Imperva Application Security Platform Reviews

The primary use was to cover the database. Imperva we recognized on the market as the best solution for techs on databases. The banks here in Chile always ask for these types of solutions.

The compliance is the most valuable aspect.

I just need it to be a stable and normal version. I'd want to hear about the new features to see which I would need.

I find this solution stable. We have 2,000 users in financial services.

The solution is scalable.

The setup initially was simple, but when we tried to run it we had problems with the log parameters and it was complicated to use. The operation was complicated to use, but that is just the experience of my team. It took two months to deploy. The setup and installation of the technologies took one week, and after that, one month to set up the parameters and after that, in order to set up the logs, it took about two weeks. So two months total. We have three engineers, including an architect and a security engineer. We also had a fourth engineer that knew the application.

We have a yearly license, but I'm unsure of the pricing.

We didn't evaluate other options, just Imperva.

I would rate the solution as an 8 out of 10, simply because of the difficulty of operation management. It's a complicated tool to keep.

Our primary use case is to protect our cloud production environment.

We have a co-location that we do with our QA and Dev and our pre-production environment. We do everything there. We built it for the production environment so we deploy everything in the cloud. We have the web application firewall in the cloud, after the proxy.

It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF.

The interface is very user-friendly. You get used to it. It's very convenient.

There could be some limitations rom the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily, because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go.

Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering. That's why you need Incapsula.

No issues with stability. It has never crashed.

Scalability is affordable. There are no issues with the process of scaling.

They have centralized management, in terms of scalability. They have centralized policy control, they have centralized application profile information. On the dashboard they have Signature Update, Monitoring, Reporting. They clearly thought about the large-scale when they made this product.

We use a partner here in Puerto Rico for Imperva. We have a guy in our shop every day, full-time.

We used Fortigate. We switched because it's not a WAF. When you have a WAF, you want that WAF to do all kinds of configurations, to promote the firewall, to work the way you want it. Imperva came with everything, the whole package.

The initial setup was a little bit complex. But a third-party took care of everything. It's not like putting milk on cereal when you are working with these kinds of configurations. The effectiveness of a web application is going to come from the analysis of what your organization needs. If you don't have that information before you go into Imperva, you're going to have a lot to do when you get there. You need to know what you're doing. It's not something you can take out of the box and put in your infrastructure. It's somewhat hardcore to deal with these kinds of solutions. 

Make sure you understand the way that Imperva charges. It's very affordable. However, I would like to see a package with the Virtual Patching included. You get to do patching separately.

We had F5, Akamai, Fortinet, Barracuda. We may have looked at Juniper as well, I don't remember. Not too many companies have a WAF. Not all the firewall companies are WAF makers.

I think it's perfect. It's a very good application. When you do large-scale deployment you want to protect your physical web application with Imperva, trust me. It gives me peace of mind.

These are guys are from Israel and you should see that place. These guys are the best I have ever seen. They do all kinds of stuff and there is nothing that they cannot do. These people are incredible. They can configure and develop anything, customized, if you want it. Everything has a price, but they can do it right now. They don't have a "no."

We use Imperva with Incapsula so we have web security, we have DDoS protection, we have content delivery networking, we have load-balancing. We do everything with Incapsula cloud. For example, if you have an internet threat, that threat is trying to access your web application. Depending on the threat that you are receiving, the activity monitor is going to be triggered. Once that activity monitor gets triggered, the vulnerability management is going to defend you. It doesn't work for everything the same way. It's very intelligent.

Without tuning, it blocked 88 percent of the vulnerabilities, and when we tuned it, it blocked 98 percent. Whatever was not blocked didn't harm us. We use a third-party for tuning. We tell them what to do it and they do it. They get it done fast, sometimes in two to three days. It depends on what you're asking for. If you're asking for more accuracy, they go the distance to solve your problem. For example, the other day I had some keywords, some attack signatures that they were looking at for false-positives and false negatives, which are two different things. One of the main reasons we got Imperva is that we wanted to block attacks while limiting the number of false positives. I wanted the application scanner not to generate false positives by creating violations. I gave them the information, and the next day it was solved.

To put it in a high-level perspective, you are paying to see the things that are important, but you get a lot of noise. I wanted to reduce that noise. They allowed me to do that. 

Make sure you have the right testing methodology for Virtual Patching. If you want to take your patching to under 30 days, this is the product for you. We reduced it to five days. I think we are the only company where the patching is under five days. We are only doing it at the database-level right now. But we took it down to five days. 

