Imperva Web Application Firewall Reviews

Imperva Web Application Firewall is used for protecting web applications.

The most valuable features of the Imperva Web Application Firewall are performance and flexibility. We can extend or customize the box itself.

Imperva Web Application Firewall could improve the console by making it easier to use. 

I have been using Imperva Web Application Firewall for approximately six years.

Imperva Web Application Firewall is stable.

The stability of the Imperva Web Application Firewall is good.

We have approximately three or four clients using this solution.

The support from Imperva Web Application Firewall is very good. They are handling support well, giving suggestions, and solving the issues.

The initial setup of the Imperva Web Application Firewall is straightforward. The process for us is simple, we have been doing it for years.

We have one person that does the deployment of the Imperva Web Application Firewall.

We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive.

I recommend this solution to others.

I rate Imperva Web Application Firewall an eight out of ten.

We primarily use the solution for database security.

Basically, the solution is a web application firewall that is used to protect against multiple types of attacks online. It is used for web attacks - mostly DDoS attacks, cross-site scripting attacks, or SQL injection attacks. 

There is also multiple HTTP protocol compliance. If there is any violation it will be detected by this application. It is used for detecting an illegal file type, illegal URL, or bots. 

The solution can prevent a geolocation attack also. If any application is not allowed from certain countries, it will not allow access. We can detect everything via the web application firewall. 

The solution offers good security against a variety of web attacks.

The protection from DDoS attacks is very useful. The DDoS attack is a very powerful attack that can harm a company's services. If an application is deployed to any web server or database our service will slow and will go down. A user would not be able to access our service until we can fix the issue. It's a deal if a company can avoid getting hit with DDoS attacks and having something that can effectively protect a company is extremely useful.

The solution has been quite stable. I have not seen any bugs at all.

Until now, it is good. There are no issues. As an analyst, I simply monitor. I don't really get too far into the technical aspects of the solution.

Occasionally, I've noticed that the web application firewall was down. If we are not using proper storage, proper memory, proper CPU, and if multiple attacks happen at one time, they will be detected by our web application firewall. Sometimes our web application firewall will slow down. In that sense, it needs some improvement. We do have a precaution for if the solution goes down. We basically, need to increase the memory and the storage and the CPU utilization, so that we can prevent our company from malicious activity. 

I cannot say which type of memory or storage should be improved. The requirements depend on the organization. What organizations need and which type of configurations would work best as per their requirements depend completely on that.

I've been working with the solution for about three years or so. It's been a while. I've been mostly working with it over the last 12 months or so.

The solution is quite stable. There are no bugs or glitches - or at least, I haven't seen any problems on that front. It doesn't crash or freeze. It's reliable.

Right now, it depends on the company and its needs. I can't speak to if there are plans to increase usage.

I've never been in touch with technical support. I can't speak to how knowledgeable and responsive they are, having never communicated with them directly. As an analyst, it's not my responsibility to deal with technical issues directly.

It's my understanding that this company has only used this solution. However, if I move somewhere else, it's possible that something else may be used.

I wasn't part of the initial setup. I can't speak to how easy or difficult the process was.

I am not sure of the exact licensing costs of the solution. The licensing is a management decision. The costs and payments are handled by them.

We use the solution's latest version.

We have a partnership with Imperva within our company.

I'd rate the solution at a nine out of ten. We've been mostly quite happy with its capabilities.

The primary use was to cover the database. Imperva we recognized on the market as the best solution for techs on databases. The banks here in Chile always ask for these types of solutions.

The compliance is the most valuable aspect.

I just need it to be a stable and normal version. I'd want to hear about the new features to see which I would need.

I find this solution stable. We have 2,000 users in financial services.

The solution is scalable.

The setup initially was simple, but when we tried to run it we had problems with the log parameters and it was complicated to use. The operation was complicated to use, but that is just the experience of my team. It took two months to deploy. The setup and installation of the technologies took one week, and after that, one month to set up the parameters and after that, in order to set up the logs, it took about two weeks. So two months total. We have three engineers, including an architect and a security engineer. We also had a fourth engineer that knew the application.

We have a yearly license, but I'm unsure of the pricing.

We didn't evaluate other options, just Imperva.

I would rate the solution as an 8 out of 10, simply because of the difficulty of operation management. It's a complicated tool to keep.

Imperva Web Application Firewall is used for customers who are looking to secure their multiple applications and want to block the threats, such as DDoS and ransomware attacks. Imperva Web Application Firewall delivers three main things, data security, data availability, and access control. For data security, it prevents malware and malicious threats. For the data availability, by preventing threats, such as malware, data can be available each and every time. You are able to have Access control, you have the ability to control the access.

The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis.

Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis.

I have been using the Imperva Web Application Firewall for approximately 15 years.

Imperva Web Application Firewall is stable, and the performance is good.

The solution is best suited for enterprise-sized businesses. It is a scalable solution.

The Technical support is good from Imperva Web Application Firewall.

I have used another solution previously which was good. However, Imperva Web Application Firewall had more features.

The deployment of the Imperva Web Application Firewall is simple. However, it is not very user-friendly. It would be a benefit because the customers would have a better time with the installation.

I did the implementation Imperva Web Application Firewall myself and it took approximately three days.

Imperva Web Application Firewall price is higher compared to other solutions. However, everything is included in the price.

