Name: Imperva Application Security Platform
Brand: Imperva
Rating: 4.3 (133 reviews)

CEO with 51-200 employees

Oct 13, 2013

We have gone through paid evaluations of several DDoS mitigation services, but all of them failed to block DDOS attacks

Our company has recently reached 3.5 million registered users and 200,000 hosted websites. Daily DDoS attacks on our platform resulted in unnecessary and prolonged downtime for the thousands of sites on our network. These attacks included network level (layer 3 & 4) attacks ranging from 2Gbps to 10Gbps with various attack vectors such as UDP attacks but most commonly SYN floods which exploit the TCP three-way handshake to consume the server’s connection resources. The more challenging attacks were the diverse application level (Layer 7) attacks. These attacks seem as if they are originating from legitimate sources, try to mimic human behavior and consume the backend computing resources of the website.

We were seeing daily DDOS attacks, sometimes multiple DDOS attacks in parallel on various client websites. Since our company is a global hosted community platform and social network, everyone was affected at the same time. We needed to make sure that no attack on any one website could bring other websites down. We have gone through paid evaluations of several DDoS Mitigation services, but all of them failed to block DDOS attacks automatically without serious side effects, as blocking legitimate visitors

Once we decided to evaluate Incapsula's Cloud-Based DoS protection, Incapsula's team quickly helped us to setup a few of our websites on the service.

Once we joined Incapsula, they immediately identified that our network was under various types of attacks at almost any given time, both network and application level attacks.

While the network based attacks were absorbed by Incapsula’s backbone, the application layer attacks were very diverse. Incapsula relied very heavily on their bot detection and progressive DDoS challenge technology, to block 100% of attackers transparently, without incurring any noticeable effect to almost all of the real users.

Maintaining the best possible customer experience was a key consideration for us. It was very apparent why other DDoS protection services that involve delays, CAPCHAs and other side effect on visitors' would not work for us. Also, a DDoS solution that isn't fully automated, would keep our team constantly busy to enable/disable the protection service.

Incapsula’s ability to allow human and legitimate bot traffic to access the website with no interruption, while filtering network and application level DDoS traffic, allowed us to put our DDoS problems behind and focus on what we do best, which is building a great platform for the online gamers community.

Incapsula is now a critical component of our security infrastructure. All traffic to our network and hosted websites passes through Incapsula for screening. Malicious traffic and DDOS attacks are blocked automatically.

We take advantage of Incapsula's DDoS Protection key benefits, to secure our online properties:

Protection against Network and Application Level Attacks- Through a worldwide network of multi-gigabit scrubbing centers and unique bot (automation) detection technology, Incapsula provides complete protection for both network (Layer 3 & 4) and application level (Layer 7) DDoS attacks.
24x7 Managed Security Service- Incapsula’s DDoS security team monitors attacks and is available on-demand before, during or after attacks to ensure that our sites are up and running and performing.
vZero Business Disruption- Incapsula’s CDN and bot detection technology ensure that even under attack, our website traffic is accelerated and legitimate visitors are not delayed or denied access to our sites.

Our network was finally clear from the endless onslaught of crippling UDP & SYN flood attacks that we had been experiencing. Using Incapsula's dashboard, we were able to see exactly when each attack was happening, and continue delivering service to millions of users during the attack. We also saw a sharp drop in unwanted bot activity, which resulted in a 20% drop in load on our servers. A key feature we were looking for is a very low false positive rate during mitigation. Incapsula proved to have a near zero false positive rate, and legitimate users had no trouble accessing our websites during prolonged DDOS attacks.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user182781Director at a marketing services firm with 51-200 employees

Report as inappropriate

Jan 19, 2015

Incapsula helped us mitigate 80GB/s multilayered ddos attacks and nearly immunized us completely against network layer attacks. They also stopped attacks that didn't have names within hours. I can't say there is never downtime but thats the case with any serious denial of service....but in the hundreds of thousands of dollars my clients spent on live testing ddos firewalls, incapsula's team, system and interface were simply the best.

See all 11 comments

RiaanDu Preez

Senior Cyber Security Specialist Architect at a tech consulting company with 11-50 employees

Dec 27, 2023

Download

Provides out-of-the-box security for web applications

Pros and Cons

"There is a quick switch between any of the the nodes if something goes wrong, where there's a there's an attack against a specific area. The security setup is reasonably easy. It's not a problem to do setups and rules and integrations. And, yeah, just the the back end team is also very willing to insist if there's questions that that we cannot answer or with these questions that we do have"

"The UI interface needs improvement."

