Imperva Application Security Platform Valuable Features
The best features Imperva Application Security Platform offers include the ADC. Imperva releases their policies every 15 or 20 days, and we have almost covered all the OWASP Top 10 related issues.
In my day-to-day work, the ADC helps because Imperva updates the latest signatures, latest policies, and whatever the latest alerts have been found, creating their policies without requiring us to do a lot of work. I simply update the ADC, and whatever new policies are in Imperva are reflected on our platform as well. This allows me to communicate to the organization that we have the up-to-date policies regarding the latest attacks that have been identified.
Imperva Application Security Platform impacts our organization positively in many ways, such as protecting our applications. Additionally, during compliance audits, I can show what attacks we have prevented and how Imperva helps us mitigate threats. There is also bot protection and CAPTCHA features. I recall a time when we were facing attacks on an application; I identified the issue, and based on that, I created a rate-limiting policy on Imperva, which significantly helped our organization.
View full review »ST
Stephen Tanimowo
Senior Cybersecurity Consultant at Cyberoutcome Limited
Some of the best features are the policy tuning, where you are able to tune policies the right way without stress or much hassle. The DDoS protection, the OWASP Top 10 feature, and the bot protection feature are also excellent. The API security feature is particularly valuable because most attackers do not try to come in from where it is expected. Most attackers attack the API that is being used on a platform.
The policy tuning is one of the easiest features that I know. Once you are trying to customize a policy, you just need to understand what kind of policy you are trying to customize, go through the right place from the security to policies, then create a policy. For example, you might be trying to set a policy to make sure that it does not save credit cards on a particular platform or website. That is basically one of the simplest ways of ensuring policy tuning works fine. It is one of the easiest features and I believe it has done a great deal for me in the aspect of operating Imperva Application Security Platform.
View full review »For the fast response of signature-based comparisons, traffic will be matched against the solutions stored in the database to release actions if similarities occur. However, the main drawback for signature-based approaches happens when there is a new zero-day attack that is not in the database. Solutions usually include integrity with lab environments so that zero-day attack signatures are sent through subscriptions to provide the latest updates.
The comparison for API protection varies across solutions. For F5, API protection is part of WAF, and similarly for Fortinet. While Imperva Application Security Platform has basic features as part of WAF, its dedicated API protection solution is a strong point.
View full review »Buyer's Guide
Imperva Application Security Platform
July 2026
Learn what your peers think about Imperva Application Security Platform. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,016 professionals have used our research since 2012.
AL
Alianamarie Lachica
Soc Analyst at Cineplex Inc
The most helpful feature of Imperva Application Security Platform that we have been using is the dashboard, especially the alerts and the traffic reporting. We used it to provide a specific report and summary of what we saw on the specific website, specific attacks, and specific activities or events that were unusual or common. This allowed us to know if we needed to investigate something or if it was just a common occurrence.
Imperva Application Security Platform did improve our efficiency, especially during calls and meetings. We could provide a specific summary of reporting that we could share with the board or stakeholders to show what we saw every single day and what we were dealing with. They could see the clearer picture and bigger picture of what we were dealing with every single day, especially in terms of Imperva or the web application platform.
Based on the reporting that Imperva Application Security Platform provided us, it really did help save time. We were able to provide summarized reports, especially to the VP of the cyber security department who is not into the more technical aspects and wants to have a clearer picture through graphs. Imperva was able to provide specific graphs for each day. We could show him that there was a spike specifically for this website, and he could ask what about the other days and other times, and we could clearly show it to him. This gave him a clearer idea of the traffic or the incidents we were dealing with related to Imperva.
View full review »What I found most effective about Imperva's WAF is that it has predefined rules covering many use cases, including compliance rules for PCI DSS and local country compliance. The customized rules based on application threats proved to be very useful, along with a good dashboard that, although somewhat complicated for beginners, becomes easy to manage at an expert level with good API integration and effective threat intelligence to detect threats.
After discussing the WAF, I believe Imperva has made significant advancements in its Cloud WAF offerings, which can now effectively protect against bot and DDoS attacks. This showcases a good advantage of being part of the Thales cybersecurity group while expanding its product range in the Cloud WAF space.
