Imperva Application Security Platform Reviews

We are a premier partner with Imperva. We usually recommend Imperva Web Application Firewall (WAF) more because our customers sometimes get a better deal, and many already have Imperva solutions on-premises. We help them move to the cloud and other related tasks.

Customers enjoy the rules implemented in Imperva WAF, which are updated automatically any time a new breach is discovered. This eliminates the need for backend changes or manual updates, making the system straightforward.

The valuable features of Imperva WAF include its effective security breach prevention through automatically updating rules. The support team answers cases quickly as well.

The product's customization capabilities are a bit problematic, requiring support cases for backend modifications. 

Additionally, the handling of high-traffic volumes could be better, as it doesn't cut you off if you exceed your purchased traffic. Our clients like the guarantee that they won't be charged for exceeding traffic during peak periods. Users also need to be more attentive to false alerts, as the marketing might give a false sense of trust.

I have been dealing with Imperva for three years, while my company has been involved for more years.

Imperva WAF does not appear to handle high traffic volumes optimally during peaks as it only notifies clients if they exceed their purchased amount of traffic. However, it does not immediately cause any issue unless the excess persists over time.

Their technical support is rated nine out of ten. Support cases are answered quickly.

Positive

The setup is straightforward. Clients often manage it themselves, and no action is required on their end for implementation.

On occasion, we help our clients get on the cloud as part of our partnership with Imperva.

The pricing tends to be expensive. As premier partners, we get good deals, however, without such deals, it is usually quite costly. The cost also varies based on the plan that clients choose.

Imperva Web Application Firewall is recommended for companies needing a robust cloud-based solution. For on-premises versions, it might be considered outdated.

I'd rate the solution nine out of ten.

I handled web application and database monitoring, including some DDoS work. I implemented Imperva for a top-five bank in Indonesia, monitoring their service and database activity.

Firstly, Imperva monitors all traffic, even customer access, to the web application. Then, Imperva uses features like signatures to identify attacks like cross-site scripting or SQL injection.

It's important to note, if you don't have dynamic profiling, you can use manual configurations. For instance, you can configure a text field on a website to limit input to only numeric characters and specific special characters. 

This helps protect against SQL injection, as these attacks often use special characters to try and break the website's security.

Imperva Cloud WAF would be the most powerful option. It uses cloud-based signatures, which are constantly updated. This is different from the on-premises version, where the signature updates might be less frequent.

Imperva has basic reporting templates. We can use those, and we can also create custom reports. However, customization is limited to labels and structure – we can't change the actual content of the reports. For that, we need to use Imperva Compass.

Overall, I would rate the user experience an eight out of ten, with ten being good experience. 

The signature updates could be faster. Sometimes we have to upload signatures to the Imperva portal for checking and analysis before we can use them.

I have some experience, but not with its on-premise solution. We used their cloud-based WAF, likely Incapsula.

I would rate the stability an eight out of ten. 

I would rate the scalability an eight out of ten. 

Sometimes the customer service and support response time is long. And sometimes, it is fast. 

Positive

The initial setup for Imperva isn't too difficult. We start with a script, setting up the IP, network, and gateway. Then, we inject the license and test on-site for monitoring our web application. 

If we're using dynamic profiling, we configure that, ensuring it works properly. After about one or two weeks, we begin fine-tuning and limiting form types.

The price is high compared to other solutions like FortiWeb.

I would rate the pricing an eight out of ten, with one being cheap and ten being expensive. 

I would recommend it. Overall, I would rate the solution an eight out of ten. 

I use the solution in my company because one of our clients needs a tool that offers functionalities in areas like bot management and DDoS protection against attacks while specifically being able to manage attacks against their public servers by bots and against scraping. DDoS is useful for dealing with too many queries against a single entity since it can cause a business to lose revenue because the company cannot access its site.

