Security Consultant at a university with 1,001-5,000 employees
Real User
Top 5
2024-11-11T16:30:01Z
Nov 11, 2024
The product's customization capabilities are a bit problematic, requiring support cases for backend modifications. Additionally, the handling of high-traffic volumes could be better, as it doesn't cut you off if you exceed your purchased traffic. Our clients like the guarantee that they won't be charged for exceeding traffic during peak periods. Users also need to be more attentive to false alerts, as the marketing might give a false sense of trust.
Manager, Information Technology Network Security at a financial services firm with 201-500 employees
Real User
Top 20
2024-10-15T06:38:00Z
Oct 15, 2024
I would prefer AI integrations for user administration, visualization, log analytics, and risk analysis. If they can bring in generative AI features, that would be useful.
Principal Cyber Prevent and Defense Engineer at a comms service provider with 1,001-5,000 employees
Real User
Top 5
2024-09-09T08:48:00Z
Sep 9, 2024
Support is one thing I wish Imperva could improve. They follow the phone model and keep rotating you from one customer service person to another. The layer one support isn't very clear about the workings of the product. My feedback is primarily about Imperva Cloud, not on-premise. On-premise is a whole new story. Support is the issue for Imperva Cloud. It's also a bit pricey. It's a premium service and very expensive. The licensing model is not very straightforward. Every feature is priced separately, and to enjoy maximum protection, you'll have to spend a lot of money. The licensing model is a bit complex, and each feature is very pricey. For example, API security and web application protection are two separate license packages.
Principal Cloud Architect at a computer software company with 5,001-10,000 employees
Real User
Top 10
2024-05-09T14:45:00Z
May 9, 2024
Apart from predefined templates, it would be helpful if the solution provided an option to customize any new rules or additions based on the requirement.
Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
Solutions Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 20
2024-02-05T09:49:20Z
Feb 5, 2024
My clients raised a concern that even if they need the tool only for DDoS protection, they still have to buy the WAF license. It’s difficult to position the tool if the client already has a WAF solution and needs Imperva only for DDoS protection.
Technology Operations Manager, Global IT at a tech services company with 11-50 employees
Real User
2022-11-14T16:15:14Z
Nov 14, 2022
The Imperva Web Application Firewall automations are good, but there is still room for improvement with them. Fast rule propagation could also be improved.
Director, Information System Security at a financial services firm with 201-500 employees
Real User
2022-09-30T13:24:00Z
Sep 30, 2022
Imperva's product is very good, but when it comes to procuring the software in my country it can be somewhat expensive. I don't recall the exact amount, but in comparison with other countries it is a huge investment. They recently separated the WAF and the DAM management gateways in order for each of these to be managed from different areas, so I believe it now requires additional investments for what was previously a single complete solution. Although the vendor support from Imperva is not bad, getting a response from them can be a lengthy process at times.
Information Security Architect at a tech services company with 1,001-5,000 employees
Real User
2022-07-18T07:45:09Z
Jul 18, 2022
An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics. In the next release, Imperva WAF should include more use cases for Advanced Persistent Threats and next emission sophisticated attacks.
Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis.
SOAR Consultant at a tech services company with 1,001-5,000 employees
Consultant
2022-03-14T09:51:50Z
Mar 14, 2022
Every product has a room for improvement, and in Imperva Web Application Firewall, we found a limitation when we need to check which email IP traffic is coming from, e.g. we cannot find it. Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement. If we can populate those information, we can block them in our firewalls, and that would make this solution better. Though the cloud interface of Imperva Web Application Firewall is good, the interface of the on-premises version is not as appealing, and it's what I'd like to see improved in the next release of this solution.
Application Security Engineer at a insurance company with 10,001+ employees
Real User
2022-01-14T22:10:00Z
Jan 14, 2022
In terms of what could be improved, I would say reporting on the cloud side. Additionally, I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic. In the next release I would like to see more API security.
GA Consultant Cyber Security at Wipro Technologies
Real User
2022-01-05T08:18:02Z
Jan 5, 2022
It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that.
Manager for Implementation and Administration at Commercial Bank of Ethiopia
Real User
2021-12-07T16:48:22Z
Dec 7, 2021
Imperva Web Application Firewall can improve by adding more features to the dashboard. increasing the visibility of the real-time events, besides configuring the administration itself. The automatic reporting system is good, but it needs more templates. For example, better made for the management and for system admins, and monitoring teams. This would be great. We want to send any configuration change automatically to the management. However, I think the automatic reporting feature is not enabled on Imperva. We had to instead look at the audit log for the last 24 hours, check and generate the report to send to the management.
Technical Account Manager at a tech services company with 201-500 employees
Reseller
2021-09-07T19:25:22Z
Sep 7, 2021
I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one.
