Imperva DDoS Reviews

It helped us to define wherever there was illicit traffic between our webs, and improved the control we achieved.

The ability to trace each connection, and to have logs to be able to differentiate between a positive and a false-positive intruder action.

It is handy to retrieve and download the logs to line up separate actions to identify possible intruder behaviour.

At that moment, I miss being able to integrate the dashboard with other BI tools we are using. We have to export and import data to be able to present it, and doing so is a lot of work.

Not at all. 

It was a bit pointless to know how many sites were offline every time a spot in the world decided to do maintenance, but we like it as we can handle worldwide issues, knowing what is going on there.

No issues at all, it fulfills our expectations in terms of scalability.

Great.

We had used many local, and some cloud-based solutions (like Azure, Advanced Nagios, Centreon). We switched for the scalability of the solution, the reporting features it has, as well as the availability to fine tune the solution. 

It was straightforward, but we had to fine tune it.

The initial setup blocked some cookies and data from our scrapers which, they said, they never received from us. We investigated and found the WAF was blocking them. It was a lot of work.

It's worth it. It's a fine solution for medium/big companies worried about attacks that happen in the wild.

Centreon and Azure.

My best advice could be, if you don't have the staff to carry out security in a proper way, have a tool do it, but use a specialized tool like this one, and don't re-invent the wheel.

Also, in our case, we soon realized that we needed an expert to fine tune it and to obtain all the features we wanted.

There is no need to have an in-house WAF to manage and maintain. We are now able to bring a new website live within minutes, without false positive alerts. It has Improved user/customer experience and website performance.

IncapRules is one of the most valuable features, as you can create your own security and access control rules on top of your security policy. Using IncapRules we were able to easily block Layer 7 DDoS attacks several times.

Real-time monitoring is also a great tool, as you may watch several parameters in real time.

It would be better if we were able to manage and apply changes to multiple websites/web applications, and search WAF logs for multiple websites, via the Incapsula dashboard.

The first year we faced one or two incidents, but since then we not had any stability issues.

No issues with scalability. You need not worry about scalability. Incapsula takes care of the CDN infrastructure and bandwidth volume, providing several enterprise "load balancing" features.

Incapsula’s support personnel is very good, positive, and most of them passionate. Sometimes a second-level support might be required for more complex requests. Additionally, you may see a slight delay in replying to support tickets, but you are able to contact them via phone for critical cases and prompt response.

We were using Akamai and we switched to Incapsula mainly due to the WAF effectiveness and total cost.

Not only the initial, but also the final setup, is straightforward.

For enterprise contracts you will be in touch with a dedicated account manager who will guide you regarding licensing.

We evaluated Akamai. Akamai had a bigger CDN network and probably better performance worldwide (especially on the Chinese mainland) but their WAF is very pure and not effective at all.

Go for it and request a free trial.

• DDoS protection
• CDN
• WAF
• Good API for managing services

Thanks to Incapsula, we got easily manageable DDoS protection; HTTP2 and SSL certificates for all the services; CDN in good locations; and we're now sure that our web services can't be exploited remotely because of the WAF feature. Also, we can chose to whitelist/blacklist network(s) access to specific services/resources.

I have used it for a few years.

We have not encountered any deployment issues.

We had a few hiccups in the past, but they were small with no impact to important services.

We have not encountered any scalability issues.

They need to work on the customer support; in my opinion, this is their weakest point. Some of their support representatives really have no idea how their service works.

We did not previously use a different solution.

An in-house team implemented it.

Before choosing this product, we did not evaluate other options.

Try it.

Hands down, the WAF is the most valuable feature; being able to identify, block, whitelist or blacklist as needed, are all valuable.

We now have visibility into our traffic in a scope that we never had before, especially being able to review bot vs human traffic and country of origin.

Reporting and the main Sites dashboard could use refinement. We have a lot of sites, and scrolling through the dashboard becomes cumbersome.

I have used it for six months.

The only deployment issue we encountered was getting Incapsula and Akamai to play nice. However, the Incapsula engineers were very helpful in helping us configure our sites in the WAF correctly.

We have not encountered any stability issues.

We have not encountered any scalability issues.

I have yet to need customer service.

I rate the level of technical support as very high.

We had not used a WAF before deploying Incapsula.

The setup was straightforward and simple.

We implemented it ourselves with the guidance of the Incapsula team.

It is too soon to tell regarding ROI.

Know your bandwidth requirements.

Before choosing this product, we evaluated so, so, so many other options.

Content monitoring is a marvelous feature that I haven't seen in other Web Application Firewalls. It also has a good content filter. We do a lot of penetration testing on our servers, and the Imperva standalone solution for identifying a payload and its signature by deep analysis was very good.

We never used to know about threat and attack signatures. By using Imperva WAF, we could identify our weak points where an attacker was trying to gain access.

They could improve by minimizing false positive results. Although this occurs less with Imperva, we would like to see some further improvements.

We have been using this product for last 1 years, it's result is very impressive. But due to the excessive load on the Web site where thousands of requests‎ are generated from legitimate users, however the request in which any sequential or specialised characters are requested would be directly blocked by impreva . Currently imperva blocks the special character request generated from the user, as I conduct a test where I am parsing the encoded html values of the same special characters to the input field, imperva bypasses these encoded values for example : ' i.e. %27 or / i.e %2F, the WAF bypasses these encoded characters. I hope that this device should have a capability to detect the pattern which is associated with Xss or Xsrf, rather then by not blocking the request which contains any special characters.