Imperva Application Security Platform has positively impacted my organization by providing strong protection for web applications, as many big companies in the UK use Imperva WAF as an essential protection layer, illustrating its effectiveness.
View full review »MP
P Mayuranathan
Cybersecurity Consultant at Accenture Singapore Services Pte Ltd
The best features of Imperva Application Security Platform include its ease of use, as it offers both on-premises and cloud options, with minimal maintenance downtime during patching due to the recommended three gateways setup, allowing for resource monitoring while upgrading.
Imperva Application Security Platform positively impacts my organization by reducing CVE-related issues significantly, as we monitor and learn from reports generated during collaboration with respective teams.
We track the reduction in CVE-related issues through weekly and monthly meetings using Imperva Application Security Platform reports. Initially, there were over 1,500 vulnerabilities, but we managed to fix almost all of them within three months, leaving only two low severity issues outstanding.
View full review »
Imperva Application Security Platform offers impressive features. I am using the WAF, which blocks each alert based on signature-based attacks. That is the most impressive aspect I have experienced.
There are many alerts in Imperva Application Security Platform. For example, there is an OWASP Top 10 alert called SSRF, which is server-side request forgery. If someone attempts to access the server, the WAF blocks that SSRF alert, or RCE, Remote Code Execution alert, blocking immediately based on the signature, not only by the payload or the IP address. That is very effective.
Imperva Application Security Platform has positively impacted my organization because every time an attacker uses a malicious payload or malicious signature that is already included in the signature database of the WAF application or Imperva application, the application directly blocks that particular signature immediately. This capability can help any organization achieve better security outcomes.
View full review »I interact with Imperva Application Security Platform by checking the action taken by Imperva Application Security Platform and also configuring the rules. It effectively works on blocking according to the rules we specify. It is the best tool for detection and mitigation of current web-related attacks.
In my experience, the best features of Imperva Application Security Platform include blocking malicious requests and checking the status of those requests. Each and every detail taken by Imperva Application Security Platform, I can note down, and I can take decisions.
The level of detail in the status reports from Imperva Application Security Platform is one hundred percent helpful for my work.
Imperva Application Security Platform positively impacts my organization by helping to mitigate web-related attacks. Our clients' web applications are kept very secure and safe.
View full review »DA
DOYIN ABIODUN
Head of Tech at CRC Credit Bureau Limited
The best features Imperva Application Security Platform offers include DDoS protection, anti-DDoS capabilities, and connection protection against different malicious web attacks.
Imperva Application Security Platform has positively impacted my organization, as before its introduction, I usually had a lot of logs on my router, with many foreign attempts from anonymous IPs trying to gain access, including a lot of brute force logs. The CPU of the router would struggle with what it wasn't supposed to be doing while legitimate users suffered. Since implementing Imperva Application Security Platform WAF, as mentioned earlier, only legitimate traffic reaches the server and the router to request what they need, and of course, the response is given. This allows us to accommodate more legitimate traffic, faster and more securely.
While I can't provide a specific metric at this moment as I'm not in front of my system, I can confidently say that we have significantly noticed improved performance in terms of latency, an increased number of requests we can handle, and a reduction in attack attempts.
View full review »I have experience with the real-time traffic inspection feature of Imperva Application Security Platform, and it helps with network security.
I believe the reputational analysis in Imperva Application Security Platform is effective for blocking security threats before impact. I also believe that behavioral and signature-based techniques help to improve threat detection accuracy.
I see valuable benefits from advanced detection and traffic profiling during DDoS attacks, and I track some metrics related to DDoS protection performance.
View full review »The best features Imperva Application Security Platform offers are for speed and protection. There is runtime and zero protection, and we have the sub and sub plus protection.
The speed and protection features of Imperva Application Security Platform help my team day-to-day by providing safe and clear access to the website. For example, my company is a multinational company that experiences many attacks, such as DDoS attacks, hitting the general website of the company before. The protection protects all of the websites in Imperva, so accessing the website is safer right now, not disrupted by DDoS attacks.
