Imperva Web Application Firewall Reviews

Our primary use case is for protection of all our web applications.

Imperva Web Application Firewall is a very good solution and very feasible for any corporation. We can almost accommodate everything with this solution. We were able to accommodate almost all our use cases with this. This is one of the best solutions I have found so far.

The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security.

In terms of what could be improved, I would say reporting on the cloud side.

Additionally, I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic.

In the next release I would like to see more API security.

I have been using Imperva Web Application Firewall for almost five years.

We currently use a hybrid version but we are moving towards purely 100% cloud where we will shortly get rid of all the appliances.

Its stability is very good. In all aspects, it is very good. It is beyond my expectations actually.

In terms of scaling, Imperva Web Application Firewall is amazing. The product is really good so far.

We have very few users with direct usage - 10 users approximately.

There is zero maintenance.

Their customer support is very good. They are very quick.

I previously used F5 and something else whose name I don't remember.

We made the switch to Imperva because it is one of the best solutions on the market.

The initial setup is very easy.

It just took a few days.

We used the consultant. Our experience with them was not bad. But as I mentioned, things are not difficult here. It is fairly easy.

My advice to anyone considering Imperva Web Application Firewall is that they can safely go to this environment without having a second thought. I have done so much testing. I did so many use cases. It never failed so far.

On a scale of one to ten, I would give Imperva Web Application Firewall a 10.

It is complicated to integrate the solution's on-cloud version with other platforms. 

I have been using the solution for six years.

It is a stable solution.

The solution is scalable. We have 20 applications hosted on its on-premises version and around five applications on mobile infrastructure. A team of three administrators manages the operations.

The solution's technical support is good.

Positive

I have used F5 and Barracuda before. Both solutions are easy to use.

The solution's initial setup is easy and takes two or three days to complete.

We implemented the solution with the help of its reseller.

The solution is stable and easy to manage. I rate it a nine out of ten.

We are using this solution for backing up all of our day-to-day use data and the ability to restore it when we want. For example, when there is a catastrophe or disaster.

The most important feature I have found to be the ease in how to do the backup and restores.

The process to upgrade from one version to another can be a lot simpler than it is currently.

I have been using this solution for six years.

When it comes to stability the solution work well.

The solution in my experience has been scalable. In my organization we have approximately 10,000 users using the solution, the whole company uses it.

The initial setup was straightforward. We have a team that does the maintenance of the solution.

There is a license for this solution and we purchase the license annually with no additional fees.

My advice is to follow the three, two, one backup rule, this solution is very suitable for this. Make sure you are defining your mean time for recovery of the backup, and try to see that it makes the mean time.

I rate Imperva Web Application Firewall a nine out of ten.

For some time now, I have been the CTO of a consulting company and our main issue is web application security. We also handle database security.

This is one of the solutions that we implement for our clients.

The primary use of this solution is the protection of applications.

This product has a logical perspective of negative and positive security. Negative meaning all of the blacklisted websites, and the positive is the profiling of the website itself. Impera can see and activate the policy, based on what it has learned. Imperva learns things like how dynamic content is dealt with, and what the permitted values are. When you combine these two perspectives, the negative and the positive, you get the optimal protection of the application.

When you want to move to a higher version of the platform, it is not in the GUI and not very easy to do. I expect that this will be available in the next version.

I think that better bot protection is needed in this solution. Bot protection is one of the features in Imperva that lets you recognize if their request is coming from a human or coming from a bot. In this context, a bot is a mechanism being used by the attacker. Good bot protection will reduce a lot of the attacks coming into the applications.

This solution is pretty stable.

If you build this solution properly then you have scalability.

We do not use technical support very often. It is only in cases where we get something that looks like a bug. Their team is good.

The initial setup of this solution is user-friendly and pretty straightforward.

However, the setup, in order to bring the application into inspection, is kind of complex. You need to know what you're doing. It takes approximately four hours to install, setup, and configure this platform.

My team and I handle the integration of this solution for our clients.

The number of people required depends on the environment. Sometimes it is one person, whereas other times there are two.

We have three people who take care of maintaining this solution for our customers.

The cost of this solution depends on the platform. For example, you may be buying virtual or you may be buying appliances. It also depends on the number of environments and the bandwidth that is required.

Compared to other web application firewalls in the market, Imperva does things in the most accurate way.

Overall, Imperva is a pretty good product.

I am working with the development team for Imperva in Israel, and I have submitted some feature requests for things that I think should be changed. Everything that should be fixed, we have a discussion on it and it is probable that these things will be fixed.

My advice to anybody who is implementing this solution is to first go and learn the attack surfaces because you need to protect the assets from attack. In order to do this, you need to understand the attacks. Let's say that a good defense is a good offense.

