Imperva Web Application Firewall Reviews

The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications. 

The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier. 

I have been using the product for three years. 

I rate the tool's stability an eight out of ten. We have encountered bugs, but they are fixed fast. 

I rate Imperva Web Application Firewall's scalability an eight to nine out of ten. 

Imperva Web Application Firewall's customer support is good and responsive. However, they are less responsive on public holidays. 

Positive

Imperva Web Application Firewall's deployment is easy. Onboarding a website on Imperva Web Application Firewall is much easier than Fortinet. With the product, the process is simplified, as you only need to enter your application's IP address on the website for the site, and the profiling firewall automates the process. For large-scale web applications, deployment can take four days to complete. 

Imperva Web Application Firewall's pricing is expensive. 

I rate Imperva Web Application Firewall a nine out of ten. 

The solution is used by SMBs and enterprises that have a lot of websites that they need to protect.

Since the product is categorized in Gartner as a Web Application and API Protection tool, it protects APIs and web applications. It provides bot and client-side protection. I have done POCs. Once the platform is configured to block DDoS attacks, no traffic regarding DDoS or bots gets into the application.

If the clients have requirements for APIs and microservices, we can offer such services with the help of the solution. We can offer it as a security solution that protects APIs and microservices. Imperva’s real-time monitoring makes it very easy for administrators to monitor their existing web applications.

My clients raised a concern that even if they need the tool only for DDoS protection, they still have to buy the WAF license. It’s difficult to position the tool if the client already has a WAF solution and needs Imperva only for DDoS protection.

I have been using the solution since June last year.

I rate the tool’s stability a ten out of ten. Since I've been onboarded, I haven't had any issues.

I rate the tool’s scalability a ten out of ten. Imperva allows only clean traffic. The scalability is based on the clean traffic and not the overall bandwidth of the client. Our clients are mostly enterprise businesses. I have some SMB customers.

Sometimes, support tickets don't get addressed quickly. However, the support team gets to it eventually.

Positive

The initial setup is very easy. I rate the ease of setup a ten out of ten. The time taken for deployment depends on the number of applications we want to onboard. Usually, we can do it in a day.

Imperva is a very proactive solution. It is not reactive. We can prevent attacks or issues even before they happen. It is something people must consider since many enterprises are facing DDoS attacks, and their data is getting compromised.

I rate the solution’s pricing a seven out of ten. Some solutions are cheaper than Imperva. Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF.

We are partners. I rate the product's integration with our client's IT infrastructure a nine out of ten. It is easily integrated since many configurations are needed to onboard Imperva into a client’s infrastructure fully. Overall, I rate the product a nine out of ten.

The solution is used to detect and block application attacks on the internet perimeter. We integrate the solution with SOAR and Phantom to automate our playbook and block URLs.

The solution reduces the risk of attacks and that benefits our clients. 

The solution integrates seamlessly with other tools and has a good alert mechanism. 

The solution provides good protection against OWASP top-ten attacks.

The solution works for particular zones but isn't always the best solution for all zones. 

The solution's pricing could be improved. 

I have been using the solution for five years. 

The solution is stable. 

We implemented the SA solution and have not tried to scale it beyond our client's 10,000 users. 

I do not have experience with escalating issues because our internal support team handles vendor support. 

We have not switched solutions but prefer this solution for on-premises. When we need a tool that is cloud-based, we prefer other solutions. 

The initial setup was not complex and integration was easy. 

The solution was implemented by the supplier. 

The solution's pricing is an issue. 

We use many tools for the application layer including Imperva, Infoblox Secure DNS, and Palo Alto. 

The solution is a leader in the market and is easy to use.

I rate the solution a nine out of ten. 

The product is very good. 

It's so easy to do the deployment. The installation is very straightforward. You can't even compare it to others on the market. It's that easy.

The features on offer are very nice.

The solution is stable.

The licensing setup makes the product easy to scale. 

The pricing is very good. 

I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one. 

I've been using the solution for the last five years. I've used it for quite a while now. 

The stability of the product is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

We typically deal with medium-sized organizations.

The licensing model makes the solution very simple to scale. If a company wants to expand, it's not a problem.

We need an improvement in the support. We need a lot of turnarounds. Whenever is a ticket open, it's something that has become a concern. 

I'm not currently working with any other solution. I just use this product. 

Previously, I did work with F5 and Fortinet. However, Imperva is superior to both of these products.

The initial setup is easy and the solution is very simple to deploy.

The solution is very affordable and the cloud is making it even easier in terms of cost savings. 

We are resellers and we are based in Kenya. We're actually doing the whole suite. I'm working with Database Security and I'm also doing the Web Application Firewall, both of which are on-prem and on the cloud. I'm also doing the DRA.

It's the best in breed in terms of a solution you can put in place.

I'd rate the solution at an nine out of ten. We're quite happy with its overall capabilities. 

Imperva Web Application Firewall is used for customers who are looking to secure their multiple applications and want to block the threats, such as DDoS and ransomware attacks. Imperva Web Application Firewall delivers three main things, data security, data availability, and access control. For data security, it prevents malware and malicious threats. For the data availability, by preventing threats, such as malware, data can be available each and every time. You are able to have Access control, you have the ability to control the access.

The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis.

Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis.

I have been using the Imperva Web Application Firewall for approximately 15 years.

Imperva Web Application Firewall is stable, and the performance is good.

The solution is best suited for enterprise-sized businesses. It is a scalable solution.

The Technical support is good from Imperva Web Application Firewall.

I have used another solution previously which was good. However, Imperva Web Application Firewall had more features.

The deployment of the Imperva Web Application Firewall is simple. However, it is not very user-friendly. It would be a benefit because the customers would have a better time with the installation.

