Try our new research platform with insights from 80,000+ expert users
IOANNIS  Katsaounis - PeerSpot reviewer
Solutions Architect at Uni Systems
Real User
A stable and state-of-the-art solution that helps to meet security requirements
Pros and Cons
  • "I am impressed with the product's scalability, availability, easy management, and security. We were able to integrate the product with Azure and Sentinel."
  • "I would like the solution to improve its support response time."

What is our primary use case?

The tool helps us to meet security requirements. 

What is most valuable?

I am impressed with the product's scalability, availability, easy management, and security. We were able to integrate the product with Azure and Sentinel. 

What needs improvement?

I would like the solution to improve its support response time. 

For how long have I used the solution?

I am working on the solution for two to three years. 

Buyer's Guide
Imperva Web Application Firewall
December 2024
Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.

What do I think about the stability of the solution?

I would rate the product's stability a nine out of ten. 

What do I think about the scalability of the solution?

I would rate the solution's scalability a nine out of ten. We have more than eight to nine sites that are covered by the tool. 

How was the initial setup?

The solution's deployment gets completed in less than 15 minutes. 

What other advice do I have?

I would rate the product a nine out of ten. I discussed with the security teams and they consider the tool a state-of-the-art product. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Sonny Bernard - PeerSpot reviewer
Security Consultant at FPG Technologies and Solutions LTD
Real User
Useful database monitoring, simple dashboards, and scalable
Pros and Cons
  • "The most valuable features of Imperva Web Application Firewall are the monitoring of databases and the dashboards are easy to understand."
  • "Imperva Web Application Firewall could improve the API integration. It was complex for us. Additionally, The onboarding could be better."

What is our primary use case?

We are using Imperva Web Application Firewall to monitor databases.

What is most valuable?

The most valuable features of Imperva Web Application Firewall are the monitoring of databases and the dashboards are easy to understand.

What needs improvement?

Imperva Web Application Firewall could improve the API integration. It was complex for us. Additionally, The onboarding could be better.

For how long have I used the solution?

I have been using Imperva Web Application Firewall for approximately three months.

What do I think about the stability of the solution?

Imperva Web Application Firewall is stable.

What do I think about the scalability of the solution?

The scalability of the Imperva Web Application Firewall is good.

How was the initial setup?

The initial setup of the Imperva Web Application Firewall is complex.

I rate the initial setup of Imperva Web Application Firewall a four out of five.

What other advice do I have?

I rate Imperva Web Application Firewall a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Imperva Web Application Firewall
December 2024
Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
PeerSpot user
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Consultant
Leaderboard
Gives me peace of mind, blocks everything we need it to block
Pros and Cons
  • "It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."
  • "There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering."

What is our primary use case?

Our primary use case is to protect our cloud production environment.

How has it helped my organization?

We have a co-location that we do with our QA and Dev and our pre-production environment. We do everything there. We built it for the production environment so we deploy everything in the cloud. We have the web application firewall in the cloud, after the proxy.

What is most valuable?

It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF.

The interface is very user-friendly. You get used to it. It's very convenient.

What needs improvement?

There could be some limitations rom the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily, because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go.

Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering. That's why you need Incapsula.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability. It has never crashed.

What do I think about the scalability of the solution?

Scalability is affordable. There are no issues with the process of scaling.

They have centralized management, in terms of scalability. They have centralized policy control, they have centralized application profile information. On the dashboard they have Signature Update, Monitoring, Reporting. They clearly thought about the large-scale when they made this product.

How are customer service and technical support?

We use a partner here in Puerto Rico for Imperva. We have a guy in our shop every day, full-time.

Which solution did I use previously and why did I switch?

We used Fortigate. We switched because it's not a WAF. When you have a WAF, you want that WAF to do all kinds of configurations, to promote the firewall, to work the way you want it. Imperva came with everything, the whole package.

How was the initial setup?

The initial setup was a little bit complex. But a third-party took care of everything. It's not like putting milk on cereal when you are working with these kinds of configurations. The effectiveness of a web application is going to come from the analysis of what your organization needs. If you don't have that information before you go into Imperva, you're going to have a lot to do when you get there. You need to know what you're doing. It's not something you can take out of the box and put in your infrastructure. It's somewhat hardcore to deal with these kinds of solutions. 

What's my experience with pricing, setup cost, and licensing?

Make sure you understand the way that Imperva charges. It's very affordable. However, I would like to see a package with the Virtual Patching included. You get to do patching separately.

Which other solutions did I evaluate?