The biggest lesson that I have learned from working with this solution is to back up the system all of the time. Do it step by step, and be very precise. Have plans for each and every move, all of the time.

I would rate this solution a nine out of ten.

Protects and secures all our web sites.

• Learning mode.
• Custom policies.
• Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance.

The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year.

No issues with stability.

No issues with scalability.

10 out of 10 for local support, seven out of 10 for Imperva Professional Services.

Straightforward. Easy to install and config.

F5.

I rate it a 10 out of 10 because of the ability to apply real-time changes or creations, export and import applications learned, and it's very easy to use. It also features system logs or incidents, granular configuration in relation to a SIEM. It is the best product on the market, in my opinion. Cyber security leader.

The solution is being used for communication.

If something goes wrong, there is a quick switch between nodes, wherever there's an attack against a specific area. The security setup is reasonably easy. It's easy to do setups, rules, and integrations. The backend team is also willing to help if there are questions that we cannot answer.

The UI interface needs improvement. 

I have been using Imperva Web Application Firewall for six months. 

The solution is highly stable. I rate the stability a ten out of ten. 

It is a scalable solution. I would rate it a nine out of ten. 

The initial setup is easy. The deployment depends on the customer's solution but does not take more than a few hours. I rate the initial setup an eight out of ten. 

It is a very affordable solution.

I would definitely recommend the solution. I rate the solution an eight out of ten. 

Imperva Web Application Firewall is used for protecting web applications.

The most valuable features of the Imperva Web Application Firewall are performance and flexibility. We can extend or customize the box itself.

Imperva Web Application Firewall could improve the console by making it easier to use. 

I have been using Imperva Web Application Firewall for approximately six years.

Imperva Web Application Firewall is stable.

The stability of the Imperva Web Application Firewall is good.

We have approximately three or four clients using this solution.

The support from Imperva Web Application Firewall is very good. They are handling support well, giving suggestions, and solving the issues.

The initial setup of the Imperva Web Application Firewall is straightforward. The process for us is simple, we have been doing it for years.

We have one person that does the deployment of the Imperva Web Application Firewall.

We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive.

I recommend this solution to others.

I rate Imperva Web Application Firewall an eight out of ten.

We primarily use the solution for database security.

Basically, the solution is a web application firewall that is used to protect against multiple types of attacks online. It is used for web attacks - mostly DDoS attacks, cross-site scripting attacks, or SQL injection attacks. 

There is also multiple HTTP protocol compliance. If there is any violation it will be detected by this application. It is used for detecting an illegal file type, illegal URL, or bots. 

The solution can prevent a geolocation attack also. If any application is not allowed from certain countries, it will not allow access. We can detect everything via the web application firewall. 

The solution offers good security against a variety of web attacks.

The protection from DDoS attacks is very useful. The DDoS attack is a very powerful attack that can harm a company's services. If an application is deployed to any web server or database our service will slow and will go down. A user would not be able to access our service until we can fix the issue. It's a deal if a company can avoid getting hit with DDoS attacks and having something that can effectively protect a company is extremely useful.

The solution has been quite stable. I have not seen any bugs at all.

Until now, it is good. There are no issues. As an analyst, I simply monitor. I don't really get too far into the technical aspects of the solution.

Occasionally, I've noticed that the web application firewall was down. If we are not using proper storage, proper memory, proper CPU, and if multiple attacks happen at one time, they will be detected by our web application firewall. Sometimes our web application firewall will slow down. In that sense, it needs some improvement. We do have a precaution for if the solution goes down. We basically, need to increase the memory and the storage and the CPU utilization, so that we can prevent our company from malicious activity. 

I cannot say which type of memory or storage should be improved. The requirements depend on the organization. What organizations need and which type of configurations would work best as per their requirements depend completely on that.

I've been working with the solution for about three years or so. It's been a while. I've been mostly working with it over the last 12 months or so.

The solution is quite stable. There are no bugs or glitches - or at least, I haven't seen any problems on that front. It doesn't crash or freeze. It's reliable.

Right now, it depends on the company and its needs. I can't speak to if there are plans to increase usage.

I've never been in touch with technical support. I can't speak to how knowledgeable and responsive they are, having never communicated with them directly. As an analyst, it's not my responsibility to deal with technical issues directly.

It's my understanding that this company has only used this solution. However, if I move somewhere else, it's possible that something else may be used.

I wasn't part of the initial setup. I can't speak to how easy or difficult the process was.

I am not sure of the exact licensing costs of the solution. The licensing is a management decision. The costs and payments are handled by them.

We use the solution's latest version.

We have a partnership with Imperva within our company.

I'd rate the solution at a nine out of ten. We've been mostly quite happy with its capabilities.