Imperva Web Application Firewall Reviews

The solution is used by SMBs and enterprises that have a lot of websites that they need to protect.

Since the product is categorized in Gartner as a Web Application and API Protection tool, it protects APIs and web applications. It provides bot and client-side protection. I have done POCs. Once the platform is configured to block DDoS attacks, no traffic regarding DDoS or bots gets into the application.

If the clients have requirements for APIs and microservices, we can offer such services with the help of the solution. We can offer it as a security solution that protects APIs and microservices. Imperva’s real-time monitoring makes it very easy for administrators to monitor their existing web applications.

My clients raised a concern that even if they need the tool only for DDoS protection, they still have to buy the WAF license. It’s difficult to position the tool if the client already has a WAF solution and needs Imperva only for DDoS protection.

I have been using the solution since June last year.

I rate the tool’s stability a ten out of ten. Since I've been onboarded, I haven't had any issues.

I rate the tool’s scalability a ten out of ten. Imperva allows only clean traffic. The scalability is based on the clean traffic and not the overall bandwidth of the client. Our clients are mostly enterprise businesses. I have some SMB customers.

Sometimes, support tickets don't get addressed quickly. However, the support team gets to it eventually.

Positive

The initial setup is very easy. I rate the ease of setup a ten out of ten. The time taken for deployment depends on the number of applications we want to onboard. Usually, we can do it in a day.

Imperva is a very proactive solution. It is not reactive. We can prevent attacks or issues even before they happen. It is something people must consider since many enterprises are facing DDoS attacks, and their data is getting compromised.

I rate the solution’s pricing a seven out of ten. Some solutions are cheaper than Imperva. Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF.

We are partners. I rate the product's integration with our client's IT infrastructure a nine out of ten. It is easily integrated since many configurations are needed to onboard Imperva into a client’s infrastructure fully. Overall, I rate the product a nine out of ten.

Our primary use case for the solution is securing our applications and customer-facing website.

The Imperva Web Application Firewall feature I have found the most valuable is the ease of deployment. The solution's customer service is good as well. 

The Imperva Web Application Firewall automations are good, but there is still room for improvement with them. Fast rule propagation could also be improved.

My company has been using Imperva Web Application Firewall for four years. But, personally, I have been using it for three years. It was already operational in the organization when I joined. 

We have not had any issues with stability. 

I think Imperva Web Application Firewall is scalable. 

I have had a positive experience with Imperva Web Application Firewall's tech support so far. They are knowledgeable and respond on time. 

Positive

I was not with the company when Imperva Web Application Firewall was initially deployed but I believe the process was straightforward. 

F5 firewalls are clunky and that is why we do not use them. They are good and powerful, but it takes quite a bit to set them up. They are not as easy to set up as Imperva Web Application Firewall.

I would say: take Imperva Web Application Firewall into consideration because of its simplicity. 

The solution is used to detect and block application attacks on the internet perimeter. We integrate the solution with SOAR and Phantom to automate our playbook and block URLs.

The solution reduces the risk of attacks and that benefits our clients. 

The solution integrates seamlessly with other tools and has a good alert mechanism. 

The solution provides good protection against OWASP top-ten attacks.

The solution works for particular zones but isn't always the best solution for all zones. 

The solution's pricing could be improved. 

I have been using the solution for five years. 

The solution is stable. 

We implemented the SA solution and have not tried to scale it beyond our client's 10,000 users. 

I do not have experience with escalating issues because our internal support team handles vendor support. 

We have not switched solutions but prefer this solution for on-premises. When we need a tool that is cloud-based, we prefer other solutions. 

The initial setup was not complex and integration was easy. 

The solution was implemented by the supplier. 

The solution's pricing is an issue. 

We use many tools for the application layer including Imperva, Infoblox Secure DNS, and Palo Alto. 

The solution is a leader in the market and is easy to use.

I rate the solution a nine out of ten. 

The mitigation feature is what I find most valuable in Imperva Web Application Firewall. The interface of the cloud version of this solution is also good.

Every product has a room for improvement, and in Imperva Web Application Firewall, we found a limitation when we need to check which email IP traffic is coming from, e.g. we cannot find it.

Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement. If we can populate those information, we can block them in our firewalls, and that would make this solution better.

Though the cloud interface of Imperva Web Application Firewall is good, the interface of the on-premises version is not as appealing, and it's what I'd like to see improved in the next release of this solution.

Imperva Web Application Firewall is a very stable solution.

The cloud version of Imperva Web Application Firewall is very scalable.

Technical support for this solution is good.

It's very easy to set up the cloud version of Imperva Web Application Firewall. It's not difficult, because you just need to map your DNS, and that's it. Setting up this solution is not a problem.

I'm working as a cyber security consultant and I provide Imperva Web Application Firewall and other similar solutions to customers.