Imperva Application Security Platform has positively impacted my organization by making the website more secure. It reduces the DDoS attacks and reduces the attacks from threat actors, including SQL Injection and zero-day attacks, by using dynamic application profiling from Imperva. This is very helpful for my company as it reduces the incidents from the website.
View full review »Over the seven years, the most valuable features of Imperva DDoS that I have found are related to DDoS attacks, which are a group of attacks, and not all of them can be resolved on the endpoint level before the website. Using the web firewall before the website is a common use case to protect against malicious requests to the website.
I have utilized Imperva's Intelligent Traffic Filtering feature. This feature helps me understand how the attack is progressing and what is happening inside the requests to our website. It allows me to granularly grant or deny access to certain parts of our website. This helps when we know our customers and the types of requests that can be sent from them, enabling us to block some malicious requests.
Imperva DDoS has User Behavior Analytics and Threat Intelligence on its board, and this helps us to be protected proactively. Imperva DDoS connects to its database of threats, storing whole information about attacks all over the world in one simple engine. Everyone can use this feature, which can connect to this engine and get information about what is going on at the world level. That is the way to be protected at the company's level.
The integration capabilities of Imperva DDoS are very easy and simple. We can run it in 2 hours.
View full review »DU
Diego Uchofen
Ingeniero Preventa at Imperia
Imperva Application Security Platform allows you to enhance your application security posture. Among the best features that Imperva Application Security Platform offers, the policies are very dynamic, and it also has profiling at the application level that allows you to work in this mode.
I would like to highlight especially the ThreatRadar feature, which is an additional subscription, and ThreatRadar helps with threat intelligence by allowing you to block advanced attacks as well as mitigate risks more effectively.
Imperva Application Security Platform positively impacts us because we have a critical website, so by placing a WAF of Imperva's quality, it allows us to have visibility and granular control over the various attacks that can occur on the website.
A concrete improvement I have seen thanks to Imperva Application Security Platform is that it has decreased the level of connections to the final server. The specific improvement is that the connections that reach the server are fewer because Imperva is already filtering them at the WAF stage.
View full review »Imperva Application Security Platform offers features such as Attack Analytics.
Attack Analytics has helped us understand what traffic is being received by our applications, and based on that, we have created the policies. The false positives have been reduced, saving a lot of time for us to work on other important tasks rather than wasting time on addressing those false positives.
Imperva Application Security Platform has considerably improved our web application security posture and it has also helped us design our applications with security as the primary concern. Before using Imperva Application Security Platform, we received many attacks, such as command injection attacks, SQL injection attacks, and even though we were using a niche web application firewall, we were not able to tackle those attacks. After moving to Imperva Application Security Platform, these attacks have been prevented significantly, and the attacks on the initial level have been considerably reduced.
View full review »Imperva Application Security Platform offers customization of security policies, allowing me to create policies tailored to my environment.
The rate limiting policy in Imperva Application Security Platform works based on usage numbers and has proven valuable for our operations.
Imperva Application Security Platform is user-friendly, and I can maintain a customized dashboard to monitor the utilization of all gateways in day-to-day operations.
Imperva Application Security Platform serves as the base pillar for applications to grant or deny access appropriately.
From a compliance perspective, Imperva Application Security Platform has been an improvement, as it has passed all compliance processes.
View full review »It's very simple to implement. It works right out of the box once you integrate the application. It does the learning for you and starts applying relevant signatures.
It's effective in protecting against different kinds of attacks. For example, it can mitigate DDoS attacks and block application layer attacks like SQL injection, HTTP, and cross-site scripting attacks. The latency is pretty low.
View full review »BS
Bhupesh-Sharma
Large account Manager at Softcell Technologies Limited
The bot management features are very effective, as they help filter unwanted traffic using keywords. Imperva's ability to filter out non-genuine traffic provides a significant improvement to security and performance.
View full review »BS
Bhupesh-Sharma
Large account Manager at Softcell Technologies Limited
The solution can be configured in just a couple of minutes. It ensures 99.7% availability for my applications. It provides an additional layer of security for web applications and other applications, including mobile applications. It protects my environment and helps maintain my reputation in the market.
