Imperva DDoS Reviews and Pricing

it_user279876

IT Manager with 501-1,000 employees

Jul 28, 2015

Download

Because of the load balance functionality, our site is available despite attacks.

What is most valuable?

DDOS defence
Load balancing
Security role

How has it helped my organization?

The availability of our sites, thanks to the load balance functionality, has improved. It enables the site to be available all the time, despite people trying to attack it.

What needs improvement?

More features to help fine tune it. In general, more features for the platform would be nice.

For how long have I used the solution?

I’ve used it for two to three years.

Buyer's Guide

Imperva DDoS

April 2025

Free Report: Imperva DDoS Reviews and More

Learn what your peers think about Imperva DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.

DOWNLOAD NOW

851,823 professionals have used our research since 2012.

What was my experience with deployment of the solution?

I used the customer service once.

What do I think about the stability of the solution?

Once or twice, there has been downtime, but it was only a matter of minutes.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and support?

Customer Service:

It was pretty high quality service. They guarantee to fix your problem within 15 minutes, but they don’t always keep their word.

Technical Support:

They are professional people who provide solutions.

Which solution did I use previously and why did I switch?

No previous solution used.

How was the initial setup?

It was very simple.

What about the implementation team?

It was done in-house.

What's my experience with pricing, setup cost, and licensing?

The price is between $5,000 and $10,000.

What other advice do I have?

The product experience is really easy, therefore you should go and experience it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

it_user12231

Owner at a tech services company with 51-200 employees

May 1, 2014

Speed up WordPress – increase security

In a nutshell this is what Incapsula does:

Incapsula offers state-of-the-art security and performance to websites of all sizes. Through a simple DNS change, your website’s traffic is seamlessly routed through Incapsula’s globally-distributed network of high-powered servers. Incoming traffic is intelligently profiled in real-time, blocking even the latest web threats: from sophisticated SQL injection attacks to scrapers, malicious bots, intruding comment spammers and thwarting multi-Gigabit DDoS attacks. Meanwhile, outgoing traffic is accelerated and optimized with Incapsula’s global CDN, for faster load times, keeping welcome visitors speeding through.

I’ve always been interested in how to make my website faster but with the news about brute force attacks on WordPress, I wanted a more secure website as well. Researching WordPress security, I was surprised to find the following image from Incapsula on what sort of traffic you actually get.

I don’t know how accurate this study is, I would like to see more data but I was surprised to say the least. I didn’t know just how much bandwidth could be wasted by automated services on your website.

So I decided to try Incapsula to see what it could do for my website and try and show you through this Incapsula review, just what this product can do.

But what can Incapsula do against all of this? A much easier way of answering this would be to watch their promo video

Install IncapsulaThe installation was pretty easy and within 5 mins I was done. All that is required is to change your DNS records, you can see more about the setup here. For WordPress users it’s also advised for you to install their WordPress plugin.

By using this plugin you will have no change to your originating IPs when using Incapsula. Incapsula acts as a reverse proxy and all incoming connections to your website first pass through one of Incapsula’s servers. This plugin will ensure that you continue to see the real originating IP of your website visitors.

Once this is all setup, it’s just a waiting game for Incapsula to start collecting the data.

Inside Incapsula

inside-incapsula

Once the DNS changes have been made and Incapsula has had time to do its job, you’ll see an image like above when you log in. This is a 7 day run down of what has been going on with your website. As you can see my bot visits out-number the human visits by quite some way.

Not all bots are bad however, I need Google-bot in order for my website to be found as well you a large number of other good bots but Incapsula reports that in the last 7 days there’s been 158 bad bots on my website!

Incapsula security

To test the security of Incapsula, I deleted my Askimet plugin as Incapsula can handle comment bots and protect me from spam. I also let it run for 7 days to see what it would report. Here’s my 7 day run down of what happened on my website.

Going further into the Incapsula dashboard you get a run down of the top attacking countries with USA being my top one with 30% next is China with 20%.

