AWS WAF vs Imperva Web Application Firewall comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Sep 5, 2022

We performed a comparison between AWS WAF vs. Imperva Web Application Firewall based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both products report them to be straightforward and simple to set up.
  • Features: Users of both products are generally happy with their flexibility, stability, and scalability.

    AWS WAF users note being particularly satisfied with its stability, agility, and cloud services, but note that the product could be improved by expanding the weightage units of rules.

    Imperva users say they’re impressed with the solution's DDoS, malware, and the other malicious threat prevention. Some users mention wanting there to be more data enrichment capabilities.
  • Pricing: AWS WAF users note that it is reasonably priced and affordable, but a few users note that its pricing model is complicated. Some Imperva users say that it is expensive and higher-priced than competitors.
  • Service and Support: AWS WAF users report fair to good support, whereas Imperva users report excellent service and support.

Comparison Results: AWS WAF and Imperva Web Application Firewall come out about equal in this comparison. AWS WAF has a slight edge when it comes to pricing, but Imperva Web Application Firewall has a slight edge when it comes to support.

To learn more, read our detailed AWS WAF vs. Imperva Web Application Firewall Report (Updated: May 2023).
708,243 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications.""We can host any DB or application on the solution.""The agility is great for us in terms of cloud services in general.""Stable and scalable web application firewall. Setting it up is straightforward.""As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good.""AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers.""What I like best about AWS WAF is that it's a simple tool, so I could understand the basics of AWS WAF in two to three hours.""The solution is stable."

More AWS WAF Pros →

"Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva.""Imperva WAF's strongest features are the detection of web application threats and vulnerabilities in the source code.""Very scalable and very stable firewall for web applications, with a good interface in its cloud version. Mitigation is its most valuable feature. The technical support for this product is also good.""There are a number of features that are valuable such as the account takeover and various antivirus features.""Imperva Web Application Firewall is a highly stable solution and is very mature.""The solution is stable.""The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security.""The solution can scale."

More Imperva Web Application Firewall Pros →

"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex.""It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation.""An improvement area would be that it's more of a manual effort when you have to enable rules. That's one of the downsides. If that can be done in an automated way, it would be great. That's a lagging feature currently.""I would like to see it more tightly integrated with other AWS services.""The cost management has room for improvement.""They should make the implementation process faster.""The solution should identify why it blocks particular websites.""This solution could be improved if the configuration steps were more specific to WAF, compared to other cloud services."

More AWS WAF Cons →

"I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic.""An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics.""The Imperva Web Application Firewall automations are good, but there is still room for improvement with them.""I would like to improve the tool's turnaround time in terms of support.""Imperva Web Application Firewall is very expensive.""Imperva Web Application Firewall can improve by adding more features to the dashboard. increasing the visibility of the real-time events, besides configuring the administration itself.""I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one.""Imperva Web Application Firewall could improve the console by making it easier to use."

More Imperva Web Application Firewall Cons →

Pricing and Cost Advice
  • "The pricing should be more affordable, especially as it pertains to small clients."
  • "It's cheap."
  • "AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage."
  • "You need an additional AWS subscription for this product if you are buying a managed tool."
  • "The price of AWS WAF is reasonable, it is not expensive and it is not cheap."
  • "The price of AWS WAF is expensive if you do not know how to manage your software up or down. I price of the solution is average amongst the other competitors but it would be better if it was less expensive."
  • "For our infrastructure, we probably pay around $16,000 per month for AWS WAF. Because alternative WAF solutions provide even more features, I think the AWS WAF is a bit pricey"
  • "The pricing is good and manageable."
  • More AWS WAF Pricing and Cost Advice →

  • "There are a couple of different licensing models."
  • "The price of Imperva Web Application Firewalls is expensive compared to others."
  • "Licensing can range from one to twenty thousand dollars annually. Additionally, some features, including software support, require an annual subscription as well."
  • "Imperva Web Application Firewall price is higher compared to other solutions. However, everything is included in the price."
  • "We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."
  • "The solution's pricing is an issue."
  • "The pricing is somewhat expensive. It is actually a huge investment when compared to other countries."
  • "The tool is expensive."
  • More Imperva Web Application Firewall Pricing and Cost Advice →

    Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
    708,243 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud… more »
    Top Answer:Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit for… more »
    Top Answer:We can host any DB or application on the solution.
    Top Answer:For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc. 
    Top Answer:You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperva… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    AWS Web Application Firewall
    Learn More

    AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.