We are working in the Middle East, e.g. we are deploying solutions to different organizations.

I don't have any input on the pricing for Imperva Web Application Firewall, as that part is covered by the research team.

I don't have advice for people looking into implementing this solution, except that everyone has different opinions and different requirements. Every organization has different requirements, and their choices will be based on their requirements. If all their requirements are fulfilled by Imperva Web Application Firewall, then they'll want to implement or use it.

I've giving Imperva Web Application Firewall a score of seven out of ten.

We have an Akamai cloud-based solution for it. We have an in-house customer, and they have their own Akamai cloud for WAF. As a solution provider, we are working with their private Akamai WAF. 

Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva.

It is quite proficient in terms of logs reports, and it provides tight control for policy configuration. So, there can't be any unwanted applications on the internal LAN site. It is quite restrictive, which is a plus point. The sizing of an application is quite easy to understand while we are configuring and deploying Imperva.

It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that. 

I have about two to three years of experience with Imperva. I'm working as a GA consultant for cybersecurity and information security. I'm working on different security solutions such as WAF, IAM, DDoS, Azure firewall proxy, and antivirus. I work with different customers, and I also do the architecture review or assessment.

Its stability is quite good. It is not at all an issue. 

It is also quite good performance-wise. We are confident about its performance.

It is for large-scale enterprises where the traffic is huge, and there are many internet-facing applications, which is a plus point of Imperva.

We don't have the HA mode for the respective solution in Imperva, which has to be there when we have the DC and DR locations. We can activate only one solution at DC, but while we are conducting the drills between DC and DR, it is quite difficult to import all the configurations at the DR location in Imperva. It takes time.

Their support is good. It is not an issue. Whenever we have any questions or concerns, we're getting an appropriate solution for our queries. 

Some of the clients have had direct support from Imperva, and some of the clients had a third-party vendor. We also get support from a local Imperva employee. When I was working for a bank, there was good support from this person who was working with Imperva. 

The support for the setup is very good from the provider, but it can be difficult for an engineer to have an in-depth understanding of the configuration of a policy for an application.

I would rate it an eight out of 10.

The product is very good. 

It's so easy to do the deployment. The installation is very straightforward. You can't even compare it to others on the market. It's that easy.

The features on offer are very nice.

The solution is stable.

The licensing setup makes the product easy to scale. 

The pricing is very good. 

I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one. 

I've been using the solution for the last five years. I've used it for quite a while now. 

The stability of the product is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

We typically deal with medium-sized organizations.

The licensing model makes the solution very simple to scale. If a company wants to expand, it's not a problem.

We need an improvement in the support. We need a lot of turnarounds. Whenever is a ticket open, it's something that has become a concern. 

I'm not currently working with any other solution. I just use this product. 

Previously, I did work with F5 and Fortinet. However, Imperva is superior to both of these products.

The initial setup is easy and the solution is very simple to deploy.

The solution is very affordable and the cloud is making it even easier in terms of cost savings. 

We are resellers and we are based in Kenya. We're actually doing the whole suite. I'm working with Database Security and I'm also doing the Web Application Firewall, both of which are on-prem and on the cloud. I'm also doing the DRA.

It's the best in breed in terms of a solution you can put in place.

I'd rate the solution at an nine out of ten. We're quite happy with its overall capabilities. 

I was involved in the deployment and found that all the features in this product are fantastic, especially the correlated attack validation, threat radar (reputation, fraud), and virtual patching. Those are features that are very useful in day to day operations.

Using WAF in an organization means we can quickly see the attacks that the environment is suffering and take action to mitigate the threat(s). It is possible to view traffic and analyze it to determine if it is legitimate traffic or not, using features such as threat radar and geolocation, helping the security team in the company.

I've been using the WAF component for over a year.

I had no issues with deployment.

I had no issues with stability.

I had no issues with scalability.

I didn't use the customer service, but all the teams in Imperva have a deep knowledge about the product to support customers for any issues they have.

The technical support team at Imperva have a deep knowledge of all their solutions, and they are ready to support any customer with any problem.

The initial setup is different for each environment. You need knowledge of the environment and application, to make a good schedule of activities. Make sure you validate the requirements, and the setup will be simpler to do

I work as a System Engineer and part of my role is to help the partners do deployments for our customers. I participated in some deployments, and I can say the partners I have worked with have good knowledge about deployment and support for all solutions.

All products are good, and I believe narrowing the choice of manufacturer is best done when you do proof of concepts in-house and you can see which of your choices is best matched to your needs.

We use the solution for traffic inspection. 

The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security.

I would like to improve the tool's turnaround time in terms of support. 

I have been working with the solution for three years. 

I have never had any issues on stability. 

The tool is scalable. 

The solution's setup is straightforward. 

The tool is expensive. 

I would rate the solution a nine out of ten. The solution is very mature and covers everything for its use cases.