The solution functions just like a firewall, but it operates in the cloud. It is designed to protect web applications and environments hosted on the cloud. 

It helps protect applications from DDoS attacks and other types of attacks. I handle a wide range of business requirements with it.

The solution can be configured in just a couple of minutes. It ensures 99.7% availability for my applications. It provides an additional layer of security for web applications and other applications, including mobile applications. It protects my environment and helps maintain my reputation in the market.

It is not a personal firewall, however, I can log my traffic to the Web Application Firewall if my hardware is available on-premise. I am satisfied with all the features available. There is nothing specific where the application firewall is falling short.

I have been working with Imperva solutions personally since last month.

I would rate the solution ten out of ten in terms of stability.

The solution is highly scalable. I can configure this firewall to expand based on my needs and revert to my basic configuration when traffic is over.

Technical support is divided into two categories: partner side and OEM side. It is easy to contact them, and my queries are resolved efficiently.

Positive

The initial setup is very easy. I just need to route the traffic, similar to configuring an IP on the application firewall. It typically takes no more than a day and is easy, rated at nine out of ten.

The pricing is competitive in the market. The solution helps improve my security posture and operational costs.

There are other solutions available in the market, however, Imperva Web Application Firewall is a good solution.

I would recommend Imperva Web Application Firewall to others. 

Overall, I would rate it eight out of ten as it is a good solution. However, there are other solutions in the market.

We are a premier partner with Imperva. We usually recommend Imperva Web Application Firewall (WAF) more because our customers sometimes get a better deal, and many already have Imperva solutions on-premises. We help them move to the cloud and other related tasks.

Customers enjoy the rules implemented in Imperva WAF, which are updated automatically any time a new breach is discovered. This eliminates the need for backend changes or manual updates, making the system straightforward.

The valuable features of Imperva WAF include its effective security breach prevention through automatically updating rules. The support team answers cases quickly as well.

The product's customization capabilities are a bit problematic, requiring support cases for backend modifications. 

Additionally, the handling of high-traffic volumes could be better, as it doesn't cut you off if you exceed your purchased traffic. Our clients like the guarantee that they won't be charged for exceeding traffic during peak periods. Users also need to be more attentive to false alerts, as the marketing might give a false sense of trust.

I have been dealing with Imperva for three years, while my company has been involved for more years.

Imperva WAF does not appear to handle high traffic volumes optimally during peaks as it only notifies clients if they exceed their purchased amount of traffic. However, it does not immediately cause any issue unless the excess persists over time.

Their technical support is rated nine out of ten. Support cases are answered quickly.

Positive

The setup is straightforward. Clients often manage it themselves, and no action is required on their end for implementation.

On occasion, we help our clients get on the cloud as part of our partnership with Imperva.

The pricing tends to be expensive. As premier partners, we get good deals, however, without such deals, it is usually quite costly. The cost also varies based on the plan that clients choose.

Imperva Web Application Firewall is recommended for companies needing a robust cloud-based solution. For on-premises versions, it might be considered outdated.

I'd rate the solution nine out of ten.

I use the service for protection due to the fact that it has profile functionality.

Protection is the best solution since it has profile functionality.

Interesting alternatives are Akamai and some cloud solutions do exist.

We use Imperva for our web applications that we have hosted to protect them.

With our deployment setup, the benefit is regarding the security and how threats have been blocked. It's not studied in terms of resources or speed. The threat prevention is the aspect we are monitoring.

Empower administration is user-friendly, and we do not need much for managing day-to-day operations. It is easy to use and has good security. Also, it is very customizable, especially for controlling web browsers and devices.

I would prefer AI integrations for user administration, visualization, log analytics, and risk analysis. If they can bring in generative AI features, that would be useful.

I am working with Imperva at the moment and have been using it for maybe six to seven years.

It's very stable. We haven't had any issues.

Scalability is not a problem since we have enough resources as it's an on-premises version.

We have escalated to tech support and it's quite good. I would rate them a seven point five out of ten.

We didn't use any WAF product before Imperva.

The initial deployment was seamless, and there weren't many complexities.

The deployment was done by a separate company within the company.

I do not have much understanding about F5 yet as I am currently evaluating their solution.

I suggest looking for a cloud-based solution rather than on-premises, which might improve availability, stability, and security.

I'd rate the solution nine out of ten.

We are primarily a customer for Firewall. We're also moving into the managed security space, but we are primarily a customer here. 

