Imperva Application Security Platform Reviews

We use Incapsula as a firewall on our website which can block any suspicious attempts from the outside of the company. For example, if someone is trying to hack our website or put malware on it, it blocks them.

When I joined the company, one of our websites was hacked by malware (somebody put it on our website). The website went down for a long time. It took two weeks to clear the server and move everything: all the content, clean it, bring it up, and start again. By using this application, the firewall is blocking every suspicious activity and event. Now, we are safe. We have peace of mind that nobody will use malware on us or try to hack our website. With this application, we have some peace of mind that everything is blocked by Incapsula. 

1. I like to see the security. On the site security, I can see which countries have incidents, whether it was a robot attack, a real human user, or non-human user. For this feature, I like it because I can see information quickly without going into long logs and details. It is very comprehensive regarding what is going on behind the scenes on the website traffic.
2. The option saying activity launch. On the activity log, I can see the exact details, the visit, and the threat. If I click on the details, it shows me exactly where it came from, who the user agent is, and what page they tried to enter. Then, it gives me the session. Also, I have the option to put them on the blacklist or the white list. Therefore, I like this option because it is more detailed. If someone causes more than one of the incidents, then they are maybe suspicious, and we want to learn more about it. Here we can get the data, and under the data, we can see the IP addresses, therefore tracking and copying that IP address and putting it under IP lookup.
3. The dashboard is good and user-friendly. You can easily understand it, even if you don't have any prior knowledge. Looking at it, you can easily see what is happening because it is a very user-friendly menu and user interface. I don't come from this exact background, but it seems I am supposed to manage and work with this stuff. Because of the user interface, I can understand even without having prior knowledge or education of it.
4. The real-time option is cool as well. On the real time, you can see live traffic, which is flowing into our website. 

I am not sure if this application has a policy where you can create your custom policy and run it as our firewall. We should have some ability to also create some custom policy, then run it as a firewall. Maybe it is not relevant, but I think this would be a good option.

Some things previously happened where we moved one of our websites to a new host and new server, then we had difficulty putting in our user credentials to Incapsula because we could not find them. My boss was aggravated with the issue. I believe he contacted Incapsula and found out how to use the credentials for the website. They had changed the user interface a couple months ago. It was different than now. We had to put some information from the website domain to Incapsula login order to activate it, because they had changed the user interface.

It is a stable product.

It is not used at a high level, but we just put it in and configured it with our website. So, for the things that we have to run, it works just fine. I have no idea about any other scalability. However, it is just fine for the reason that we are using it.

I have never had a ticket with technical support, but I believe that they are supportive.

I was not involved with any solution in the company prior to Incapsula. When I came to this company, we were using this solution.

Someone else set it up.

An improvement has been to our website: It increases the speed of our response, the capacity of the site, and optimizes the bandwidth.

More than features, the complete solution is valuable for everything it delivers and the protection it offers.

Acquire it for all the benefits that this solution brings to organizations, especially nowadays, when we live in a technological era where the speed and response times of the different websites are valued so much.

Never.

None.

Technical support provides good, quick responses.

No.

Initial setup is very simple, since it is enough to change the servers in and out of the site to make it work.

Although the pricing can be a little high, it is worth the protection and security that it offers.

I only saw Cloudflare and Akamai, but the latter is very expensive.

It is an excellent product.

Protects and secures all our web sites.

• Learning mode.
• Custom policies.
• Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance.

The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year.

No issues with stability.

No issues with scalability.

10 out of 10 for local support, seven out of 10 for Imperva Professional Services.

Straightforward. Easy to install and config.

F5.

I rate it a 10 out of 10 because of the ability to apply real-time changes or creations, export and import applications learned, and it's very easy to use. It also features system logs or incidents, granular configuration in relation to a SIEM. It is the best product on the market, in my opinion. Cyber security leader.

It helped us to define wherever there was illicit traffic between our webs, and improved the control we achieved.

The ability to trace each connection, and to have logs to be able to differentiate between a positive and a false-positive intruder action.

It is handy to retrieve and download the logs to line up separate actions to identify possible intruder behaviour.

At that moment, I miss being able to integrate the dashboard with other BI tools we are using. We have to export and import data to be able to present it, and doing so is a lot of work.

Not at all. 

It was a bit pointless to know how many sites were offline every time a spot in the world decided to do maintenance, but we like it as we can handle worldwide issues, knowing what is going on there.

No issues at all, it fulfills our expectations in terms of scalability.

Great.

We had used many local, and some cloud-based solutions (like Azure, Advanced Nagios, Centreon). We switched for the scalability of the solution, the reporting features it has, as well as the availability to fine tune the solution. 

It was straightforward, but we had to fine tune it.

The initial setup blocked some cookies and data from our scrapers which, they said, they never received from us. We investigated and found the WAF was blocking them. It was a lot of work.

