Imperva Managed Rules on AWS WAF Reviews

My main use case is proactive edge security and IP reputation management. I use Imperva Managed Rules on AWS WAF's IP reputation rule group attached to my main application load balancer. Because Imperva leverages crowd-sourced global threat intelligence from their entire network, the rule layer automatically blocks requests originating from known botnets, exit nodes, and active attackers. For example, during a distributed credential stuffing attempt, Imperva dropped the malicious connections at the AWS edge layer instantly. This saves my back-end applications' API from resource exhaustion.

The best feature I would say is the compliance. It satisfies enterprise audit criteria for web application profiling that is required by PCI DSS and HIPAA. Also, it aligns fully with my security compliance matrices, the OWASP Top 10 alignment, and standard core rules to defend against injection attacks, cross-site scripting, and path traversal. These are the major features.

The managed rule set proves that modern security does not have to be slow or complicated. It turns threat intelligence into a utility function that I can enable with a few clicks.

It has eliminated the heavy operational burden of threat research. Instead of my internal security engineers spending hours tracking new malicious IPs or writing custom regex signatures to deal with emerging exploits, Imperva automatically updates the rule set in the background.

There are many improvements I would identify. The native AWS integration plugs directly into my existing Web ACLs along with the native AWS managed rule sets without conflict. There are no software regressions because it relies entirely on standard WAF matching conditions and it has zero impact on the application middleware or container environment. This aspect could be improved.

Other issues include that the marketplace sellers do not allow me to modify individual parameters inside the vendor's compiled rule set, meaning any false positive must be handled by a custom override rule. This also needs improvement.

I have been using Imperva Managed Rules on AWS WAF for about three years.

Imperva Managed Rules on AWS WAF is highly stable because the rules run directly inside the native AWS WAF engine. Availability is backed by AWS global infrastructure. There is no middleman latency or point of failures. It inherits the high stability and scaling of AWS itself.

It scales flawlessly via elastic hyper-scale. Since it handles inspection inside the cloud provider's network edge, it can handle millions of web requests per second without requiring my team to provision large compute instances or worry about bandwidth bottlenecks.

The customer support is providing excellent service. The support and reference models are very structured. AWS documentation explicitly outlines how to subscribe to and deploy vendor rule sets, while Imperva provides clear definitions for what each rule group evaluates. Support for rule matching is managed through AWS Premium Support channels with escalation lines to Imperva's threat research team for enterprise subscribers.

I previously managed custom IP blocklists manually via standard network firewall rules. I switched because manual lists are reactive, rigid, and impossible to maintain efficiently against rapidly changing cloud threat vectors.

I fixed this by putting Imperva Managed Rules on AWS WAF's rule group into count mode for the first two weeks. This allowed me to analyze the traffic pattern safely in my logs and write specific bypass exceptions before switching the rules to strict block mode.

I always leverage count mode when introducing a new vendor rule package. Let it observe your real production traffic patterns for a week, verify it against your monitoring dashboard, and only toggle it to fully blocking once you are confident your legitimate APIs will not be disrupted.

The return on investment is highly visible in my infrastructure savings. By stopping illegitimate traffic at my utmost edge, I noticed a 15% drop in junk traffic reaching my application layers. This reduced my downstream compute cost and lowered my database resource consumption.

The experience was very efficient. The product uses a transparent, pay-as-you-go consumption-based pricing model that is billed through the AWS Marketplace. It eliminates heavy upfront contract costs, handles automatic licensing, and bundles all fees directly into my unified AWS monthly billing.

Splunk was another option that I considered, but ultimately I chose Imperva Managed Rules on AWS WAF, which offered many more benefits.

I noticed a 12% drop in junk traffic reaching my application layer. I would rate this solution 9 out of 10.

My main use case for Imperva Managed Rules on AWS WAF is using Layer 7 particular OWASP 10 and SP10 based security rules. I had to enable the Layer 7-based attacks by setting up bots and related configurations, so that was the primary case. On WAF, I set up those rules for the particular finance application security part.

Imperva Managed Rules on AWS WAF has helped my finance application specifically by allowing us to identify bots and adapt to attacks that were changing over time. Once I identified Imperva's product capability and set up those rules, I was able to rectify the attacks that I was not able to prevent with previous products.

In my opinion, the best features Imperva Managed Rules on AWS WAF offers include malicious bot detection and app-specific protections. I have seen that the malicious bot detector was able to identify the changing nature of the attack, helping me manage it from Imperva.

