IT Central Station is now PeerSpot: Here's why

Imperva DDoS OverviewUNIXBusinessApplication

Imperva DDoS is #1 ranked solution in top CDN tools, #2 ranked solution in top Distributed Denial of Service (DDOS) Protection tools, and #6 ranked solution in top Web Application Firewalls. PeerSpot users give Imperva DDoS an average rating of 8 out of 10. Imperva DDoS is most commonly compared to Cloudflare: Imperva DDoS vs Cloudflare. Imperva DDoS is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 26% of all views.
Imperva DDoS Buyer's Guide

Download the Imperva DDoS Buyer's Guide including reviews and more. Updated: June 2022

What is Imperva DDoS?

Imperva DDoS is a solution that offers protection for web applications and websites and all their associated business-critical data from cyberattacks. The cloud-based application delivery service helps improve user experiences by improving their performance. Through its security platform, Imperva DDoS also provides DDoS mitigation, a web application firewall, and a global load balancer, and includes a content delivery network — all designed to maximize performance.

Imperva DDoS Features

Imperva DDoS has many valuable key features. Some of the most useful ones include:

  • API security
  • Web application firewall
  • Bot management
  • Application delivery
  • Runtime protection (RASP)
  • Discovery and assessment
  • Data protection
  • Data risk analytics
  • Data privacy
  • Application delivery control (ADC)
  • Content delivery network (CDN)
  • DDoS mitigation
  • Global server load-balancing (GSLB)
  • Web application firewall (WAF)
  • Client-side protection
  • Runtime protection

Imperva DDoS Benefits

There are several benefits to implementing Imperva DDoS. Some of the biggest advantages the solution offers include:

  • Reduce web application risk: Imperva DDoS includes automatic policy creation and fast rule propagation that give your IT and security departments the ability to use third-party code without risk while working at the pace of DevOps.
  • Security from edge to database: Imperva DDoS’s WAF feature secures from edge to database, so the traffic you receive is only the traffic you want.
  • Safeguard sensitive and personal data: Imperva DDoS provides visibility into sensitive and personal data, with the controls to protect that data and the ability to unify management across cloud, on-premises, and in hybrid environments to help accommodate changing threats, new regulations, and challenging audits.

Reviews from Real Users

Below are some reviews and helpful feedback written by Imperva DDoS users.

PeerSpot user, Etienne W., CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel, says, “It is a good solution that allows us to protect websites. It is stable, scalable, quick and easy to use.” He goes on to explain, “WAF protection works almost out-of-the-box. The Anti-DDoS mitigation in less than 1s, I saw it many times in production, I can say it works. CDN has high performances, and the Smart Caching mode is really "smart" (you can do some efficient caching even if you're not a specialist). Its unique interface for managing security performance and ease of use are the most valuable features of this solution."

An IT Senior Manager at an outsourcing company mentions, “The most valuable features are DDoS protection. The Incapsula [Imperva DDoS] environment helps us monitor all the web activity. All the web activity is passed through their WAF cloud services, then that can help us to monitor those activities. That can help protect against DDoS hacking.”

Another PeerSpot reviewer, Ben D., Sales Executive at EVVO LABS, comments, "Imperva Incapsula [DDoS] has many valuable features. One, it protects the top 10 OWASP vulnerability, the open web application software platform, this is standard. Secondly, it protects against broken authentication. As well, it has remote execution of code."

A Solutions Architect at a financial services firm states, “The solution's most valuable aspect is that it is easy to configure. The solution keeps itself up to date itself and there's no customization that we need to do. It makes it extremely easy and cuts back on the amount of work required, and saves us on man-hours.”

Imperva DDoS was previously known as Imperva Incapsula.

Imperva DDoS Customers

Hitachi, BNZ, Bitstamp, Moz, InnoGames, BTCChina, Wix, LivePerson, Zillow and more.