I have used it for one year.

‎We did not encounter any stability issues.

We never encountered any scalability issues.

We were impressed with the technical support.

We have examined different vendor WAF solutions but this solution was unique.

Initial setup was straightforward.

Pricing was a little higher but when compared to performance; it's very cheap.

‎We evaluated Akamai and F5.

Imperva Incapsula WAF is an awesome solution for implementing a WAF with good support and reliable hardware performance.

• Very easy to configure, which quickly allows us to add significant security to our websites.
• Nice dashboard, which shows us details about traffic, security, performance, real-time utilization and an activity log.
• Easy to configure caching, content optimization and other advanced settings, which allows us to improve the customer experience if necessary, or keep the defaults if any change is unnecessary.

With our IT infrastructure more secure, our customers receive a great website experience without encountering website defacements and other fallout from attacks on our web servers. Our IT department is not spending the time we used to on website remediation after attacks.

An Incapsula website configuration instance can be in a "Pending DNS changes" state, where further work is needing to be done by the customer, while website access is otherwise fully functional. While in this state, the PCI Compliance Report for the website in question, which I have set to email me monthly, doesn't get generated and sent. Imperva should decouple the "Pending DNS changes" state from the process that periodically emails the PCI Compliance Report. Until that happens, the workaround is to manually generate the report monthly.

Since May 2014.

We haven’t had any stability issues. I get emails about internal Incapsula technical issues that they’re working on. However, they haven’t ever impacted me as an administrator and I’m unaware of any customers experiencing issues getting to our websites.

Incapsula scales nicely.

Technical support is excellent.

Prior to Incapsula, we only used inline IPS, anti-virus, etc. Incapsula is our first web application firewall.

Initial setup was very easy. The default configuration usually has done the trick for us. We simply haven’t needed to deviate much from default. Online documentation is good and if we still had questions, we contacted support who helped us make configuration changes to address our needs.

Gain an understanding of pricing for the various advanced features and figure out what features you need to meet your objectives. We have done very well with the first tier feature package to address the needs at our two data centers and our cloud environments.

We got a feel for pricing and capabilities of other competing systems. However, Incapsula came highly recommended by our trusted security VAR as they had many customers who experienced great results with it. With that ringing endorsement, and the reasonable cost, we tried it out, loved it, and have been using it ever since.

Do a proof-of-concept. It’s quick and easy to set up, and you’ll have Incapsula support to help you if needed. Embrace the ease-of-use of the administrative interface and marvel “can a WAF really be this easy?!”. Monitor the dashboard and enjoy the results. The ease of testing Incapsula and then implementing it into production is one of the most remarkable product experiences in my IT career. It’s clear that Incapsula engineers are busy behind the scenes, which is in contrast to my appreciation of what I would otherwise be doing tuning other WAF options.

• Easy-to-set-up CDN with PCI-level IDS/IPS

We offer Incapsula for every customer project we host, as a default.

The default service is great!

I have used it for two years.

Sometimes, the SSL setup can be a bit slow/inconsistent.

There was only one minor incident with service availability, if I remember correctly.

Nope; we have not encountered any scalability issues.

Some tickets seem to hang for some reason and some of the more-technical tickets seem to go through lot of different people before they get solved, but generally the customer service has been good.

General documentation is good enough that we haven't needed technical support that much, but the answers have been good once you go through the "Off-the-shelf" answers.

We did try CloudFlare, but the pricing didn't suit our use case too well.

The initial setup is fairly straightforward for a technical person.

An in-house team implemented it all the way.

ROI is ~90%.

Pricing is a good match for the features we use.

Before choosing this product, we also evaluated CloudFlare because it appeared first in Google.

Basic setup is simple but, as with any caching/WAF setup, there are tricks you need to learn. But it works really nice out of the box!

• Extensive cache control like cache purging and cache rule propagation
• Availability features
• Cross-datacenter solution (active and passive environments)
• CDN and DDoS protection with 24/7 support

Automatic failover between primary and secondary sites enables high availability and accelerates disaster recovery. As soon as it detects that the primary site has gone down, it automatically kick-starts our standby data center.

The dashboard is not accessible on occasion. This is probably due to a high load. However, the sites’ protection seems intact.

We have been using this solution for four years.

There are no stability issues as of now.

There are no scalability issues, but the custom SSL has a terrible price point that puts it out of range for our clients. If they need custom or EV SSL, they are paying significantly more than their overall hosting.

The technical support is impressive.

We used Akamai previously, but due to full PCI DSS compliance, we needed a proprietary solution for two-factor authentication. We then switched to Incapsula.

The setup was so straightforward. It didn’t require to us to make any major changes.

If you don't have custom SSL, get it!

We switched to Incapsula from Akamai.

Imperva has a very impressive core feature set. Imperva has made security analysts scratch their heads. We allow them in from the inside so they can actually hit something worthwhile.

We are very confident in the reports we get from Imperva. Its bot identification has allowed us to plan bandwidth appropriately.

Identification for good bots (people who hit our site using automation, but for good business reasons) has allowed us to work with our customers who use our services in new ways.