What is our primary use case?

The solution is being used for communication.

What is most valuable?

If something goes wrong, there is a quick switch between nodes, wherever there's an attack against a specific area. The security setup is reasonably easy. It's easy to do setups, rules, and integrations. The backend team is also willing to help if there are questions that we cannot answer.

What needs improvement?

The UI interface needs improvement.

For how long have I used the solution?

I have been using Imperva Web Application Firewall for six months.

What do I think about the stability of the solution?

The solution is highly stable. I rate the stability a ten out of ten.

What do I think about the scalability of the solution?

It is a scalable solution. I would rate it a nine out of ten.

How was the initial setup?

The initial setup is easy. The deployment depends on the customer's solution but does not take more than a few hours. I rate the initial setup an eight out of ten.

What's my experience with pricing, setup cost, and licensing?

It is a very affordable solution.

What other advice do I have?

I would definitely recommend the solution. I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner

Buyer's Guide

Imperva Application Security Platform

January 2026

Free Report: Imperva Application Security Platform Reviews and More

Learn what your peers think about Imperva Application Security Platform. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.

DOWNLOAD NOW

881,082 professionals have used our research since 2012.

Shyami Lakshika

Associate Engineer - Network & Security at a tech services company with 51-200 employees

Apr 17, 2022

Download

Secure, reliable, and has helpful technical support

Pros and Cons

"Technical support was very helpful."

"We had an issue when securing the web applications for DDoS protection."

What is our primary use case?

Imperva Incapsula is used for web applications.

Our customers required the security of their web applications. We were asked to install this solution for their web solutions based on their throughputs and requirements.

What needs improvement?

We had an issue when securing the web applications for DDoS protection.

When using protection for some web applications, the customer may encounter a few issues.

For how long have I used the solution?

I have been working with Imperva Incapsula for several months.

We have deployed the cloud version, and we use the on-premise version for testing.

What do I think about the stability of the solution?

Imperva Incapsula is a stable solution.

What do I think about the scalability of the solution?

Imperva Incapsula is scalable.

We have two or three users in our company.

In order to increase our usage, We must publicize the fact that we have such a solution. I believe we had to use LinkedIn or some other solution to publish it. We need to inform our customers that we have a solution like this.

How are customer service and support?

Technical support was very helpful.

How was the initial setup?

The initial setup is not overly complex, but it could be easier.

What's my experience with pricing, setup cost, and licensing?

There is a license or subscription renewal that our customers pay.

What other advice do I have?

I would recommend this solution to others who are interested in using it.

I would rate Imperva Incapsula an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Fauzan Adhima

Technical Support Engineer at a tech services company with 51-200 employees

Feb 21, 2024

Download

Improves security of web applications but UI needs enhancement

Pros and Cons

"The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications."

"The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier."

What is most valuable?

The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications.

What needs improvement?

The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier.

For how long have I used the solution?

I have been using the product for three years.

What do I think about the stability of the solution?

I rate the tool's stability an eight out of ten. We have encountered bugs, but they are fixed fast.

What do I think about the scalability of the solution?

I rate Imperva Web Application Firewall's scalability an eight to nine out of ten.

How are customer service and support?

Imperva Web Application Firewall's customer support is good and responsive. However, they are less responsive on public holidays.

How would you rate customer service and support?

Positive

How was the initial setup?

Imperva Web Application Firewall's deployment is easy. Onboarding a website on Imperva Web Application Firewall is much easier than Fortinet. With the product, the process is simplified, as you only need to enter your application's IP address on the website for the site, and the profiling firewall automates the process. For large-scale web applications, deployment can take four days to complete.

What's my experience with pricing, setup cost, and licensing?

Imperva Web Application Firewall's pricing is expensive.

What other advice do I have?

I rate Imperva Web Application Firewall a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer.

Edgar-Mwangi

Senior Presales Engineer at a tech services company with 11-50 employees

May 20, 2023

Download

A cloud-based solution for traffic inspection that offers good up-time

Pros and Cons

"The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security."

"I would like to improve the tool's turnaround time in terms of support."

What is our primary use case?

We use the solution for traffic inspection.

What is most valuable?

The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security.