Imperva Application Security Platform Reviews

Our primary use case is DDoS protection. We are using it to protect access to internet sites. It is a SaaS solution, so everybody has the latest version. 

DDoS protection and WAF are the most valuable features. It is easy to deploy a service. It is easy and quick to deploy to a new website.

Its price could be improved. It is quite expensive.

It will be good if we could export the configuration. Currently, to control the configuration, we need to go to each website, which is not very convenient.

I have been using this solution for six years.

Its capacity is okay for us, and we don't need to scale it or expand its usage.

Their technical support is good. We get a quick response from them.

It was simple. It is very easy and quick to deploy.

It was done in-house.

It is expensive.

I would recommend this solution to others. It has been working fine for us, and it has all the features that we need. I would advise others to know the exact bandwidth that is required for the project because the cost is based on the bandwidth. You must evaluate the required bandwidth beforehand.

I would rate Imperva Incapsula a nine out of ten. Technically, it is a very good solution.

We are using this solution for backing up all of our day-to-day use data and the ability to restore it when we want. For example, when there is a catastrophe or disaster.

The most important feature I have found to be the ease in how to do the backup and restores.

The process to upgrade from one version to another can be a lot simpler than it is currently.

I have been using this solution for six years.

When it comes to stability the solution work well.

The solution in my experience has been scalable. In my organization we have approximately 10,000 users using the solution, the whole company uses it.

The initial setup was straightforward. We have a team that does the maintenance of the solution.

There is a license for this solution and we purchase the license annually with no additional fees.

My advice is to follow the three, two, one backup rule, this solution is very suitable for this. Make sure you are defining your mean time for recovery of the backup, and try to see that it makes the mean time.

I rate Imperva Web Application Firewall a nine out of ten.

We primarily use the solution for all our corporate websites for port 80 and 443 redirect and protecting all the web pages that we have in our environment.

The solution is very good at intercepting traffic before it gets to our data centers. It saves us some security hits and top-level bad guy stuff. It's very good at protecting us. It keeps anything malicious off of our infrastructure.

We did have a major complaint, however, they fixed it after about a year and a half of complaining. It's not a problem anymore. I don't recall really having any issues with the solution beyond what they have fixed.

The salespeople tend to exaggerate its capabilities, which can cost you money if you don't verify the information.

I've dealt with the solution for two years at this point.

The stability of the solution is very good. I've never heard of any outages that I'm aware of. It doesn't crash or freeze. There aren't bugs or glitches. It's reliable.

The scalability is just based on the number of licenses and in our case, we've maxed out our licenses. They are extremely expensive, and therefore it would be costly to scale.

I haven't had to call technical support, however, from what I've heard, they're okay. They are not great, not bad, just right down the middle.

The infrastructure team did all the certificates on that side. My team took care of security. It's the security settings we set up. There was a lot of complexity in the initial configuration based on our proprietary apps and having to disable or change some settings to allow some stuff to work. That's kind of a normal thing. No matter what WAF you would have, you'd have the same issue.

The licensing of the solution is quite high. Licenses are quite expensive. I'm not sure if they really offer the value that they ultimately charge.

The cost is somewhere around $10,000 a site. For every site, you pay individually. For every DNS entry, you have you pay.

We are just customers and end users.

We're using the WAF. It's the web-based version. Whatever's the current and newest version is what we're using.

I'd advise potential new users to not believe salespeople. That's kind of a standard thing across the industry, however, we were told one thing at the sales side, and then, after we purchased, it was not true what they said. That's extremely disappointing as it actually costs us tens of thousands of dollars more due to the fact that what they said could happen, how their licensing model works, doesn't work the way the sales guy said. That's a giant disappointment.

Overall, the solution does what it says it will do. I'd rate it at an eight out of ten.

We use it to protect websites against application threats and DDoS attacks. Because it is a cloud solution, we always have the last version. I don't need to update or upgrade. 

We are a partner of Imperva. Imperva doesn't sell directly to customers, so they have to pass through vendors and partners like us. All of my customers have different levels of services with Imperva.

