Imperva Application Security Platform Reviews

We are a premier partner with Imperva. We usually recommend Imperva Web Application Firewall (WAF) more because our customers sometimes get a better deal, and many already have Imperva solutions on-premises. We help them move to the cloud and other related tasks.

Customers enjoy the rules implemented in Imperva WAF, which are updated automatically any time a new breach is discovered. This eliminates the need for backend changes or manual updates, making the system straightforward.

The valuable features of Imperva WAF include its effective security breach prevention through automatically updating rules. The support team answers cases quickly as well.

The product's customization capabilities are a bit problematic, requiring support cases for backend modifications. 

Additionally, the handling of high-traffic volumes could be better, as it doesn't cut you off if you exceed your purchased traffic. Our clients like the guarantee that they won't be charged for exceeding traffic during peak periods. Users also need to be more attentive to false alerts, as the marketing might give a false sense of trust.

I have been dealing with Imperva for three years, while my company has been involved for more years.

Imperva WAF does not appear to handle high traffic volumes optimally during peaks as it only notifies clients if they exceed their purchased amount of traffic. However, it does not immediately cause any issue unless the excess persists over time.

Their technical support is rated nine out of ten. Support cases are answered quickly.

Positive

The setup is straightforward. Clients often manage it themselves, and no action is required on their end for implementation.

On occasion, we help our clients get on the cloud as part of our partnership with Imperva.

The pricing tends to be expensive. As premier partners, we get good deals, however, without such deals, it is usually quite costly. The cost also varies based on the plan that clients choose.

Imperva Web Application Firewall is recommended for companies needing a robust cloud-based solution. For on-premises versions, it might be considered outdated.

I'd rate the solution nine out of ten.

We use Imperva for our web applications that we have hosted to protect them.

With our deployment setup, the benefit is regarding the security and how threats have been blocked. It's not studied in terms of resources or speed. The threat prevention is the aspect we are monitoring.

Empower administration is user-friendly, and we do not need much for managing day-to-day operations. It is easy to use and has good security. Also, it is very customizable, especially for controlling web browsers and devices.

I would prefer AI integrations for user administration, visualization, log analytics, and risk analysis. If they can bring in generative AI features, that would be useful.

I am working with Imperva at the moment and have been using it for maybe six to seven years.

It's very stable. We haven't had any issues.

Scalability is not a problem since we have enough resources as it's an on-premises version.

We have escalated to tech support and it's quite good. I would rate them a seven point five out of ten.

We didn't use any WAF product before Imperva.

The initial deployment was seamless, and there weren't many complexities.

The deployment was done by a separate company within the company.

I do not have much understanding about F5 yet as I am currently evaluating their solution.

I suggest looking for a cloud-based solution rather than on-premises, which might improve availability, stability, and security.

I'd rate the solution nine out of ten.

I handled web application and database monitoring, including some DDoS work. I implemented Imperva for a top-five bank in Indonesia, monitoring their service and database activity.

Firstly, Imperva monitors all traffic, even customer access, to the web application. Then, Imperva uses features like signatures to identify attacks like cross-site scripting or SQL injection.

It's important to note, if you don't have dynamic profiling, you can use manual configurations. For instance, you can configure a text field on a website to limit input to only numeric characters and specific special characters. 

This helps protect against SQL injection, as these attacks often use special characters to try and break the website's security.

Imperva Cloud WAF would be the most powerful option. It uses cloud-based signatures, which are constantly updated. This is different from the on-premises version, where the signature updates might be less frequent.

Imperva has basic reporting templates. We can use those, and we can also create custom reports. However, customization is limited to labels and structure – we can't change the actual content of the reports. For that, we need to use Imperva Compass.

Overall, I would rate the user experience an eight out of ten, with ten being good experience. 

The signature updates could be faster. Sometimes we have to upload signatures to the Imperva portal for checking and analysis before we can use them.

I have some experience, but not with its on-premise solution. We used their cloud-based WAF, likely Incapsula.

I would rate the stability an eight out of ten. 

I would rate the scalability an eight out of ten. 

Sometimes the customer service and support response time is long. And sometimes, it is fast. 

