Imperva Application Security Platform Reviews

For some time now, I have been the CTO of a consulting company and our main issue is web application security. We also handle database security.

This is one of the solutions that we implement for our clients.

The primary use of this solution is the protection of applications.

This product has a logical perspective of negative and positive security. Negative meaning all of the blacklisted websites, and the positive is the profiling of the website itself. Impera can see and activate the policy, based on what it has learned. Imperva learns things like how dynamic content is dealt with, and what the permitted values are. When you combine these two perspectives, the negative and the positive, you get the optimal protection of the application.

When you want to move to a higher version of the platform, it is not in the GUI and not very easy to do. I expect that this will be available in the next version.

I think that better bot protection is needed in this solution. Bot protection is one of the features in Imperva that lets you recognize if their request is coming from a human or coming from a bot. In this context, a bot is a mechanism being used by the attacker. Good bot protection will reduce a lot of the attacks coming into the applications.

This solution is pretty stable.

If you build this solution properly then you have scalability.

We do not use technical support very often. It is only in cases where we get something that looks like a bug. Their team is good.

The initial setup of this solution is user-friendly and pretty straightforward.

However, the setup, in order to bring the application into inspection, is kind of complex. You need to know what you're doing. It takes approximately four hours to install, setup, and configure this platform.

My team and I handle the integration of this solution for our clients.

The number of people required depends on the environment. Sometimes it is one person, whereas other times there are two.

We have three people who take care of maintaining this solution for our customers.

The cost of this solution depends on the platform. For example, you may be buying virtual or you may be buying appliances. It also depends on the number of environments and the bandwidth that is required.

Compared to other web application firewalls in the market, Imperva does things in the most accurate way.

Overall, Imperva is a pretty good product.

I am working with the development team for Imperva in Israel, and I have submitted some feature requests for things that I think should be changed. Everything that should be fixed, we have a discussion on it and it is probable that these things will be fixed.

My advice to anybody who is implementing this solution is to first go and learn the attack surfaces because you need to protect the assets from attack. In order to do this, you need to understand the attacks. Let's say that a good defense is a good offense.

The biggest lesson that I have learned from working with this solution is to back up the system all of the time. Do it step by step, and be very precise. Have plans for each and every move, all of the time.

I would rate this solution a nine out of ten.

The dynamic profiling of websites is the solution's most valuable feature. The security is also good.

It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself.

The solution is scalable, however, in terms of scalability, you're required to change the appliance, as it's not like a cloud, which is easier to scale. I would not rate it very well when it comes to scalability, because a model of license-based upgrades would be better. They could give you a bigger box to make it easier to grow if you needed to.

The solution's technical support is good.

The initial setup is straightforward. However, when you move to more advanced configurations, you require more expertise.

We are an integration company, so we are providing this as a solution to other customers. They're mostly enterprise-level clients.

I would recommend the solution. I'd rate it eight out of ten.

Data masking is the most valuable feature of this solution. 

Most of the clients are new to this solution and don't have an in-depth knowledge of the solution. It's not so well-known in Ethiopia. Imperva has only been around for a year. 

Licensing should be improved. Most of the clients aren't happy. It's expensive. 

Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved. Also, it should have a privileged account option. In the solution, if you put it there, that would be a very nice feature so that the clients could get all those solutions in one box. It will be easier for support and for clients. 

It's a relatively new product but from the information I got from the Bank of Ethiopia, the stability is okay. They are getting what they are expecting from the product.

Scalability is good especially compared to IBM. It's not so easy to integrate with another solution from another vendor. 

The initial setup was complex. 

The company has to deeply work on it. Also, with regard to support for the distributor, distributors have a big problem. We got the wrong consigning. It was kept for more than three months in a customs warehouse because of the issue of the problems on the distributor side. That is a big problem.

I would rate it an eight out of ten. Imperva is good because it doesn't also only monitor but it also does acquisition.

We mainly use this solution as a web application firewall. We have CMS systems in our portfolio, which our customers use, and the full information portraits are running on our infrastructure and in our CMS product. We, therefore, use this solution mainly for protection and to improve performance.

I found that it is very easy to set everything up. I like the user-friendly interface.

I think the pricing needs some tweaks. 

Imperva Incapsula is a very stable solution.

We use this solution as a crowd solution, a software service so we don't have any issues regarding its performance or scalability. Our IT administrators use Incapsula to maintain the solution because they have knowledge about how this protection works.

I am satisfied with the customer service. The few times that we had issues, they technical support team was able to solve our issues. 

The initial setup was very easy and straightforward. Our customers need good protection so we do the installation for them to protect our sites. 

We are resellers and in addition to supplying the product, we also offer support. 

We compared this with other solutions like Akamai, but it couldn't deliver the same as Imperva Incapsula. We don't use specific application tweaks. We only use basic mechanisms of cashing and six years ago, when we were looking for a solution, there was no solution like this one out there. Incapsula does what we need it to do, and we like the easy installation process. We think still that Incapsula is the best.

Because we are resellers, we prefer that our customers use it. But even if I wasn't a reseller, I would still recommend it. I love the solution's capabilities and the ease of the installation. 

In the future, I would like to see better pricing. E.x. the additional bandwidth packages are higher than our needs so we end up paying for data that we don't use. I want them to provide me with the particular quantity of megabytes I need. I don't want to pay extra money for megabytes that I will not use in the future.

I rate this program nine out of ten.

Data marking is the solution's most valuable feature.

The firewall aspect of the solution needs improvement.

The GUI is not as intuitive enough. It should be more user-friendly, especially for end-users. 