View full review »While a Web Application Firewall (WAF) doesn't directly protect against viruses, it's crucial for application security.
It defends against threats like cross-site scripting (XSS), SQL injection, and others. This safeguards your application or website.
View full review »There are many features. There is ease of deployment. You can deploy the Imperva Web Application Firewall in two to three minutes. After that, you have to set the policies. For setting policies, you have toggle buttons. You can turn something on or off.
Writing rules is very easy. There is a toggle button. You do not have to write the parsers and rules. You do not have to be well-versed in it. Anybody who works with the Imperva console for a month can master the solution.
View full review »I worked as a consultant for the customer and was part of a design and deployment team for Imperva API Security.
View full review »For Linux protection, the most important feature is layer seven DDoS protection, which focuses on application-level threats. Imperva does offer layer three DDoS protection, but that's less common in my region.
View full review »Imperva DDoS helps us automate production. The client had specific requirements for a cloud project in the financial sector.
View full review »We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping.
View full review »EG
Elmano Francisco Gonga
IT Security Analyst at Banco de Fomento Angola
The most valuable feature of Imperva, in addition to its strong knowledge base, is its effective protection for web applications. This is crucial because it shields web applications from attacks. Another notable feature is its use of artificial intelligence for better security. Additionally, Imperva offers simulation for studying infrastructure and hybrid infrastructure protection, which are beneficial for overall security. However, the standout feature remains its knowledge base, as, without adequate attack signature knowledge, security can be compromised.
The valuable features of Imperva WAF include its effective security breach prevention through automatically updating rules. The support team answers cases quickly as well.
View full review »Empower administration is user-friendly, and we do not need much for managing day-to-day operations. It is easy to use and has good security. Also, it is very customizable, especially for controlling web browsers and devices.
View full review »Imperva Cloud WAF would be the most powerful option. It uses cloud-based signatures, which are constantly updated. This is different from the on-premises version, where the signature updates might be less frequent.
Imperva has basic reporting templates. We can use those, and we can also create custom reports. However, customization is limited to labels and structure – we can't change the actual content of the reports. For that, we need to use Imperva Compass.
Overall, I would rate the user experience an eight out of ten, with ten being good experience.
View full review »FG
Fedhasa Gelalcha
Director, Information System Security at a financial services firm with 201-500 employees
The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network.
TF
Tom Foale
CTO at Klaatu IT Security Ltd
We can look after an entire what used to be a Class C network/24. Now, they could do single IP addresses, so they can protect a single IP address, and they have a three-second SLA to stop an attack. They back that up with a very large amount of money as well, so you've got a guarantee on it.
Imperva has a complete picture of how the applications are utilizing it. It is handy. DDoS is good. It has an internally managed database. It is very easy to integrate. We have integrated it with SIEM services.
View full review »If the clients have requirements for APIs and microservices, we can offer such services with the help of the solution. We can offer it as a security solution that protects APIs and microservices. Imperva’s real-time monitoring makes it very easy for administrators to monitor their existing web applications.
View full review »If something goes wrong, there is a quick switch between nodes, wherever there's an attack against a specific area. The security setup is reasonably easy. It's easy to do setups, rules, and integrations. The backend team is also willing to help if there are questions that we cannot answer.
View full review »Imperva DDoS is fairly stable, and its availability is quite high. I haven't faced any downtime or system instability issues with the solution.
View full review »I am impressed with the product's automatic bot mechanism. It also gives us the control to create our own custom bot rules.
View full review »Imperva WAF's strongest features are the detection of web application threats and vulnerabilities in the source code.
View full review »Imperva is easy to use and deploy. The UI is excellent.
View full review »The most valuable features of the Imperva Web Application Firewall are performance and flexibility. We can extend or customize the box itself.
View full review »One good thing about Imperva Web Application Firewall is it can be on the cloud and also it can be on-premise. Either way, you can use it, and it's quite easy.
It's quite easy to deploy. It is also a self-managed service. It's quite straightforward.
They do provide updates on a quarterly or half-yearly basis.
