My experience is to integrate this application. It's a firewall. You must connect it with the traffic the infrastructure must be routed through this firewall in order to block and search for any problems with the applications.
Security Engineering at a computer software company with 5,001-10,000 employees
Straightforward to set up with good technical support and stability
Pros and Cons
- "The solution can scale."
- "In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy."
What is our primary use case?
What is most valuable?
As a system, it's very effective at blocking potentially malicious items. The security is very good.
The solution can scale.
The stability has been pretty good.
Technical support is helpful.
The initial setup is rather straightforward.
What needs improvement?
In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy.
For how long have I used the solution?
I've been working with the solution for about three years or so.
Buyer's Guide
Imperva Web Application Firewall
December 2024
Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
What do I think about the stability of the solution?
I have previously found bugs within the solution and in the past, I have contacted Imperva in order to deal with them to get them resolved.
That said, for the most part, I have found the solution to be quite stable. It doesn't crash or freeze. It works well.
What do I think about the scalability of the solution?
The solution can scale.
We typically deal with medium-sized enterprises as clients. Typically, these companies have around 500,000 or so employees. They aren't massive, however, they are quite sizeable.
How are customer service and support?
I've dealt with technical support on multiple occasions and I find them to be very helpful and responsive. They are knowledgeable. We're very happy with the level of service we get.
How was the initial setup?
The initial setup is straightforward, although it does take time to integrate the solution into your existing infrastructure.
What about the implementation team?
As an integrator, I can help clients set up the solution at their companies.
What's my experience with pricing, setup cost, and licensing?
I'm not sure what the exact licensing costs are for the solution. I can't speak to the pricing. It's not part of my responsibilities to cover sales or billing.
What other advice do I have?
Imperva has different three parts - the Web Application Firewall (WAF), Incapsula for cloud, and DAM for database firewalls. This is in one central monitor.
We aren't using the latest version of the solution.
We use the solution as a customer as well as an integrator.
I'd rate the solution at a ten out of ten. It's very good. We've been quite happy with its overall capabilities.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
CTO at a tech services company with 11-50 employees
It is easy to deploy, manage, and expand
Pros and Cons
- "Its inline transferring mode is the most valuable because it is 100% transparent. When you change the IP, there is no change on the network side. If you can't and want to try to reach an IP, you can reach the server IP. There are many other advanced security features in it. The smallest appliances of Imperva can handle the highest traffic at a customer site. For example, a smaller appliance from Imperva can provide you the same security as an F5 product."
- "They can provide an option to create reports, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report."
What is most valuable?
Its inline transferring mode is the most valuable because it is 100% transparent. When you change the IP, there is no change on the network side. If you can't and want to try to reach an IP, you can reach the server IP. There are many other advanced security features in it.
The smallest appliances of Imperva can handle the highest traffic at a customer site. For example, a smaller appliance from Imperva can provide you the same security as an F5 product.
What needs improvement?
They can provide an option to create a report, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report.
For how long have I used the solution?
I have been using this solution for more than nine years.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
It is easy to scale up.
How are customer service and technical support?
After nine years with Imperva, we know mostly everything about it, and we are using it very deeply. None of the support can handle us when it comes to R&D. They are able to help us with all other categories.
How was the initial setup?
The initial setup is very easy. You can just plug it in, and it asks you some questions about the IP address, DNS, SSL, etc. After that, it asks you for license codes, and everything is online. It is easy to deploy. You don't have to change any network configuration.
What's my experience with pricing, setup cost, and licensing?
There are some licenses that you have to buy to use some features.
Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell.
What other advice do I have?
In Turkey, we mostly have on-premises deployments. There are some Azure Amazon projects, but it is mostly deployed on-premises. It is not so easy to send Incapsula solutions to Turkey.
I would recommend this solution. It is easy to manage and expand. I would rate Imperva SecureSphere Web Application Firewall a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Imperva Web Application Firewall
December 2024
Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
Solutions Architect at a tech services company with 51-200 employees
Useful out-of-the-box threat protection, not too complex, and has good technical support
Pros and Cons
- "There are some features that are configured by default, so even without doing much, it can still provide a level of protection."