The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you. 

The core functionality of the solution has been met. We find it stable enough.

The solution is very scalable. It is one of the most important features. You can also expand resources and features as well.

Customers actually require a lot of support. They want an easier channel that can provide support. The solution should offer a monthly check-in with clients. Other solutions offer this, and it's helpful for the clients, just to make sure everything is running okay.

In general, however, technical support has been good.

The initial setup required a lot of help. It took a month or two to deploy so it wasn't exactly straightforward. However, it was not as difficult as other solutions either.

I handle the on-premises deployment model. We have the latest version of the solution. We also sell the product.

I would rate the solution nine out of ten.

The solution increases the amount of protection for a client's products and solutions in their country.

They're quite easy to install and quite easy to set up. Clients really like that. Especially when you're dealing with the cloud, it's really easy. 

It also has the ability to integrate with other firewalls. That's really important today. Most end-users are looking for something that can integrate with other solutions and with APIs. They're looking for solutions that have an open API. 

The solution needs to ensure they are compliant and can show the customer in a visual way, like a ticked box, that they are protected. They need to ensure their solution is showcasing if their system is getting attacked so clients know if or when they are under attack.

Clients also often complain about the cost of the solution. They should consider adjusting their pricing models.

We would like them to hire people in Sweden because it's quite hard when people are sitting in the UK or Belgium because some of the customers really want them to be local.

In the next version, they could include more products or more solutions in this solution that you can add on. They need to build more features that they can add so they can help the customers who don't have a particular solution in hand. Most of the end-users are looking for an easy way to manage all of their solutions. Today we're selling a lot of smaller solutions, and they need to have a lot of different management solutions that we can offer to clients. 

The solution is really stable. It's good. It's a product that I can stand by and recommend because I know it's going to work for the customer.

The scalability is good, especially when you sell a solution that's in the cloud. That's easier to scale; you can just upgrade it. 

We don't directly deal with technical support, but I've never heard of any problems or complaints from clients.

The initial setup is straightforward.

We deploy the solution for our client. Sometimes Imperva also assists.

The licensing depends on the client. Usually, it's yearly, but we do offer monthly financing.

The only thing I hear complaints about is that in some cases clients want to be able to scale down. They don't want to buy everything. That could be, in Sweden anyway, a big problem, because they need to buy more licenses than they will use. In some cases, some of the resellers would like if it was possible to scale down, to have smaller option. However, they don't have that.

I'm a distributor for this product.

With the ease of implementation, I think is a good product. A lot of the other products need a lot of professional services to make it work. With this solution, it's very, very easy to implement, which is a strong selling point.

They also have a good range of products that they sell.

I would rate the solution seven out of ten. It's more than one issue that has me rating it at seven. It's quite a big solution, so it's hard to get a smaller company to buy it. They don't have people in Sweden either. That's really important for us, because it's harder for Swedish companies to be serious about the product when there's a lot of other vendors that have local people, and that's preferred by clients.

The primary use is the protection of our environment and client environments from intrusion and malicious attacks.

The product improves our organization by defending infrastructures from malicious behaviors. It also allows us to provide a reliable product to our clients who need a similar solution.

The most valuable features for our organization are auditing capabilities and compliances. The product meets the needs of our business model and we can see the health of the architecture at a glance. There are some instances where a client needs to meet with compliances in their industry, and this product is capable of meeting those needs.

One thing that they really could improve on is the depth of the analytics. The company needs to think more about the risk and analytic side of the application to supply the user with more information to evaluate and use in resolving issues. It is good to be able to depend on the product to provide a reliable solution, but it is better to take steps to resolve issues overall. This means giving information to the user that will help them identify exactly what the issues are. Risk analytics need to improve and this can be done easily.

This is a very stable product. Our clients have never complained about downtime or issues with functionality.

The product is easily scalable. We currently work with five to six customers who are on this solution. They are organizations of mixed size from small to enterprise. There is no problem adjusting the scale up or down to meet their needs and budget.

We have not needed to have much interaction with the support teams but when we do they address the problem quickly and with a high level of accuracy. The support, in my opinion, is very good.

Deployment is always straightforward. You just follow the instructions. With our experience, the product takes very little time to install and configure.

As we are a partner and a reseller, we are familiar with the product we do the installations for clients ourselves. We rarely have any issues with the installations.

On a scale from one to ten where one is the worst and ten is the best, I would rate the Incapsula platform as somewhere between an eight to nine. The obvious fault is the lack of better reporting. However, it is a good, functional product and we recommend it to clients who will not have to do very much to maintain the product.

The solution has good DDoS protection, and some good common features, such as no attack surfaces, parameter sanitization, and attack analytics.

The dashboard of the solution is complex. It is complex in the sense that there are too many options. There are two types of Incapsula dashboards. One is the on-prem version and one is cloud-based. Cloud-based is okay. The on-prem one needs some work.

The solution needs to improve Integration with third parties for their on-prem deployment models. The integration is not that good yet.

The solution is stable.

Scalability is pretty easy on the base platform. You just add another, and you're ready to go. We deal mostly with enterprise-level clients.

The company has really improved its technical support over the past year. Before that, I wouldn't rate them as very good, but they are much better now.

The difficulty of the initial setup depends on the customer. If it's a complex environment that they're processing, and/or if there's a downtime period, it may take more or less time. It depends on the number of applications that we have to integrate as well. 

We are Imperva partners, so we work with clients that use different deployment models, including on-premises and cloud.

I'd recommend to those considering implementation to look at your organization's requirements and then compare your options.

I would rate the solution 7.5 or eight out of ten.