Imperva Application Security Platform Reviews

At my previous workplace in the banking sector, we used Imperva WAF for the monitoring of our internet banking traffic, and we also used Imperva's DAM for the database activity monitoring.

Our deployment of Imperva WAF was situated on-premises and it was in use throughout the whole organization, which included around 3,500 clients.

Imperva Web Application Firewall has improved security of my organization through enhanced visiblity as well protecting malicious IPs, applications and unknown users as well.

The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network.

Imperva's product is very good, but when it comes to procuring the software in my country it can be somewhat expensive. I don't recall the exact amount, but in comparison with other countries it is a huge investment.

They recently separated the WAF and the DAM management gateways in order for each of these to be managed from different areas, so I believe it now requires additional investments for what was previously a single complete solution.

Although the vendor support from Imperva is not bad, getting a response from them can be a lengthy process at times.

I have used Imperva WAF for about three years. 

The stability is mature enough, in my experience. In fact, I would give it a 5/5 for stability.

Scalability-wise, there is one issue we encountered that I want to mention. At some point, Imperva, moved their account takeover prevention features from the on-premises edition to the cloud-based edition, and we discovered that this step would take yet another integration, seeing that we were using Imperva on-premises. These account takeover prevention features, however, were already part of our subscription, but since the features moved to the cloud, we missed out on them. So, in this sense, I would say the scalability strategy isn't as solid as it should be, and for this reason I would rate the scalability a 3.5/5.

On the other hand, when it comes to how many users we were able to scale up to, we actually had the whole organization using it, including around 3,500 clients in total.

The support from the vendor side could be improved because their response times weren't great and the process of obtaining the proper support was a long process sometimes. That said, the support itself was not bad.

Positive

The setup was actually quite an advanced process. It was a good experience, but all in all it took about one year to get everything fully set up, when you take all the fine-tuning activities and such into account.

We deployed the Imperva WAF with the help of organizations in South Africa who acted as consultants and implementation partners for Imperva. Our experience with them was good, and the full implementation required two professionals from the consultant's side and about five people from our own organization. The vendor itself was not part of the implementation process.

The pricing is somewhat expensive. It is actually a huge investment when compared to other countries.

Not only that, but Imperva went on to separate the WAF and DAM management gateways, making it so that each would have to be managed and licensed separately, incurring the cost of additional investments.

On a related note, there was another licensing issue we encountered where we had a subscription for account takeover prevention features, but these features had been moved by Imperva from the on-premises instance to the cloud. Since we had not moved to the cloud at that point, we did not have access to these features anymore.

I can highly recommend Imperva WAF for financial institutions. It's a good solution and I think it's important for financial institutions, particularly those who conduct online banking, to make use of a solid WAF such as this.

I would rate Imperva WAF a nine out of ten.

The solution is used by SMBs and enterprises that have a lot of websites that they need to protect.

Since the product is categorized in Gartner as a Web Application and API Protection tool, it protects APIs and web applications. It provides bot and client-side protection. I have done POCs. Once the platform is configured to block DDoS attacks, no traffic regarding DDoS or bots gets into the application.

If the clients have requirements for APIs and microservices, we can offer such services with the help of the solution. We can offer it as a security solution that protects APIs and microservices. Imperva’s real-time monitoring makes it very easy for administrators to monitor their existing web applications.

My clients raised a concern that even if they need the tool only for DDoS protection, they still have to buy the WAF license. It’s difficult to position the tool if the client already has a WAF solution and needs Imperva only for DDoS protection.

I have been using the solution since June last year.

I rate the tool’s stability a ten out of ten. Since I've been onboarded, I haven't had any issues.

I rate the tool’s scalability a ten out of ten. Imperva allows only clean traffic. The scalability is based on the clean traffic and not the overall bandwidth of the client. Our clients are mostly enterprise businesses. I have some SMB customers.

Sometimes, support tickets don't get addressed quickly. However, the support team gets to it eventually.

Positive

The initial setup is very easy. I rate the ease of setup a ten out of ten. The time taken for deployment depends on the number of applications we want to onboard. Usually, we can do it in a day.

Imperva is a very proactive solution. It is not reactive. We can prevent attacks or issues even before they happen. It is something people must consider since many enterprises are facing DDoS attacks, and their data is getting compromised.

I rate the solution’s pricing a seven out of ten. Some solutions are cheaper than Imperva. Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF.

We are partners. I rate the product's integration with our client's IT infrastructure a nine out of ten. It is easily integrated since many configurations are needed to onboard Imperva into a client’s infrastructure fully. Overall, I rate the product a nine out of ten.

I am impressed with the product's automatic bot mechanism. It also gives us the control to create our own custom bot rules. 

The tool needs to include artificial intelligence and machine learning. It also needs to improve profiling. 

The tool is stable. 

The product's setup is pretty easy. 

The tool's pricing is good. 

The solution is a reliable product. I would rate the tool an eight out of ten. 

They provide end-to-end data security, so everything to do with applications, APIs, et cetera.

We've got a Telco client, and they'll be partnering with us to use the DDoS solution with their clients.

It's primarily for DDoS attacks. It's looking at anything that's trying to remove the ability of the company to operate, usually volumetric, however, since it's got a three-second SLA, it's better than the competition.

We can look after an entire what used to be a Class C network/24. Now, they could do single IP addresses, so they can protect a single IP address, and they have a three-second SLA to stop an attack. They back that up with a very large amount of money as well, so you've got a guarantee on it.

It’s hard to think of an improvement. The three-second service level agreement is already better than the competition.

You would ordinarily say something like API protection. However, they've got that with another product. It's not that DDoS protection does everything. It's that within their family of products, they've got a solution for everything. That's what I like about it, the whole integrated service. There’s nothing that’s missing in terms of features.