Senior Software Developer at a computer software company with 1,001-5,000 employees
Real User
2021-05-06T17:36:49Z
May 6, 2021
Until now, it is good. There are no issues. As an analyst, I simply monitor. I don't really get too far into the technical aspects of the solution. Occasionally, I've noticed that the web application firewall was down. If we are not using proper storage, proper memory, proper CPU, and if multiple attacks happen at one time, they will be detected by our web application firewall. Sometimes our web application firewall will slow down. In that sense, it needs some improvement. We do have a precaution for if the solution goes down. We basically, need to increase the memory and the storage and the CPU utilization, so that we can prevent our company from malicious activity. I cannot say which type of memory or storage should be improved. The requirements depend on the organization. What organizations need and which type of configurations would work best as per their requirements depend completely on that.
CTO at a tech services company with 11-50 employees
Real User
2020-09-27T04:09:59Z
Sep 27, 2020
They can provide an option to create a report, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report.
When you want to move to a higher version of the platform, it is not in the GUI and not very easy to do. I expect that this will be available in the next version. I think that better bot protection is needed in this solution. Bot protection is one of the features in Imperva that lets you recognize if their request is coming from a human or coming from a bot. In this context, a bot is a mechanism being used by the attacker. Good bot protection will reduce a lot of the attacks coming into the applications.
Head of IT at a computer software company with 11-50 employees
Real User
2019-09-27T04:38:00Z
Sep 27, 2019
It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself.
Most of the clients are new to this solution and don't have an in-depth knowledge of the solution. It's not so well-known in Ethiopia. Imperva has only been around for a year. Licensing should be improved. Most of the clients aren't happy. It's expensive. Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved. Also, it should have a privileged account option. In the solution, if you put it there, that would be a very nice feature so that the clients could get all those solutions in one box. It will be easier for support and for clients.
The firewall aspect of the solution needs improvement. The GUI is not as intuitive enough. It should be more user-friendly, especially for end-users. The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you.
Solutions Architect at a tech services company with 51-200 employees
Real User
Top 5
2019-08-13T10:41:00Z
Aug 13, 2019
The visibility provided by this solution can be improved. I often tell my customers that "You can't fight what you can't see". I can recall a time when I did a presentation after a deployment, and it prompted them to put the solution into enforcement mode immediately. Normally, we wait one week with the solution in monitoring mode. However, once they saw the types of vulnerabilities they had, they wanted to take action right away. It gave them a great deal of knowledge, and knowing that they are protected from these types of attacks has boosted their confidence. This solution has a lot of features, and some of the students were confused when I was discussing them. It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default. If somebody has installed the product several times but is doing the same thing incorrectly, then they get experienced in doing the wrong thing. You should be able to specify which assets you need to be protected, and the solution will tell you the minimum in terms of features that need to be turned on. If you need more advanced protection then the others will become relevant. Imperva partner training is something that I would be interested in if it ever came my way. There should be partner-specific webinars, meetings, and other training provided to us,
Manager, IS Security & Infrastructure at Fintech Kenya Limited
Real User
2019-08-06T07:17:00Z
Aug 6, 2019
I would like to see more support available for this product online. Some customers find this to be a real limitation. The virtual processing could be improved. Their portal is very limited and needs improvement.
Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud.
The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer...
The product's customization capabilities are a bit problematic, requiring support cases for backend modifications. Additionally, the handling of high-traffic volumes could be better, as it doesn't cut you off if you exceed your purchased traffic. Our clients like the guarantee that they won't be charged for exceeding traffic during peak periods. Users also need to be more attentive to false alerts, as the marketing might give a false sense of trust.
I would prefer AI integrations for user administration, visualization, log analytics, and risk analysis. If they can bring in generative AI features, that would be useful.
Support is one thing I wish Imperva could improve. They follow the phone model and keep rotating you from one customer service person to another. The layer one support isn't very clear about the workings of the product. My feedback is primarily about Imperva Cloud, not on-premise. On-premise is a whole new story. Support is the issue for Imperva Cloud. It's also a bit pricey. It's a premium service and very expensive. The licensing model is not very straightforward. Every feature is priced separately, and to enjoy maximum protection, you'll have to spend a lot of money. The licensing model is a bit complex, and each feature is very pricey. For example, API security and web application protection are two separate license packages.
Apart from predefined templates, it would be helpful if the solution provided an option to customize any new rules or additions based on the requirement.
The signature updates could be faster. Sometimes we have to upload signatures to the Imperva portal for checking and analysis before we can use them.
The only disadvantage of Imperva is that it is a pretty costly solution.
My clients raised a concern that even if they need the tool only for DDoS protection, they still have to buy the WAF license. It’s difficult to position the tool if the client already has a WAF solution and needs Imperva only for DDoS protection.