Imperva Managed Rules on AWS WAF has positively impacted my organization by addressing trust issues my customer had regarding security configuration for their application. My customers expected us to be consultants, and unfortunately, previous products did not have that capability. Imperva's ability to identify the best configuration was amazing.

Regarding positive outcomes after switching to Imperva Managed Rules on AWS WAF, I have control over security incidents and have seen a decrease in incidents. This helped improve the trustworthiness with the customer, along with improved application reliability and stability. These are the proactive and positive results based on my scenarios with Imperva.

For improvement, it would be better to have access to deeper configuration levels in Imperva Managed Rules on AWS WAF. For example, if my application is using Nginx or a certain middle-level application tool with different runtimes and middleware products, I would want to go to a more granular level to help fix vulnerabilities at the best level.

In terms of needed improvements, I think integrating AI with knowledge bases and adding SRE configurations for an agentic approach would benefit my resolution part, especially since I work on applications that need immediate protection. Improvements in agentic-based resolution to minimize MTTR on SRE and AI-enabled documentation finding would be a great approach to develop.

Regarding the governance and security of Imperva Managed Rules on AWS WAF's AI capabilities, I see the security in application security as present, but there does need to be improvement in governance. I have to manage uploads and downloads when using applications like the Inland Revenue Department for document scanning.

Imperva Managed Rules on AWS WAF is stable and provides an improved approach.

Imperva Managed Rules on AWS WAF scalability is a key point, as it works properly with my application running on microservices, allowing it to manage legitimate, scalable traffic with WAF configurations.

I had very few incidents requiring customer support for Imperva Managed Rules on AWS WAF. Before that, I was able to manage most issues myself. Although I don't have extensive experience, the level of support I received during the incidents was very much supportive.

I would rate customer support as an eight on a scale of one to ten.

When it comes to configuring and managing malicious bot detection and app-specific protections, the configuration was not an issue, although I had to run it on a few cycles. I set it up and it was not the proper configuration in the first phase. In the second phase, I added a few additional configurations with several application attributes that helped me protect the application properly. Fine-tuning the rules required work in a few phases, but overall, the configuration was smooth.

I wanted to add timestamps of bot-based activity, as I don't want unwanted latency for my applications, but I also require security. If I could configure timestamp-based rules to identify the particular configuration, that would be a better approach.

I rate Imperva Managed Rules on AWS WAF a seven on a scale of one to ten, as I believe there is room for improvement. When comparing it to the previous WAF product, Fortinet, I would give Fortinet around three marks.

I chose seven specifically due to my experience managing applications and the high standard of behavior management from Imperva, particularly in managing the behavioral changes of Layer 7 attacks through malicious bot protection, which is the key reason for my rating of seven.

My advice for others looking into using Imperva Managed Rules on AWS WAF is to focus on security since application security is critical. I cannot compare the product cost with others because a single incident can result in significant losses. Choosing the best product with the capability of protecting your application is essential. Imperva with AWS WAF configuration enables a high level of global availability of WAF settings that help manage many security challenges.

Before concluding, I would say there should be a focus on the governance aspect of Imperva Managed Rules on AWS WAF, as applications have many integrations with other systems. Compromising another application could challenge my application, so managing other integrations effectively in governance would be beneficial. My overall rating for Imperva Managed Rules on AWS WAF is seven out of ten.

Imperva Managed Rules on AWS WAF was used to protect high traffic enterprise web applications and APIs, handling millions of monthly requests. I was part of the domain management and CDN network team. It served as the primary baseline security layer, integrated directly into AWS web ACLs.

Imperva Managed Rules on AWS WAF is deployed in a hybrid cloud environment in my organization. We have direct traffic from Akamai CDN, but everything was passing through Imperva.

Automatic updates are the best features Imperva Managed Rules on AWS WAF offers. When I mention updates, I am referring to the automatic threat intelligence and frequency of rule updates. Imperva automatically updates threat intelligence and signatures, which saved a lot of engineering teams considerable time.

The customer support for Imperva Managed Rules on AWS WAF is the best. As soon as I had any issue when I was on-call rotation, the support was very friendly, very accurate, and always helpful.

Imperva Managed Rules on AWS WAF's governance and security is very robust. The security and compliance is always the best. If you do not have proper roles or privileges, it's impossible to access information or details from other users or accounts.