Imperva DDoS Video

Imperva DDoS Pricing Advice

What users are saying about Imperva DDoS pricing:
  • "It is not expensive compared to the other similar solutions in this category."
  • "It is a very expensive solution. The price is very high. A lot of customers tell us that they would love to use Imperva more. I have some customers who have 50 websites, but they have only 10 websites on Imperva because of the price. They would love to have all their websites running through Imperva, but they can't. They have to choose the more critical websites to protect because the price is very high. It is a very good product, but it is too expensive. If you buy a plan for 20 megabytes and you don't consume all of your 20 megabytes, it is okay, but if you consume more, you are charged for the superior traffic."
  • "The license is on a yearly basis."
  • "Varies depending on the needs of the customer."
  • "The cost is somewhere around $10,000 a site. For every site, you pay individually. For every DNS entry, you have you pay."
  • "Pricing could be more competitive."
  • Imperva DDoS Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Application Security Engineer at a insurance company with 10,001+ employees
    Real User
    Top 5Leaderboard
    There is not too much to know but that it is one of the best products of this type that you can get
    Pros and Cons
    • "There is no need to have an appliance in house for the services because it is on the cloud."
    • "Certificate management could be improved."
    • "The product could use a broader scope in the area of policies."

    What is our primary use case?

    We are using it as an application-delivery platform for our entire organization.  

    What is most valuable?

    The most valuable feature is that it is cloud-based and we do not need to have an appliance for it in house.  

    What needs improvement?

    I do not see any big problems with the product. Imperva has had a lot of experience developing this product platform and it seems appropriate for my use cases. There are a few places where it can be improved.   An area of improvement that I was looking for in Incapsula at this moment is enhancing the policy levels. For my purposes, I think there are too few policies. The product and what is included may be good, but it has to be improved further in the area of policies.  Another area that could do with improvement is certificate management. I do not like the way that incapsula handles certificates very much. It needs to be changed or drastically improved to be more fluid.  We have to be conscious of the architecture updates. Updates for the application architecture may break the existing protection application if we have made any changes. It does not seem that this should be so big of a concern for the end-user and could be handled better.  

    For how long have I used the solution?

    We have been using Imperva Incapsula for six months.  
    Buyer's Guide
    Imperva DDoS
    June 2022
    Learn what your peers think about Imperva DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    610,190 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The stability of the product is not usually the issue. Any stability issues would have to do more with extraneous factors.  

    What do I think about the scalability of the solution?

    We need to know more about the scalability ourselves. We are working on it now to see what we can do. The scalability is inherently good because it is on the cloud. There is nothing much to worry about with the scalability part. But the hands-on experience with it is something we are still exploring.  There seems to be no limit to scaling the product from the perspective of adding applications. We just put our product on the market. Until and unless the users complain to us, then we will not know if there are growing pains. It is too early in our experience with the product to get the kind of feedback that we need from them.   We have had only one serious issue after onboarding 50 applications. For one application, we have had some performance and stability issues. It was just one time over the last six months where the problem was affecting the stability. For that one application, we had severe performance issues, and we rolled it back. We are still investigating that issue. We do not know the reason yet that we had a problem with it. We do not know how many of the applications that we try to work will present problems like that. I saw problems with only two applications in total. One is application had an issue with image loading which was not as severe, and the other one was for performance issues. The performance issue was effecting web services.   Scaling, as far as the number of users, is another type of scalability. Ultimately everybody who uses our services uses Incapsula in a sense by the end of the day. This is because every application has to go through Incapsula.  We are also having to look at our own environment when considering scalability and trying to take Incapsula forward as far as we can with expansion. We have some issues with our infrastructure. All the infrastructure is not always optimally compatible with Incapsula. Because our infrastructure is not fit for Incapsula due to various reasons, we are working to resolve those issues. Those are not major things, but they are important to resolve and continue to scale, so we are working on it. It will take some time to identify everything and optimize the system. For example, if we implement something like having multiple authentications it comes with new challenges. In the end, it improves what we offer, but there are issues to consider along the way, and even before the implementation. 

    How are customer service and support?

    The tech support people are good. They are very good.  

    Which solution did I use previously and why did I switch?

    For web application firewalls we are actually currently using more than one solution. We are using both Imperva and AWS. Which solution that we use depends upon the environment and depends on the situation. So we are using both solutions but for different situations when there is an advantage to using the capabilities of one product over the other.  

    How was the initial setup?

    Installation is not complex. It is pretty straightforward.  

    What about the implementation team?

    We have two people who we use for the deployment of updates and also maintaining this solution. They are part of our team and not from the vendor or other consultancy.  

    What's my experience with pricing, setup cost, and licensing?

    In my opinion, Imperva Incapsula is not expensive compared to the other similar solutions in this category.  

    What other advice do I have?

