Try our new research platform with insights from 80,000+ expert users

AWS WAF vs Imperva Web Application Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS WAF
Ranking in Web Application Firewall (WAF)
1st
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
59
Ranking in other categories
No ranking in other categories
Imperva Web Application Fir...
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
52
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Web Application Firewall (WAF) category, the mindshare of AWS WAF is 9.3%, down from 13.4% compared to the previous year. The mindshare of Imperva Web Application Firewall is 5.6%, down from 6.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF)
 

Featured Reviews

Kavin Kalaiarasu - PeerSpot reviewer
AWS's cloud-native security simplifies rule enforcement but needs better DDoS integration
The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded. The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF. Instead, they are part of AWS Shield. Providing DDoS protection as part of their WAF solution would be beneficial.
Mitesh D Patel - PeerSpot reviewer
Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others
It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good."
"The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match."
"Their technical support has been quite good."
"We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS."
"This is not a product that you need to install. You just use it."
"The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"The most valuable feature is the capability to limit access based on geographical location by restricting specific IP addresses."
"Its best feature is that it is on the cloud and does not require local hardware resources."
"It is easy to use and has good security."
"Imperva Web Application Firewall is stable."
"The solution integrates seamlessly with other tools and has a good alert mechanism."
"Imperva is a Gartner leader, so its scalability, performance, and features are excellent."
"The solution can be configured in just a couple of minutes."
"The solution is stable."
"The dynamic profiling of websites is the solution's most valuable feature. The security is also good."
"It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."
 

Cons

"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"There is room for improvement in pricing."
"We don't have much control over blocking, because the WAF is managed by AWS."
"The default content policy available in the tool is not very strong compared to the competitors."
"We must monitor and clean up the WAF manually."
"The solution's pricing could be improved."
"The product could be improved by expanding the weightage units of rules."
"I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps."
"Their portal is very limited and needs improvement."
"The user interface could be better."
"I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one."
"Sometimes, support tickets don't get addressed quickly."
"I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic."
"The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you."
"It's a complicated tool to keep."
"The tool needs to improve CPU and storage memory."
 

Pricing and Cost Advice

"There are different scale options available for WAF."
"The product’s pricing is reasonable."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven or eight out of ten."
"It's quite affordable. It's in the middle."
"The price of AWS WAF is reasonable, it is not expensive and it is not cheap."
"The solution's cost depends on the use cases."
"It's cheap."
"AWS WAF has reasonable pricing."
"Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF."
"The price is high compared to other solutions like FortiWeb."
"Imperva Web Application Firewall is expensive."
"There is a license for this solution and we purchase the license annually with no additional fees."
"The solution's pricing is an issue."
"We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."
"Imperva Web Application Firewall price is higher compared to other solutions. However, everything is included in the price."
"The tool is expensive."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
860,632 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
9%
Government
5%
Financial Services Firm
16%
Computer Software Company
12%
Insurance Company
8%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF is t...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit ...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc.
DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?
You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperv...
 

Also Known As

AWS Web Application Firewall
No data available
 

Overview

 

Sample Customers

eVitamins, 9Splay, Senao International
BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Find out what your peers are saying about AWS WAF vs. Imperva Web Application Firewall and other solutions. Updated: June 2025.
860,632 professionals have used our research since 2012.