I did the implementation Imperva Web Application Firewall myself and it took approximately three days.

Imperva Web Application Firewall price is higher compared to other solutions. However, everything is included in the price.

I do the maintenance and upgrades of the solution if it requires it. I would recommend this solution to everyone. 

I rate Imperva Web Application Firewall a nine out of ten.

I was involved in the deployment and found that all the features in this product are fantastic, especially the correlated attack validation, threat radar (reputation, fraud), and virtual patching. Those are features that are very useful in day to day operations.

Using WAF in an organization means we can quickly see the attacks that the environment is suffering and take action to mitigate the threat(s). It is possible to view traffic and analyze it to determine if it is legitimate traffic or not, using features such as threat radar and geolocation, helping the security team in the company.

I've been using the WAF component for over a year.

I had no issues with deployment.

I had no issues with stability.

I had no issues with scalability.

I didn't use the customer service, but all the teams in Imperva have a deep knowledge about the product to support customers for any issues they have.

The technical support team at Imperva have a deep knowledge of all their solutions, and they are ready to support any customer with any problem.

The initial setup is different for each environment. You need knowledge of the environment and application, to make a good schedule of activities. Make sure you validate the requirements, and the setup will be simpler to do

I work as a System Engineer and part of my role is to help the partners do deployments for our customers. I participated in some deployments, and I can say the partners I have worked with have good knowledge about deployment and support for all solutions.

All products are good, and I believe narrowing the choice of manufacturer is best done when you do proof of concepts in-house and you can see which of your choices is best matched to your needs.

I am a distributor for Imperva. We provide solutions for our customers. 

This solution is mainly used to protect websites. When it is deployed on the cloud it is used for traffic redirection and URL redirection functionality.

It is also used for dual location blocking and security for the policies that are being applied.

Imperva is a good solution.

It has fewer false positives. It is very simple to maintain the device. It is also simple to configure. You don't need to have any HTTP knowledge or understand the HTTP programming languages when it comes to configuring the device.

The visibility of the actual traffic needs to be improved. 

We are only monitoring the traffic if there are any issues and the alerts are being triggered. 

We don't log the real-time traffic. We only log the real-time attacks and not the normal traffic that is passing through the device.

The main concern for our customers is to improve the visibility of the actual traffic. Customers feel that is the one feature that will greatly improve Imperva. 

They would like to have the complete network traffic passing through the device. Currently, we are only being alerted for the attack that has passed through the device instead of the genuine traffic.

We would like to see logs of the genuine traffic that passes through the device. It can be optional to enable it for certain customers and certain applications but should be included.

The support for the on-premises version needs improvement.

We have been distributing Imperva for the last 10 years.

We are currently dealing with the latest version.

We provide both on-premises and cloud deployment, it depends on the customer's requirement.

Once it is configured it is stable. There are no issues with the stability of the Imperva Web Application Firewall.

It is easy to scale. The scalability is fine. You can add gateways and scale, which is a good feature in Imperva.

This device is suitable for everyone.

There are two different support teams. The cloud support is very good, but the on-premises support is lacking. The response time could be much better.

The initial setup is easy if you know how to deploy Imperva. Once we do the base installation, the deployment is simple.

Once in six months, there are some patch upgrades required. If there are specific requirements we need to upgrade.

We were able to complete the installation and deployment ourselves.

When it comes to the cost, there are different sets of customers. Some are SMB and veteran customers who go with the cloud version of Imperva, which is a managed service. The next-level customers and enterprise will select the on-premises version along with the cloud. They prefer the hybrid environment.

There are a couple of different licensing models. One is with respect to the Cloud and is based on the number of applications you have to protect. The on-premises model is based on the throughput that is required to be inspected.

I know that FortiGate is a niche product and wanted to evaluate Impera and FortiGate for the differences.

You should understand the customer's website, what their website is. They need to configure the ciphers properly. Many engineers are not able to complete the project because they don't understand the customer's environment. 

Before doing an implementation, understand the customer's environment. The ciphers need to be configured properly. Some Imperva engineers are not able to complete the projects because they understand the customer's environment.

Know the ciphers being used and match the ciphers. You must ensure the same ciphers are being matched in the backend load balances. If the backend load or cipher is changed the same should be replicated in Imperva as well. Once this is complete it should be good.

I would rate this solution an eight out of ten.

The mitigation feature is what I find most valuable in Imperva Web Application Firewall. The interface of the cloud version of this solution is also good.

Every product has a room for improvement, and in Imperva Web Application Firewall, we found a limitation when we need to check which email IP traffic is coming from, e.g. we cannot find it.

Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement. If we can populate those information, we can block them in our firewalls, and that would make this solution better.

Though the cloud interface of Imperva Web Application Firewall is good, the interface of the on-premises version is not as appealing, and it's what I'd like to see improved in the next release of this solution.

Imperva Web Application Firewall is a very stable solution.

The cloud version of Imperva Web Application Firewall is very scalable.

Technical support for this solution is good.

It's very easy to set up the cloud version of Imperva Web Application Firewall. It's not difficult, because you just need to map your DNS, and that's it. Setting up this solution is not a problem.

I'm working as a cyber security consultant and I provide Imperva Web Application Firewall and other similar solutions to customers.

We are working in the Middle East, e.g. we are deploying solutions to different organizations.

I don't have any input on the pricing for Imperva Web Application Firewall, as that part is covered by the research team.

I don't have advice for people looking into implementing this solution, except that everyone has different opinions and different requirements. Every organization has different requirements, and their choices will be based on their requirements. If all their requirements are fulfilled by Imperva Web Application Firewall, then they'll want to implement or use it.

I've giving Imperva Web Application Firewall a score of seven out of ten.