There are proper ways to test a WAF, but the main advice I can give you is that you should not just generate attack traffic. The most effective method, for me, would be to generate both attack and legitimate traffic. That kind of approach will give you a way to rate the ability of the WAF to detect malicious traffic and to distinguish malicious traffic from good traffic. Provide real-world testing scenarios, in which the WAF must block attacks and avoid blocking good traffic at the same time. You will be able to measure how many false positives you're getting. That is the best way to test a WAF: Don't only to generate attack traffic.

Another piece of advice, and here I will jump  to the main fears of this environment - SQL injections, cross-site scripting, which I hate, DT's (Directory Traversals) - is that you need to provide another layer here which is IPS. IPS products will all rely on signatures. They are going to be created by the scanner to stop anything, that's just the basics of threat prevention. If these signatures are easy to circumvent, by using comments and encoding at the same time, they will be available for the WAF to stop any kind of session or cookie tampering. What I'm saying is that there should be technical attack protection. You should be thinking not only about WAF but combining WAF and IPS.

You need to find an IPS that works with it. Imperva has something similar to an IPS, it's not an IPS per se. For example, an IPS cannot detect or stop fraud malware. For that, you need to add certain other levels of security and combine it with employee training. If you get the web application, which is called SecureSphere, the WAF, it will protect you against web page fraud because they go by black IPs. So you can help the IPS on that side and the IPS can help you letting you know what to block from the internal network. You should be considering a combination of WAF and IPS.

Another thing to take into consideration for people who are starting, with respect to deploying a WAF, is that they should validate the accuracy of the solution and the ability it has to protect any application and help you with monitoring and management. It's not just technical stuff.

The first use case was due to the need to protect DDoS attacks as well as protection for SQL injection. The existing application was no longer supported, and to prevent further attacks from occurring, WAF Imperva was applied. The rollout was very fast due to the need for DNS notes only.

In the old days, we experienced many problems with denial of service attacks, and identifying them was very difficult because we did not have a WAF solution. After the deployment, the solution gave us the visibility we needed.

Anti-DDoS protection, as well as other protections like SQL injection, Cross-Site Scripting, and antiscanner. These types of protection are valuable to the business due to the daily attacks on our portals, and that often cannot be seen without a tool like this.

Imperva now offers add-ons to add functionality, but I would like to see these included in the product, even if it would cost more.

No issues with stability.

No issues with scalability.

Very good, although I have not had any problems so far.

No, this is the first solution I have used.

It was straightforward, very simple. I only entered the domain and Incapsula returned the DNS data that I needed to change for the protection to be configured.

I did not participate in the process of choosing the solution.

Only configure it by enabling all protections. This is very important for preventing attacks.

We use Incapsula as a firewall on our website which can block any suspicious attempts from the outside of the company. For example, if someone is trying to hack our website or put malware on it, it blocks them.

When I joined the company, one of our websites was hacked by malware (somebody put it on our website). The website went down for a long time. It took two weeks to clear the server and move everything: all the content, clean it, bring it up, and start again. By using this application, the firewall is blocking every suspicious activity and event. Now, we are safe. We have peace of mind that nobody will use malware on us or try to hack our website. With this application, we have some peace of mind that everything is blocked by Incapsula. 

1. I like to see the security. On the site security, I can see which countries have incidents, whether it was a robot attack, a real human user, or non-human user. For this feature, I like it because I can see information quickly without going into long logs and details. It is very comprehensive regarding what is going on behind the scenes on the website traffic.
2. The option saying activity launch. On the activity log, I can see the exact details, the visit, and the threat. If I click on the details, it shows me exactly where it came from, who the user agent is, and what page they tried to enter. Then, it gives me the session. Also, I have the option to put them on the blacklist or the white list. Therefore, I like this option because it is more detailed. If someone causes more than one of the incidents, then they are maybe suspicious, and we want to learn more about it. Here we can get the data, and under the data, we can see the IP addresses, therefore tracking and copying that IP address and putting it under IP lookup.
3. The dashboard is good and user-friendly. You can easily understand it, even if you don't have any prior knowledge. Looking at it, you can easily see what is happening because it is a very user-friendly menu and user interface. I don't come from this exact background, but it seems I am supposed to manage and work with this stuff. Because of the user interface, I can understand even without having prior knowledge or education of it.
4. The real-time option is cool as well. On the real time, you can see live traffic, which is flowing into our website. 

I am not sure if this application has a policy where you can create your custom policy and run it as our firewall. We should have some ability to also create some custom policy, then run it as a firewall. Maybe it is not relevant, but I think this would be a good option.