We've been working with Imperva for about a year, and we've been working on a particularly big client at the moment as well.

The product is stable. It's resilient architecture. If one site is down for maintenance, then another site will take over the load.

It's very, very scalable. They've just added a lot more capacity to it. It's something like six or nine terabytes per second of protection capacity, which is more than the biggest attack there's ever been by quite a margin.

Technical support is very, very responsive. They're very good and they've got strength in depth. Across the world, they've got people. We deal with the local guys in the Netherlands, and they're pretty good.

Positive

The setup itself is straightforward.

It's quite quick. It can be done as a reactive solution. Therefore, if somebody rings up and says I'm being attacked, we can get them onboard very quickly.

You only need one person to handle the deployment. It's all done virtually. We're working with the Telco and the Telco sends out the BGP VPNs and we just reroute traffic. It’s all very easy.

There's no maintenance as such apart from reports on traffic utilization. If you are using it as a continuous service, if you're running it continuously rather than just invoking it when there is a DDoS attack, then you get reports basically on your utilization of traffic and the types of traffic that you're transporting, et cetera. It helps you improve your security.

We're doing the deployment for the client.

The ROI depends if you're being attacked or not. If you're the sort of organization that gets regularly attacked, then the ROI is extremely high as you could be down for quite some time with a DDoS attack. What usually happens these days is they don't have long attacks. They have very short attacks. However, the idea is to take down parts of the infrastructure to attack other parts. Therefore, it’s a diversion attack in many cases. Due to that, it's one of those products. It's very difficult to say what the ROI might be since it depends on what people are trying to do. However, it's the precursor to a lot of attacks.

The solution is very affordable. It's based on the traffic utilization, the average traffic utilization, not the DDoS traffic. Therefore, if you're being DDoSed, you don't pay extra for the absorption of the DDoS traffic. It's purely based on your average traffic.

We're an end-to-end Imperva partner. We're an Imperva reseller.

We're building an MSP at the moment, and it starts with a number of solutions. We then add on for those that have cloud exposure. We’ve added CloudWave DDoS and the API Protection and Bot Protection, and then for companies that have GDPR requirements, we've got the database side.

We use a cloud deployment with a variety of cloud providers. The telco, for example, is on the Equinix cloud. They're on a variety of data center sites. A lot of it is Equinix. I can't remember the name of the other providers, however, that's not relevant to us particularly since we are bringing in another Telco partner.

I’d rate the solution eight out of ten.

We primarily use the solution as a firewall.

One good thing about Imperva Web Application Firewall is it can be on the cloud and also it can be on-premise. Either way, you can use it, and it's quite easy. 

It's quite easy to deploy. It is also a self-managed service. It's quite straightforward.

They do provide updates on a quarterly or half-yearly basis.

I don't really use it and therefore can't speak to areas of improvement. 

We've been using it for probably three or four years.

The solution is stable. 

Scalability-wise, it is not so scalable as the solution is quite straightforward. There's not much you can scale with the solution.

Mainly, the IT department uses the solution and there are ten to 20 of them.

Technical support is quite helpful and responsive. They support us well and they are available worldwide so it's quite easy to get help.

The product is very easy to deploy. It's simple and straightforward. It's not an overly complex solution.

Within half a day you can have it up and running. You just need two people to deploy and maintain the solution. 

We are users and also we are resellers.

The version we are using is the latest version. 

It has many valuable options or features. You just need to know what you need for your organization. If not, Imperva will probably tend to sell you almost everything. You just need to know what are the options that you need for your organization. Apart from that, the whole process is quite fast and it's quite reliable.

I'd rate the solution an eight out of ten.

We use Imperva DDoS for DDoS protection and security.

Imperva DDoS is fairly stable, and its availability is quite high. I haven't faced any downtime or system instability issues with the solution.

Imperva DDoS does not provide version control. After I make any changes on any portal, I would want to roll back my changes and go back to a stable version if something goes wrong. That particular feature is not there on the UI portal.

They have this roundabout way wherein I can use different tools to integrate, do the versioning, and manage it on my own. It's not directly available, but I can use it indirectly.

I have been using Imperva DDoS for two to three years.

Imperva DDoS is a scalable product.

The solution's initial setup is a bit difficult and not very easy. It's not that time-consuming if you have expertise. Once you get your hands on it, it's pretty straightforward.

Imperva DDoS is deployed on-cloud in our organization.

I would recommend Imperva DDoS to users because it's a fairly stable product.

Overall, I rate Imperva DDoS an eight out of ten.

Imperva is easy to use and deploy. The UI is excellent.

I'd like the option to pick your bot protection.

I have used Imperva for seven years.

Imperva is stability.

Imperva is scalable.

Imperva support is good. 

Setting up Imperva is easy, and it takes two days.

The cost is reasonable. W have 50 clients and 10 websites per customer. 

I rate Imperva Web Application Firewall nine out of 10.

Imperva Web Application Firewall is used for protecting web applications.

The most valuable features of the Imperva Web Application Firewall are performance and flexibility. We can extend or customize the box itself.

Imperva Web Application Firewall could improve the console by making it easier to use. 

I have been using Imperva Web Application Firewall for approximately six years.

Imperva Web Application Firewall is stable.

The stability of the Imperva Web Application Firewall is good.

We have approximately three or four clients using this solution.

The support from Imperva Web Application Firewall is very good. They are handling support well, giving suggestions, and solving the issues.

The initial setup of the Imperva Web Application Firewall is straightforward. The process for us is simple, we have been doing it for years.

We have one person that does the deployment of the Imperva Web Application Firewall.

We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive.

I recommend this solution to others.

I rate Imperva Web Application Firewall an eight out of ten.