We had F5, Akamai, Fortinet, Barracuda. We may have looked at Juniper as well, I don't remember. Not too many companies have a WAF. Not all the firewall companies are WAF makers.

What other advice do I have?

I think it's perfect. It's a very good application. When you do large-scale deployment you want to protect your physical web application with Imperva, trust me. It gives me peace of mind.

These are guys are from Israel and you should see that place. These guys are the best I have ever seen. They do all kinds of stuff and there is nothing that they cannot do. These people are incredible. They can configure and develop anything, customized, if you want it. Everything has a price, but they can do it right now. They don't have a "no."

We use Imperva with Incapsula so we have web security, we have DDoS protection, we have content delivery networking, we have load-balancing. We do everything with Incapsula cloud. For example, if you have an internet threat, that threat is trying to access your web application. Depending on the threat that you are receiving, the activity monitor is going to be triggered. Once that activity monitor gets triggered, the vulnerability management is going to defend you. It doesn't work for everything the same way. It's very intelligent.

Without tuning, it blocked 88 percent of the vulnerabilities, and when we tuned it, it blocked 98 percent. Whatever was not blocked didn't harm us. We use a third-party for tuning. We tell them what to do it and they do it. They get it done fast, sometimes in two to three days. It depends on what you're asking for. If you're asking for more accuracy, they go the distance to solve your problem. For example, the other day I had some keywords, some attack signatures that they were looking at for false-positives and false negatives, which are two different things. One of the main reasons we got Imperva is that we wanted to block attacks while limiting the number of false positives. I wanted the application scanner not to generate false positives by creating violations. I gave them the information, and the next day it was solved.

To put it in a high-level perspective, you are paying to see the things that are important, but you get a lot of noise. I wanted to reduce that noise. They allowed me to do that. 

Make sure you have the right testing methodology for Virtual Patching. If you want to take your patching to under 30 days, this is the product for you. We reduced it to five days. I think we are the only company where the patching is under five days. We are only doing it at the database-level right now. But we took it down to five days. 

There are proper ways to test a WAF, but the main advice I can give you is that you should not just generate attack traffic. The most effective method, for me, would be to generate both attack and legitimate traffic. That kind of approach will give you a way to rate the ability of the WAF to detect malicious traffic and to distinguish malicious traffic from good traffic. Provide real-world testing scenarios, in which the WAF must block attacks and avoid blocking good traffic at the same time. You will be able to measure how many false positives you're getting. That is the best way to test a WAF: Don't only to generate attack traffic.

Another piece of advice, and here I will jump  to the main fears of this environment - SQL injections, cross-site scripting, which I hate, DT's (Directory Traversals) - is that you need to provide another layer here which is IPS. IPS products will all rely on signatures. They are going to be created by the scanner to stop anything, that's just the basics of threat prevention. If these signatures are easy to circumvent, by using comments and encoding at the same time, they will be available for the WAF to stop any kind of session or cookie tampering. What I'm saying is that there should be technical attack protection. You should be thinking not only about WAF but combining WAF and IPS.

You need to find an IPS that works with it. Imperva has something similar to an IPS, it's not an IPS per se. For example, an IPS cannot detect or stop fraud malware. For that, you need to add certain other levels of security and combine it with employee training. If you get the web application, which is called SecureSphere, the WAF, it will protect you against web page fraud because they go by black IPs. So you can help the IPS on that side and the IPS can help you letting you know what to block from the internal network. You should be considering a combination of WAF and IPS.

Another thing to take into consideration for people who are starting, with respect to deploying a WAF, is that they should validate the accuracy of the solution and the ability it has to protect any application and help you with monitoring and management. It's not just technical stuff.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Fauzan Adhima - PeerSpot reviewer
Technical Support Engineer at PT. Sinergy Informasi Pratama
Real User
Improves security of web applications but UI needs enhancement
Pros and Cons
  • "The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications."
  • "The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier."

What is most valuable?

The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications. 

What needs improvement?

The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier. 

For how long have I used the solution?

I have been using the product for three years. 

What do I think about the stability of the solution?

I rate the tool's stability an eight out of ten. We have encountered bugs, but they are fixed fast. 

What do I think about the scalability of the solution?

I rate Imperva Web Application Firewall's scalability an eight to nine out of ten. 

How are customer service and support?

Imperva Web Application Firewall's customer support is good and responsive. However, they are less responsive on public holidays. 

How would you rate customer service and support?

Positive

How was the initial setup?

Imperva Web Application Firewall's deployment is easy. Onboarding a website on Imperva Web Application Firewall is much easier than Fortinet. With the product, the process is simplified, as you only need to enter your application's IP address on the website for the site, and the profiling firewall automates the process. For large-scale web applications, deployment can take four days to complete. 