View full review »BI
Ben Izra Dacudao
Sales Executive at EVVO LABS
Imperva Incapsula has many valuable features. One, it protects the top 10 OWAS vulnerability, the open web application software platform, this is standard. Secondly, it protects against broken authentication. As well, it has remote execution of code.
View full review »The most valuable features are DDoS protection. The Incapsula environment helps us monitor all the web activity. All the web activity is passed through their WAF cloud services, then that can help us to monitor those activities. That can help protect against DDoS hacking.
View full review »AD
Amarildo De Mattos
Global Network and Cyber Security Project Manager at a manufacturing company with 10,001+ employees
I find the configurability of the tools and the ease of operation to be the most valuable feature of Imperva.
View full review »The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security.
View full review »It's very pretty easy to onboard the URL. One of the unique features included with Imperva is its advanced bot protection. In addition the base licensing modules with most of the features.
In terms of features, Imperva is quite good; it outperforms its competitors.
View full review »EW
Etienne WEHRLE
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
-WAF protection works almost out-of-the-box
-Anti-DDoS mitigation in less than 1s, I saw it many time in production, I can say it works
-CDN has high performances, and the Smart Caching mode is really "smart" (you can do some efficient caching even if you're not a specialist)
-It's a unique interface for managing security and performance aspects, we don't need to go through multiples providers to manages these aspects.
View full review »The most valuable feature is that it is cloud-based and we do not need to have an appliance for it in house.
View full review »AU
Andrey Ustynov
Data analyst at Kyivstar
Protection is the best solution since it has profile functionality.
View full review »The solution has the best volumetric DDoS attacks feature.
View full review »I am impressed with the product's scalability, availability, easy management, and security. We were able to integrate the product with Azure and Sentinel.
View full review »The Imperva Web Application Firewall feature I have found the most valuable is the ease of deployment. The solution's customer service is good as well.
View full review »The most valuable features of Imperva Web Application Firewall are the monitoring of databases and the dashboards are easy to understand.
View full review »The solution integrates seamlessly with other tools and has a good alert mechanism.
The solution provides good protection against OWASP top-ten attacks.
The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis.
View full review »Imperva is really amazing, feature wise and performance wise.
Integration with IBM AS/400 and Db2 is okay.
View full review »The mitigation feature is what I find most valuable in Imperva Web Application Firewall. The interface of the cloud version of this solution is also good.
View full review »TA
Tesfa Alazar
Chief Information Security Consultant at V-Tech
There are a number of features that are valuable such as the account takeover and various antivirus features.
View full review »SS
SumedhSalve
GA Consultant Cyber Security at a tech services company with 51-200 employees
Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva.
It is quite proficient in terms of logs reports, and it provides tight control for policy configuration. So, there can't be any unwanted applications on the internal LAN site. It is quite restrictive, which is a plus point. The sizing of an application is quite easy to understand while we are configuring and deploying Imperva.
View full review »LR
LuisRodriguez1
Support Manager at Sefisa
There are quite a few useful Imperva Incapsula features. For example, one of them is the reports. The graphics are very good and it's easy to configure. The whole process is very fast and reliable too. They have good tech support as well.
View full review »Imperva makes it easier for us to put everything in code; we use Terraform to deploy our infrastructure.
View full review »KL
Karthik Ls
Team Lead Senior Technical Engineer at a tech services company with 51-200 employees
Imperva is a good solution.
It has fewer false positives. It is very simple to maintain the device. It is also simple to configure. You don't need to have any HTTP knowledge or understand the HTTP programming languages when it comes to configuring the device.
View full review »The product is very good.
It's so easy to do the deployment. The installation is very straightforward. You can't even compare it to others on the market. It's that easy.
The features on offer are very nice.
The solution is stable.
The licensing setup makes the product easy to scale.
The pricing is very good.
View full review »As a system, it's very effective at blocking potentially malicious items. The security is very good.
The solution can scale.
The stability has been pretty good.
Technical support is helpful.
The initial setup is rather straightforward.
View full review »DDoS protection and WAF are the most valuable features. It is easy to deploy a service. It is easy and quick to deploy to a new website.
View full review »The solution offers good security against a variety of web attacks.