We can protect our customers with Imperva solution very quickly, it's highly appreciated by our customers.  We trust the solution because we saw a lot of blocked attacks, so once the customer website is protected, we don't worry about the security of his acces, it's all managed by the solution.

-WAF protection works almost out-of-the-box

-Anti-DDoS mitigation in less than 1s, I saw it many time in production, I can say it works

-CDN has high performances, and the Smart Caching mode is really "smart" (you can do some efficient caching even if you're not a specialist)

-It's a unique interface for managing security and performance aspects, we don't need to go through multiples providers to manages these aspects.

The weakest point of Imperva is their first level of support, which should be improved. 

They should also improve the access and security logs viewing directly on the portal. I would like to see better access and security logs through the portal and not only through a SIEM solution. Currently, if you want to explore your access and security logs from Imperva, you need a SIEM tool or a SIEM infrastructure on your side to do it. You can't do it manually or directly through the portal, which is a big problem for us. They agreed that this is an improvement point from their side.

I have been using this solution for four years.

It is very stable. I have used this solution for more than 20 customers, and each customer has a lot of websites. I have seen some network outages or things like that over the last four years, but I can say it is very stable.

Scalability is not a problem because it is a cloud. The provider manages this aspect for me.

This is the weakest point of Imperva. They have some very good technicians but not at the first level of support. I have already told them this several times. Each time I meet or talk to a chief or director, I say, "Your product is very good, but your support is not at the same level." I provide support to my customers for their solution. So, I know what the customers expect and how to address this kind of expectation. They need some improvement at this level.

The initial setup is very easy and quick. You can put the protection live in less than 10 minutes if you need it.

It is an expensive solution. The price is high as the level of service and security provided is high. A lot of customers tell us that they would love to use Imperva more. I have some customers who have 50 websites, but they protect only 10 websites on Imperva because of the price. They would love to have all their websites running through Imperva, but they can't. They have to choose the more critical websites to protect because the price is very high. It is a very good product, but it is expensive.

If you buy a plan for 20 megabytes and you don't consume all of your 20 megabytes, it is okay, but if you consume more, you are charged for the superior traffic.

I would recommend this solution because I have also used different WAF and DDoS solutions. For me, it is the best solution available. It is quite simple to do the configuration. You can do whatever you want. If you know the product, you can do fine-tuning and have the configuration that you need. You need the knowledge to do this, but you can do this, and it works. Even though it is a high-cost solution, it is easy for me to sell it to customers because I know it will work. I get a little bit stressed about some of the other solutions because I don't trust those solutions like I trust Imperva. 

I would rate Imperva Incapsula an nine out of ten. It is quite a good solution. They can do some improvements, but it is quite a good solution.

We are using it as an application-delivery platform for our entire organization.  

The most valuable feature is that it is cloud-based and we do not need to have an appliance for it in house.  

I do not see any big problems with the product. Imperva has had a lot of experience developing this product platform and it seems appropriate for my use cases. There are a few places where it can be improved.  

An area of improvement that I was looking for in Incapsula at this moment is enhancing the policy levels. For my purposes, I think there are too few policies. The product and what is included may be good, but it has to be improved further in the area of policies.  

Another area that could do with improvement is certificate management. I do not like the way that incapsula handles certificates very much. It needs to be changed or drastically improved to be more fluid.  

We have to be conscious of the architecture updates. Updates for the application architecture may break the existing protection application if we have made any changes. It does not seem that this should be so big of a concern for the end-user and could be handled better.  

We have been using Imperva Incapsula for six months.  

The stability of the product is not usually the issue. Any stability issues would have to do more with extraneous factors.  

We need to know more about the scalability ourselves. We are working on it now to see what we can do. The scalability is inherently good because it is on the cloud. There is nothing much to worry about with the scalability part. But the hands-on experience with it is something we are still exploring.  

There seems to be no limit to scaling the product from the perspective of adding applications. We just put our product on the market. Until and unless the users complain to us, then we will not know if there are growing pains. It is too early in our experience with the product to get the kind of feedback that we need from them.  