So, it is primarily used for web application firewalls. Protecting web applications against application-layer attacks. There is advanced bot protection and DDoS Protection. 

It's very simple to implement. It works right out of the box once you integrate the application. It does the learning for you and starts applying relevant signatures. 

It's effective in protecting against different kinds of attacks. For example, it can mitigate DDoS attacks and block application layer attacks like SQL injection, HTTP, and cross-site scripting attacks. The latency is pretty low.

Support is one thing I wish Imperva could improve. They follow the phone model and keep rotating you from one customer service person to another. The layer one support isn't very clear about the workings of the product.

My feedback is primarily about Imperva Cloud, not on-premise. On-premise is a whole new story.

Support is the issue for Imperva Cloud. It's also a bit pricey. It's a premium service and very expensive. The licensing model is not very straightforward. Every feature is priced separately, and to enjoy maximum protection, you'll have to spend a lot of money. The licensing model is a bit complex, and each feature is very pricey. For example, API security and web application protection are two separate license packages.

For WAF, I have been using it for about four years now. 

The solution is generally stable, but there are sometimes where a link degradation does not involve a failover to another port where you're able to enjoy the service. So your availability is affected because of link degradation. It will not automatically take you to another port. But otherwise, it's generally stable.

The capacity and everything is managed by Imperva. We don't really get to know much about the back end.

It does a good job because we have very busy applications that seem to work well without any issues. The only issue that we experienced recently is that if there's an issue on the uplinks, the traffic does not automatically fail over to another region or another POP. You're still directed to a POP where there's degradation in service. So, if you're affected, you'll have to bear the pain until the issue is resolved before you're able to access the services again. So, there's no automatic failover between POPs from one POP to another in the event of a link degradation along the path.

Neutral

We have tried out Radware as a POC just a couple of months ago. There is also Cloudflare .

I'd prefer Cloudflare because of its presence on the Internet, the number of services it offers, and the level of automation that it gives you. 

I'd look up to Cloudflare because it's more stable. Because of its points of presence everywhere in the world, you're in a better place to enjoy better availability than being on Imperva. 

And the level of protection from my test, I think it's pretty good. It's next-generation application firewall. So it's something that I look up to.

The deployment was easy. We have quite a number of sites, more than 300. Per site, it can take about ten minutes to integrate, to move your application to the cloud, before you can achieve maximum protection or before you can achieve protection on your site. So, it's a very seamless process.

We had challenges integrating with our on-premise tools, our SIEM tools and SOAR tools. Integration is a bit complex. There's no capability to integrate with our on-premise tools, or if there is, it's very limited.

It's a SaaS service, so everything's maintained by Imperva. It's something that is managed by Imperva. 

So, there is a return on investment in terms of achieving protection for our public-facing portals. We have seen quite a number of DDoS attacks being mitigated by Imperva. We have also seen a few web application attacks that have been blocked.

In terms of time savings, we don't have to go to the data center to do upgrades and other mundane things, so we can focus on more important things. 

The licensing model is a bit complex and very complicated model. 

We operate a hybrid cloud and on-premise as well, and we're looking for a solution that would suit all of our needs. Right now, for API security, we don't have anything. But for others, for WAF, we do have something. We use Imperva as our WAF, for example.

We carry out research, which is the first step when we're looking to source a product. We do market research, obviously, and an assessment. So it starts with reviewing PeerSpot or what people say about different products, and then we call vendors in. They give us a demo. They give us a POC. Then, we draft the required set of requirements, and then we eventually pick a product based on what we need.

AI functionality in Imperva does do quite a bit of learning, but Imperva can do more. There's little interaction. There's basically just the machine learning bit. So it basically baselines the application and then analyzes traffic towards the application. But in terms of capability to interact with large language models, that is still not at the level where the competitors are.

Overall, I would rate it an eight out of ten. 

We use the solution to protect applications.

Imperva has a complete picture of how the applications are utilizing it. It is handy. DDoS is good. It has an internally managed database. It is very easy to integrate. We have integrated it with SIEM services.

Apart from predefined templates, it would be helpful if the solution provided an option to customize any new rules or additions based on the requirement.

I have been using Imperva Web Application Firewall for three years.

I rate the solution’s stability an eight out of ten.

The tool is pretty scalable. Around 1,000 users are using this solution.

I rate the solution’s scalability an eight out of ten.

We have used Barracuda. We switched to Imperva because Barracuda was not user-friendly and didn't offer predefined data.

The initial setup is simple.

The product's pricing is flexible.

