AWS WAF vs Imperva Web Application Firewall comparison


Comparison Buyer's Guide

Executive SummaryUpdated on Sep 5, 2022

Categories and Ranking

Ranking in Web Application Firewall (WAF)
Average Rating
Number of Reviews
Ranking in other categories
No ranking in other categories
Imperva Web Application Fir...
Ranking in Web Application Firewall (WAF)
Average Rating
Number of Reviews
Ranking in other categories
No ranking in other categories

Mindshare comparison

As of June 2024, in the Web Application Firewall (WAF) category, the mindshare of AWS WAF is 18.1%, up from 16.0% compared to the previous year. The mindshare of Imperva Web Application Firewall is 7.0%, down from 7.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF)
Unique Categories:
No other categories found
No other categories found

Featured Reviews

Jul 11, 2023
Useful for protecting against unauthorized access and data breaches but very expensive
We use the AWS platform to implement custom security rules based on our company's SOP. We apply custom rules to protect specific APIs and specific endpoint URLs. This allows us to tailor our security measures to our specific needs and requirements AWS WAF has improved our organization by allowing…
Mitesh D Patel - PeerSpot reviewer
Apr 18, 2024
Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others
It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers."
"The product’s availability, ease of configuration, and documentation are valuable."
"The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system."
"The most valuable features are the geo-restriction denials and the web ACL."
"Rule groups are valuable."
"If hackers try to insert bugs, the tool blocks it."
"The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections."
"The solution's initial setup process is easy."
"Imperva is a Gartner leader, so its scalability, performance, and features are excellent."
"There are some features that are configured by default, so even without doing much, it can still provide a level of protection."
"The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis."
"It mitigates all of the availabilities of risks around web applications."
"The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications."
"Imperva Web Application Firewall is a highly stable solution and is very mature."
"The solution can scale."
"There are many features. There is ease of deployment. You can deploy the Imperva Web Application Firewall in two to three minutes. After that, you have to set the policies. For setting policies, you have toggle buttons. You can turn something on or off."


"The default content policy available in the tool is not very strong compared to the competitors."
"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats."
"It's a bit difficult to apply the right rules for the right security."
"An improvement area would be that it's more of a manual effort when you have to enable rules. That's one of the downsides. If that can be done in an automated way, it would be great. That's a lagging feature currently."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"For now, there is no feature to protect against attack of the bad bots"
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"Sometimes, support tickets don't get addressed quickly."
"The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you."
"I would like to improve the tool's turnaround time in terms of support."
"I don't really use it and therefore can't speak to areas of improvement."
"Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis."
"Sometimes our web application firewall will slow down."
"They can provide an option to create reports, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report."
"I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one."

Pricing and Cost Advice

"AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage."
"I would rate AWS WAF's pricing a seven out of ten."
"AWS WAF has reasonable pricing."
"The pricing should be more affordable, especially as it pertains to small clients."
"AWS WAF has reasonable pricing."
"I rate the product price a five on a scale of one to ten, where one is high price, and ten is low price"
"It's cheap."
"The price of AWS WAF is expensive if you do not know how to manage your software up or down. I price of the solution is average amongst the other competitors but it would be better if it was less expensive."
"There is a license for this solution and we purchase the license annually with no additional fees."
"The pricing is somewhat expensive. It is actually a huge investment when compared to other countries."
"We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."
"Make sure you understand the way that Imperva charges. It's very affordable. However, I would like to see a package with the Virtual Patching included. You get to do patching separately."
"There are some licenses that you have to buy to use some features. Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell."
"Imperva Web Application Firewall is expensive."
"The solution's pricing is an issue."
"The cost of this solution depends on the platform."
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
789,728 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Computer Software Company
Financial Services Firm
Manufacturing Company
Insurance Company
Financial Services Firm
Computer Software Company
Manufacturing Company
Insurance Company

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF is t...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit ...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc.
DDoS solutions: Any other solutions to consider aside from Radware DefensePro and F5 Silverline DDoS Protection?
You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperv...

Also Known As

AWS Web Application Firewall
No data available



Sample Customers

eVitamins, 9Splay, Senao International
BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Find out what your peers are saying about AWS WAF vs. Imperva Web Application Firewall and other solutions. Updated: June 2024.
789,728 professionals have used our research since 2012.