I do the maintenance and upgrades of the solution if it requires it. I would recommend this solution to everyone. 

I rate Imperva Web Application Firewall a nine out of ten.

We are a reseller and integration partner, and we have customers who are using this solution in on-premises deployments.

This solution has helped in securing our clients' assets, which is key. It mitigates all of the availabilities of risks around web applications.

The most valuable feature of this solution is web application security.

This is a user-friendly solution.

This solution has good performance ratings.

I would like to see more support available for this product online. Some customers find this to be a real limitation.

The virtual processing could be improved.

Their portal is very limited and needs improvement.

This is a very stable solution.

The solution is very scalable, but of course, the scalability comes with a cost.

I think that technical support needs to be improved by making it more localized, or regionalized. Our support is currently coming from the US, and it is not very good. They need to take care of their global customers.

We previously used Fortinet, but this solution has better performance ratings.

I don't want to say that the initial setup is straightforward, but it is manageable. It requires a bit of technical knowledge.

This is a solution that I highly recommend.

The biggest lesson that I have learned from this solution is that Imperva is not a one-house solution. They create a specialized solution, and that comes with a lot of value.

I would rate this solution a nine out of ten.

We are using Imperva Web Application Firewall to monitor databases.

The most valuable features of Imperva Web Application Firewall are the monitoring of databases and the dashboards are easy to understand.

Imperva Web Application Firewall could improve the API integration. It was complex for us. Additionally, The onboarding could be better.

I have been using Imperva Web Application Firewall for approximately three months.

Imperva Web Application Firewall is stable.

The scalability of the Imperva Web Application Firewall is good.

The initial setup of the Imperva Web Application Firewall is complex.

I rate the initial setup of Imperva Web Application Firewall a four out of five.

I rate Imperva Web Application Firewall a nine out of ten.

The most valuable feature is the grouping of multiple targets via the scan policy. It is valuable because of the large number of targets and governmental requirements to conduct periodic scans.

With acquisition of a license to use the product, we received the ability to standardize database scanning and data protection across the enterprise around one product.

Many features are buried under not-straight-forward options and, at times, hard to find screens. Very few import features have clearly defined format requirements. Agent installation for data usage/blocking activities on target boxes requires the involvement of OS admins and DBA’s, which complicates coordination of installation and delays implementation. The discovery feature does not accurately discover the instances and instead identifies auxiliary end points (SQL – 1434) and TCP listeners (Oracle – 1521).

I’ve used and administered Imperva SecureSphere for 2 years.

Periodically, the site stops functioning and the appliance requires a reboot to restore functionality.

Scalability capabilities are well thought through by product development. Installation of additional MX servers and gateways on remote networks ensures coverage of scanning and data usage monitoring/data protection capabilities.

Technical support is probably the biggest drawback. No contact with technical support ever results in an immediate response and the solution is usually preceded with series of emails, going on for up to a week, before a live person gets on the phone. But, even then, their task is to observe the manifestation of the problem and request a collection of additional information (logs, traces, etc.) without any attempt to solve the problem during the call/WebEx session. Their technical support staff has at most two or three engineers that have a good working knowledge of the product, but most of the time, a level one technician is running the case. When support staff finally gets on the phone, their first statement is a disclaimer that they are on the call ONLY to collect information and that the customer should not expect any resolution.

This pattern of providing technical support greatly differs from what IBM offers for their Guardium product (competitor solution).

We attempted to use several previous solutions. One was Tenable SecurityCenter with its custom, XML-like scripting where each check had to be written by the Database Security Specialist (myself). We also attempted to use AppDetectivePRO, though its performance, lack of customization, scalability, and licensing costs prevented us from continuing with it.

The setup is very straightforward considering that it’s either a physical or virtual (OVF template) appliance. The wizard-like initial setup and configuration are somewhat awkward, but can be completed after reviewing the instructional videos available to the customers.

Licensing should be chosen based on the current infrastructure setup and growth plans. Purchasing appliances of different types may lead to unnecessary/unjustified expenditures and ultimately lead to complications in administration.

The product that was evaluated and was chosen as the recommendation was IBM Guardium. Unfortunately, its licensing cost was a lot higher. Therefore, the management decided not to proceed with the purchase.

Be prepared to obtain every piece of documentation that comes with the product. Thoroughly research it to obtain a clear understanding of how to implement the product and ensure you have a dedicated Imperva first-response engineer that can answer your questions without going through a normal support channel. Be patient when encountering a bug or a feature failure, as well as discrepancies between the product interface and/or behavior with the accompanied documentation. Their support is not prepared to jump in and start working on a fix or update the documentation.

In many cases, the documentation remains outdated referring to old releases regardless how long you’ve been asking for an update. Their instructional videos are also out of date, but references to them are consistently sent by their support whenever you may have a question. And finally, thoroughly document your deployment and license-related information, because every email to technical support is responded with an automated reply requesting this information. Not replying to this automated email with correct info will lead to further delays.

The tool needs to improve CPU and storage memory. 

I have been using the solution for a year. However, my company has been using it for six years. 

Imperva Web Application Firewall is stable. 

The product is scalable, and my company has 20,000 users. One administrator manages the tool. 

Imperva Web Application Firewall is expensive. 

I rate the solution a nine out of ten.