Positive

The initial setup for Imperva isn't too difficult. We start with a script, setting up the IP, network, and gateway. Then, we inject the license and test on-site for monitoring our web application. 

If we're using dynamic profiling, we configure that, ensuring it works properly. After about one or two weeks, we begin fine-tuning and limiting form types.

The price is high compared to other solutions like FortiWeb.

I would rate the pricing an eight out of ten, with one being cheap and ten being expensive. 

I would recommend it. Overall, I would rate the solution an eight out of ten. 

At my previous workplace in the banking sector, we used Imperva WAF for the monitoring of our internet banking traffic, and we also used Imperva's DAM for the database activity monitoring.

Our deployment of Imperva WAF was situated on-premises and it was in use throughout the whole organization, which included around 3,500 clients.

Imperva Web Application Firewall has improved security of my organization through enhanced visiblity as well protecting malicious IPs, applications and unknown users as well.

The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network.

Imperva's product is very good, but when it comes to procuring the software in my country it can be somewhat expensive. I don't recall the exact amount, but in comparison with other countries it is a huge investment.

They recently separated the WAF and the DAM management gateways in order for each of these to be managed from different areas, so I believe it now requires additional investments for what was previously a single complete solution.

Although the vendor support from Imperva is not bad, getting a response from them can be a lengthy process at times.

I have used Imperva WAF for about three years. 

The stability is mature enough, in my experience. In fact, I would give it a 5/5 for stability.

Scalability-wise, there is one issue we encountered that I want to mention. At some point, Imperva, moved their account takeover prevention features from the on-premises edition to the cloud-based edition, and we discovered that this step would take yet another integration, seeing that we were using Imperva on-premises. These account takeover prevention features, however, were already part of our subscription, but since the features moved to the cloud, we missed out on them. So, in this sense, I would say the scalability strategy isn't as solid as it should be, and for this reason I would rate the scalability a 3.5/5.

On the other hand, when it comes to how many users we were able to scale up to, we actually had the whole organization using it, including around 3,500 clients in total.

The support from the vendor side could be improved because their response times weren't great and the process of obtaining the proper support was a long process sometimes. That said, the support itself was not bad.

Positive

The setup was actually quite an advanced process. It was a good experience, but all in all it took about one year to get everything fully set up, when you take all the fine-tuning activities and such into account.

We deployed the Imperva WAF with the help of organizations in South Africa who acted as consultants and implementation partners for Imperva. Our experience with them was good, and the full implementation required two professionals from the consultant's side and about five people from our own organization. The vendor itself was not part of the implementation process.

The pricing is somewhat expensive. It is actually a huge investment when compared to other countries.

Not only that, but Imperva went on to separate the WAF and DAM management gateways, making it so that each would have to be managed and licensed separately, incurring the cost of additional investments.

On a related note, there was another licensing issue we encountered where we had a subscription for account takeover prevention features, but these features had been moved by Imperva from the on-premises instance to the cloud. Since we had not moved to the cloud at that point, we did not have access to these features anymore.

I can highly recommend Imperva WAF for financial institutions. It's a good solution and I think it's important for financial institutions, particularly those who conduct online banking, to make use of a solid WAF such as this.

I would rate Imperva WAF a nine out of ten.

I use the solution in my company because one of our clients needs a tool that offers functionalities in areas like bot management and DDoS protection against attacks while specifically being able to manage attacks against their public servers by bots and against scraping. DDoS is useful for dealing with too many queries against a single entity since it can cause a business to lose revenue because the company cannot access its site.

The advanced bot detection capabilities and the reporting features in Imperva Bot Management have helped our client's organization by splitting up multiple requests from multiple IP addresses into legitimate and bad or inaccurate requests. The product also sets up the required rules and policies to block certain areas and allow what is needed.

At the moment, I am okay with the product. I haven't found something that needs to be improved yet.

I am not physically busy with any implementations associated with the product, but I will share the details of what is required in the solution with my team as soon as I figure out what is required in the solution.

Sometimes, it takes a bit of time for the technical staff of the solution to get back to our company with a resolution for our problems. The aforementioned area related to the product can an be considered for improvement.