    I have some advice for people who are considering using Imperva. When onboarding an application, they need to be careful with their other infrastructure and systems. The concern is in part to make sure they do not have conflicts. There has to be proper authentication for authorization and the RSA (Rivest, Shamir, and Adelman, data security). During the execution of the task of onboarding, they need to be a little careful to make sure that is not creating an outage.  So what I would recommend to anyone onboarding an application is that they need to go through the architecture of the application thoroughly before implementing the solution. Do not rush to the end to get it done.  The best way to implement anything is by taking steps to avoid problems beforehand to end up with a result that has fewer issues.  On a scale from one to ten (where one is the worst and ten is the best), I would rate Imperva Incapsula as the number one solution. There is not too much to know about it but that it is one of the best products of this type that you can get. But on a scale of one to ten, I give it a nine-out-of-ten because it is not perfect, as good as it is.  

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Etienne WEHRLE - PeerSpot reviewer
    CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
    Real User
    Top 5Leaderboard
    A good solution that allows us to protect websites. It is stable, scalable, quick and easy to use
    Pros and Cons
    • "Its unique interface for managing security performance and ease of use are the most valuable features of this solution."
    • "The weakest point of Imperva is their first level of support, which should be improved. They should also improve the access and security logs viewing directly on the portal. I would like to see better access and security logs through the portal and not only through a SIM solution. Currently, if you want to explore your access and security logs from Imperva, you need a SIM tool or a SIM infrastructure on your side to do it. You can't do it manually or directly through the portal, which is a big problem for us. I had a call yesterday with Imperva for the roadmap, and I just told them this. They agreed that this is an improvement point from their side."

    What is our primary use case?

    We use it to protect websites against application threats and DDoS attacks. Because it is a cloud solution, we always have the last version. I don't need to update or upgrade. 

    We are a partner of Imperva. Imperva doesn't sell directly to customers, so they have to pass through vendors and partners like us. All of my customers have different levels of services with Imperva.

    How has it helped my organization?

    We can protect our customers with Imperva solution very quickly, it's highly appreciated by our customers.  We trust the solution because we saw a lot of blocked attacks, so once the customer website is protected, we don't worry about the security of his acces, it's all managed by the solution.

    What is most valuable?

    -WAF protection works almost out-of-the-box

    -Anti-DDoS mitigation in less than 1s, I saw it many time in production, I can say it works

    -CDN has high performances, and the Smart Caching mode is really "smart" (you can do some efficient caching even if you're not a specialist)

    -It's a unique interface for managing security and performance aspects, we don't need to go through multiples providers to manages these aspects.

    What needs improvement?

    The weakest point of Imperva is their first level of support, which should be improved. 

    They should also improve the access and security logs viewing directly on the portal. I would like to see better access and security logs through the portal and not only through a SIEM solution. Currently, if you want to explore your access and security logs from Imperva, you need a SIEM tool or a SIEM infrastructure on your side to do it. You can't do it manually or directly through the portal, which is a big problem for us. They agreed that this is an improvement point from their side.

    For how long have I used the solution?

    I have been using this solution for four years.

    What do I think about the stability of the solution?

    It is very stable. I have used this solution for more than 20 customers, and each customer has a lot of websites. I have seen some network outages or things like that over the last four years, but I can say it is very stable.

    What do I think about the scalability of the solution?

    Scalability is not a problem because it is a cloud. The provider manages this aspect for me.

    How are customer service and technical support?

    This is the weakest point of Imperva. They have some very good technicians but not at the first level of support. I have already told them this several times. Each time I meet or talk to a chief or director, I say, "Your product is very good, but your support is not at the same level." I provide support to my customers for their solution. So, I know what the customers expect and how to address this kind of expectation. They need some improvement at this level.

    How was the initial setup?

    The initial setup is very easy and quick. You can put the protection live in less than 10 minutes if you need it.

    What's my experience with pricing, setup cost, and licensing?

    It is an expensive solution. The price is high as the level of service and security provided is high. A lot of customers tell us that they would love to use Imperva more. I have some customers who have 50 websites, but they protect only 10 websites on Imperva because of the price. They would love to have all their websites running through Imperva, but they can't. They have to choose the more critical websites to protect because the price is very high. It is a very good product, but it is expensive.

    If you buy a plan for 20 megabytes and you don't consume all of your 20 megabytes, it is okay, but if you consume more, you are charged for the superior traffic.