The protection from DDoS attacks is very useful. The DDoS attack is a very powerful attack that can harm a company's services. If an application is deployed to any web server or database our service will slow and will go down. A user would not be able to access our service until we can fix the issue. It's a deal if a company can avoid getting hit with DDoS attacks and having something that can effectively protect a company is extremely useful.
The solution has been quite stable. I have not seen any bugs at all.
View full review »The most important feature I have found to be the ease in how to do the backup and restores.
View full review »The solution is very good at intercepting traffic before it gets to our data centers. It saves us some security hits and top-level bad guy stuff. It's very good at protecting us. It keeps anything malicious off of our infrastructure.
Its inline transferring mode is the most valuable because it is 100% transparent. When you change the IP, there is no change on the network side. If you can't and want to try to reach an IP, you can reach the server IP. There are many other advanced security features in it.
The smallest appliances of Imperva can handle the highest traffic at a customer site. For example, a smaller appliance from Imperva can provide you the same security as an F5 product.
View full review »I'm very happy with the solution. The most valuable aspect of it is that it blocks all types of attacks.
View full review »The solution's most valuable aspect is that it is easy to configure.
The solution keeps itself up to date itself and there's no customization that we need to do. It makes it extremely easy and cut back on the amount of work required, and saves us on man-hours.
The initial setup is fairly easy.
View full review »If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency. This is better than the competitors.
Imperva SecureSphere integrates well with other tools.
View full review »The most valuable features for us are the DDoS and Bot.
View full review »SA
OLUWASEGUN ADERIBIGBE
Manager - IT Security at a tech services company with 11-50 employees
For this part of the world, several things are important. It is important that the clients have the features which they get to use to get against bad traffic, of course as this is the reason for the product. But especially for customers in this region, it is also the opportunity to use the service platform. They do not have to own it or maintain it and they may not otherwise have the capacity to deploy this type of solution. Instead, they can pay for it as a service. It works so well here that even some of the banks are using it.
The most valuable feature is the ability to mitigate bad traffic. I think the highest traffic we would experience can be handled by the Incapsula Cloud WAF because it can scale. So if there is some attack on a website and there is high volume, instead of it disrupting the website and disrupting business operations, it is not a problem for the customer's website. That ability to mitigate problems with the traffic is why the clients use the product to protect their valuable data and customer interactions.
View full review »DS
Dian Sabev
Security Expert at a tech services company with 1-10 employees
The most important aspect of the solution is the DDoS feature.
The solution has a very good interface.
Last year, the solution added a lot of additional improvements and functionalities, and for now, the features they have offered us have been great.
They recently added some account takeover protections that have been really useful.
View full review »This product has a logical perspective of negative and positive security. Negative meaning all of the blacklisted websites, and the positive is the profiling of the website itself. Impera can see and activate the policy, based on what it has learned. Imperva learns things like how dynamic content is dealt with, and what the permitted values are. When you combine these two perspectives, the negative and the positive, you get the optimal protection of the application.
View full review »The dynamic profiling of websites is the solution's most valuable feature. The security is also good.
View full review »TA
Tesfa Alazar
Chief Information Security Consultant at V-Tech
Data masking is the most valuable feature of this solution.
View full review »MS
Directhost465
Director Of Hosting Services at a tech services company with 51-200 employees
I found that it is very easy to set everything up. I like the user-friendly interface.
View full review »OO
OluwoleOlajide
Cloud Solutions Architect at Snapnet Limited
Data marking is the solution's most valuable feature.
View full review »JS
Joakim Sörqvist
Senior Systems Engineer - Channel Manager at Exclusive GRP
They're quite easy to install and quite easy to set up. Clients really like that. Especially when you're dealing with the cloud, it's really easy.
It also has the ability to integrate with other firewalls. That's really important today. Most end-users are looking for something that can integrate with other solutions and with APIs. They're looking for solutions that have an open API.
View full review »AJ
AjayJawla
Technical Sales Director at Revere Technologies
The most valuable features for our organization are auditing capabilities and compliances. The product meets the needs of our business model and we can see the health of the architecture at a glance. There are some instances where a client needs to meet with compliances in their industry, and this product is capable of meeting those needs.
