We performed a comparison between AWS WAF vs. Imperva Web Application Firewall based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: AWS WAF and Imperva Web Application Firewall come out about equal in this comparison. AWS WAF has a slight edge when it comes to pricing, but Imperva Web Application Firewall has a slight edge when it comes to support.
"The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications."
"We can host any DB or application on the solution."
"The agility is great for us in terms of cloud services in general."
"Stable and scalable web application firewall. Setting it up is straightforward."
"As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good."
"AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers."
"What I like best about AWS WAF is that it's a simple tool, so I could understand the basics of AWS WAF in two to three hours."
"The solution is stable."
"Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva."
"Imperva WAF's strongest features are the detection of web application threats and vulnerabilities in the source code."
"Very scalable and very stable firewall for web applications, with a good interface in its cloud version. Mitigation is its most valuable feature. The technical support for this product is also good."
"There are a number of features that are valuable such as the account takeover and various antivirus features."
"Imperva Web Application Firewall is a highly stable solution and is very mature."
"The solution is stable."
"The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security."
"The solution can scale."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"An improvement area would be that it's more of a manual effort when you have to enable rules. That's one of the downsides. If that can be done in an automated way, it would be great. That's a lagging feature currently."
"I would like to see it more tightly integrated with other AWS services."
"The cost management has room for improvement."
"They should make the implementation process faster."
"The solution should identify why it blocks particular websites."
"This solution could be improved if the configuration steps were more specific to WAF, compared to other cloud services."
"I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic."
"An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics."
"The Imperva Web Application Firewall automations are good, but there is still room for improvement with them."
"I would like to improve the tool's turnaround time in terms of support."
"Imperva Web Application Firewall is very expensive."
"Imperva Web Application Firewall can improve by adding more features to the dashboard. increasing the visibility of the real-time events, besides configuring the administration itself."
"I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one."
"Imperva Web Application Firewall could improve the console by making it easier to use."
More Imperva Web Application Firewall Pricing and Cost Advice →
AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.
You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.
AWS WAF Features
Some of the solution's top features include:
Reviews from Real Users
AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.
Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”
Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud.
The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer service and an excellent user interface.
AWS WAF is ranked 3rd in Web Application Firewall (WAF) with 17 reviews while Imperva Web Application Firewall is ranked 6th in Web Application Firewall (WAF) with 21 reviews. AWS WAF is rated 7.8, while Imperva Web Application Firewall is rated 8.6. The top reviewer of AWS WAF writes "Easy to deploy, implement, and manage". On the other hand, the top reviewer of Imperva Web Application Firewall writes "Simple to maintain, easy to configure, and easy to scale". AWS WAF is most compared with Cloudflare Web Application Firewall, Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF and Fortinet FortiWeb, whereas Imperva Web Application Firewall is most compared with F5 Advanced WAF, Microsoft Azure Application Gateway, Fortinet FortiWeb, Azure Front Door and Imperva DDoS. See our AWS WAF vs. Imperva Web Application Firewall report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.