if there's questions that that we cannot answer or with these questions that we do have"
- "The UI interface needs improvement."
What is our primary use case?
The solution is being used for communication.
What is most valuable?
If something goes wrong, there is a quick switch between nodes, wherever there's an attack against a specific area. The security setup is reasonably easy. It's easy to do setups, rules, and integrations. The backend team is also willing to help if there are questions that we cannot answer.
What needs improvement?
The UI interface needs improvement.
For how long have I used the solution?
I have been using Imperva Web Application Firewall for six months.
What do I think about the stability of the solution?
The solution is highly stable. I rate the stability a ten out of ten.
What do I think about the scalability of the solution?
It is a scalable solution. I would rate it a nine out of ten.
How was the initial setup?
The initial setup is easy. The deployment depends on the customer's solution but does not take more than a few hours. I rate the initial setup an eight out of ten.
What's my experience with pricing, setup cost, and licensing?
It is a very affordable solution.
What other advice do I have?
I would definitely recommend the solution. I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Presales Engineer at SNSIN
Flexible, good performance, and helpful support
Pros and Cons
- "The most valuable features of the Imperva Web Application Firewall are performance and flexibility. We can extend or customize the box itself."
- "Imperva Web Application Firewall could improve the console by making it easier to use."
What is our primary use case?
Imperva Web Application Firewall is used for protecting web applications.
What is most valuable?
The most valuable features of the Imperva Web Application Firewall are performance and flexibility. We can extend or customize the box itself.
What needs improvement?
Imperva Web Application Firewall could improve the console by making it easier to use.
For how long have I used the solution?
I have been using Imperva Web Application Firewall for approximately six years.
What do I think about the stability of the solution?
Imperva Web Application Firewall is stable.
What do I think about the scalability of the solution?
The stability of the Imperva Web Application Firewall is good.
We have approximately three or four clients using this solution.
How are customer service and support?
The support from Imperva Web Application Firewall is very good. They are handling support well, giving suggestions, and solving the issues.
How was the initial setup?
The initial setup of the Imperva Web Application Firewall is straightforward. The process for us is simple, we have been doing it for years.
What about the implementation team?
We have one person that does the deployment of the Imperva Web Application Firewall.
What's my experience with pricing, setup cost, and licensing?
We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive.
What other advice do I have?
I recommend this solution to others.
I rate Imperva Web Application Firewall an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Software Developer at a computer software company with 1,001-5,000 employees
Stable, protects well against a variety of attacks, especially DDoS
Pros and Cons
- "The solution has been quite stable. I have not seen any bugs at all."
- "Sometimes our web application firewall will slow down."
What is our primary use case?
We primarily use the solution for database security.
Basically, the solution is a web application firewall that is used to protect against multiple types of attacks online. It is used for web attacks - mostly DDoS attacks, cross-site scripting attacks, or SQL injection attacks.
There is also multiple HTTP protocol compliance. If there is any violation it will be detected by this application. It is used for detecting an illegal file type, illegal URL, or bots.
The solution can prevent a geolocation attack also. If any application is not allowed from certain countries, it will not allow access. We can detect everything via the web application firewall.
What is most valuable?
The solution offers good security against a variety of web attacks.
The protection from DDoS attacks is very useful. The DDoS attack is a very powerful attack that can harm a company's services. If an application is deployed to any web server or database our service will slow and will go down. A user would not be able to access our service until we can fix the issue. It's a deal if a company can avoid getting hit with DDoS attacks and having something that can effectively protect a company is extremely useful.
The solution has been quite stable. I have not seen any bugs at all.
What needs improvement?
Until now, it is good. There are no issues. As an analyst, I simply monitor. I don't really get too far into the technical aspects of the solution.
Occasionally, I've noticed that the web application firewall was down. If we are not using proper storage, proper memory, proper CPU, and if multiple attacks happen at one time, they will be detected by our web application firewall. Sometimes our web application firewall will slow down. In that sense, it needs some improvement. We do have a precaution for if the solution goes down. We basically, need to increase the memory and the storage and the CPU utilization, so that we can prevent our company from malicious activity.
I cannot say which type of memory or storage should be improved. The requirements depend on the organization. What organizations need and which type of configurations would work best as per their requirements depend completely on that.
For how long have I used the solution?
I've been working with the solution for about three years or so. It's been a while. I've been mostly working with it over the last 12 months or so.
What do I think about the stability of the solution?
The solution is quite stable. There are no bugs or glitches - or at least, I haven't seen any problems on that front. It doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
Right now, it depends on the company and its needs. I can't speak to if there are plans to increase usage.
How are customer service and technical support?
I've never been in touch with technical support. I can't speak to how knowledgeable and responsive they are, having never communicated with them directly. As an analyst, it's not my responsibility to deal with technical issues directly.
Which solution did I use previously and why did I switch?
It's my understanding that this company has only used this solution. However, if I move somewhere else, it's possible that something else may be used.
How was the initial setup?
I wasn't part of the initial setup. I can't speak to how easy or difficult the process was.
What's my experience with pricing, setup cost, and licensing?
I am not sure of the exact licensing costs of the solution. The licensing is a management decision. The costs and payments are handled by them.
What other advice do I have?
We use the solution's latest version.
We have a partnership with Imperva within our company.
I'd rate the solution at a nine out of ten. We've been mostly quite happy with its capabilities.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Buyer's Guide
Download our free Imperva Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Azure Application Gateway
Azure Front Door
F5 Advanced WAF
Fortinet FortiWeb
Cloudflare Web Application Firewall
Imperva DDoS
Akamai App and API Protector
Azure Web Application Firewall
Radware Alteon
NGINX App Protect
Barracuda Web Application Firewall
Buyer's Guide
Download our free Imperva Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Imperva WAF vs. Barracuda: Which One is Better?
- Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
- Which lesser known firewall product has the best chance at unseating the market leaders?
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy