Imperva Application Security Platform Reviews

Clients can use Imperva Application Security Platform for various purposes, and as a reseller, I believe the best advantage in the product is its features that stand out for the client.

I have experience with the real-time traffic inspection feature of Imperva Application Security Platform, and it helps with network security.

I believe the reputational analysis in Imperva Application Security Platform is effective for blocking security threats before impact. I also believe that behavioral and signature-based techniques help to improve threat detection accuracy.

I see valuable benefits from advanced detection and traffic profiling during DDoS attacks, and I track some metrics related to DDoS protection performance.

I see some areas for improvement in Imperva Application Security Platform, especially regarding price. Regarding return on investment, ROI, I can say it is noticeable with Imperva Application Security Platform, and I see some significant differences compared to other firewalls such as Palo Alto, where there are pros and cons between Imperva Application Security Platform and some competitors.

As for the deployment of Imperva Application Security Platform, I would say it can be a complex process, and I ask this because we are partners with AWS. I have not purchased a solution from AWS Marketplace or deployed it on AWS Cloud for a client.

I have been working and selling it for three years so far.

Regarding the scalability of Imperva Application Security Platform, I would say it is a scalable product with some limitations, but it is also a stable product without much glitch or downtime.

My experience with technical support from Imperva Application Security Platform was good when I reached out to them.

I have been in this domain with firewalls longer than three years, overall in this sphere with firewalls and security solutions.

I see some areas for improvement in Imperva Application Security Platform, especially regarding price. Regarding return on investment, ROI, I can say it is noticeable with Imperva Application Security Platform, and I see some significant differences compared to other firewalls such as Palo Alto, where there are pros and cons between Imperva Application Security Platform and some competitors.

Amazon Web Services (AWS)

My main use case for Imperva Application Security Platform is using it for web application firewall as the main objective for managing a web application that is handled by WAF in the company that my company is working for. Protecting all threats or attacks from the web application is the main objective of the WAF.

The best features Imperva Application Security Platform offers are for speed and protection. There is runtime and zero protection, and we have the sub and sub plus protection.

The speed and protection features of Imperva Application Security Platform help my team day-to-day by providing safe and clear access to the website. For example, my company is a multinational company that experiences many attacks, such as DDoS attacks, hitting the general website of the company before. The protection protects all of the websites in Imperva, so accessing the website is safer right now, not disrupted by DDoS attacks.

Imperva Application Security Platform has positively impacted my organization by making the website more secure. It reduces the DDoS attacks and reduces the attacks from threat actors, including SQL Injection and zero-day attacks, by using dynamic application profiling from Imperva. This is very helpful for my company as it reduces the incidents from the website.

I would suggest that Imperva Application Security Platform should include new features combined with AI. When I was using Imperva, it was not yet combined with AI. I believe that AI can now be used to make things easier, to track the attacks or IPs, or perhaps to determine the best configuration for each company that is using Imperva.

I have been using Imperva Application Security Platform for three years.

I would add that I have a unique observation about the features of Imperva Application Security Platform. For protection to protect more safely and restrictively, I have another use case with an internal website. This website is internal, and those people who want to access it can use the VPN or the internal network. I have encountered cases where a person from the internal company wants to access the website without using the API and got blocked by Imperva because there is a feature or configuration that allows specific IPs. I had to log all of the ways to access the web and allow only a few IPs from the internal IPs. I think Imperva is very secure, very restricted, and good for protecting websites, especially for internal websites and production servers.

Regarding improvements to Imperva Application Security Platform, I think all aspects of Imperva Web Application Firewall, including the UI/UX, are good, and I can operate it smoothly with the application. I give this product a rating of 8.5 out of 10.

Imperva Application Security Platform is generally used for legacy-type applications that cannot be migrated to the cloud. A specific example of how I use this tool to protect legacy applications in my organization is that we have an intranet which has not been fully developed or technologically advanced enough to run in the cloud, so by having this, we secure it effectively.

Imperva Application Security Platform allows you to enhance your application security posture. Among the best features that Imperva Application Security Platform offers, the policies are very dynamic, and it also has profiling at the application level that allows you to work in this mode.

I would like to highlight especially the ThreatRadar feature, which is an additional subscription, and ThreatRadar helps with threat intelligence by allowing you to block advanced attacks as well as mitigate risks more effectively.

Imperva Application Security Platform positively impacts us because we have a critical website, so by placing a WAF of Imperva's quality, it allows us to have visibility and granular control over the various attacks that can occur on the website.

A concrete improvement I have seen thanks to Imperva Application Security Platform is that it has decreased the level of connections to the final server. The specific improvement is that the connections that reach the server are fewer because Imperva is already filtering them at the WAF stage.

Imperva Application Security Platform could be improved if it allowed integration with Active Directory in the cloud, or if it provided visibility of user roles and permissions.

I have been using Imperva Application Security Platform for a little more than three years.

I consider Imperva Application Security Platform to be a stable solution.

I would rate the scalability of Imperva Application Security Platform as very good since it adapts well and you can grow independently because the interfaces support one and ten gigs.

Imperva Application Security Platform customer support has been very good; the ticketing platform allows us to have visibility of the case, and the staff makes the effort to respond quickly.

I did not previously use any other solution before Imperva Application Security Platform.

The advice I would give to others who are considering using Imperva Application Security Platform is to start with learning mode and then move to blocking mode slowly for approximately one week so that Imperva can identify the website and the connections that are made to it.

I have seen a return on investment with Imperva Application Security Platform, as it is generally associated with time savings, because the review of alerts and the visibility it gives saves us significant operational time. The clarification on time savings is that it refers to the time spent on alerts.

My experience with the pricing, implementation cost, and licenses of Imperva Application Security Platform is that it is high compared to a traditional WAF solution, but it meets expectations.

Before choosing Imperva Application Security Platform, I did not evaluate other options, as we went directly with Imperva due to recommendations.

I would rate Imperva Application Security Platform an eight on a scale from one to ten. Imperva Application Security Platform is a very good platform; even though it is not in Gartner, clients request it and trust the brand. I would rate customer support on a scale from one to ten as an eight. My overall review rating for Imperva Application Security Platform is eight out of ten.

My main use case for Imperva Application Security Platform involves using it in more than a couple of organizations where I was employed.

We used Imperva Application Security Platform for web application firewall and API security in one of those organizations.

Since we integrate a number of external vendor products in our environment, most of these integrations occur via API, and hence we use Imperva Application Security Platform for API security.

Imperva Application Security Platform offers features such as Attack Analytics.

Attack Analytics has helped us understand what traffic is being received by our applications, and based on that, we have created the policies. The false positives have been reduced, saving a lot of time for us to work on other important tasks rather than wasting time on addressing those false positives.

Imperva Application Security Platform has considerably improved our web application security posture and it has also helped us design our applications with security as the primary concern. Before using Imperva Application Security Platform, we received many attacks, such as command injection attacks, SQL injection attacks, and even though we were using a niche web application firewall, we were not able to tackle those attacks. After moving to Imperva Application Security Platform, these attacks have been prevented significantly, and the attacks on the initial level have been considerably reduced.

We have not yet encountered any issues with Imperva Application Security Platform until now; however, improvements are always expected from the vendor. No major improvements are required, but it should still work on reducing the false positives. Although we do not receive that many false positives, some improvement is still required regarding learning the traffic while using Imperva Application Security Platform.

Nothing as of now because we have still not used all the features of Imperva Application Security Platform, but we are exploring it and in the future, maybe we will understand what improvements are required.

I have been using Imperva Application Security Platform on-prem as well as in the cloud for almost four years.

Imperva Application Security Platform is quite stable.

I do not have much experience with respect to the scalability of Imperva Application Security Platform because a different infrastructure team manages all these aspects; we, as a security team, are just using it for protecting our applications and APIs.

I had an experience reaching out to customer support for an issue with Imperva Application Security Platform, and it was quite good; they addressed the issue effectively.

If anyone is concerned about API security, then Imperva Application Security Platform is definitely a good choice.

Imperva is a trusted brand, and I have been using Imperva Web Application Firewall on-prem and also as SaaS, but Imperva Application Security Platform is a next-generation cloud-based service that is quite helpful and powerful. Based on current attacks and the latest AI-based attacks, some improvement is required, but it remains a promising product that I would recommend to others.

I would rate this product an 8 out of 10.

Public Cloud

Other

Imperva Application Security Platform is used primarily for web application firewall security. My organization has a significant number of applications running through the platform, and to monitor those applications, we require firewalls. Imperva Application Security Platform's Web Application Firewall performs the deep inspection necessary for this monitoring.

Imperva Application Security Platform offers customization of security policies, allowing me to create policies tailored to my environment.

The rate limiting policy in Imperva Application Security Platform works based on usage numbers and has proven valuable for our operations.

Imperva Application Security Platform is user-friendly, and I can maintain a customized dashboard to monitor the utilization of all gateways in day-to-day operations.

Imperva Application Security Platform serves as the base pillar for applications to grant or deny access appropriately.

From a compliance perspective, Imperva Application Security Platform has been an improvement, as it has passed all compliance processes.

Imperva Application Security Platform could be improved by providing a more user-friendly dashboard.

I would recommend that support for Imperva Application Security Platform be enhanced to be more effective.

I have been using Imperva Application Security Platform for three years.

Imperva Application Security Platform is stable.

Scalability in Imperva Application Security Platform depends on the region. Imperva Application Security Platform can handle more applications or increased traffic easily as my organization grows. Currently, we are running approximately 1000 applications, and it can handle more.

Customer support for Imperva Application Security Platform is good, though it could be better. I would rate the customer support of Imperva Application Security Platform an eight on a scale of one to ten.

I did not previously use a different solution.

We have seen a return on investment with Imperva Application Security Platform, as we started with a few devices and gradually increased the number of on-premises devices for Imperva Application Security Platform.

The pricing, setup cost, and licensing for Imperva Application Security Platform were user-friendly and good.

Before choosing Imperva Application Security Platform, I evaluated Akamai WAF.

I would recommend Imperva Application Security Platform compared to Akamai WAF. It has been good to use Imperva Application Security Platform, as I have been using it for three years. I would rate this review a nine on a scale of one to ten.

On-premises

We are primarily a customer for Firewall. We're also moving into the managed security space, but we are primarily a customer here. 

So, it is primarily used for web application firewalls. Protecting web applications against application-layer attacks. There is advanced bot protection and DDoS Protection. 

It's very simple to implement. It works right out of the box once you integrate the application. It does the learning for you and starts applying relevant signatures. 

It's effective in protecting against different kinds of attacks. For example, it can mitigate DDoS attacks and block application layer attacks like SQL injection, HTTP, and cross-site scripting attacks. The latency is pretty low.

Support is one thing I wish Imperva could improve. They follow the phone model and keep rotating you from one customer service person to another. The layer one support isn't very clear about the workings of the product.

My feedback is primarily about Imperva Cloud, not on-premise. On-premise is a whole new story.

Support is the issue for Imperva Cloud. It's also a bit pricey. It's a premium service and very expensive. The licensing model is not very straightforward. Every feature is priced separately, and to enjoy maximum protection, you'll have to spend a lot of money. The licensing model is a bit complex, and each feature is very pricey. For example, API security and web application protection are two separate license packages.

For WAF, I have been using it for about four years now. 

The solution is generally stable, but there are sometimes where a link degradation does not involve a failover to another port where you're able to enjoy the service. So your availability is affected because of link degradation. It will not automatically take you to another port. But otherwise, it's generally stable.

The capacity and everything is managed by Imperva. We don't really get to know much about the back end.

It does a good job because we have very busy applications that seem to work well without any issues. The only issue that we experienced recently is that if there's an issue on the uplinks, the traffic does not automatically fail over to another region or another POP. You're still directed to a POP where there's degradation in service. So, if you're affected, you'll have to bear the pain until the issue is resolved before you're able to access the services again. So, there's no automatic failover between POPs from one POP to another in the event of a link degradation along the path.

Neutral

We have tried out Radware as a POC just a couple of months ago. There is also Cloudflare .

I'd prefer Cloudflare because of its presence on the Internet, the number of services it offers, and the level of automation that it gives you. 

I'd look up to Cloudflare because it's more stable. Because of its points of presence everywhere in the world, you're in a better place to enjoy better availability than being on Imperva. 

And the level of protection from my test, I think it's pretty good. It's next-generation application firewall. So it's something that I look up to.

The deployment was easy. We have quite a number of sites, more than 300. Per site, it can take about ten minutes to integrate, to move your application to the cloud, before you can achieve maximum protection or before you can achieve protection on your site. So, it's a very seamless process.

We had challenges integrating with our on-premise tools, our SIEM tools and SOAR tools. Integration is a bit complex. There's no capability to integrate with our on-premise tools, or if there is, it's very limited.

It's a SaaS service, so everything's maintained by Imperva. It's something that is managed by Imperva. 

So, there is a return on investment in terms of achieving protection for our public-facing portals. We have seen quite a number of DDoS attacks being mitigated by Imperva. We have also seen a few web application attacks that have been blocked.

In terms of time savings, we don't have to go to the data center to do upgrades and other mundane things, so we can focus on more important things. 

The licensing model is a bit complex and very complicated model. 

We operate a hybrid cloud and on-premise as well, and we're looking for a solution that would suit all of our needs. Right now, for API security, we don't have anything. But for others, for WAF, we do have something. We use Imperva as our WAF, for example.

We carry out research, which is the first step when we're looking to source a product. We do market research, obviously, and an assessment. So it starts with reviewing PeerSpot or what people say about different products, and then we call vendors in. They give us a demo. They give us a POC. Then, we draft the required set of requirements, and then we eventually pick a product based on what we need.

AI functionality in Imperva does do quite a bit of learning, but Imperva can do more. There's little interaction. There's basically just the machine learning bit. So it basically baselines the application and then analyzes traffic towards the application. But in terms of capability to interact with large language models, that is still not at the level where the competitors are.

Overall, I would rate it an eight out of ten. 

Public Cloud

We use Imperva DDoS protection to safeguard our network from multiple attacks. It is especially useful to protect websites or applications by redirecting traffic to eliminate threats.

Imperva DDoS increases our uptime to 99.99% by filtering and managing traffic to ensure only genuine traffic reaches our site. It optimizes and guides data centers to enhance network security.

The bot management features are very effective, as they help filter unwanted traffic using keywords. Imperva's ability to filter out non-genuine traffic provides a significant improvement to security and performance.

Pricing can be improved, as it is quite expensive. Additionally, support response times for emails can sometimes be delayed, which is an area that could use improvement.

We have used Imperva DDoS for a couple of months.

On a scale of one to ten, I rate the stability at eight. It is quite stable, but there might be some room for it to be even better.

Technical support is rated at seven out of ten due to sometimes delayed response times.

Neutral

The initial setup is easy and quick to deploy.

We typically handle the deployment ourselves, as we are partners and not the end customers.

The pricing is rated a ten on a scale where ten is very expensive. The solution is only cloud-based and does not provide on-premises services.

Imperva offers multiple services with a very high uptime guarantee of 99.99%. It is a valuable solution for network security.

I'd rate the solution eight out of ten.

Public Cloud

Other

The solution functions just like a firewall, but it operates in the cloud. It is designed to protect web applications and environments hosted on the cloud. 

It helps protect applications from DDoS attacks and other types of attacks. I handle a wide range of business requirements with it.

The solution can be configured in just a couple of minutes. It ensures 99.7% availability for my applications. It provides an additional layer of security for web applications and other applications, including mobile applications. It protects my environment and helps maintain my reputation in the market.

It is not a personal firewall, however, I can log my traffic to the Web Application Firewall if my hardware is available on-premise. I am satisfied with all the features available. There is nothing specific where the application firewall is falling short.

I have been working with Imperva solutions personally since last month.

I would rate the solution ten out of ten in terms of stability.

The solution is highly scalable. I can configure this firewall to expand based on my needs and revert to my basic configuration when traffic is over.

Technical support is divided into two categories: partner side and OEM side. It is easy to contact them, and my queries are resolved efficiently.

Positive

The initial setup is very easy. I just need to route the traffic, similar to configuring an IP on the application firewall. It typically takes no more than a day and is easy, rated at nine out of ten.

The pricing is competitive in the market. The solution helps improve my security posture and operational costs.

There are other solutions available in the market, however, Imperva Web Application Firewall is a good solution.

I would recommend Imperva Web Application Firewall to others. 

Overall, I would rate it eight out of ten as it is a good solution. However, there are other solutions in the market.

Public Cloud

Other

The Imperva Web Application Firewall secures our web application externally. It filters traffic, allowing legitimate requests to reach our application while blocking malicious traffic.

It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. 

With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization.

The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization.

Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts. 

While a Web Application Firewall (WAF) doesn't directly protect against viruses, it's crucial for application security. 

It defends against threats like cross-site scripting (XSS), SQL injection, and others. This safeguards your application or website.

There's always room for improvement. Occasionally, there might be false-positive alerts.  

I have five years of experience working with this product. 

I would rate the stability a nine out of ten. Sometimes, it gives false positives. 

Imperva is a Gartner leader, so its scalability, performance, and features are excellent.

Cloud-based deployments offer easy scalability. On-premises scaling is more complex because it depends on our hardware; we have to mount some servers and specific requirements.

We have around 10 to 15 customers. 

The initial setup is very straightforward. 

Imperva offers both cloud-based and on-premises solutions. For cloud deployments, we'd need a domain name and IP address. 

