My use case involved handling specific web applications for our operations team.

Imperva DDoS helps us automate production. The client had specific requirements for a cloud project in the financial sector.

We faced issues regarding compliance with client procedures. The client had strict compliance rules, and Imperva needed to be on a VM, while the client required containerization, causing a conflict. They went with Imperva for the on-premise version but shelved the cloud project due to too many blockers.

I have been using Imperva DDos for six months.

We tried to contact Imperva's technical support but encountered much resistance. I went through the front portal team on their website, but they wanted to know my client's name, which I couldn't disclose due to an NDA. They directed me to a sales guy who was only interested in selling and wasn't helpful.

Negative

We faced challenges integrating Imperva DDoS. The biggest issue was the lack of a Terraform provider for the on-premise version, which was only for the cloud version. We used an API porting server as a stopgap, but I advised the client to discuss with Imperva about releasing a proper Terraform provider. We worked with Imperva DDoS for six months, but it was never fully deployed due to the organization's internal politics and compliance requirements.

Imperva DDoS is a web application firewall that protects against and mitigates threats. We aimed to shorten deployment times and deploy it in a scalable way using DevOps.

However, we faced challenges because Imperva only had a Terraform provider for the cloud version.

I would rate the tool itself a five out of ten.

We use the solution to protect applications.

Imperva has a complete picture of how the applications are utilizing it. It is handy. DDoS is good. It has an internally managed database. It is very easy to integrate. We have integrated it with SIEM services.

Apart from predefined templates, it would be helpful if the solution provided an option to customize any new rules or additions based on the requirement.

I have been using Imperva Web Application Firewall for three years.

I rate the solution’s stability an eight out of ten.

The tool is pretty scalable. Around 1,000 users are using this solution.

I rate the solution’s scalability an eight out of ten.

We have used Barracuda. We switched to Imperva because Barracuda was not user-friendly and didn't offer predefined data.

The initial setup is simple.

The product's pricing is flexible.

I rate the product's pricing a seven out of ten, where one is cheap and ten is expensive.

I recommend the solution.

Overall, I rate the solution an eight out of ten.

The Imperva Web Application Firewall secures our web application externally. It filters traffic, allowing legitimate requests to reach our application while blocking malicious traffic.

It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. 

With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization.

The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization.

Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts. 

While a Web Application Firewall (WAF) doesn't directly protect against viruses, it's crucial for application security. 

It defends against threats like cross-site scripting (XSS), SQL injection, and others. This safeguards your application or website.

There's always room for improvement. Occasionally, there might be false-positive alerts.  

I have five years of experience working with this product. 

I would rate the stability a nine out of ten. Sometimes, it gives false positives. 

Imperva is a Gartner leader, so its scalability, performance, and features are excellent.

Cloud-based deployments offer easy scalability. On-premises scaling is more complex because it depends on our hardware; we have to mount some servers and specific requirements.

We have around 10 to 15 customers. 

The initial setup is very straightforward. 

Imperva offers both cloud-based and on-premises solutions. For cloud deployments, we'd need a domain name and IP address. 

On-premises installations involve specific hardware requirements, such as 16 GB RAM.

We support both cloud and on-premises solutions.

One or two engineers would be enough for the implementation.

ROI varies depending on the customer. Applications in critical sectors, like banking (BFSI), see significant ROI since Imperva protects its core systems. For them, the ROI calculation is simple.

It's an excellent product, but it can be very costly. 

Those customers who are capable of buying are buying it. 

Those customers who are not able to buy this premium product due to budget constraints explore other options.

The licensing model is yearly. There are no extra costs in addition to the standard licensing fees. 

Overall, I would rate the solution a nine out of ten. More and more customers are adopting web application firewalls to secure their web applications.

I handled web application and database monitoring, including some DDoS work. I implemented Imperva for a top-five bank in Indonesia, monitoring their service and database activity.

Firstly, Imperva monitors all traffic, even customer access, to the web application. Then, Imperva uses features like signatures to identify attacks like cross-site scripting or SQL injection.

It's important to note, if you don't have dynamic profiling, you can use manual configurations. For instance, you can configure a text field on a website to limit input to only numeric characters and specific special characters. 

This helps protect against SQL injection, as these attacks often use special characters to try and break the website's security.

Imperva Cloud WAF would be the most powerful option. It uses cloud-based signatures, which are constantly updated. This is different from the on-premises version, where the signature updates might be less frequent.

Imperva has basic reporting templates. We can use those, and we can also create custom reports. However, customization is limited to labels and structure – we can't change the actual content of the reports. For that, we need to use Imperva Compass.

Overall, I would rate the user experience an eight out of ten, with ten being good experience. 