    What other advice do I have?

    I would recommend this solution because I have also used different WAF and DDoS solutions. For me, it is the best solution available. It is quite simple to do the configuration. You can do whatever you want. If you know the product, you can do fine-tuning and have the configuration that you need. You need the knowledge to do this, but you can do this, and it works. Even though it is a high-cost solution, it is easy for me to sell it to customers because I know it will work. I get a little bit stressed about some of the other solutions because I don't trust those solutions like I trust Imperva. 

    I would rate Imperva Incapsula an nine out of ten. It is quite a good solution. They can do some improvements, but it is quite a good solution.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Buyer's Guide
    Imperva DDoS
    June 2022
    Learn what your peers think about Imperva DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    610,190 professionals have used our research since 2012.
    IT Senior Manager at a outsourcing company with 10,001+ employees
    Real User
    Enables us to monitor all web activity, which is passed through WAF cloud services
    Pros and Cons
    • "The most valuable features are DDoS protection."
    • "Incapsula services also provides load balancing services for their service IP address environment. So far, with monitoring their services, the IP address was only changed once."

    What is our primary use case?

    All our web services go to the Incapsula cloud application environment for monitoring on the production service.

    All the web application protection is under Incapsula because they provide the WAF protection services. Our web services are registered under their cloud environment so all our customers visit our web services. All the web services are under the web application firewall protector.

    I think it's from their own cloud solution. I don't think the cloud solution is from Amazon because the IP address does not belong to Amazon. It belonged to Incapsula themselves, so their solution is under their own network cloud environment. Our own data center environment is using the Incapsula cloud service. I think it's a hybrid cloud to include all the private and the public services.

    What is most valuable?

    The most valuable features are DDoS protection. The Incapsula environment helps us monitor all the web activity. All the web activity is passed through their WAF cloud services, then that can help us to monitor those activities. That can help protect against DDoS hacking.

    For how long have I used the solution?

    We started implementing WAF under Incapsula in 2019 or 2020.

    What do I think about the stability of the solution?

    It's very stable because Incapsula services also provides load balancing services for their service IP address environment. So far, with monitoring their services, the IP address was only changed once. Their services are very stable.

    What do I think about the scalability of the solution?

    We implement the WAF production environment, or the web services, which is needed to provide traffic to the customer. We implement those services under the Incapsula WAF protection. 

    We have about one thousand people using the solution globally.

    How are customer service and support?

    If the scale is 1 to 10, technical support is a 9. Our global service team is more than 10 people. We have a whole Incapsula service team as well as our all global staff team.

    Which solution did I use previously and why did I switch?

    We are using our own firewall with the web application services. We used our own firewall before implementing with Incapsula, but we are also implementing it now under Incapsula cloud solutions.

    How was the initial setup?

    It's very simple because the domain name service is done with the CNAME. We just registered back in our DNS environment. After that, if the domain is resolved by our customer, then they will resolve the domain name which is provided by the Incapsula environment. That means all the network traffic will go through the Incapsula cloud services, and all the network activity can be monitored and protected by Incapsula WAF.

    Deployment is simple and very fast. After they define the domain and service, we do some changes, and it takes within one hour. Within 15 minutes, it can transfer all the services from our site. All the network routing paths will pass through the Incapsula WAF cloud environment. It's very fast.

    What's my experience with pricing, setup cost, and licensing?

    The license is on a yearly basis.

    What other advice do I have?

    I would rate this solution 9 out of 10.

    Because of all these services, you need to look at the company's services budget. If you have the budget and you can implement the web application for tech, or if you just want to move to the cloud, or you're just using your own firewall to do all those protections, Incapsula is a good option. This one just depends on the IT infrastructure budget in your own company or environment.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Sales Executive at EVVO LABS
    Real User
    Top 20
    Protects against broken authentication
    Pros and Cons
    • "Imperva Incapsula has many valuable features. One, it protects the top 10 OWAS vulnerability, the open web application software platform, this is standard. Secondly, it protects against broken authentication. As well, it has remote execution of code."
    • "Imperva always needs to adjust to new versions of cyber attacks, it needs to be faster, improve the resiliency of the software of the solution."

    What is our primary use case?

    Previously I was in software development for more than 15 years. I had developed web applications for internet and cable TV companies. Now, I am a sales executive for Imperva Cloud WAF. 