It's worth it. It's a fine solution for medium/big companies worried about attacks that happen in the wild.

Centreon and Azure.

My best advice could be, if you don't have the staff to carry out security in a proper way, have a tool do it, but use a specialized tool like this one, and don't re-invent the wheel.

Also, in our case, we soon realized that we needed an expert to fine tune it and to obtain all the features we wanted.

There is no need to have an in-house WAF to manage and maintain. We are now able to bring a new website live within minutes, without false positive alerts. It has Improved user/customer experience and website performance.

IncapRules is one of the most valuable features, as you can create your own security and access control rules on top of your security policy. Using IncapRules we were able to easily block Layer 7 DDoS attacks several times.

Real-time monitoring is also a great tool, as you may watch several parameters in real time.

It would be better if we were able to manage and apply changes to multiple websites/web applications, and search WAF logs for multiple websites, via the Incapsula dashboard.

The first year we faced one or two incidents, but since then we not had any stability issues.

No issues with scalability. You need not worry about scalability. Incapsula takes care of the CDN infrastructure and bandwidth volume, providing several enterprise "load balancing" features.

Incapsula’s support personnel is very good, positive, and most of them passionate. Sometimes a second-level support might be required for more complex requests. Additionally, you may see a slight delay in replying to support tickets, but you are able to contact them via phone for critical cases and prompt response.

We were using Akamai and we switched to Incapsula mainly due to the WAF effectiveness and total cost.

Not only the initial, but also the final setup, is straightforward.

For enterprise contracts you will be in touch with a dedicated account manager who will guide you regarding licensing.

We evaluated Akamai. Akamai had a bigger CDN network and probably better performance worldwide (especially on the Chinese mainland) but their WAF is very pure and not effective at all.

Go for it and request a free trial.

• DDoS protection
• CDN
• WAF
• Good API for managing services

Thanks to Incapsula, we got easily manageable DDoS protection; HTTP2 and SSL certificates for all the services; CDN in good locations; and we're now sure that our web services can't be exploited remotely because of the WAF feature. Also, we can chose to whitelist/blacklist network(s) access to specific services/resources.

I have used it for a few years.

We have not encountered any deployment issues.

We had a few hiccups in the past, but they were small with no impact to important services.

We have not encountered any scalability issues.

They need to work on the customer support; in my opinion, this is their weakest point. Some of their support representatives really have no idea how their service works.

We did not previously use a different solution.

An in-house team implemented it.

Before choosing this product, we did not evaluate other options.

Try it.

Hands down, the WAF is the most valuable feature; being able to identify, block, whitelist or blacklist as needed, are all valuable.

We now have visibility into our traffic in a scope that we never had before, especially being able to review bot vs human traffic and country of origin.

Reporting and the main Sites dashboard could use refinement. We have a lot of sites, and scrolling through the dashboard becomes cumbersome.

I have used it for six months.

The only deployment issue we encountered was getting Incapsula and Akamai to play nice. However, the Incapsula engineers were very helpful in helping us configure our sites in the WAF correctly.

We have not encountered any stability issues.

We have not encountered any scalability issues.

I have yet to need customer service.

I rate the level of technical support as very high.

We had not used a WAF before deploying Incapsula.

The setup was straightforward and simple.

We implemented it ourselves with the guidance of the Incapsula team.

It is too soon to tell regarding ROI.

Know your bandwidth requirements.

Before choosing this product, we evaluated so, so, so many other options.

Content monitoring is a marvelous feature that I haven't seen in other Web Application Firewalls. It also has a good content filter. We do a lot of penetration testing on our servers, and the Imperva standalone solution for identifying a payload and its signature by deep analysis was very good.

We never used to know about threat and attack signatures. By using Imperva WAF, we could identify our weak points where an attacker was trying to gain access.

They could improve by minimizing false positive results. Although this occurs less with Imperva, we would like to see some further improvements.

We have been using this product for last 1 years, it's result is very impressive. But due to the excessive load on the Web site where thousands of requests‎ are generated from legitimate users, however the request in which any sequential or specialised characters are requested would be directly blocked by impreva . Currently imperva blocks the special character request generated from the user, as I conduct a test where I am parsing the encoded html values of the same special characters to the input field, imperva bypasses these encoded values for example : ' i.e. %27 or / i.e %2F, the WAF bypasses these encoded characters. I hope that this device should have a capability to detect the pattern which is associated with Xss or Xsrf, rather then by not blocking the request which contains any special characters.

I have used it for one year.

‎We did not encounter any stability issues.

We never encountered any scalability issues.

We were impressed with the technical support.

We have examined different vendor WAF solutions but this solution was unique.

Initial setup was straightforward.

Pricing was a little higher but when compared to performance; it's very cheap.

‎We evaluated Akamai and F5.

Imperva Incapsula WAF is an awesome solution for implementing a WAF with good support and reliable hardware performance.