I rate the product's pricing a seven out of ten, where one is cheap and ten is expensive.

I recommend the solution.

Overall, I rate the solution an eight out of ten.

The Imperva Web Application Firewall secures our web application externally. It filters traffic, allowing legitimate requests to reach our application while blocking malicious traffic.

It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. 

With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization.

The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization.

Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts. 

While a Web Application Firewall (WAF) doesn't directly protect against viruses, it's crucial for application security. 

It defends against threats like cross-site scripting (XSS), SQL injection, and others. This safeguards your application or website.

There's always room for improvement. Occasionally, there might be false-positive alerts.  

I have five years of experience working with this product. 

I would rate the stability a nine out of ten. Sometimes, it gives false positives. 

Imperva is a Gartner leader, so its scalability, performance, and features are excellent.

Cloud-based deployments offer easy scalability. On-premises scaling is more complex because it depends on our hardware; we have to mount some servers and specific requirements.

We have around 10 to 15 customers. 

The initial setup is very straightforward. 

Imperva offers both cloud-based and on-premises solutions. For cloud deployments, we'd need a domain name and IP address. 

On-premises installations involve specific hardware requirements, such as 16 GB RAM.

We support both cloud and on-premises solutions.

One or two engineers would be enough for the implementation.

ROI varies depending on the customer. Applications in critical sectors, like banking (BFSI), see significant ROI since Imperva protects its core systems. For them, the ROI calculation is simple.

It's an excellent product, but it can be very costly. 

Those customers who are capable of buying are buying it. 

Those customers who are not able to buy this premium product due to budget constraints explore other options.

The licensing model is yearly. There are no extra costs in addition to the standard licensing fees. 

Overall, I would rate the solution a nine out of ten. More and more customers are adopting web application firewalls to secure their web applications.

I handled web application and database monitoring, including some DDoS work. I implemented Imperva for a top-five bank in Indonesia, monitoring their service and database activity.

Firstly, Imperva monitors all traffic, even customer access, to the web application. Then, Imperva uses features like signatures to identify attacks like cross-site scripting or SQL injection.

It's important to note, if you don't have dynamic profiling, you can use manual configurations. For instance, you can configure a text field on a website to limit input to only numeric characters and specific special characters. 

This helps protect against SQL injection, as these attacks often use special characters to try and break the website's security.

Imperva Cloud WAF would be the most powerful option. It uses cloud-based signatures, which are constantly updated. This is different from the on-premises version, where the signature updates might be less frequent.

Imperva has basic reporting templates. We can use those, and we can also create custom reports. However, customization is limited to labels and structure – we can't change the actual content of the reports. For that, we need to use Imperva Compass.

Overall, I would rate the user experience an eight out of ten, with ten being good experience. 

The signature updates could be faster. Sometimes we have to upload signatures to the Imperva portal for checking and analysis before we can use them.

I have some experience, but not with its on-premise solution. We used their cloud-based WAF, likely Incapsula.

I would rate the stability an eight out of ten. 

I would rate the scalability an eight out of ten. 

Sometimes the customer service and support response time is long. And sometimes, it is fast. 

Positive

The initial setup for Imperva isn't too difficult. We start with a script, setting up the IP, network, and gateway. Then, we inject the license and test on-site for monitoring our web application. 

If we're using dynamic profiling, we configure that, ensuring it works properly. After about one or two weeks, we begin fine-tuning and limiting form types.

The price is high compared to other solutions like FortiWeb.

I would rate the pricing an eight out of ten, with one being cheap and ten being expensive. 

I would recommend it. Overall, I would rate the solution an eight out of ten. 

I am the administrator of the Web Application Firewall. I manage all the web applications and security regarding it. Some of the main use cases are related to OWASP Top 10 and bot attacks.

We are a distributor of all types of cybersecurity products. We handle more than 170 OEMs, and Imperva Web Application Firewall is one of them.

We were facing issues related to web servers and OWASP Top 10. We had bots rather than human traffic. We went with Imperva for a single-stack solution. We have bot protection, DDoS protection, web application firewall, and database security from Imperva.

It is one of the best solutions that I have worked with. After deploying it, bot attacks have completely stopped. When it comes to OWASP Top 10, it responds very clearly when we do testing, so we are not facing any threats. Compliance is also very good. So, overall, it is very good for security and compliance.