I have been using Imperva Bot Management for two years. My company has a partnership with Imperva.

The stability of the product is good since I haven't had any problems with the solution.

The scalability of the product is high. I rate the product's scalability a ten out of ten. It is very easy to use the scalability features of the product, especially if the product is deployed on the cloud model, but it may be a different story if the tool is deployed on an on-premises model. The difficulty of using the scalability feature nude of the product arises when the client does not have the capacity to scale up.

My company deals with businesses of all sizes. One of my company's clients who uses the solution has five members and a large e-commerce environment. There are also enterprise-sized clients who use the solution.

Before I raise a question with the technical support team of the product, I have gone through all the necessary steps that I could try to resolve the issue, and I cannot go any further because of some knowledge and experience block. If I get in touch with the tool's L1 engineer, I am made to go through all the steps that I have already tried, which turns out to be a bit frustrating.

I rate the technical support a seven to eight out of ten.

Neutral

Considering the fact that I am a technical person, I rate the product's initial setup phase a nine on a scale of one to ten, where one is a difficult initial setup process, and ten is an easy initial setup phase.

The deployment can be done on a cloud, on-premises, or both models, depending on whether the product is used in a start-up or an old company.

The solution can be deployed in a couple of hours, depending on the information gathered from our company's clients. Sometimes, the deployment takes a couple of weeks because of the feedback my company gets from the client that is correct or when they take a long time to reply back to us. From Imperva's side, the deployment process is easy, but when dealing with our company's clients, the deployment phase may not be easy due to communication issues.

I rate the product price a four on a scale of one to ten, where one is a low price, and ten is a high price. The price of the product also depends on the cost of the tools offered by competitors like Radware or Citrix. Considering the current cost of Imperva Bot Management, I would say that the solution is priced correctly.

My company uses Imperva Bot Management to protect our web application against automated threats by using its areas like whitelisting and normal integration with services that are available from the tool's bot management side.

Imperva Bot Management has been effective in managing bots in both areas of our company, like our e-commerce platform and website.

The feature of Imperva Bot Management, which I found to be the most beneficial for identifying and mitigating bots in real-time, is that it helps to mitigate OWASP attacks and its abilities, like reporting data regions, going through various IP addresses, and figuring out the type of attacks.

Imperva Bot Management has impacted our company's clients' daily operations and user experience in terms of bot traffic handling since it has reduced the false positives while ensuring that it has the experience and ability to work on other problems faced by users easily. With Imperva Bot Management, I don't have to have one single person focusing on network outages or website outages because now Imperva can handle multiple queries.

Speaking about an example of a complex bot attack that Imperva Bot Management successfully mitigated, I can say that the tool did website scraping when there were over 1,00,000 queries created per second and figured out that it was a bot that was in areas like scraping and machine learning, after which the solution blocked the bot automatically and sent a notification to the administrator to say what was happening, post which the website was up and stable.

I rate the overall tool an eight and a half out of ten.

We mostly use it for protecting web applications from online threats like DDoS attacks.

The most valuable feature of Imperva, in addition to its strong knowledge base, is its effective protection for web applications. This is crucial because it shields web applications from attacks. Another notable feature is its use of artificial intelligence for better security. Additionally, Imperva offers simulation for studying infrastructure and hybrid infrastructure protection, which are beneficial for overall security. However, the standout feature remains its knowledge base, as, without adequate attack signature knowledge, security can be compromised.

One potential improvement for Imperva is enhancing its alert system. While the core functionality isn't a problem, there is room for improvement in terms of the alerts' depth and comprehensiveness. Specifically, having more detailed and informative alerts could be beneficial, especially for mobile users and individuals. This would enable better visibility into security issues and facilitate more effective troubleshooting, ensuring that critical information doesn't get overlooked. Additionally, Imperva could see improvement in its integrations with other solutions. Integrations, such as those with QRadar, can sometimes be a bit challenging, falling between not being extremely difficult but also not very easy. Simplifying and enhancing these integration processes could be valuable.

I have been using Imperva Web Application Firewall for three years.

It is a stable solution.

When it comes to scalability, Imperva Web Application Firewall could use some improvement. I would rate the scalability as a seven out of ten. Three people use the solution at our company.