    Imperva Cloud WAF, previously Imperva Incapsula, is a web application firewall that is implemented in the cloud. It protects a public facing web application. It will track if a hacker is doing brute force attack. The web application firewall will detect it and block the source. This could be an IP address or the main name specific for a country. You can then update the profile of your server to block those IP addresses where the attack is coming from .

    We have placed Imperva Cloud in our client's employee self service system that they are logged into. The website is protected by Imperva so that employees and customers can log in all over the Philippines. The client is a power generation company, which is a critical service, and has branches all over the Philippines.

    We partner with a couple of on-premise data centers in the Philippines, one is PIM. They also provide cloud solutions. We bundle our solutions into their cloud projects.

    What is most valuable?

    Imperva Incapsula has many valuable features. One, it protects the top 10 OWAS vulnerability, the open web application software platform, this is standard. Secondly, it protects against broken authentication. As well, it has remote execution of code.

    What needs improvement?

    Imperva always needs to adjust to new versions of cyber attacks, it needs to be faster, improve the resiliency of the software of the solution.

    For how long have I used the solution?

    I have been using Imperva Cloud WAF for three years.

    What do I think about the stability of the solution?

    Imperva is stable. Based on Gartner's survey we are top three, meaning we are reliable based on customer feedback.

    What do I think about the scalability of the solution?

    This is a scalable solution. We have data centers all over the world. The solution can be set up to be optimized wherever the clients are accessing.

    How are customer service and support?

    Technical support has good response time. I am also the liaison officer for the technical team in Singapore. Support responds quickly and they do attend to the issues that we raise to them.

    How was the initial setup?

    The implementation of Imperva Cloud WAF is easy. All you need to do is change the DNS settings, because it is a cloud solution there is no appliance that you need to install at the data center. It just changes the DNS settings, and then a couple of IP address and domain name settings to allow a couple of those IP addresses and domain names settings into the firewall of the client and the firewall of Imperva.

    The actual installation will only take a few hours and then full implementation within 24 hours. The initial setup takes time because of the configuration on the client-side. We prepared a questionnaire for the client to assist with preparation.

    What was our ROI?

    We created a cross-comparison against hiring a team of cybersecurity staff versus getting a subscription. After using Imperva Cloud for the past three years the cost is already acceptable against hiring a team.

    What's my experience with pricing, setup cost, and licensing?

    The price depends on the client's needs, it will be impacted depending on whether they need diverse production, or account take over for example.

    There is an initial four package bundle with the price changing monthly.

    What other advice do I have?

    I would rate this solution an 8 out of 10.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Solutions Architect at a financial services firm with 201-500 employees
    Real User
    Easy to configure, simple to set up, and quite stable
    Pros and Cons
    • "The solution's most valuable aspect is that it is easy to configure."
    • "The log analytics interface within Incapsula isn't really good. For example, if you have to get all logs from there, it's a very cumbersome process."

    What is our primary use case?

    We are using the solution as a WAF. Beyond that, I can't divulge too much information about the details surrounding how we use the solution as part of a confidentiality agreement we're under with clients.

    What is most valuable?

    The solution's most valuable aspect is that it is easy to configure. 

    The solution keeps itself up to date itself and there's no customization that we need to do. It makes it extremely easy and cut back on the amount of work required, and saves us on man-hours.

    The initial setup is fairly easy.

    What needs improvement?

    The log analytics interface within Incapsula isn't really good. For example, if you have to get all logs from there, it's a very cumbersome process.

    The solution doesn't seem to come with any other additional features. There are other products in the market today that give you an overall network perimeter protection. Incapsula is good for what it is, but it can expand its horizon a lot if it decides to include more network perimeter protection features and capabilities. It needs items, for example, at endpoints and some sort of firewall that can work at multiple levels. Items of that nature will really bump up the security and make it a much better product.

    For how long have I used the solution?

    We've been using the solution for a while now. It's been about three or four years at least.

    What do I think about the stability of the solution?

    The solution is fairly stable. I don't think we've had to deal with crashes of the system. There aren't bugs and glitches. We find it to be reliable.

    What do I think about the scalability of the solution?

    We haven't had any issues with the scalability the solution provides. If a company needs to scale this product they can do so pretty easily.

    How are customer service and technical support?