View full review »BM
Srinfosecr67
Sr Associate Information Security at a tech services company with 51-200 employees
The solution has good DDoS protection, and some good common features, such as no attack surfaces, parameter sanitization, and attack analytics.
View full review »The most valuable feature is the out-of-the-box detection engine. It has the ability to detect some of these things without being configured. There are some features that are configured by default, so even without doing much, it can still provide a level of protection.
View full review »GO
George Ondego
Manager, IS Security & Infrastructure at Fintech Kenya Limited
The most valuable feature of this solution is web application security.
This is a user-friendly solution.
This solution has good performance ratings.
View full review »NV
Natalia Venegas
Specialist Engineer at Entel Networks S.A
The compliance is the most valuable aspect.
View full review »OS
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF.
The interface is very user-friendly. You get used to it. It's very convenient.
View full review »Anti-DDoS protection, as well as other protections like SQL injection, Cross-Site Scripting, and antiscanner. These types of protection are valuable to the business due to the daily attacks on our portals, and that often cannot be seen without a tool like this.
View full review »- I like to see the security. On the site security, I can see which countries have incidents, whether it was a robot attack, a real human user, or non-human user. For this feature, I like it because I can see information quickly without going into long logs and details. It is very comprehensive regarding what is going on behind the scenes on the website traffic.
- The option saying activity launch. On the activity log, I can see the exact details, the visit, and the threat. If I click on the details, it shows me exactly where it came from, who the user agent is, and what page they tried to enter. Then, it gives me the session. Also, I have the option to put them on the blacklist or the white list. Therefore, I like this option because it is more detailed. If someone causes more than one of the incidents, then they are maybe suspicious, and we want to learn more about it. Here we can get the data, and under the data, we can see the IP addresses, therefore tracking and copying that IP address and putting it under IP lookup.
- The dashboard is good and user-friendly. You can easily understand it, even if you don't have any prior knowledge. Looking at it, you can easily see what is happening because it is a very user-friendly menu and user interface. I don't come from this exact background, but it seems I am supposed to manage and work with this stuff. Because of the user interface, I can understand even without having prior knowledge or education of it.
- The real-time option is cool as well. On the real time, you can see live traffic, which is flowing into our website.
More than features, the complete solution is valuable for everything it delivers and the protection it offers.
View full review »- Learning mode.
- Custom policies.
- Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance.
The ability to trace each connection, and to have logs to be able to differentiate between a positive and a false-positive intruder action.
It is handy to retrieve and download the logs to line up separate actions to identify possible intruder behaviour.
IncapRules is one of the most valuable features, as you can create your own security and access control rules on top of your security policy. Using IncapRules we were able to easily block Layer 7 DDoS attacks several times.
Real-time monitoring is also a great tool, as you may watch several parameters in real time.
View full review »- DDoS protection
- CDN
- WAF
- Good API for managing services
Hands down, the WAF is the most valuable feature; being able to identify, block, whitelist or blacklist as needed, are all valuable.
View full review »Content monitoring is a marvelous feature that I haven't seen in other Web Application Firewalls. It also has a good content filter. We do a lot of penetration testing on our servers, and the Imperva standalone solution for identifying a payload and its signature by deep analysis was very good.
View full review »The most valuable feature is the grouping of multiple targets via the scan policy. It is valuable because of the large number of targets and governmental requirements to conduct periodic scans.
View full review »- Very easy to configure, which quickly allows us to add significant security to our websites.
- Nice dashboard, which shows us details about traffic, security, performance, real-time utilization and an activity log.
- Easy to configure caching, content optimization and other advanced settings, which allows us to improve the customer experience if necessary, or keep the defaults if any change is unnecessary.
- Easy-to-set-up CDN with PCI-level IDS/IPS
- Bad-IP blocking and signature-based blocking for web application security
SB
Sudesh Kumar Bhadouria
Technical Consultant at a tech services company with 10,001+ employees
- Extensive cache control like cache purging and cache rule propagation
- Availability features
- Cross-datacenter solution (active and passive environments)
- CDN and DDoS protection with 24/7 support
Infrastructure protection (anti-DDoS): Imperva anti-DDoS protection has the well-known value of having lots of distributed nodes around the world, making it the best value for DDoS protection. They also include protection against almost all known DDoS attack methods.
