What advice do you have for others considering Imperva SecureSphere Web Application Firewall?

My advice to anybody who is considering this solution is that if they want a stable product with good scalability then they can choose Imperva. The price is a little bit higher than that of the competitors, which largely impacts whether customers choose Imperva. In fact, if you don't care about budget then Imperva is the only solution for an application firewall. My only complaint is that the user interface could be better. I would rate this solution a nine out of ten.

We are an integration company, so we are providing this as a solution to other customers. They're mostly enterprise-level clients. I would recommend the solution. I'd rate it eight out of ten.

Overall, Imperva is a pretty good product. I am working with the development team for Imperva in Israel, and I have submitted some feature requests for things that I think should be changed. Everything that should be fixed, we have a discussion on it and it is probable that these things will be fixed. My advice to anybody who is implementing this solution is to first go and learn the attack surfaces because you need to protect the assets from attack. In order to do this, you need to understand the attacks. Let's say that a good defense is a good offense. The biggest lesson that I have learned from working with this solution is to back up the system all of the time. Do it step by step, and be very precise. Have plans for each and every move, all of the time. I would rate this solution a nine out of ten.

The company has to deeply work on it. Also, with regard to support for the distributor, distributors have a big problem. We got the wrong consigning. It was kept for more than three months in a customs warehouse because of the issue of the problems on the distributor side. That is a big problem. I would rate it an eight out of ten. Imperva is good because it doesn't also only monitor but it also does acquisition.

I handle the on-premises deployment model. We have the latest version of the solution. We also sell the product. I would rate the solution nine out of ten.

This is a security device, and it is used almost every day. It is not just used when there is an issue. Based on what the dashboard or the reports say, you can change policies to meet your security requirements or business needs. Based on my experience, and what I know this product can do, I would never recommend another solution. I advise most of my customers to go for this. I would rate this solution a nine out of ten.

This is a solution that I highly recommend. The biggest lesson that I have learned from this solution is that Imperva is not a one-house solution. They create a specialized solution, and that comes with a lot of value. I would rate this solution a nine out of ten.

I would rate the solution as an 8 out of 10, simply because of the difficulty of operation management. It's a complicated tool to keep.

I think it's perfect. It's a very good application. When you do large-scale deployment you want to protect your physical web application with Imperva, trust me. It gives me peace of mind. These are guys are from Israel and you should see that place. These guys are the best I have ever seen. They do all kinds of stuff and there is nothing that they cannot do. These people are incredible. They can configure and develop anything, customized, if you want it. Everything has a price, but they can do it right now. They don't have a "no." We use Imperva with Incapsula so we have web security, we have DDoS protection, we have content delivery networking, we have load-balancing. We do everything with Incapsula cloud. For example, if you have an internet threat, that threat is trying to access your web application. Depending on the threat that you are receiving, the activity monitor is going to be triggered. Once that activity monitor gets triggered, the vulnerability management is going to defend you. It doesn't work for everything the same way. It's very intelligent. Without tuning, it blocked 88 percent of the vulnerabilities, and when we tuned it, it blocked 98 percent. Whatever was not blocked didn't harm us. We use a third-party for tuning. We tell them what to do it and they do it. They get it done fast, sometimes in two to three days. It depends on what you're asking for. If you're asking for more accuracy, they go the distance to solve your problem. For example, the other day I had some keywords, some attack signatures that they were looking at for false-positives and false negatives, which are two different things. One of the main reasons we got Imperva is that we wanted to block attacks while limiting the number of false positives. I wanted the application scanner not to generate false positives by creating violations. I gave them the information, and the next day it was solved. To put it in a high-level perspective, you are paying to see the things that are important, but you get a lot of noise. I wanted to reduce that noise. They allowed me to do that. Make sure you have the right testing methodology for Virtual Patching. If you want to take your patching to under 30 days, this is the product for you. We reduced it to five days. I think we are the only company where the patching is under five days. We are only doing it at the database-level right now. But we took it down to five days. There are proper ways to test a WAF, but the main advice I can give you is that you should not just generate attack traffic. The most effective method, for me, would be to generate both attack and legitimate traffic. That kind of approach will give you a way to rate the ability of the WAF to detect malicious traffic and to distinguish malicious traffic from good traffic. Provide real-world testing scenarios, in which the WAF must block attacks and avoid blocking good traffic at the same time. You will be able to measure how many false positives you're getting. That is the best way to test a WAF: Don't only to generate attack traffic. Another piece of advice, and here I will jump to the main fears of this environment - SQL injections, cross-site scripting, which I hate, DT's (Directory Traversals) - is that you need to provide another layer here which is IPS. IPS products will all rely on signatures. They are going to be created by the scanner to stop anything, that's just the basics of threat prevention. If these signatures are easy to circumvent, by using comments and encoding at the same time, they will be available for the WAF to stop any kind of session or cookie tampering. What I'm saying is that there should be technical attack protection. You should be thinking not only about WAF but combining WAF and IPS. You need to find an IPS that works with it. Imperva has something similar to an IPS, it's not an IPS per se. For example, an IPS cannot detect or stop fraud malware. For that, you need to add certain other levels of security and combine it with employee training. If you get the web application, which is called SecureSphere, the WAF, it will protect you against web page fraud because they go by black IPs. So you can help the IPS on that side and the IPS can help you letting you know what to block from the internal network. You should be considering a combination of WAF and IPS. Another thing to take into consideration for people who are starting, with respect to deploying a WAF, is that they should validate the accuracy of the solution and the ability it has to protect any application and help you with monitoring and management. It's not just technical stuff.