    I've never contacted technical support, and I'm unsure if anyone on my team has, either. I wouldn't be able to speak to the quality of service they provide.

    How was the initial setup?

    The initial setup was not complex at all. It was pretty straightforward.

    The deployment of the solution, which included the design phase of the process, took a few months to complete.

    We have our own in-house team that handles any maintenance that needs to happen on an ongoing basis.

    What other advice do I have?

    We're simply a customer. We don't have a business relationship with the company at this time. We use the product ourselves. We aren't resellers or integrators.

    I'd advise other companies, based on the scale of the organization and complexity, that if one has to choose a product, a company cannot choose a product from someone else's say so. It would depend on how complex their network design is. If it's fairly simple, then there's only one thing they need there. Multiple layers mean that this solution may not be the right product. A company has to do the research to find out if there are other products that are offering more of what they want, according to their unique requirements.

    I'd rate the solution eight out of ten. If the solution was a bit more complete, and offered, for example, perimeter protection, I would give it higher marks.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Vice President, Global IT Security at a insurance company with 5,001-10,000 employees
    Real User
    Top 20
    Scalable, with good protection on offer and stable performance
    Pros and Cons
    • "The solution is very good at intercepting traffic before it gets to our data centers."
    • "The salespeople tend to exaggerate its capabilities, which can cost you money if you don't verify the information."

    What is our primary use case?

    We primarily use the solution for all our corporate websites for port 80 and 443 redirect and protecting all the web pages that we have in our environment.

    What is most valuable?

    The solution is very good at intercepting traffic before it gets to our data centers. It saves us some security hits and top-level bad guy stuff. It's very good at protecting us. It keeps anything malicious off of our infrastructure.

    What needs improvement?

    We did have a major complaint, however, they fixed it after about a year and a half of complaining. It's not a problem anymore. I don't recall really having any issues with the solution beyond what they have fixed.

    The salespeople tend to exaggerate its capabilities, which can cost you money if you don't verify the information.

    For how long have I used the solution?

    I've dealt with the solution for two years at this point.

    What do I think about the stability of the solution?

    The stability of the solution is very good. I've never heard of any outages that I'm aware of. It doesn't crash or freeze. There aren't bugs or glitches. It's reliable.

    What do I think about the scalability of the solution?

    The scalability is just based on the number of licenses and in our case, we've maxed out our licenses. They are extremely expensive, and therefore it would be costly to scale.

    How are customer service and technical support?

    I haven't had to call technical support, however, from what I've heard, they're okay. They are not great, not bad, just right down the middle.

    How was the initial setup?

    The infrastructure team did all the certificates on that side. My team took care of security. It's the security settings we set up. There was a lot of complexity in the initial configuration based on our proprietary apps and having to disable or change some settings to allow some stuff to work. That's kind of a normal thing. No matter what WAF you would have, you'd have the same issue.

    What's my experience with pricing, setup cost, and licensing?

    The licensing of the solution is quite high. Licenses are quite expensive. I'm not sure if they really offer the value that they ultimately charge.

    The cost is somewhere around $10,000 a site. For every site, you pay individually. For every DNS entry, you have you pay.

    What other advice do I have?

    We are just customers and end users.

    We're using the WAF. It's the web-based version. Whatever's the current and newest version is what we're using.

    I'd advise potential new users to not believe salespeople. That's kind of a standard thing across the industry, however, we were told one thing at the sales side, and then, after we purchased, it was not true what they said. That's extremely disappointing as it actually costs us tens of thousands of dollars more due to the fact that what they said could happen, how their licensing model works, doesn't work the way the sales guy said. That's a giant disappointment.

    Overall, the solution does what it says it will do. I'd rate it at an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Solutions Architect at a tech services company with 51-200 employees
    Real User
    Features that outperform it's competitors, easy to scale, reliable, and responsive support
    Pros and Cons
    • "It's very pretty easy to onboard the URL."
    • "It would be beneficial to include vulnerability management in the solution, similar to what they have for their on-premise solution."

    What is our primary use case?

    We offer implementation services for our customers.

    Most customers use Imperva Incapsula to protect themselves from WAF attacks. If they need an application load balancing, whether it is on a single data center or if they have a B2B extension. Also, if they need protection from the bots. Imperva has all of those functionalities.

    What is most valuable?