The UI interface needs improvement.
The tool needs to improve CPU and storage memory.
It is complicated to integrate the solution's on-cloud version with other platforms.
I would like to improve the tool's turnaround time in terms of support.
The Imperva Web Application Firewall automations are good, but there is still room for improvement with them. Fast rule propagation could also be improved.
Imperva's product is very good, but when it comes to procuring the software in my country it can be somewhat expensive. I don't recall the exact amount, but in comparison with other countries it is a huge investment. They recently separated the WAF and the DAM management gateways in order for each of these to be managed from different areas, so I believe it now requires additional investments for what was previously a single complete solution. Although the vendor support from Imperva is not bad, getting a response from them can be a lengthy process at times.
The solution works for particular zones but isn't always the best solution for all zones. The solution's pricing could be improved.
An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics. In the next release, Imperva WAF should include more use cases for Advanced Persistent Threats and next emission sophisticated attacks.
Imperva Web Application Firewall could improve the console by making it easier to use.
Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis.
I don't really use it and therefore can't speak to areas of improvement.
Every product has a room for improvement, and in Imperva Web Application Firewall, we found a limitation when we need to check which email IP traffic is coming from, e.g. we cannot find it. Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement. If we can populate those information, we can block them in our firewalls, and that would make this solution better. Though the cloud interface of Imperva Web Application Firewall is good, the interface of the on-premises version is not as appealing, and it's what I'd like to see improved in the next release of this solution.
In terms of what could be improved, I would say reporting on the cloud side. Additionally, I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic. In the next release I would like to see more API security.
It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that.
Imperva Web Application Firewall can improve by adding more features to the dashboard. increasing the visibility of the real-time events, besides configuring the administration itself. The automatic reporting system is good, but it needs more templates. For example, better made for the management and for system admins, and monitoring teams. This would be great. We want to send any configuration change automatically to the management. However, I think the automatic reporting feature is not enabled on Imperva. We had to instead look at the audit log for the last 24 hours, check and generate the report to send to the management.
I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one.
In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy.
Until now, it is good. There are no issues. As an analyst, I simply monitor. I don't really get too far into the technical aspects of the solution. Occasionally, I've noticed that the web application firewall was down. If we are not using proper storage, proper memory, proper CPU, and if multiple attacks happen at one time, they will be detected by our web application firewall. Sometimes our web application firewall will slow down. In that sense, it needs some improvement. We do have a precaution for if the solution goes down. We basically, need to increase the memory and the storage and the CPU utilization, so that we can prevent our company from malicious activity. I cannot say which type of memory or storage should be improved. The requirements depend on the organization. What organizations need and which type of configurations would work best as per their requirements depend completely on that.
The process to upgrade from one version to another can be a lot simpler than it is currently.
They can provide an option to create a report, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report.
The user interface could be better.
When you want to move to a higher version of the platform, it is not in the GUI and not very easy to do. I expect that this will be available in the next version. I think that better bot protection is needed in this solution. Bot protection is one of the features in Imperva that lets you recognize if their request is coming from a human or coming from a bot. In this context, a bot is a mechanism being used by the attacker. Good bot protection will reduce a lot of the attacks coming into the applications.
It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself.
Most of the clients are new to this solution and don't have an in-depth knowledge of the solution. It's not so well-known in Ethiopia. Imperva has only been around for a year. Licensing should be improved. Most of the clients aren't happy. It's expensive. Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved. Also, it should have a privileged account option. In the solution, if you put it there, that would be a very nice feature so that the clients could get all those solutions in one box. It will be easier for support and for clients.
The firewall aspect of the solution needs improvement. The GUI is not as intuitive enough. It should be more user-friendly, especially for end-users. The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you.
The visibility provided by this solution can be improved. I often tell my customers that "You can't fight what you can't see". I can recall a time when I did a presentation after a deployment, and it prompted them to put the solution into enforcement mode immediately. Normally, we wait one week with the solution in monitoring mode. However, once they saw the types of vulnerabilities they had, they wanted to take action right away. It gave them a great deal of knowledge, and knowing that they are protected from these types of attacks has boosted their confidence. This solution has a lot of features, and some of the students were confused when I was discussing them. It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default. If somebody has installed the product several times but is doing the same thing incorrectly, then they get experienced in doing the wrong thing. You should be able to specify which assets you need to be protected, and the solution will tell you the minimum in terms of features that need to be turned on. If you need more advanced protection then the others will become relevant. Imperva partner training is something that I would be interested in if it ever came my way. There should be partner-specific webinars, meetings, and other training provided to us,
I would like to see more support available for this product online. Some customers find this to be a real limitation. The virtual processing could be improved. Their portal is very limited and needs improvement.
I just need it to be a stable and normal version. I'd want to hear about the new features to see which I would need.