Incapsula also gives you a run down of the types of threats to your website.

threats

So it’s clear that bots are my biggest problem and Incapsula also shows what type of bot is causing the most problems, in my case it’s the comment spammer with 94%. I did want to test just how good Incapsula was so I deleted my Askimet plugin. Considering the amount of comment spammer bots visting my websites, Incapsula does a very good job of protecting my website. Although I still get a couple of spam comments a day without Askimet, I’m still impressed with Incapsula.

comment-spammer

Incapsula will also email you when there’s a threat. This is an email I got yesterday when someone tried to login to my website. Incapsula blocked the request.

This image is also provided by incapsula showing the top client applications. It surprising just how many bots are out there on the Internet!
bots2

To get a better idea of bot vs humans, Incapsula provides you with the following image. This is a nice example of just how much of your bandwidth is being wasted with unwanted bots on your website.

bots

Incapsula speed

Not only does Incapsula do a pretty god job of protecting your website but it also increases the speed of it. By blocking unwanted bots and saving your bandwidth, it not only saves you resources and money but you also get to use their CDN for a faster website.

So I wanted to test the speed of Incapsula, I switched to advanced performance and tested the before and after. The results are below.

Before advanced

After advanced

According to Pingdom switching to advanced performance on Incapsula increased the speed of my website by just over 50%!

You can also see the response time of the CDN location centers.

response-time

With the advanced setting of Incapsula it also caches dynamic cotent which you can read about here. There’s also a good article on how a CDN can help your SEO by Incapsula.

I’ve been impressed with Incapsula, it not only protects me from spammers and bad bots but it has also increased the speed of my website by over 50%. I found Incapsula very easy to use and once the setup is done everything is done automatically for you leaving you with a peace of mind of a faster website with better security.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

it_user1020Head of Data Center at a tech company with 51-200 employees

Report as inappropriate

Nov 21, 2013

A very good review of the product with matching graphics and stats to prove it. This is really something worth considering for anyone operating a high-traffic site, and I would definitely like to implement this for our university web services.

Buyer's Guide

Imperva DDoS

April 2025

Free Report: Imperva DDoS Reviews and More

Learn what your peers think about Imperva DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.

DOWNLOAD NOW

851,823 professionals have used our research since 2012.

it_user70002

CEO with 51-200 employees

Nov 19, 2013

Incapsula helped us stay up during some of the biggest DDoS attacks on record

To ensure the success of our online trading operations, we place a major emphasis on state-of-the-art security, high availability (99.9% uptime) and user convenience.

Daily high-volume network DDoS attacks against our website were wreaking havoc with business operations, resulting in downtime for our online trading platform. The anti-DDoS solutions we had in place was not equipped to mitigate these attacks, which came precisely at the time when we were experiencing record trading volumes.

Since our company deals with a highly competitive and time-sensitive trading market, high availability and stability are paramount to building our users' confidence in our platform. It was obvious to us that in order to maintain and grow our business, we needed the best DDoS protection solution.

We required a high-capacity solution capable of mitigating the largest Layer 3 DDoS attacks, which can often reach several tens of Gbps. Blackholing was not a desirable option, since this aggressive method for diverting traffic actually serves the attackers' goal of denying and disrupting service by not allowing any visitors to reach the site.

To ensure an optimal user experience, we sought a DDoS mitigation solution that would be transparent to users. In this context, we preferred a solution that does not use delay pages, which cause problems for the application's APIs and prevent users from connecting to the server.

In terms of architecture, we preferred a cloud-based solution for reasons of cost-effectiveness and compatibility with our existing cloud computing infrastructure.

Aware of the threat to our core business, we immediately began to look for a new anti-DDoS solution with the network capacity and security proficiency to meet our requirements. After an in-depth evaluation of leading DDoS Protection services in several industry comparisons and reviews, we chose Incapsula's cloud-based DDoS Protection service based on its ability to mitigate any type of DDoS attack with virtually zero business disruption.

We conducted an initial trial with Incapsula while still experiencing DDoS attacks of up to 100 Gbps. Incapsula mitigated these attacks, keeping the online trading platforms up at all times.

Our experience so far shows that Incapsula is a marked improvement over other DDoS protection companies we have worked with in the past. Despite the fact that attacks on our high-profile website are still a daily occurrence, traders coming to the site are able to buy and sell without any noticeable degradation in terms of performance and availability.