Some things previously happened where we moved one of our websites to a new host and new server, then we had difficulty putting in our user credentials to Incapsula because we could not find them. My boss was aggravated with the issue. I believe he contacted Incapsula and found out how to use the credentials for the website. They had changed the user interface a couple months ago. It was different than now. We had to put some information from the website domain to Incapsula login order to activate it, because they had changed the user interface.

It is a stable product.

It is not used at a high level, but we just put it in and configured it with our website. So, for the things that we have to run, it works just fine. I have no idea about any other scalability. However, it is just fine for the reason that we are using it.

I have never had a ticket with technical support, but I believe that they are supportive.

I was not involved with any solution in the company prior to Incapsula. When I came to this company, we were using this solution.

Someone else set it up.

An improvement has been to our website: It increases the speed of our response, the capacity of the site, and optimizes the bandwidth.

More than features, the complete solution is valuable for everything it delivers and the protection it offers.

Acquire it for all the benefits that this solution brings to organizations, especially nowadays, when we live in a technological era where the speed and response times of the different websites are valued so much.

Never.

None.

Technical support provides good, quick responses.

No.

Initial setup is very simple, since it is enough to change the servers in and out of the site to make it work.

Although the pricing can be a little high, it is worth the protection and security that it offers.

I only saw Cloudflare and Akamai, but the latter is very expensive.

It is an excellent product.

Protects and secures all our web sites.

• Learning mode.
• Custom policies.
• Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance.

The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year.

No issues with stability.

No issues with scalability.

10 out of 10 for local support, seven out of 10 for Imperva Professional Services.

Straightforward. Easy to install and config.

F5.

I rate it a 10 out of 10 because of the ability to apply real-time changes or creations, export and import applications learned, and it's very easy to use. It also features system logs or incidents, granular configuration in relation to a SIEM. It is the best product on the market, in my opinion. Cyber security leader.

It helped us to define wherever there was illicit traffic between our webs, and improved the control we achieved.

The ability to trace each connection, and to have logs to be able to differentiate between a positive and a false-positive intruder action.

It is handy to retrieve and download the logs to line up separate actions to identify possible intruder behaviour.

At that moment, I miss being able to integrate the dashboard with other BI tools we are using. We have to export and import data to be able to present it, and doing so is a lot of work.

Not at all. 

It was a bit pointless to know how many sites were offline every time a spot in the world decided to do maintenance, but we like it as we can handle worldwide issues, knowing what is going on there.

No issues at all, it fulfills our expectations in terms of scalability.

Great.

We had used many local, and some cloud-based solutions (like Azure, Advanced Nagios, Centreon). We switched for the scalability of the solution, the reporting features it has, as well as the availability to fine tune the solution. 

It was straightforward, but we had to fine tune it.

The initial setup blocked some cookies and data from our scrapers which, they said, they never received from us. We investigated and found the WAF was blocking them. It was a lot of work.

It's worth it. It's a fine solution for medium/big companies worried about attacks that happen in the wild.

Centreon and Azure.

My best advice could be, if you don't have the staff to carry out security in a proper way, have a tool do it, but use a specialized tool like this one, and don't re-invent the wheel.

Also, in our case, we soon realized that we needed an expert to fine tune it and to obtain all the features we wanted.

There is no need to have an in-house WAF to manage and maintain. We are now able to bring a new website live within minutes, without false positive alerts. It has Improved user/customer experience and website performance.

IncapRules is one of the most valuable features, as you can create your own security and access control rules on top of your security policy. Using IncapRules we were able to easily block Layer 7 DDoS attacks several times.

Real-time monitoring is also a great tool, as you may watch several parameters in real time.

It would be better if we were able to manage and apply changes to multiple websites/web applications, and search WAF logs for multiple websites, via the Incapsula dashboard.

The first year we faced one or two incidents, but since then we not had any stability issues.

No issues with scalability. You need not worry about scalability. Incapsula takes care of the CDN infrastructure and bandwidth volume, providing several enterprise "load balancing" features.

Incapsula’s support personnel is very good, positive, and most of them passionate. Sometimes a second-level support might be required for more complex requests. Additionally, you may see a slight delay in replying to support tickets, but you are able to contact them via phone for critical cases and prompt response.

We were using Akamai and we switched to Incapsula mainly due to the WAF effectiveness and total cost.

Not only the initial, but also the final setup, is straightforward.

For enterprise contracts you will be in touch with a dedicated account manager who will guide you regarding licensing.

We evaluated Akamai. Akamai had a bigger CDN network and probably better performance worldwide (especially on the Chinese mainland) but their WAF is very pure and not effective at all.

Go for it and request a free trial.