- "It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default."
What is our primary use case?
This is one of the solutions that we provide to our customers.
We use this solution for application-level security, above layer four protection where the firewall cannot reach.
I have worked with both on-premises and cloud deployments.
What is most valuable?
The most valuable feature is the out-of-the-box detection engine. It has the ability to detect some of these things without being configured. There are some features that are configured by default, so even without doing much, it can still provide a level of protection.
What needs improvement?
The visibility provided by this solution can be improved. I often tell my customers that "You can't fight what you can't see". I can recall a time when I did a presentation after a deployment, and it prompted them to put the solution into enforcement mode immediately. Normally, we wait one week with the solution in monitoring mode. However, once they saw the types of vulnerabilities they had, they wanted to take action right away. It gave them a great deal of knowledge, and knowing that they are protected from these types of attacks has boosted their confidence.
This solution has a lot of features, and some of the students were confused when I was discussing them. It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default. If somebody has installed the product several times but is doing the same thing incorrectly, then they get experienced in doing the wrong thing. You should be able to specify which assets you need to be protected, and the solution will tell you the minimum in terms of features that need to be turned on. If you need more advanced protection then the others will become relevant.
Imperva partner training is something that I would be interested in if it ever came my way. There should be partner-specific webinars, meetings, and other training provided to us,
For how long have I used the solution?
I have been using this solution for about two years.
What do I think about the stability of the solution?
So far, I don't think that we've had any issues with this solution in terms of stability. People discussing this solution have given the same remark.
This solution is used on almost a daily basis.
What do I think about the scalability of the solution?
Scalability of this solution is based on the design. If you get your design right, then you shouldn't have a problem with the scalability.
How are customer service and technical support?
While we were installing this solution, we had contact with technical support and they were good. I have referenced information that is on their site and it is helpful, as well.
During the initial installation, there was a warning that was not part of the known CVEs. When I checked with support, they told me that this type of problem is blocked out-of-the-box. However, if I wanted to be really sure, they showed me how to create a custom policy, or custom rule, to specifically deal with it.
Which solution did I use previously and why did I switch?
I have used other solutions, but I usually follow the Gartner reports and their suggestions. My previous solution had not been doing too well.
Also, as I became more familiar with this solution, it became easier for me to identify issues. I had also read research on Imperva blocking denial-of-service attacks, and I like practical evidence of issues such as this. By reading these articles, and about other people's experiences, it is like seeing it for myself. With other solutions, you are not privy to such visibility.
Complexity and cost are two important factors when it came to choosing this solution.
Unless the client has as serious issues and does not want Imperva, this is my first choice.
How was the initial setup?
The initial setup of this solution was not too straightforward. We did have to contact Imperva during the deployment. The length of time for deployment depends on the experience of the people performing the installation, as well as the environment.
What about the implementation team?
My team and I performed the implementation of this solution. To make sure that we were on track, we contacted Imperva support for some clarification. Most of the things that we do, we follow best practices.
What's my experience with pricing, setup cost, and licensing?
Everybody complains about the price of this solution.
What other advice do I have?
This is a security device, and it is used almost every day. It is not just used when there is an issue. Based on what the dashboard or the reports say, you can change policies to meet your security requirements or business needs.
Based on my experience, and what I know this product can do, I would never recommend another solution. I advise most of my customers to go for this.
I would rate this solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Information Security Architect at a tech services company with 1,001-5,000 employees
Strong detection of threats and vulnerabilities but tendency for false positives
Pros and Cons
- "Imperva WAF's strongest features are the detection of web application threats and vulnerabilities in the source code."
- "An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics."
What is most valuable?
Imperva WAF's strongest features are the detection of web application threats and vulnerabilities in the source code.
What needs improvement?
An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics. In the next release, Imperva WAF should include more use cases for Advanced Persistent Threats and next emission sophisticated attacks.
For how long have I used the solution?
I've been working with Imperva WAF for six to seven months.
What do I think about the scalability of the solution?