The signature updates could be faster. Sometimes we have to upload signatures to the Imperva portal for checking and analysis before we can use them.

I have some experience, but not with its on-premise solution. We used their cloud-based WAF, likely Incapsula.

I would rate the stability an eight out of ten. 

I would rate the scalability an eight out of ten. 

Sometimes the customer service and support response time is long. And sometimes, it is fast. 

Positive

The initial setup for Imperva isn't too difficult. We start with a script, setting up the IP, network, and gateway. Then, we inject the license and test on-site for monitoring our web application. 

If we're using dynamic profiling, we configure that, ensuring it works properly. After about one or two weeks, we begin fine-tuning and limiting form types.

The price is high compared to other solutions like FortiWeb.

I would rate the pricing an eight out of ten, with one being cheap and ten being expensive. 

I would recommend it. Overall, I would rate the solution an eight out of ten. 

I am the administrator of the Web Application Firewall. I manage all the web applications and security regarding it. Some of the main use cases are related to OWASP Top 10 and bot attacks.

We are a distributor of all types of cybersecurity products. We handle more than 170 OEMs, and Imperva Web Application Firewall is one of them.

We were facing issues related to web servers and OWASP Top 10. We had bots rather than human traffic. We went with Imperva for a single-stack solution. We have bot protection, DDoS protection, web application firewall, and database security from Imperva.

It is one of the best solutions that I have worked with. After deploying it, bot attacks have completely stopped. When it comes to OWASP Top 10, it responds very clearly when we do testing, so we are not facing any threats. Compliance is also very good. So, overall, it is very good for security and compliance.

Imperva is known in the market for customization and deployments according to the use cases of the customers. You can deploy it the way you want. You can deploy it in the inline mode, reverse proxy mode, or transfer and bridge mode. You can deploy it according to the environment or infra of the company. In terms of integration, with one click of a button, you can integrate it with your SIEM solution. You have preconfigured SIEM codes. You just need to run that code in the SIEM application, and that is it. You will start getting the logs. It is pretty easy.

For certain web servers, I have it on-prem, and for certain web servers, I have it on the cloud. A basic use case of the customers is that they want a single dashboard for the cloud WAF or on-prem WAF. There is a solution called attack analytics in Imperva. It integrates with on-prem and the cloud, so in a single dashboard, you can see what is happening in your on-prem as well as cloud setup. It is very easy. When it comes to reporting, you can take reports anywhere anytime and you can take logs anywhere anytime. Someone who does not know about cybersecurity can understand the logs. Logs are in English instead of the raw format. Anybody who knows English can understand them. Reporting is very easy. These reports can also be used for audit and compliance.

We use SIEM solutions. We use Splunk, and we use Elastic. We use Datadog and Securonix. I integrated Imperva with Elastic and Splunk. We have a pre-written code. We just have to download that code and run the code in the SIEM solution server. After that, the logs start showing. It is that easy. Integration is that easy. I have also done integration with multifactor authentication, security key, HSM, etc. I have worked with RSA and YubiKey. Both of them were very easy. The integration happened with the click of a button. The integration is seamless and is working perfectly. Our clients are happy. We are happy.

There are many features. There is ease of deployment. You can deploy the Imperva Web Application Firewall in two to three minutes. After that, you have to set the policies. For setting policies, you have toggle buttons. You can turn something on or off.

Writing rules is very easy. There is a toggle button. You do not have to write the parsers and rules. You do not have to be well-versed in it. Anybody who works with the Imperva console for a month can master the solution.

The only disadvantage of Imperva is that it is a pretty costly solution. 

It has been around one year.

It is completely stable. For stability, I would rate it an eight out of ten.

It scales very well. I would rate it a nine out of ten for scalability.

In terms of traffic volumes, being a distributor, we do not face the issue of many customers flooding our website. It is not like an e-commerce company. At peak hours, there is almost 500 Mbps of network traffic. That is it.

I would rate their support a ten out of ten. Even if I call at 2 AM, they pick up, and they answer. 

Positive

I have experience with Akamai and Cloudflare. Cloudflare is not made for enterprises or big companies. It is only for small and medium organizations. This is where Imperva comes into the picture. 

Akamai and Imperva are pretty much similar. The only thing that makes them different is the SLA. Imperva is the only vendor that gives three-second SLAs for DDoS attacks. Imperva can mitigate any DDoS attack in just three seconds. This is the main thing that differentiates Imperva from Akamai. Another thing is that the deployment of Akamai is very complex. You need around two to three days to deploy it. You require senior-level engineers. It is very hard to understand as compared to Imperva.

