AWS WAF vs Imperva Web Application Firewall comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Sep 5, 2022

We performed a comparison between AWS WAF vs. Imperva Web Application Firewall based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both products report them to be straightforward and simple to set up.
  • Features: Users of both products are generally happy with their flexibility, stability, and scalability.

    AWS WAF users note being particularly satisfied with its stability, agility, and cloud services, but note that the product could be improved by expanding the weightage units of rules.

    Imperva users say they’re impressed with the solution's DDoS, malware, and the other malicious threat prevention. Some users mention wanting there to be more data enrichment capabilities.
  • Pricing: AWS WAF users note that it is reasonably priced and affordable, but a few users note that its pricing model is complicated. Some Imperva users say that it is expensive and higher-priced than competitors.
  • Service and Support: AWS WAF users report fair to good support, whereas Imperva users report excellent service and support.

Comparison Results: AWS WAF and Imperva Web Application Firewall come out about equal in this comparison. AWS WAF has a slight edge when it comes to pricing, but Imperva Web Application Firewall has a slight edge when it comes to support.

To learn more, read our detailed AWS WAF vs. Imperva Web Application Firewall Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is Amazon. Everything is scalable. It is beyond what we need.""This product supplies options for web security for applications accessing sensitive information.""The most valuable feature is the way it blocks threats to external applications.""Their technical support has been quite good.""The security firewall plus the features that protect against database injections or scripting,""The most valuable features are the geo-restriction denials and the web ACL.""We do not have to maintain the solution.""The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match."

More AWS WAF Pros →

"Imperva is easy to use and deploy. The UI is excellent.""The configurability of the tools and the ease of operation to be the most valuable feature of Imperva.""The most valuable feature of Imperva, in addition to its strong knowledge base, is its effective protection for web applications.""The solution is stable.""The solution has been quite stable. I have not seen any bugs at all.""Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva.""One good thing about Imperva Web Application Firewall is it can be on the cloud and also it can be on-premise.""Very scalable and very stable firewall for web applications, with a good interface in its cloud version. Mitigation is its most valuable feature. The technical support for this product is also good."

More Imperva Web Application Firewall Pros →

Cons
"The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively.""They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats.""We don't have much control over blocking, because the WAF is managed by AWS.""The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure.""The setup is complicated.""It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.""The cost management has room for improvement.""The solution should identify why it blocks particular websites."

More AWS WAF Cons →

"Their portal is very limited and needs improvement.""The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier.""The Imperva Web Application Firewall automations are good, but there is still room for improvement with them.""It's a complicated tool to keep.""I think that better bot protection is needed in this solution.""An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics.""It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default.""It would be nice to have more security control over mobile applications so I would suggest adding more mobile security features. It would also be beneficial to see improvements in regards to interface bandwidth performance, CPU time, and RAM size. Learning capability of the device is quite weak."

More Imperva Web Application Firewall Cons →

Pricing and Cost Advice
  • "It's an annual subscription."
  • "There are no costs in addition to the standard licensing fees."
  • "There are different scale options available for WAF."
  • "AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39."
  • "It has a variable pricing scheme."
  • "We are kind of doing a POC comparison to see what works best. Pricing-wise, AWS is one of the most attractive ones. It is fairly cheap, and we like the pricing part. We're trying to see what makes more sense operation-wise, license-wise, and pricing-wise."
  • "It's quite affordable. It's in the middle."
  • "The pricing should be more affordable, especially as it pertains to small clients."
  • More AWS WAF Pricing and Cost Advice →