Imperva WAF is scalable.
How are customer service and support?
Imperva's technical support is very good.
What other advice do I have?
I'd recommend Imperva WAF as a good product in terms of occupation perspective and strong WAF. I'd rate it as seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Team Lead Senior Technical Engineer at a tech services company with 51-200 employees
Simple to maintain, easy to configure, and easy to scale
Pros and Cons
- "It has fewer false positives"
- "The support for the on-premises version needs improvement."
What is our primary use case?
I am a distributor for Imperva. We provide solutions for our customers.
This solution is mainly used to protect websites. When it is deployed on the cloud it is used for traffic redirection and URL redirection functionality.
It is also used for dual location blocking and security for the policies that are being applied.
What is most valuable?
Imperva is a good solution.
It has fewer false positives. It is very simple to maintain the device. It is also simple to configure. You don't need to have any HTTP knowledge or understand the HTTP programming languages when it comes to configuring the device.
What needs improvement?
The visibility of the actual traffic needs to be improved.
We are only monitoring the traffic if there are any issues and the alerts are being triggered.
We don't log the real-time traffic. We only log the real-time attacks and not the normal traffic that is passing through the device.
The main concern for our customers is to improve the visibility of the actual traffic. Customers feel that is the one feature that will greatly improve Imperva.
They would like to have the complete network traffic passing through the device. Currently, we are only being alerted for the attack that has passed through the device instead of the genuine traffic.
We would like to see logs of the genuine traffic that passes through the device. It can be optional to enable it for certain customers and certain applications but should be included.
The support for the on-premises version needs improvement.
For how long have I used the solution?
We have been distributing Imperva for the last 10 years.
We are currently dealing with the latest version.
We provide both on-premises and cloud deployment, it depends on the customer's requirement.
What do I think about the stability of the solution?
Once it is configured it is stable. There are no issues with the stability of the Imperva Web Application Firewall.
What do I think about the scalability of the solution?
It is easy to scale. The scalability is fine. You can add gateways and scale, which is a good feature in Imperva.
This device is suitable for everyone.
How are customer service and technical support?
There are two different support teams. The cloud support is very good, but the on-premises support is lacking. The response time could be much better.
How was the initial setup?
The initial setup is easy if you know how to deploy Imperva. Once we do the base installation, the deployment is simple.
Once in six months, there are some patch upgrades required. If there are specific requirements we need to upgrade.
What about the implementation team?
We were able to complete the installation and deployment ourselves.
What's my experience with pricing, setup cost, and licensing?
When it comes to the cost, there are different sets of customers. Some are SMB and veteran customers who go with the cloud version of Imperva, which is a managed service. The next-level customers and enterprise will select the on-premises version along with the cloud. They prefer the hybrid environment.
There are a couple of different licensing models. One is with respect to the Cloud and is based on the number of applications you have to protect. The on-premises model is based on the throughput that is required to be inspected.
Which other solutions did I evaluate?
I know that FortiGate is a niche product and wanted to evaluate Impera and FortiGate for the differences.
What other advice do I have?
You should understand the customer's website, what their website is. They need to configure the ciphers properly. Many engineers are not able to complete the project because they don't understand the customer's environment.
Before doing an implementation, understand the customer's environment. The ciphers need to be configured properly. Some Imperva engineers are not able to complete the projects because they understand the customer's environment.
Know the ciphers being used and match the ciphers. You must ensure the same ciphers are being matched in the backend load balances. If the backend load or cipher is changed the same should be replicated in Imperva as well. Once this is complete it should be good.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Acquisitions Leader at a healthcare company with 10,001+ employees
Reliable, and has easy backup and restore functions
Pros and Cons
- "The most important feature I have found to be the ease in how to do the backup and restores."
- "The process to upgrade from one version to another can be a lot simpler than it is currently."
What is our primary use case?
We are using this solution for backing up all of our day-to-day use data and the ability to restore it when we want. For example, when there is a catastrophe or disaster.
What is most valuable?
The most important feature I have found to be the ease in how to do the backup and restores.