Imperva Managed Rules on AWS WAF's accuracy and reliability of output is very accurate. I would say it's one of the industry standards, with more accuracy. I have never seen greater accuracy with Imperva or Incapsula.

Sometimes the rules act as a black box with Imperva Managed Rules on AWS WAF because you cannot see the underlying rule logic or regular expressions, which can be challenging when troubleshooting false positives on complex API payloads.

Better documentation would help with the needed improvements. I was trying to use the Terraform provider, looking for the Imperva provider, but it was not easy to integrate.

Low operational overhead is the only additional feature I would mention.

I have been using Imperva Managed Rules on AWS WAF for two years.

Imperva Managed Rules on AWS WAF is very stable.

I have never had any issue regarding scalability with Imperva Managed Rules on AWS WAF because it is always cloud-based or hybrid but has never been a concern.

The customer support for Imperva Managed Rules on AWS WAF is the best. As soon as I had any issue when I was on-call rotation, the support was very friendly, very accurate, and always helpful.

I would rate the customer support a ten out of ten.

I did not previously use a different solution before Imperva Managed Rules on AWS WAF. We are still using the same solution.

Imperva Managed Rules on AWS WAF was integrated very quickly without having to build custom rule sets from scratch, positively impacting my organization.

The quick integration of Imperva Managed Rules on AWS WAF benefited my team with compliance like PCI DSS and SOC 2. It was integrated very quickly without creating something from scratch. The security compliance audits were easier.

We did not purchase Imperva Managed Rules on AWS WAF through the AWS Marketplace. We have a direct partner.

I have seen a return on investment when something involves any deployment for blue or green deployment. I was in charge of redirection rules, so traffic from one cluster to another was very useful.

I was not part of the billing team, so I do not have much experience with pricing, setup cost, and licensing. Imperva Managed Rules on AWS WAF was already in place when I joined the team, and it is still one of the most used tools.

I was evaluating Akamai before choosing Imperva Managed Rules on AWS WAF.

Imperva Managed Rules on AWS WAF is great for meeting security compliance audits, using the out-of-the-box compliance and low operational overheads.

I highly recommend Imperva Managed Rules on AWS WAF when you need something fast and low-maintenance threat protection. For applications with highly customized API payloads, there may be some false positives.

I would highly recommend Imperva Managed Rules on AWS WAF when you need fast, low-maintenance threat protection.

I would like to continue using Imperva and integrate it with Terraform, so my pipelines will be much more secure.

I give this review an overall rating of eight out of ten.

I use Imperva Managed Rules on AWS WAF in front of AWS WAF to extend the native capabilities, leveraging Imperva's threat intelligence and web application security expertise to provide pre-configured protections against common web attacks while also helping to reduce operational burden on the team.

Recently, we worked on creating a payment gateway, and we used Imperva Managed Rules on AWS WAF to help stop threats such as SQL injection, cross-site scripting, command injection, local file inclusion, and path traversal, essentially all OWASP threats.

You can also use the WAF policy with Application Load Balancers, CloudFront distributions, and API Gateway endpoints on AWS, with most deployments being able to be completed in a few hours.

Imperva Managed Rules on AWS WAF is a very good tool, but you need to consider your use case, as it is well-suited for healthcare systems, financial applications, organizations with small security teams, those trying to improve compliance, and public-facing web applications exposed to the internet. However, if you have internal-only applications or small websites with minimal risk, and if your organization requires full control over detection rules, Imperva Managed Rules on AWS WAF would not work, and you must be willing to tune the WAF behavior even after deploying Imperva, or it will not work for you.

I use Imperva Managed Rules on AWS WAF because they have a rapid response to newly discovered attack techniques, and it is quickly updated, reducing the need for our internal security teams to create custom rules.

Imperva Managed Rules on AWS WAF offers continuous threat intelligence updates as the best feature, as they have a rapid response to newly discovered attack techniques and base their detection logic on real-world threat data with easy integration with AWS.

It has greatly reduced operational overhead, because without Imperva Managed Rules on AWS WAF, we would have to dedicate a team to analyze traffic attacks, write custom WAF rules, test the rules, and then maintain signatures. Imperva Managed Rules on AWS WAF helps to handle much of this maintenance work and allows our teams to focus on higher priorities.

Imperva Managed Rules on AWS WAF can usually have false positives sometimes, blocking legitimate traffic and struggling with complex search queries, particularly with large JSON requests and certain GraphQL requests, which makes us initially deploy the rules in monitoring mode before switching to blocking mode to ensure all our use cases are supported.