The technical support from Imperva is generally good. While we haven't encountered major issues with Imperva, I have found their support to be reliable and helpful. There haven't been significant problems, and the support seems to meet your needs effectively. I would rate the support as a nine out of ten.

Positive

Installation of the new version of Imperva in my organization was straightforward. I worked with an Imperva specialist, and it went smoothly and it only took a day. Maintaining Imperva is a standard process and not difficult. It is a typical level of effort for software maintenance. We have a team of three people at our company who maintain it.

My advice for people considering using Imperva is that it is crucial to first define what you need from a security solution. Once their requirements are clear, you should thoroughly evaluate Imperva and its features to ensure it aligns with their needs. Based on my experience, I highly recommend Imperva and would confidently endorse this solution to others. Overall, I would rate Imperva Web Application Firewall as a nine out of ten.

We have details on the protection available in two key ways. We primarily see the use of WAF, specifically the CloudWAF, which is always active for application security. This ensures that everyone attempting to update the customer environment must go through the CloudWAF.

We often see customers opting for the on-demand option for DDoS protection as it’s more cost-effective. When a DDoS attack is detected, traffic is redirected through Imperva’s servers to be cleaned before being sent to the client. This on-demand option is particularly popular in my region. However, customers with the budget can choose Orizon, where traffic is continuously routed through Imperva’s scrubbing centers, which are among the largest in the world. 

For Linux protection, the most important feature is layer seven DDoS protection, which focuses on application-level threats. Imperva does offer layer three DDoS protection, but that's less common in my region. 

It is expanding its number of data centers for scrubbing traffic. Currently, there is only one POP for cleaning in South Africa. They might add another POP in North Africa, possibly in Nigeria or Egypt. Latency concerns customers, especially in regions like East and West Africa, where traffic has to travel to South Africa before returning. Increasing the number of POPs across the continent would help address these latency issues and improve overall service.

While the platform is already quite strong, there’s always room for improvement, especially in keeping up with emerging trends and new types of attacks. Enhancing security capabilities could be beneficial. Integrating more advanced AI features could significantly improve its effectiveness and help customers leverage these tools more effectively. It would be great to see more focus on AI integration to handle and analyze data more efficiently.

I rate the solution's stability a nine-point five out of ten.

Scalability is quite good. Imperva has an extensive global network with over fifty data centers, which supports their cloud platform's load balancing. As you increase the number of web servers, you can adjust your license to accommodate more throughput. Licensing is based on throughput, so as your needs grow, you can quickly expand your coverage accordingly.

Support is solid because it's a managed service. Everything runs smoothly, and I haven't encountered any issues with it.

It’s also available as a managed service, meaning local IT teams need less involvement. Through the managed services, most management is handled on the server side. This approach is effective and reduces the total cost of ownership by requiring fewer resources to handle attacks and related events.

Generally, it provides better security and offers more relief for security teams managing their applications. It simplifies things for architects, as layer seven protection is more reliable than traditional next-generation solutions, which may not cover this level of detail. With Imperva’s managed service, there's no need to worry about the payload size or complex settings, as the service handles these aspects effectively. 

The cloud platform excels in interface design, reporting, and support. It offers both executive and technical reports that are highly usable.

Overall, I rate the solution as ten out of ten.

We use the solution to protect applications.

Imperva has a complete picture of how the applications are utilizing it. It is handy. DDoS is good. It has an internally managed database. It is very easy to integrate. We have integrated it with SIEM services.

Apart from predefined templates, it would be helpful if the solution provided an option to customize any new rules or additions based on the requirement.

I have been using Imperva Web Application Firewall for three years.

I rate the solution’s stability an eight out of ten.

The tool is pretty scalable. Around 1,000 users are using this solution.

I rate the solution’s scalability an eight out of ten.

We have used Barracuda. We switched to Imperva because Barracuda was not user-friendly and didn't offer predefined data.

The initial setup is simple.

The product's pricing is flexible.

I rate the product's pricing a seven out of ten, where one is cheap and ten is expensive.

I recommend the solution.

Overall, I rate the solution an eight out of ten.