Through its non-intrusive traffic filtering and an enterprise-grade Web Application Firewall, Incapsula has been stable in protecting our online applications. The service secures websites and applications against all types of DDoS attacks, as well as sophisticated application attacks such as XSS and SQL injections.

Incapsula is now a key component of our security infrastructure. When under DDoS, traffic is routed through Incapsula for screening, where malicious traffic and DDOS attacks are blocked automatically.

By using Incapsula's DDoS Protection, we have achieved concrete benefits:

Cloud-based mitigation of network DDoS attacks - Incapsula mitigates high-volume network attacks through a global network of multi-gigabyte scrubbing centers
Intelligent mitigation of sophisticated application layer attacks - Incapsula uses advanced traffic analysis algorithms, granular mitigation rules and an enterprise-grade WAF to differentiate legitimate website visitors (humans, search engines, etc.) from automated or malicious clients.
"Always on" DDoS protection - Automatic "always on" DDoS mitigation and 24x7 monitoring are effective in stopping "hit & run" DDoS attacks can wreak havoc with solutions that need to be manually turned on and off on every burst.
Dedicated SoC team – An experienced team of Security Operations Center (SOC) engineers performs 24x7 security monitoring and assists with DDoS mitigation as needed.

Incapsula helped us stay up during some of the biggest DDoS attacks on record. This happened at a critical business juncture, when our increasing trading volumes were turning us into the number one bitcoin trading site in the world. We hope to continue working with Incapsula as we gain more exposure and popularity.

Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.

it_user3876Database Manager at a tech company with 51-200 employees

Report as inappropriate

Jan 4, 2014

Incaplsula provides protection against network as well as application level DDoS attacks including UDP Flood, ICMP (Ping) Flood , SYN Flood, Ping of Death , Slowloris and Zero-day DDoS.
Incapsula keeps an extensive DDoS threat knowledge base, which is constantly updated as new threats emerge.

it_user1122

Infrastructure Expert at a tech services company with 1,001-5,000 employees

Nov 18, 2013

Download

Great service, great value

Valuable Features:

Their solutions are always on, in depth and protect against most all web threats imaginable.

Improvements to My Organization:

Essentially, it has added an extra layer of protection to my clients through their DNS routing service. Less downtime, and happier clients.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

it_user2652Project Manager at a non-tech company with 10,001+ employees

Report as inappropriate

Jan 23, 2014

I have seen that the IP reputation feature works well in identifying spam and ham. How do you fix if a ham threat is caught as spam? Do you have end user quarantine feature or does it need to be released by administrator everytime?

See all 4 comments

it_user67521

CEO at a tech services company with 51-200 employees

Oct 24, 2013

We use Incapsula for some of our sites and the experience has been excellent

We use Incapsula for some of our sites and the experience has been excellent. You would not even know it was there – unlike those caching plugins (admittedly they are for speed not for security) – which remind you constantly that they are there so much so that you have to turn them off. Whoops.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

it_user4401Developer at a transportation company with 1,001-5,000 employees

Report as inappropriate

Oct 29, 2014

I developed a website and it has SSL. Do you know if Incapsula can support it?

it_user569916

Network and Security Engineer at a consumer goods company with 1,001-5,000 employees

Feb 23, 2017

Download

The dashboard shows us traffic, security, and real-time utilization. The default configuration usually does the trick for us.

What is most valuable?

Very easy to configure, which quickly allows us to add significant security to our websites.
Nice dashboard, which shows us details about traffic, security, performance, real-time utilization and an activity log.
Easy to configure caching, content optimization and other advanced settings, which allows us to improve the customer experience if necessary, or keep the defaults if any change is unnecessary.

How has it helped my organization?

With our IT infrastructure more secure, our customers receive a great website experience without encountering website defacements and other fallout from attacks on our web servers. Our IT department is not spending the time we used to on website remediation after attacks.

What needs improvement?

An Incapsula website configuration instance can be in a "Pending DNS changes" state, where further work is needing to be done by the customer, while website access is otherwise fully functional. While in this state, the PCI Compliance Report for the website in question, which I have set to email me monthly, doesn't get generated and sent. Imperva should decouple the "Pending DNS changes" state from the process that periodically emails the PCI Compliance Report. Until that happens, the workaround is to manually generate the report monthly.

For how long have I used the solution?