  • "Make sure you understand the way that Imperva charges. It's very affordable. However, I would like to see a package with the Virtual Patching included. You get to do patching separately."
  • "Everybody complains about the price of this solution."
  • "The cost of this solution depends on the platform."
  • "The price of this solution is a little bit high compared to competitors."
  • "There are some licenses that you have to buy to use some features. Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell."
  • "There is a license for this solution and we purchase the license annually with no additional fees."
  • "There are a couple of different licensing models."
  • "The price of Imperva Web Application Firewalls is expensive compared to others."
  • More Imperva Web Application Firewall Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Hi Varun I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF… more »
    Top Answer:Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit for… more »
    Top Answer:AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry.
    Top Answer:For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc. 
    Top Answer:You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperva… more »
    Ranking
    Views
    18,216
    Comparisons
    14,268
    Reviews
    29
    Average Words per Review
    407
    Rating
    8.5
    Views
    8,565
    Comparisons
    6,865
    Reviews
    15
    Average Words per Review
    313
    Rating
    8.5
    Comparisons
    Also Known As
    AWS Web Application Firewall
    Learn More
    Overview

    AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.

    You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.

    AWS WAF Features

    Some of the solution's top features include:

    • Web traffic filtering: Get an extra layer of security by creating a centralized set of rules, easily deployable across multiple websites. These rules filter out web traffic based on conditions like HTTP headers, URIs, and IP addresses. This is very helpful for protection against exploits such as SQL injection and cross-site scripting as well as attacks from third-party applications.
    • Bot control: Malicious bot traffic can consume excessive resources and cause downtime. Gain visibility and control over bot traffic with a managed rule group. You can easily block harmful bots, such as scrapers and crawlers, and you can allow common bots, like search engines and status monitors.
    • Fraud prevention: Effectively defend your application against bot attacks by monitoring your application’s login page with a managed rule group that prevents hackers from accessing user accounts using compromised credentials. The managed rule group helps protect against credential stuffing attacks, brute-force login attempts, and other harmful login activities.
    • API for AWS WAF Management: Automatically create and maintain rules and integrate them into your development process.
    • Metrics for real-time visibility: Receive real-time metrics and captures of raw requests with details about geo-locations, IP addresses, URIs, user agents, and referrers. Integrate seamlessly with Amazon CloudWatch to set up custom alarms when events or attacks occur. These metrics provide valuable data intelligence that can be used to create new rules that significantly improve your application protections.
    • Firewall management: AWS Firewall Manager automatically scans and notifies the security team when there is a policy violation, so they can swiftly take action. When new resources are created, your security team can guarantee that they comply with your organization’s security rules.

    Reviews from Real Users

    AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.

    Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”

    Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud. 

    The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer service and an excellent user interface.

    Sample Customers
    eVitamins, 9Splay, Senao International
    BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
    Top Industries
    REVIEWERS
    Computer Software Company25%
    Manufacturing Company13%
    Media Company8%
    Financial Services Firm8%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm13%
    Manufacturing Company7%
    Comms Service Provider6%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm21%
    Comms Service Provider11%
    Insurance Company11%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company13%
    Insurance Company7%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise20%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    REVIEWERS
    Small Business53%
    Midsize Enterprise16%
    Large Enterprise31%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise15%
    Large Enterprise65%
    Buyer's Guide
    AWS WAF vs. Imperva Web Application Firewall
    March 2024
    Find out what your peers are saying about AWS WAF vs. Imperva Web Application Firewall and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    AWS WAF is ranked 1st in Web Application Firewall (WAF) with 51 reviews while Imperva Web Application Firewall is ranked 6th in Web Application Firewall (WAF) with 44 reviews. AWS WAF is rated 8.2, while Imperva Web Application Firewall is rated 8.6. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Imperva Web Application Firewall writes "Offers simulation for studying infrastructure and hybrid infrastructure protection". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Cloudflare Web Application Firewall and Fortinet FortiWeb, whereas Imperva Web Application Firewall is most compared with F5 Advanced WAF, Microsoft Azure Application Gateway, Fortinet FortiWeb, Azure Front Door and Akamai App and API Protector. See our AWS WAF vs. Imperva Web Application Firewall report.

    See our list of best Web Application Firewall (WAF) vendors.

    We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.