What needs improvement?
The process to upgrade from one version to another can be a lot simpler than it is currently.
For how long have I used the solution?
I have been using this solution for six years.
What do I think about the stability of the solution?
When it comes to stability the solution work well.
What do I think about the scalability of the solution?
The solution in my experience has been scalable. In my organization we have approximately 10,000 users using the solution, the whole company uses it.
How was the initial setup?
The initial setup was straightforward. We have a team that does the maintenance of the solution.
What's my experience with pricing, setup cost, and licensing?
There is a license for this solution and we purchase the license annually with no additional fees.
What other advice do I have?
My advice is to follow the three, two, one backup rule, this solution is very suitable for this. Make sure you are defining your mean time for recovery of the backup, and try to see that it makes the mean time.
I rate Imperva Web Application Firewall a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a agriculture with 11-50 employees
Provides good network transparency and integrates well with other products
Pros and Cons
- "If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency."
- "The user interface could be better."
What is our primary use case?
We are a solution provider and Imperva is one of the products that we implement for our clients. They use it as an application firewall.
What is most valuable?
If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency. This is better than the competitors.
Imperva SecureSphere integrates well with other tools.
What needs improvement?
The user interface could be better.
For how long have I used the solution?
I have been working with Imperva SecureSphere for about four years.
What do I think about the stability of the solution?
Imperva solutions are the best in terms of stability.
What do I think about the scalability of the solution?
I have not faced any trouble with scalability because you can easily upgrade the appliance.
How are customer service and technical support?
I am regularly in contact with Imperva support and I am satisfied with them.
How was the initial setup?
The initial setup is very basic and really easy to do. I wouldn't say that everybody, such as non-technical, people can do the setup and configuration. However, people with a mid-level of experience in application firewalls can do it easily.
What's my experience with pricing, setup cost, and licensing?
The price of this solution is a little bit high compared to competitors.
What other advice do I have?
My advice to anybody who is considering this solution is that if they want a stable product with good scalability then they can choose Imperva. The price is a little bit higher than that of the competitors, which largely impacts whether customers choose Imperva. In fact, if you don't care about budget then Imperva is the only solution for an application firewall.
My only complaint is that the user interface could be better.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Chief Information Security Consultant at V-Tech
Has good monitoring and you get what you expect from this solution
Pros and Cons
- "Data masking is the most valuable feature of this solution."
- "Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved."
What is most valuable?
Data masking is the most valuable feature of this solution.
What needs improvement?
Most of the clients are new to this solution and don't have an in-depth knowledge of the solution. It's not so well-known in Ethiopia. Imperva has only been around for a year.
Licensing should be improved. Most of the clients aren't happy. It's expensive.
Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved. Also, it should have a privileged account option. In the solution, if you put it there, that would be a very nice feature so that the clients could get all those solutions in one box. It will be easier for support and for clients.
For how long have I used the solution?
I have been using Imperva for the last two to three years.
What do I think about the stability of the solution?
It's a relatively new product but from the information I got from the Bank of Ethiopia, the stability is okay. They are getting what they are expecting from the product.
What do I think about the scalability of the solution?
Scalability is good especially compared to IBM. It's not so easy to integrate with another solution from another vendor.
How was the initial setup?
The initial setup was complex.
What other advice do I have?
The company has to deeply work on it. Also, with regard to support for the distributor, distributors have a big problem. We got the wrong consigning. It was kept for more than three months in a customs warehouse because of the issue of the problems on the distributor side. That is a big problem.
I would rate it an eight out of ten. Imperva is good because it doesn't also only monitor but it also does acquisition.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Buyer's Guide
Download our free Imperva Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Azure Application Gateway
Azure Front Door
F5 Advanced WAF
Fortinet FortiWeb
Cloudflare Web Application Firewall
Imperva DDoS
Akamai App and API Protector
Azure Web Application Firewall
Radware Alteon
NGINX App Protect
Barracuda Web Application Firewall
Buyer's Guide
Download our free Imperva Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Imperva WAF vs. Barracuda: Which One is Better?
- Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?