    You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.

    AWS WAF Features

    Some of the solution's top features include:

    • Web traffic filtering: Get an extra layer of security by creating a centralized set of rules, easily deployable across multiple websites. These rules filter out web traffic based on conditions like HTTP headers, URIs, and IP addresses. This is very helpful for protection against exploits such as SQL injection and cross-site scripting as well as attacks from third-party applications.
    • Bot control: Malicious bot traffic can consume excessive resources and cause downtime. Gain visibility and control over bot traffic with a managed rule group. You can easily block harmful bots, such as scrapers and crawlers, and you can allow common bots, like search engines and status monitors.
    • Fraud prevention: Effectively defend your application against bot attacks by monitoring your application’s login page with a managed rule group that prevents hackers from accessing user accounts using compromised credentials. The managed rule group helps protect against credential stuffing attacks, brute-force login attempts, and other harmful login activities.
    • API for AWS WAF Management: Automatically create and maintain rules and integrate them into your development process.
    • Metrics for real-time visibility: Receive real-time metrics and captures of raw requests with details about geo-locations, IP addresses, URIs, user agents, and referrers. Integrate seamlessly with Amazon CloudWatch to set up custom alarms when events or attacks occur. These metrics provide valuable data intelligence that can be used to create new rules that significantly improve your application protections.
    • Firewall management: AWS Firewall Manager automatically scans and notifies the security team when there is a policy violation, so they can swiftly take action. When new resources are created, your security team can guarantee that they comply with your organization’s security rules.

    Reviews from Real Users

    AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.

    Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”

    Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud. 

    The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer service and an excellent user interface.

    Learn more about AWS WAF
    Learn more about Imperva Web Application Firewall
    Sample Customers
    eVitamins, 9Splay, Senao International
    BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
    Top Industries
    Computer Software Company21%
    Energy/Utilities Company14%
    Media Company14%
    Financial Services Firm14%
    Computer Software Company19%
    Financial Services Firm13%
    Comms Service Provider7%
    Insurance Company6%
    Computer Software Company31%
    Insurance Company13%
    Comms Service Provider13%
    Energy/Utilities Company6%
    Computer Software Company18%
    Financial Services Firm16%
    Comms Service Provider8%
    Insurance Company6%
    Company Size
    Small Business35%
    Midsize Enterprise18%
    Large Enterprise47%
    Small Business20%
    Midsize Enterprise14%
    Large Enterprise65%
    Small Business54%
    Midsize Enterprise15%
    Large Enterprise32%
    Small Business20%
    Midsize Enterprise16%
    Large Enterprise64%
    Buyer's Guide
    AWS WAF vs. Imperva Web Application Firewall
    May 2023
    Find out what your peers are saying about AWS WAF vs. Imperva Web Application Firewall and other solutions. Updated: May 2023.
    708,243 professionals have used our research since 2012.

    AWS WAF is ranked 3rd in Web Application Firewall (WAF) with 17 reviews while Imperva Web Application Firewall is ranked 6th in Web Application Firewall (WAF) with 21 reviews. AWS WAF is rated 7.8, while Imperva Web Application Firewall is rated 8.6. The top reviewer of AWS WAF writes "Easy to deploy, implement, and manage". On the other hand, the top reviewer of Imperva Web Application Firewall writes "Simple to maintain, easy to configure, and easy to scale". AWS WAF is most compared with Cloudflare Web Application Firewall, Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF and Fortinet FortiWeb, whereas Imperva Web Application Firewall is most compared with F5 Advanced WAF, Microsoft Azure Application Gateway, Fortinet FortiWeb, Azure Front Door and Imperva DDoS. See our AWS WAF vs. Imperva Web Application Firewall report.

    See our list of best Web Application Firewall (WAF) vendors.

    We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.