The advanced bot detection capabilities and the reporting features in Imperva Bot Management have helped our client's organization by splitting up multiple requests from multiple IP addresses into legitimate and bad or inaccurate requests. The product also sets up the required rules and policies to block certain areas and allow what is needed.

At the moment, I am okay with the product. I haven't found something that needs to be improved yet.

I am not physically busy with any implementations associated with the product, but I will share the details of what is required in the solution with my team as soon as I figure out what is required in the solution.

Sometimes, it takes a bit of time for the technical staff of the solution to get back to our company with a resolution for our problems. The aforementioned area related to the product can an be considered for improvement.

I have been using Imperva Bot Management for two years. My company has a partnership with Imperva.

The stability of the product is good since I haven't had any problems with the solution.

The scalability of the product is high. I rate the product's scalability a ten out of ten. It is very easy to use the scalability features of the product, especially if the product is deployed on the cloud model, but it may be a different story if the tool is deployed on an on-premises model. The difficulty of using the scalability feature nude of the product arises when the client does not have the capacity to scale up.

My company deals with businesses of all sizes. One of my company's clients who uses the solution has five members and a large e-commerce environment. There are also enterprise-sized clients who use the solution.

Before I raise a question with the technical support team of the product, I have gone through all the necessary steps that I could try to resolve the issue, and I cannot go any further because of some knowledge and experience block. If I get in touch with the tool's L1 engineer, I am made to go through all the steps that I have already tried, which turns out to be a bit frustrating.

I rate the technical support a seven to eight out of ten.

Neutral

Considering the fact that I am a technical person, I rate the product's initial setup phase a nine on a scale of one to ten, where one is a difficult initial setup process, and ten is an easy initial setup phase.

The deployment can be done on a cloud, on-premises, or both models, depending on whether the product is used in a start-up or an old company.

The solution can be deployed in a couple of hours, depending on the information gathered from our company's clients. Sometimes, the deployment takes a couple of weeks because of the feedback my company gets from the client that is correct or when they take a long time to reply back to us. From Imperva's side, the deployment process is easy, but when dealing with our company's clients, the deployment phase may not be easy due to communication issues.

I rate the product price a four on a scale of one to ten, where one is a low price, and ten is a high price. The price of the product also depends on the cost of the tools offered by competitors like Radware or Citrix. Considering the current cost of Imperva Bot Management, I would say that the solution is priced correctly.

My company uses Imperva Bot Management to protect our web application against automated threats by using its areas like whitelisting and normal integration with services that are available from the tool's bot management side.

Imperva Bot Management has been effective in managing bots in both areas of our company, like our e-commerce platform and website.

The feature of Imperva Bot Management, which I found to be the most beneficial for identifying and mitigating bots in real-time, is that it helps to mitigate OWASP attacks and its abilities, like reporting data regions, going through various IP addresses, and figuring out the type of attacks.

Imperva Bot Management has impacted our company's clients' daily operations and user experience in terms of bot traffic handling since it has reduced the false positives while ensuring that it has the experience and ability to work on other problems faced by users easily. With Imperva Bot Management, I don't have to have one single person focusing on network outages or website outages because now Imperva can handle multiple queries.

Speaking about an example of a complex bot attack that Imperva Bot Management successfully mitigated, I can say that the tool did website scraping when there were over 1,00,000 queries created per second and figured out that it was a bot that was in areas like scraping and machine learning, after which the solution blocked the bot automatically and sent a notification to the administrator to say what was happening, post which the website was up and stable.

I rate the overall tool an eight and a half out of ten.

We have details on the protection available in two key ways. We primarily see the use of WAF, specifically the CloudWAF, which is always active for application security. This ensures that everyone attempting to update the customer environment must go through the CloudWAF.

We often see customers opting for the on-demand option for DDoS protection as it’s more cost-effective. When a DDoS attack is detected, traffic is redirected through Imperva’s servers to be cleaned before being sent to the client. This on-demand option is particularly popular in my region. However, customers with the budget can choose Orizon, where traffic is continuously routed through Imperva’s scrubbing centers, which are among the largest in the world. 

For Linux protection, the most important feature is layer seven DDoS protection, which focuses on application-level threats. Imperva does offer layer three DDoS protection, but that's less common in my region. 

It is expanding its number of data centers for scrubbing traffic. Currently, there is only one POP for cleaning in South Africa. They might add another POP in North Africa, possibly in Nigeria or Egypt. Latency concerns customers, especially in regions like East and West Africa, where traffic has to travel to South Africa before returning. Increasing the number of POPs across the continent would help address these latency issues and improve overall service.

While the platform is already quite strong, there’s always room for improvement, especially in keeping up with emerging trends and new types of attacks. Enhancing security capabilities could be beneficial. Integrating more advanced AI features could significantly improve its effectiveness and help customers leverage these tools more effectively. It would be great to see more focus on AI integration to handle and analyze data more efficiently.

I rate the solution's stability a nine-point five out of ten.

Scalability is quite good. Imperva has an extensive global network with over fifty data centers, which supports their cloud platform's load balancing. As you increase the number of web servers, you can adjust your license to accommodate more throughput. Licensing is based on throughput, so as your needs grow, you can quickly expand your coverage accordingly.

Support is solid because it's a managed service. Everything runs smoothly, and I haven't encountered any issues with it.

It’s also available as a managed service, meaning local IT teams need less involvement. Through the managed services, most management is handled on the server side. This approach is effective and reduces the total cost of ownership by requiring fewer resources to handle attacks and related events.

Generally, it provides better security and offers more relief for security teams managing their applications. It simplifies things for architects, as layer seven protection is more reliable than traditional next-generation solutions, which may not cover this level of detail. With Imperva’s managed service, there's no need to worry about the payload size or complex settings, as the service handles these aspects effectively. 

The cloud platform excels in interface design, reporting, and support. It offers both executive and technical reports that are highly usable.

Overall, I rate the solution as ten out of ten.

We use the solution to protect applications.

Imperva has a complete picture of how the applications are utilizing it. It is handy. DDoS is good. It has an internally managed database. It is very easy to integrate. We have integrated it with SIEM services.

Apart from predefined templates, it would be helpful if the solution provided an option to customize any new rules or additions based on the requirement.

I have been using Imperva Web Application Firewall for three years.

I rate the solution’s stability an eight out of ten.

The tool is pretty scalable. Around 1,000 users are using this solution.

I rate the solution’s scalability an eight out of ten.

We have used Barracuda. We switched to Imperva because Barracuda was not user-friendly and didn't offer predefined data.

The initial setup is simple.

The product's pricing is flexible.

I rate the product's pricing a seven out of ten, where one is cheap and ten is expensive.

I recommend the solution.

Overall, I rate the solution an eight out of ten.

We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping.

The solution should integrate with something that looks at continuous security management.

I rate the solution a nine out of ten for stability.

I rate the solution ten out of ten for scalability.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a nine out of ten.

The solution's full deployment took three days, and that was because the clients were unsure which public-facing services needed to be added on. Internally, the solution's deployment took around two hours.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a five out of ten.

Imperva DDoS has helped maintain website availability during an attack because we didn't even know there was an attack. Imperva DDoS was integrated into our existing security measures by using the easy configuration, which was making use of cloud platforms. All the SOC and SIEM integrations and notifications to instant response teams were easily integrated by email.

The solution's real-time threat detection works well and lets me know if something is happening on the management interface, where I spend most of my time.

The solution's scalability supported our client company's growing traffic needs. It started with a medium-sized web presence of 7,00,000 queries per second globally and has moved into tens of millions of queries per second. They are really benefiting from having to keep on spinning up additional security services rather than spinning up operational services.

The solution's reporting and analytics features have helped in understanding attack patterns. The solution helps in understanding who is targeting companies and from where. The solution also helps understand the types of attacks.

Some attacks are investigations where people search to see what is available. On other occasions, people try to write specific scripts to attack the front end to see if they can gain access to the back end. With the solution's reports, you can learn about the attacks and improve security where it's needed.

My experience in setting up and configuring Imperva DDoS for our client's environment was very good. I would recommend the solution to other users.

Overall, I rate Imperva DDoS a nine out of ten.

We mostly use it for protecting web applications from online threats like DDoS attacks.

The most valuable feature of Imperva, in addition to its strong knowledge base, is its effective protection for web applications. This is crucial because it shields web applications from attacks. Another notable feature is its use of artificial intelligence for better security. Additionally, Imperva offers simulation for studying infrastructure and hybrid infrastructure protection, which are beneficial for overall security. However, the standout feature remains its knowledge base, as, without adequate attack signature knowledge, security can be compromised.

One potential improvement for Imperva is enhancing its alert system. While the core functionality isn't a problem, there is room for improvement in terms of the alerts' depth and comprehensiveness. Specifically, having more detailed and informative alerts could be beneficial, especially for mobile users and individuals. This would enable better visibility into security issues and facilitate more effective troubleshooting, ensuring that critical information doesn't get overlooked. Additionally, Imperva could see improvement in its integrations with other solutions. Integrations, such as those with QRadar, can sometimes be a bit challenging, falling between not being extremely difficult but also not very easy. Simplifying and enhancing these integration processes could be valuable.

I have been using Imperva Web Application Firewall for three years.

It is a stable solution.

When it comes to scalability, Imperva Web Application Firewall could use some improvement. I would rate the scalability as a seven out of ten. Three people use the solution at our company.

The technical support from Imperva is generally good. While we haven't encountered major issues with Imperva, I have found their support to be reliable and helpful. There haven't been significant problems, and the support seems to meet your needs effectively. I would rate the support as a nine out of ten.

Positive

Installation of the new version of Imperva in my organization was straightforward. I worked with an Imperva specialist, and it went smoothly and it only took a day. Maintaining Imperva is a standard process and not difficult. It is a typical level of effort for software maintenance. We have a team of three people at our company who maintain it.

My advice for people considering using Imperva is that it is crucial to first define what you need from a security solution. Once their requirements are clear, you should thoroughly evaluate Imperva and its features to ensure it aligns with their needs. Based on my experience, I highly recommend Imperva and would confidently endorse this solution to others. Overall, I would rate Imperva Web Application Firewall as a nine out of ten.

Imperva Web Application Firewall can improve by adding more features to the dashboard. increasing the visibility of the real-time events, besides configuring the administration itself. 

The automatic reporting system is good, but it needs more templates. For example, better made for the management and for system admins, and monitoring teams. This would be great. 

 We want to send any configuration change automatically to the management. However, I think the automatic reporting feature is not enabled on Imperva. We had to instead look at the audit log for the last 24 hours, check and generate the report to send to the management. 

I have been using Imperva Web Application Firewall for approximately three years.

Imperva Web Application Firewall is a highly stable solution and is very mature.

The price of Imperva Web Application Firewalls is expensive compared to others.

We stopped using Imperva Web Application Firewall mostly because at the time we need to upgrade our devices to the latest version. After four years, we didn't pay the license for the solution because we were updating our team solution also. After one year, when we tried to upgrade it, Imperva ask us for the last one-year license renewal and they didn't accept our devices. They wanted us to purchase the new versions for approximately $859, which was too expensive for our budget. The cost with implementation is approximately $2,000,000 because we were expected to deploy eight devices. There were other products that were cheaper and they could meet our mandatory requirements.

If companies want to use Imperva Web Application Firewall they will need to place their bids and they might have a budget for the solution it is a good solution.

I would recommend this solution to others.

I rate Imperva Web Application Firewall a nine out of ten.