What's my experience with pricing, setup cost, and licensing?

Imperva Web Application Firewall's pricing is expensive. 

What other advice do I have?

I rate Imperva Web Application Firewall a nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
reviewer2308284 - PeerSpot reviewer
Solutions Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 20
A proactive security solution that protects web applications and APIs and enables easy administration
Pros and Cons
  • "We can prevent attacks or issues even before they happen."
  • "Sometimes, support tickets don't get addressed quickly."

What is our primary use case?

The solution is used by SMBs and enterprises that have a lot of websites that they need to protect.

How has it helped my organization?

Since the product is categorized in Gartner as a Web Application and API Protection tool, it protects APIs and web applications. It provides bot and client-side protection. I have done POCs. Once the platform is configured to block DDoS attacks, no traffic regarding DDoS or bots gets into the application.

What is most valuable?

If the clients have requirements for APIs and microservices, we can offer such services with the help of the solution. We can offer it as a security solution that protects APIs and microservices. Imperva’s real-time monitoring makes it very easy for administrators to monitor their existing web applications.

What needs improvement?

My clients raised a concern that even if they need the tool only for DDoS protection, they still have to buy the WAF license. It’s difficult to position the tool if the client already has a WAF solution and needs Imperva only for DDoS protection.

For how long have I used the solution?

I have been using the solution since June last year.

What do I think about the stability of the solution?

I rate the tool’s stability a ten out of ten. Since I've been onboarded, I haven't had any issues.

What do I think about the scalability of the solution?

I rate the tool’s scalability a ten out of ten. Imperva allows only clean traffic. The scalability is based on the clean traffic and not the overall bandwidth of the client. Our clients are mostly enterprise businesses. I have some SMB customers.

How are customer service and support?

Sometimes, support tickets don't get addressed quickly. However, the support team gets to it eventually.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is very easy. I rate the ease of setup a ten out of ten. The time taken for deployment depends on the number of applications we want to onboard. Usually, we can do it in a day.

What was our ROI?

Imperva is a very proactive solution. It is not reactive. We can prevent attacks or issues even before they happen. It is something people must consider since many enterprises are facing DDoS attacks, and their data is getting compromised.

What's my experience with pricing, setup cost, and licensing?

I rate the solution’s pricing a seven out of ten. Some solutions are cheaper than Imperva. Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF.

What other advice do I have?

We are partners. I rate the product's integration with our client's IT infrastructure a nine out of ten. It is easily integrated since many configurations are needed to onboard Imperva into a client’s infrastructure fully. Overall, I rate the product a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1803495 - PeerSpot reviewer
SOAR Consultant at a tech services company with 1,001-5,000 employees
Consultant
Scalable and stable firewall for web applications with a good interface, but path and traffic visibility need improvement
Pros and Cons
  • "Very scalable and very stable firewall for web applications, with a good interface in its cloud version. Mitigation is its most valuable feature. The technical support for this product is also good."
  • "Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement."

What is most valuable?

The mitigation feature is what I find most valuable in Imperva Web Application Firewall. The interface of the cloud version of this solution is also good.

What needs improvement?

Every product has a room for improvement, and in Imperva Web Application Firewall, we found a limitation when we need to check which email IP traffic is coming from, e.g. we cannot find it.

Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement. If we can populate those information, we can block them in our firewalls, and that would make this solution better.

Though the cloud interface of Imperva Web Application Firewall is good, the interface of the on-premises version is not as appealing, and it's what I'd like to see improved in the next release of this solution.

What do I think about the stability of the solution?

Imperva Web Application Firewall is a very stable solution.

What do I think about the scalability of the solution?

The cloud version of Imperva Web Application Firewall is very scalable.

How are customer service and support?

Technical support for this solution is good.

How was the initial setup?

It's very easy to set up the cloud version of Imperva Web Application Firewall. It's not difficult, because you just need to map your DNS, and that's it. Setting up this solution is not a problem.

What other advice do I have?

I'm working as a cyber security consultant and I provide Imperva Web Application Firewall and other similar solutions to customers.

We are working in the Middle East, e.g. we are deploying solutions to different organizations.

I don't have any input on the pricing for Imperva Web Application Firewall, as that part is covered by the research team.

I don't have advice for people looking into implementing this solution, except that everyone has different opinions and different requirements. Every organization has different requirements, and their choices will be based on their requirements. If all their requirements are fulfilled by Imperva Web Application Firewall, then they'll want to implement or use it.