    It's very pretty easy to onboard the URL. One of the unique features included with Imperva is its advanced bot protection. In addition the base licensing modules with most of the features.

    In terms of features, Imperva is quite good; it outperforms its competitors.

    What needs improvement?

    Pricing could be more competitive.

    It would be beneficial to include vulnerability management in the solution, similar to what they have for their on-premise solution.

    For how long have I used the solution?

    I have been working with Imperva Incapsula for more than three years.

    I have been using the latest update.

    What do I think about the stability of the solution?

    The stability is quite good. It has an uptime of 99%. None of our customers have complained about its uptime and its availability.

    What do I think about the scalability of the solution?

    The majority of our customers are enterprise businesses, with some SMB, but it depends on their budget, as well as their needs, and whether it is for security or compliance purposes.

    Imperva is quite expensive for organizations that use it for compliance purposes. Other WAP solutions, such as Fortinet or Barracuda, which are slightly less expensive than Imperva, will be considered.

    Imperva Incapsula is easy to scale.

    How are customer service and support?

    I believe that Technical support is 24/7. They are also very quick to respond via email.

    Which solution did I use previously and why did I switch?

    We work with all of the Imperva solutions from the database, monitoring tools, and the web applications firewall.

    How was the initial setup?

    The initial setup Is quite simple and straightforward. We only have seven steps to follow. It's a very simple and straightforward process.

    If the customer agrees to a DNS sense, it will take no more than 10 to 15 minutes.

    Imperva is responsible for maintenance.

    What's my experience with pricing, setup cost, and licensing?

    Incapsula is a SaaS (software-as-a-service) provider. Anyone can do the applications, but you must subscribe to the service.

    Pricing is a challenge for most of our customers.

    What other advice do I have?

    I cannot provide a comparison because I have not worked with any other vendors.

    I would recommend this solution to others because it is pretty simple to implement, and you don't need a dedicated WAP technician to maintain this solution. 

    Anyone in the organization can easily implement it, and it can be maintained with a little application knowledge. On the application side, you do not need to be a subject matter expert it is not necessary.

    I would rate Imperva Incapsula a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    LuisRodriguez1 - PeerSpot reviewer
    Support Manager at Sefisa
    MSP
    Top 5Leaderboard
    Reports are easy to configure with good graphics; tech support is knowledgeable
    Pros and Cons
    • "There are quite a few useful Imperva Incapsula features. For example, one of them is the reports. The graphics are very good and it's easy to configure. The whole process is very fast and reliable too. They have good tech support as well."
    • "Users would benefit from better documentation. There is official documentation, but sometimes we need more detail. We have some use cases that are not so run of the mill. It would be great if there was a knowledge base that we could go to for more answers."

    What is our primary use case?

    Our customers have a number of use cases for Imperva Incapsula. Some use it to protect their APIs and others for its DDoS features. 

    What is most valuable?

    There are quite a few useful Imperva Incapsula features. For example, one of them is the reports. The graphics are very good and it's easy to configure. The whole process is very fast and reliable too. They have good tech support as well.

    What needs improvement?

    Users would benefit from better documentation. There is official documentation, but sometimes we need more detail. We have some use cases that are not so run of the mill. It would be great if there was a knowledge base that we could go to for more answers.

    The price could also be more reasonable. The price should at the very least be adjusted for different parts of the world. For example, here in Latin America, our budgets are very different than those for projects in the United States or Europe. It would be really positive if we could get the product at a more affordable price as we are customers with lower budgets without sacrificing features or capabilities of the solution.

    For how long have I used the solution?

    I have been using Imperva Incapsula for about three years. It's a solutions I recommend to my customers. 

    What do I think about the stability of the solution?

    This is a very stable solution. 

    How are customer service and support?

    I like their support. The times we have asked for their help, they have been very accurate at giving answers.

    How was the initial setup?

    The initial setup is easy. It can take maybe half an hour due to the propagation of the DNS name on the server. However, setting up one Imperva website is very easy. You just have to wait for the DNS to refresh on the other DNS server and that's it.

    What other advice do I have?

    I would encourage people to implement Imperva Incapsula. I think it is a very mature, easy to use, and reliable solution.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Buyer's Guide
    Download our free Imperva DDoS Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2022
    Buyer's Guide
    Download our free Imperva DDoS Report and get advice and tips from experienced pros sharing their opinions.