If you go with the Cloud Web Application Firewall, you can complete deployment in a maximum of half an hour. On-prem deployment is a bit complex. It takes three to four hours.

There are only two people who work with Imperva. We handle many solutions, and we have two people handling Imperva. We manage everything in Imperva only with two engineers. The company does not need to hire many people.

It is very costly, but the return on investment is very high. Its cost was around $70,000, and we got it back in just six months. 

It is very expensive. A basic license costs around $10,000. This is the only disadvantage of the solution. Everything else is pretty good.

When a client comes to us saying that they want to implement Imperva, the first thing that we ask them is if they are willing to spend that much. If they say yes, then we do not even compare it to any other product. We just go for Imperva. Feature-wise, we are confident of it. Any customer would go for it in terms of features.

Overall, I would rate Imperva Web Application Firewall a nine out of ten.

We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping.

The solution should integrate with something that looks at continuous security management.

I rate the solution a nine out of ten for stability.

I rate the solution ten out of ten for scalability.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a nine out of ten.

The solution's full deployment took three days, and that was because the clients were unsure which public-facing services needed to be added on. Internally, the solution's deployment took around two hours.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a five out of ten.

Imperva DDoS has helped maintain website availability during an attack because we didn't even know there was an attack. Imperva DDoS was integrated into our existing security measures by using the easy configuration, which was making use of cloud platforms. All the SOC and SIEM integrations and notifications to instant response teams were easily integrated by email.

The solution's real-time threat detection works well and lets me know if something is happening on the management interface, where I spend most of my time.

The solution's scalability supported our client company's growing traffic needs. It started with a medium-sized web presence of 7,00,000 queries per second globally and has moved into tens of millions of queries per second. They are really benefiting from having to keep on spinning up additional security services rather than spinning up operational services.

The solution's reporting and analytics features have helped in understanding attack patterns. The solution helps in understanding who is targeting companies and from where. The solution also helps understand the types of attacks.

Some attacks are investigations where people search to see what is available. On other occasions, people try to write specific scripts to attack the front end to see if they can gain access to the back end. With the solution's reports, you can learn about the attacks and improve security where it's needed.

My experience in setting up and configuring Imperva DDoS for our client's environment was very good. I would recommend the solution to other users.

Overall, I rate Imperva DDoS a nine out of ten.

The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications. 

The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier. 

I have been using the product for three years. 

I rate the tool's stability an eight out of ten. We have encountered bugs, but they are fixed fast. 

I rate Imperva Web Application Firewall's scalability an eight to nine out of ten. 

Imperva Web Application Firewall's customer support is good and responsive. However, they are less responsive on public holidays. 

Positive

Imperva Web Application Firewall's deployment is easy. Onboarding a website on Imperva Web Application Firewall is much easier than Fortinet. With the product, the process is simplified, as you only need to enter your application's IP address on the website for the site, and the profiling firewall automates the process. For large-scale web applications, deployment can take four days to complete. 

Imperva Web Application Firewall's pricing is expensive. 

I rate Imperva Web Application Firewall a nine out of ten. 

The solution is used by SMBs and enterprises that have a lot of websites that they need to protect.

Since the product is categorized in Gartner as a Web Application and API Protection tool, it protects APIs and web applications. It provides bot and client-side protection. I have done POCs. Once the platform is configured to block DDoS attacks, no traffic regarding DDoS or bots gets into the application.

If the clients have requirements for APIs and microservices, we can offer such services with the help of the solution. We can offer it as a security solution that protects APIs and microservices. Imperva’s real-time monitoring makes it very easy for administrators to monitor their existing web applications.

My clients raised a concern that even if they need the tool only for DDoS protection, they still have to buy the WAF license. It’s difficult to position the tool if the client already has a WAF solution and needs Imperva only for DDoS protection.

I have been using the solution since June last year.

I rate the tool’s stability a ten out of ten. Since I've been onboarded, I haven't had any issues.

I rate the tool’s scalability a ten out of ten. Imperva allows only clean traffic. The scalability is based on the clean traffic and not the overall bandwidth of the client. Our clients are mostly enterprise businesses. I have some SMB customers.

Sometimes, support tickets don't get addressed quickly. However, the support team gets to it eventually.

Positive

The initial setup is very easy. I rate the ease of setup a ten out of ten. The time taken for deployment depends on the number of applications we want to onboard. Usually, we can do it in a day.

Imperva is a very proactive solution. It is not reactive. We can prevent attacks or issues even before they happen. It is something people must consider since many enterprises are facing DDoS attacks, and their data is getting compromised.

I rate the solution’s pricing a seven out of ten. Some solutions are cheaper than Imperva. Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF.