We have had only one serious issue after onboarding 50 applications. For one application, we have had some performance and stability issues. It was just one time over the last six months where the problem was affecting the stability. For that one application, we had severe performance issues, and we rolled it back. We are still investigating that issue. We do not know the reason yet that we had a problem with it. We do not know how many of the applications that we try to work will present problems like that. I saw problems with only two applications in total. One is application had an issue with image loading which was not as severe, and the other one was for performance issues. The performance issue was effecting web services.  

Scaling, as far as the number of users, is another type of scalability. Ultimately everybody who uses our services uses Incapsula in a sense by the end of the day. This is because every application has to go through Incapsula.  

We are also having to look at our own environment when considering scalability and trying to take Incapsula forward as far as we can with expansion. We have some issues with our infrastructure. All the infrastructure is not always optimally compatible with Incapsula. Because our infrastructure is not fit for Incapsula due to various reasons, we are working to resolve those issues. Those are not major things, but they are important to resolve and continue to scale, so we are working on it. It will take some time to identify everything and optimize the system. For example, if we implement something like having multiple authentications it comes with new challenges. In the end, it improves what we offer, but there are issues to consider along the way, and even before the implementation. 

The tech support people are good. They are very good.  

For web application firewalls we are actually currently using more than one solution. We are using both Imperva and AWS. Which solution that we use depends upon the environment and depends on the situation. So we are using both solutions but for different situations when there is an advantage to using the capabilities of one product over the other.  

Installation is not complex. It is pretty straightforward.  

We have two people who we use for the deployment of updates and also maintaining this solution. They are part of our team and not from the vendor or other consultancy.  

In my opinion, Imperva Incapsula is not expensive compared to the other similar solutions in this category.  

I have some advice for people who are considering using Imperva. When onboarding an application, they need to be careful with their other infrastructure and systems. The concern is in part to make sure they do not have conflicts. There has to be proper authentication for authorization and the RSA (Rivest, Shamir, and Adelman, data security). During the execution of the task of onboarding, they need to be a little careful to make sure that is not creating an outage.  

So what I would recommend to anyone onboarding an application is that they need to go through the architecture of the application thoroughly before implementing the solution. Do not rush to the end to get it done.  

The best way to implement anything is by taking steps to avoid problems beforehand to end up with a result that has fewer issues.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate Imperva Incapsula as the number one solution. There is not too much to know about it but that it is one of the best products of this type that you can get. But on a scale of one to ten, I give it a nine-out-of-ten because it is not perfect, as good as it is.  

I use the service for protection due to the fact that it has profile functionality.

Protection is the best solution since it has profile functionality.

Interesting alternatives are Akamai and some cloud solutions do exist.

The tool needs to improve CPU and storage memory. 

I have been using the solution for a year. However, my company has been using it for six years. 

Imperva Web Application Firewall is stable. 

The product is scalable, and my company has 20,000 users. One administrator manages the tool. 

Imperva Web Application Firewall is expensive. 

I rate the solution a nine out of ten. 

The solution has the best volumetric DDoS attacks feature.

The solution needs to be improved every time there are new attacks. They need to add new features and techniques to prevent the attacks.

We have been using the solution for seven years.

I rate the solution's stability an eight out of ten.

It is a scalable solution. It is suitable for medium and enterprise businesses.

The solution's technical support services are fine. 

Compared with the competitors, the solution provides better security features, including web protection firewall and DDoS protection.

The solution's initial setup process is complicated. You need to include the right security policy and discover the attack trends. The time taken for implementation depends on the project requirements.

The solution's price is reasonable. Although, it is a bit expensive for small companies. The cost of its licenses depends on the specific project requirement.

I advise others to study their requirements while choosing DDoS protection thoroughly. They should know if the CDN is limited to their region or has a global reach. Also, DDoS attacks appear in different ways every single time. Thus, it is challenging to implement. It is crucial to know its surface, nature, and how to implement the security measures.

I rate the solution an eight out of ten.