I've giving Imperva Web Application Firewall a score of seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Roi-Nahari - PeerSpot reviewer
CTO at CyberApp
Real User
Top 5
Dual perspective of positive and negative security makes for optimal protection
Pros and Cons
  • "Compared to other web application firewalls in the market, Imperva does things in the most accurate way."
  • "I think that better bot protection is needed in this solution."

What is our primary use case?

For some time now, I have been the CTO of a consulting company and our main issue is web application security. We also handle database security.

This is one of the solutions that we implement for our clients.

The primary use of this solution is the protection of applications.

What is most valuable?

This product has a logical perspective of negative and positive security. Negative meaning all of the blacklisted websites, and the positive is the profiling of the website itself. Impera can see and activate the policy, based on what it has learned. Imperva learns things like how dynamic content is dealt with, and what the permitted values are. When you combine these two perspectives, the negative and the positive, you get the optimal protection of the application.

What needs improvement?

When you want to move to a higher version of the platform, it is not in the GUI and not very easy to do. I expect that this will be available in the next version.

I think that better bot protection is needed in this solution. Bot protection is one of the features in Imperva that lets you recognize if their request is coming from a human or coming from a bot. In this context, a bot is a mechanism being used by the attacker. Good bot protection will reduce a lot of the attacks coming into the applications.

For how long have I used the solution?

I have been using this solution for about eight years.

What do I think about the stability of the solution?

This solution is pretty stable.

What do I think about the scalability of the solution?

If you build this solution properly then you have scalability.

How are customer service and technical support?

We do not use technical support very often. It is only in cases where we get something that looks like a bug. Their team is good.

How was the initial setup?

The initial setup of this solution is user-friendly and pretty straightforward.

However, the setup, in order to bring the application into inspection, is kind of complex. You need to know what you're doing. It takes approximately four hours to install, setup, and configure this platform.

What about the implementation team?

My team and I handle the integration of this solution for our clients.

The number of people required depends on the environment. Sometimes it is one person, whereas other times there are two.

We have three people who take care of maintaining this solution for our customers.

What's my experience with pricing, setup cost, and licensing?

The cost of this solution depends on the platform. For example, you may be buying virtual or you may be buying appliances. It also depends on the number of environments and the bandwidth that is required.

Which other solutions did I evaluate?

Compared to other web application firewalls in the market, Imperva does things in the most accurate way.

What other advice do I have?

Overall, Imperva is a pretty good product.

I am working with the development team for Imperva in Israel, and I have submitted some feature requests for things that I think should be changed. Everything that should be fixed, we have a discussion on it and it is probable that these things will be fixed.

My advice to anybody who is implementing this solution is to first go and learn the attack surfaces because you need to protect the assets from attack. In order to do this, you need to understand the attacks. Let's say that a good defense is a good offense.

The biggest lesson that I have learned from working with this solution is to back up the system all of the time. Do it step by step, and be very precise. Have plans for each and every move, all of the time.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manager, IS Security & Infrastructure at Fintech Kenya Limited
Real User
User-friendly with good performance and helps to secure digital assets
Pros and Cons
  • "It mitigates all of the availabilities of risks around web applications."
  • "Their portal is very limited and needs improvement."

What is our primary use case?

We are a reseller and integration partner, and we have customers who are using this solution in on-premises deployments.

How has it helped my organization?

This solution has helped in securing our clients' assets, which is key. It mitigates all of the availabilities of risks around web applications.

What is most valuable?

The most valuable feature of this solution is web application security.

This is a user-friendly solution.

This solution has good performance ratings.

What needs improvement?

I would like to see more support available for this product online. Some customers find this to be a real limitation.

The virtual processing could be improved.

Their portal is very limited and needs improvement.

For how long have I used the solution?

We have been using this solution for close to five years.

What do I think about the stability of the solution?

This is a very stable solution.

What do I think about the scalability of the solution?

The solution is very scalable, but of course, the scalability comes with a cost.

How are customer service and technical support?

I think that technical support needs to be improved by making it more localized, or regionalized. Our support is currently coming from the US, and it is not very good. They need to take care of their global customers.

Which solution did I use previously and why did I switch?

We previously used Fortinet, but this solution has better performance ratings.

How was the initial setup?

I don't want to say that the initial setup is straightforward, but it is manageable. It requires a bit of technical knowledge.

What other advice do I have?

This is a solution that I highly recommend.

The biggest lesson that I have learned from this solution is that Imperva is not a one-house solution. They create a specialized solution, and that comes with a lot of value.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Imperva Web Application Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Imperva Web Application Firewall Report and get advice and tips from experienced pros sharing their opinions.