Because the rules of Imperva Managed Rules on AWS WAF are vendor-managed, the detection methods are not fully transparent, and our security teams cannot inspect every signature, leading to troubleshooting that usually requires vendor documentation, which can make it a bit difficult.

Imperva Managed Rules on AWS WAF is quite good for what it is, but it is still not suitable in some use cases such as internal-only applications, and if your organization requires full control over every detection rule, it does not work. Additionally, you need to tune the WAF behavior after deployment; it is not just a deploy and leave situation.

I have been using Imperva Managed Rules on AWS WAF for about a year and six months.

Imperva Managed Rules on AWS WAF is fairly stable.

On the AWS cloud, Imperva Managed Rules on AWS WAF is fairly scalable for what it is as a managed WAF rule, so I give it good marks in scalability.

The customer support for Imperva Managed Rules on AWS WAF is quite good; I have used it once and received good responses. For my one experience, I would rate the customer support a nine, as it was good.

I did not previously use any solution.

I did purchase Imperva Managed Rules on AWS WAF through the AWS Marketplace.

I did evaluate F5 and Fortinet also before choosing Imperva Managed Rules on AWS WAF.

I have not really made use of the AI capabilities of Imperva Managed Rules on AWS WAF, but from what I have heard from others, it seems it is quite standard for the market.

For my end, the cost of Imperva Managed Rules on AWS WAF might sometimes be a bit high, making it not suitable for small websites with minimal risk because the cost outweighs the benefits in that case. However, for a big e-commerce platform or payment gateway, it is definitely a worthwhile investment.

I can definitely speak to the fewer employees needed because the time and effort it would take to dedicate engineers or resources to create custom WAF rules is cut out by using Imperva Managed Rules on AWS WAF.

I would rate this solution an eight overall.

My main use case for Imperva Managed Rules on AWS WAF is to protect my layer seven applications and application load balancers (ALBs) so that I can protect my applications from layer seven cybersecurity attacks.

I can give a specific example of how I've used Imperva Managed Rules on AWS WAF to protect an application, as the rules help me protect from cyber attacks which are part of the OWASP Top 10, including cross-site scripting, SQL injection attacks, and sometimes modifications of MFA for specific applications.

I'm mainly focusing on protecting my applications that are hosted on CloudFront and sometimes on the application load balancer in AWS, for which I'm using Imperva Managed Rules on AWS WAF.

The best features of Imperva Managed Rules on AWS WAF are that all the rules are in line with the updated OWASP Top 10 security vulnerabilities, which allows me to counter attack with the respective attack patterns that are present in the market.

Staying up to date with the latest OWASP Top 10 has helped my team significantly, as with the updated 2026 rules, we can counter the cyber attacks that are more aligned with artificial intelligence tools. Earlier, there were certain OWASP Top 10 rules that were not present in the environment.

Imperva Managed Rules on AWS WAF has impacted my organization positively to a very good extent, as along with the default AWS WAF rules, Imperva Managed Rules on AWS WAF is giving more edge on layer seven security for protecting the applications at the organization, making them good-to-go rules.

Since using Imperva Managed Rules on AWS WAF, I've noticed specific outcomes such as a reduction in security incidents, and it provides me with more robust solutions along with protections and analysis, allowing it to protect against cyber attacks at any level or capacity.

Imperva Managed Rules on AWS WAF keeps updating its rule sets, but the company could increase the number of rules on a yearly basis and incorporate more rules aligned with artificial intelligence security. There should be more alignment with AI and ML security.

I have been using Imperva Managed Rules on AWS WAF for about one or two years.

Everything looks good with Imperva Managed Rules on AWS WAF as of now.

Regarding Imperva Managed Rules on AWS WAF's AI capabilities, I believe it has a good alignment from the governance and security perspective, and it is capable of protecting from cyber attacks effectively.

In terms of accuracy and reliability of output regarding Imperva Managed Rules on AWS WAF's AI capabilities, it all depends on which AI generative model is being used. Currently, Imperva is in good shape with a decent capacity for accuracy and reliability, though not perfect.

My advice to others looking into using Imperva Managed Rules on AWS WAF is that if customers do not want to use the default AWS WAF rules or if they are looking for add-on features or protection, they should proceed with Imperva Managed Rules on AWS WAF to gain more security.

I give this product a rating of 9 out of 10.