Since May 2014.

What do I think about the stability of the solution?

We haven’t had any stability issues. I get emails about internal Incapsula technical issues that they’re working on. However, they haven’t ever impacted me as an administrator and I’m unaware of any customers experiencing issues getting to our websites.

What do I think about the scalability of the solution?

Incapsula scales nicely.

How are customer service and technical support?

Technical support is excellent.

Which solution did I use previously and why did I switch?

Prior to Incapsula, we only used inline IPS, anti-virus, etc. Incapsula is our first web application firewall.

How was the initial setup?

Initial setup was very easy. The default configuration usually has done the trick for us. We simply haven’t needed to deviate much from default. Online documentation is good and if we still had questions, we contacted support who helped us make configuration changes to address our needs.

What's my experience with pricing, setup cost, and licensing?

Gain an understanding of pricing for the various advanced features and figure out what features you need to meet your objectives. We have done very well with the first tier feature package to address the needs at our two data centers and our cloud environments.

Which other solutions did I evaluate?

We got a feel for pricing and capabilities of other competing systems. However, Incapsula came highly recommended by our trusted security VAR as they had many customers who experienced great results with it. With that ringing endorsement, and the reasonable cost, we tried it out, loved it, and have been using it ever since.

What other advice do I have?

Do a proof-of-concept. It’s quick and easy to set up, and you’ll have Incapsula support to help you if needed. Embrace the ease-of-use of the administrative interface and marvel “can a WAF really be this easy?!”. Monitor the dashboard and enjoy the results. The ease of testing Incapsula and then implementing it into production is one of the most remarkable product experiences in my IT career. It’s clear that Incapsula engineers are busy behind the scenes, which is in contrast to my appreciation of what I would otherwise be doing tuning other WAF options.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

reviewer1484703

CEO at a tech services company with 1-10 employees

Apr 5, 2022

Download

Integrates with IBM AS/400 and Db2, and is stable and scalable

Pros and Cons

"Integration with IBM AS/400 and Db2 is okay."

"The cost could be lower; our end clients need to have a high budget to purchase this solution."

What is our primary use case?

We use it for protection. For example, for one of our banking clients, we use it to protect their mobile and website applications.

What is most valuable?

Imperva is really amazing, feature wise and performance wise.

Integration with IBM AS/400 and Db2 is okay.

What needs improvement?

The cost could be lower; our end clients need to have a high budget to purchase this solution.

For how long have I used the solution?

We have been a partner for Imperva Incapsula for two years.

What do I think about the stability of the solution?

It's stable.

What do I think about the scalability of the solution?

It's a scalable solution.

How are customer service and support?

Technical support is provided by a distributor, and sometimes, there's a delay.

I would rate the technical support at four on a scale from one to ten.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup is easy because it's a plugin; it's an appliance. That means that there is a predefined setting.

Even with the professional service, it does not take a long time. It takes a few days, and everything is done.

For the professional service, usually one person from the distributor is required for deployment.

What's my experience with pricing, setup cost, and licensing?

We have an issue with Imperva Incapsula in the Iraqi market because of the high price.

What other advice do I have?

If you are looking for efficiency and the best technology, you should use Imperva. If you have a limited budget, however, then this is not a suitable solution for you.

I would rate Imperva Incapsula at eight on a scale from one to ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:

reviewer1407915

Information System Security Manager at a pharma/biotech company with 10,001+ employees

Sep 2, 2020

Download

A very secure platform for protecting our website and web applications

Pros and Cons

"It blocks all types of attacks."

"It's quite expensive."

What is our primary use case?

We are using this solution for web application firewall protection for the website and web application. I'm a user of this product and work as an information systems security manager.

What is most valuable?

I'm very happy with the solution. The most valuable aspect of it is that it blocks all types of attacks.

What needs improvement?

I think the product could be improved by reducing the price. It would help if they came up with pricing options because as it is now if you're a big company and use the site often, it's more expensive.

For how long have I used the solution?

I've been using this solution for almost four years.

What do I think about the stability of the solution?

Stability and scalability are fine.

How are customer service and technical support?

I don't use the technical support, but my colleagues do and they haven't mentioned any problems.

What other advice do I have?

I would rate this solution a nine out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.