We are partners. I rate the product's integration with our client's IT infrastructure a nine out of ten. It is easily integrated since many configurations are needed to onboard Imperva into a client’s infrastructure fully. Overall, I rate the product a nine out of ten.

I use the solution in my company because one of our clients needs a tool that offers functionalities in areas like bot management and DDoS protection against attacks while specifically being able to manage attacks against their public servers by bots and against scraping. DDoS is useful for dealing with too many queries against a single entity since it can cause a business to lose revenue because the company cannot access its site.

The advanced bot detection capabilities and the reporting features in Imperva Bot Management have helped our client's organization by splitting up multiple requests from multiple IP addresses into legitimate and bad or inaccurate requests. The product also sets up the required rules and policies to block certain areas and allow what is needed.

At the moment, I am okay with the product. I haven't found something that needs to be improved yet.

I am not physically busy with any implementations associated with the product, but I will share the details of what is required in the solution with my team as soon as I figure out what is required in the solution.

Sometimes, it takes a bit of time for the technical staff of the solution to get back to our company with a resolution for our problems. The aforementioned area related to the product can an be considered for improvement.

I have been using Imperva Bot Management for two years. My company has a partnership with Imperva.

The stability of the product is good since I haven't had any problems with the solution.

The scalability of the product is high. I rate the product's scalability a ten out of ten. It is very easy to use the scalability features of the product, especially if the product is deployed on the cloud model, but it may be a different story if the tool is deployed on an on-premises model. The difficulty of using the scalability feature nude of the product arises when the client does not have the capacity to scale up.

My company deals with businesses of all sizes. One of my company's clients who uses the solution has five members and a large e-commerce environment. There are also enterprise-sized clients who use the solution.

Before I raise a question with the technical support team of the product, I have gone through all the necessary steps that I could try to resolve the issue, and I cannot go any further because of some knowledge and experience block. If I get in touch with the tool's L1 engineer, I am made to go through all the steps that I have already tried, which turns out to be a bit frustrating.

I rate the technical support a seven to eight out of ten.

Neutral

Considering the fact that I am a technical person, I rate the product's initial setup phase a nine on a scale of one to ten, where one is a difficult initial setup process, and ten is an easy initial setup phase.

The deployment can be done on a cloud, on-premises, or both models, depending on whether the product is used in a start-up or an old company.

The solution can be deployed in a couple of hours, depending on the information gathered from our company's clients. Sometimes, the deployment takes a couple of weeks because of the feedback my company gets from the client that is correct or when they take a long time to reply back to us. From Imperva's side, the deployment process is easy, but when dealing with our company's clients, the deployment phase may not be easy due to communication issues.

I rate the product price a four on a scale of one to ten, where one is a low price, and ten is a high price. The price of the product also depends on the cost of the tools offered by competitors like Radware or Citrix. Considering the current cost of Imperva Bot Management, I would say that the solution is priced correctly.

My company uses Imperva Bot Management to protect our web application against automated threats by using its areas like whitelisting and normal integration with services that are available from the tool's bot management side.

Imperva Bot Management has been effective in managing bots in both areas of our company, like our e-commerce platform and website.

The feature of Imperva Bot Management, which I found to be the most beneficial for identifying and mitigating bots in real-time, is that it helps to mitigate OWASP attacks and its abilities, like reporting data regions, going through various IP addresses, and figuring out the type of attacks.

Imperva Bot Management has impacted our company's clients' daily operations and user experience in terms of bot traffic handling since it has reduced the false positives while ensuring that it has the experience and ability to work on other problems faced by users easily. With Imperva Bot Management, I don't have to have one single person focusing on network outages or website outages because now Imperva can handle multiple queries.

Speaking about an example of a complex bot attack that Imperva Bot Management successfully mitigated, I can say that the tool did website scraping when there were over 1,00,000 queries created per second and figured out that it was a bot that was in areas like scraping and machine learning, after which the solution blocked the bot automatically and sent a notification to the administrator to say what was happening, post which the website was up and stable.

I rate the overall tool an eight and a half out of ten.

The solution is being used for communication.

If something goes wrong, there is a quick switch between nodes, wherever there's an attack against a specific area. The security setup is reasonably easy. It's easy to do setups, rules, and integrations. The backend team is also willing to help if there are questions that we cannot answer.

The UI interface needs improvement. 

I have been using Imperva Web Application Firewall for six months. 

The solution is highly stable. I rate the stability a ten out of ten. 

It is a scalable solution. I would rate it a nine out of ten. 

The initial setup is easy. The deployment depends on the customer's solution but does not take more than a few hours. I rate the initial setup an eight out of ten. 

It is a very affordable solution.

I would definitely recommend the solution. I rate the solution an eight out of ten.