Imperva is known in the market for customization and deployments according to the use cases of the customers. You can deploy it the way you want. You can deploy it in the inline mode, reverse proxy mode, or transfer and bridge mode. You can deploy it according to the environment or infra of the company. In terms of integration, with one click of a button, you can integrate it with your SIEM solution. You have preconfigured SIEM codes. You just need to run that code in the SIEM application, and that is it. You will start getting the logs. It is pretty easy.

For certain web servers, I have it on-prem, and for certain web servers, I have it on the cloud. A basic use case of the customers is that they want a single dashboard for the cloud WAF or on-prem WAF. There is a solution called attack analytics in Imperva. It integrates with on-prem and the cloud, so in a single dashboard, you can see what is happening in your on-prem as well as cloud setup. It is very easy. When it comes to reporting, you can take reports anywhere anytime and you can take logs anywhere anytime. Someone who does not know about cybersecurity can understand the logs. Logs are in English instead of the raw format. Anybody who knows English can understand them. Reporting is very easy. These reports can also be used for audit and compliance.

We use SIEM solutions. We use Splunk, and we use Elastic. We use Datadog and Securonix. I integrated Imperva with Elastic and Splunk. We have a pre-written code. We just have to download that code and run the code in the SIEM solution server. After that, the logs start showing. It is that easy. Integration is that easy. I have also done integration with multifactor authentication, security key, HSM, etc. I have worked with RSA and YubiKey. Both of them were very easy. The integration happened with the click of a button. The integration is seamless and is working perfectly. Our clients are happy. We are happy.

There are many features. There is ease of deployment. You can deploy the Imperva Web Application Firewall in two to three minutes. After that, you have to set the policies. For setting policies, you have toggle buttons. You can turn something on or off.

Writing rules is very easy. There is a toggle button. You do not have to write the parsers and rules. You do not have to be well-versed in it. Anybody who works with the Imperva console for a month can master the solution.

The only disadvantage of Imperva is that it is a pretty costly solution. 

It has been around one year.

It is completely stable. For stability, I would rate it an eight out of ten.

It scales very well. I would rate it a nine out of ten for scalability.

In terms of traffic volumes, being a distributor, we do not face the issue of many customers flooding our website. It is not like an e-commerce company. At peak hours, there is almost 500 Mbps of network traffic. That is it.

I would rate their support a ten out of ten. Even if I call at 2 AM, they pick up, and they answer. 

Positive

I have experience with Akamai and Cloudflare. Cloudflare is not made for enterprises or big companies. It is only for small and medium organizations. This is where Imperva comes into the picture. 

Akamai and Imperva are pretty much similar. The only thing that makes them different is the SLA. Imperva is the only vendor that gives three-second SLAs for DDoS attacks. Imperva can mitigate any DDoS attack in just three seconds. This is the main thing that differentiates Imperva from Akamai. Another thing is that the deployment of Akamai is very complex. You need around two to three days to deploy it. You require senior-level engineers. It is very hard to understand as compared to Imperva.

If you go with the Cloud Web Application Firewall, you can complete deployment in a maximum of half an hour. On-prem deployment is a bit complex. It takes three to four hours.

There are only two people who work with Imperva. We handle many solutions, and we have two people handling Imperva. We manage everything in Imperva only with two engineers. The company does not need to hire many people.

It is very costly, but the return on investment is very high. Its cost was around $70,000, and we got it back in just six months. 

It is very expensive. A basic license costs around $10,000. This is the only disadvantage of the solution. Everything else is pretty good.

When a client comes to us saying that they want to implement Imperva, the first thing that we ask them is if they are willing to spend that much. If they say yes, then we do not even compare it to any other product. We just go for Imperva. Feature-wise, we are confident of it. Any customer would go for it in terms of features.

Overall, I would rate Imperva Web Application Firewall a nine out of ten.

The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications. 

The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier. 

I have been using the product for three years. 

I rate the tool's stability an eight out of ten. We have encountered bugs, but they are fixed fast. 

I rate Imperva Web Application Firewall's scalability an eight to nine out of ten. 

Imperva Web Application Firewall's customer support is good and responsive. However, they are less responsive on public holidays. 

Positive

Imperva Web Application Firewall's deployment is easy. Onboarding a website on Imperva Web Application Firewall is much easier than Fortinet. With the product, the process is simplified, as you only need to enter your application's IP address on the website for the site, and the profiling firewall automates the process. For large-scale web applications, deployment can take four days to complete. 

Imperva Web Application Firewall's pricing is expensive. 

I rate Imperva Web Application Firewall a nine out of ten.