On-premises installations involve specific hardware requirements, such as 16 GB RAM.

We support both cloud and on-premises solutions.

One or two engineers would be enough for the implementation.

ROI varies depending on the customer. Applications in critical sectors, like banking (BFSI), see significant ROI since Imperva protects its core systems. For them, the ROI calculation is simple.

It's an excellent product, but it can be very costly. 

Those customers who are capable of buying are buying it. 

Those customers who are not able to buy this premium product due to budget constraints explore other options.

The licensing model is yearly. There are no extra costs in addition to the standard licensing fees. 

Overall, I would rate the solution a nine out of ten. More and more customers are adopting web application firewalls to secure their web applications.

I use the solution in my company because one of our clients needs a tool that offers functionalities in areas like bot management and DDoS protection against attacks while specifically being able to manage attacks against their public servers by bots and against scraping. DDoS is useful for dealing with too many queries against a single entity since it can cause a business to lose revenue because the company cannot access its site.

The advanced bot detection capabilities and the reporting features in Imperva Bot Management have helped our client's organization by splitting up multiple requests from multiple IP addresses into legitimate and bad or inaccurate requests. The product also sets up the required rules and policies to block certain areas and allow what is needed.

At the moment, I am okay with the product. I haven't found something that needs to be improved yet.

I am not physically busy with any implementations associated with the product, but I will share the details of what is required in the solution with my team as soon as I figure out what is required in the solution.

Sometimes, it takes a bit of time for the technical staff of the solution to get back to our company with a resolution for our problems. The aforementioned area related to the product can an be considered for improvement.

I have been using Imperva Bot Management for two years. My company has a partnership with Imperva.

The stability of the product is good since I haven't had any problems with the solution.

The scalability of the product is high. I rate the product's scalability a ten out of ten. It is very easy to use the scalability features of the product, especially if the product is deployed on the cloud model, but it may be a different story if the tool is deployed on an on-premises model. The difficulty of using the scalability feature nude of the product arises when the client does not have the capacity to scale up.

My company deals with businesses of all sizes. One of my company's clients who uses the solution has five members and a large e-commerce environment. There are also enterprise-sized clients who use the solution.

Before I raise a question with the technical support team of the product, I have gone through all the necessary steps that I could try to resolve the issue, and I cannot go any further because of some knowledge and experience block. If I get in touch with the tool's L1 engineer, I am made to go through all the steps that I have already tried, which turns out to be a bit frustrating.

I rate the technical support a seven to eight out of ten.

Neutral

Considering the fact that I am a technical person, I rate the product's initial setup phase a nine on a scale of one to ten, where one is a difficult initial setup process, and ten is an easy initial setup phase.

The deployment can be done on a cloud, on-premises, or both models, depending on whether the product is used in a start-up or an old company.

The solution can be deployed in a couple of hours, depending on the information gathered from our company's clients. Sometimes, the deployment takes a couple of weeks because of the feedback my company gets from the client that is correct or when they take a long time to reply back to us. From Imperva's side, the deployment process is easy, but when dealing with our company's clients, the deployment phase may not be easy due to communication issues.

I rate the product price a four on a scale of one to ten, where one is a low price, and ten is a high price. The price of the product also depends on the cost of the tools offered by competitors like Radware or Citrix. Considering the current cost of Imperva Bot Management, I would say that the solution is priced correctly.

My company uses Imperva Bot Management to protect our web application against automated threats by using its areas like whitelisting and normal integration with services that are available from the tool's bot management side.

Imperva Bot Management has been effective in managing bots in both areas of our company, like our e-commerce platform and website.

The feature of Imperva Bot Management, which I found to be the most beneficial for identifying and mitigating bots in real-time, is that it helps to mitigate OWASP attacks and its abilities, like reporting data regions, going through various IP addresses, and figuring out the type of attacks.

Imperva Bot Management has impacted our company's clients' daily operations and user experience in terms of bot traffic handling since it has reduced the false positives while ensuring that it has the experience and ability to work on other problems faced by users easily. With Imperva Bot Management, I don't have to have one single person focusing on network outages or website outages because now Imperva can handle multiple queries.

Speaking about an example of a complex bot attack that Imperva Bot Management successfully mitigated, I can say that the tool did website scraping when there were over 1,00,000 queries created per second and figured out that it was a bot that was in areas like scraping and machine learning, after which the solution blocked the bot automatically and sent a notification to the administrator to say what was happening, post which the website was up and stable.

I rate the overall tool an eight and a half out of ten.