View full review »WAF configuration is the most valuable feature.
View full review »AM
Muhammad Nurazhan Moin
Senior Web Manager at a university with 501-1,000 employees
Incapsula:
- Strength of DDoS and WAF
- Simple dashboard
- Analytics
- SSL
CloudFlare:
- Ease of use
- Simple dashboard
- DNS management
- CDN
- SSL
I like the interface, customer service, and info updates.
View full review »Customer Support has been the biggest help in dire situations. Their control panel is nice but support has been the best.
View full review »IncapRules, Login Protect & CDN are the most valuable features of Incapsula.
View full review »CDN and DDoS.
View full review »Load balancing and DDoS protection.
View full review »Security rules and DDoS protection.
View full review »We are using Incapsula as our web application firewall and for DDoS protection, and it performs really well at its job. Incapsula packs some great features, such as SSL support, content caching and the ability to 'play' with the rules as much as you'd like.
View full review »- Hidden origin
- IP whitelist
- Country blocking
- Anti-DDoS
- Special page protection (two-factor authentication)
- Faultless inlining & minification: Every competing product breaks the layout, but we are yet to see Incapsula break a site
- Installation requires just a CNAME entry, avoiding the risk of email downtime.
- Instant PCI compliance and protection from the OWASP Top 10 vulnerabilities.
- CDN & DDoS protection.
The added security is the biggest bonus feature, as our websites are not usually under extreme load but do have highly sensitive data. A good WAF can be difficult enough to configure even without many of the advanced security features that Imperva Incapsula includes: SQL injection prevention, bot attack recognition and notification, and DDoS.
View full review »- DDoS Protection
- Load Balancing
- It provides real-time traffic analysis.
- It gives location/hit/page view details.
- It can easily and instantly block IPs.
- We can investigate questionable and suspicious IPs.
- CDN
- Site performance
The Web Application Firewall (WAF) is very helpful in protecting SQL injections by hackers.
View full review »I'd say that the most valuable feature is the ease of use in configuration, the analytics, and the integration with Incapsula’s robot database.
View full review »- CDN
- DDoS protection
The features that are most valuable are the protection against denial-of-service attacks and all kinds of other internet attacks. The presence of Incapsula helps us answer the compliance requirements for IT security, as our clients require IT security compliance, and it's very important to our enterprise customers that we comply with the requirements.
View full review »- Caching and CDN
- WAF
- Web security
- Protection against DDoS
- Easy to use administration portal
- Reports
- It’s simple to configure
- Very effective
- Easy solution to administer for protecting websites of all sizes
- Human contact
- Fast SLA
- Trustworthy and excellent communication
Highly-functional back office with user friendly reports and intelligence on bad IPS and malicious software is at very high level and very quick. Part of the solutions function is that they have to stay on top of the data intelligence game. They have the first knowledge of break points.
View full review »- DDOS defence
- Load balancing
- Security role
Their WAS - I had a problem and I turned to Incapsula. I needed someone to protect the website and they succeeded in this regard.
View full review »The Web Application firewall is a valuable feature as the security features are mostly what we're interested in.
View full review »I really like the profiling section. I mean that signature based policies are ok and they are maybe the most widespread and common kind of security policy in security appliances, but, the profiling policies are custom tailored on a specific web application. I guess it’s the most valuable, and fresh, aspect about SecureSphere.
View full review »I was involved in the deployment and found that all the features in this product are fantastic, especially the correlated attack validation, threat radar (reputation, fraud), and virtual patching. Those are features that are very useful in day to day operations.
View full review »
Their solutions are always on, in depth and protect against most all web threats imaginable.
View full review »
The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications.
View full review »EM
Edgar-Mwangi
Senior Presales Engineer at a tech services company with 11-50 employees
The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security.
View full review »Buyer's Guide
Imperva Application Security Platform
July 2026
Learn what your peers think about Imperva Application Security Platform. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,016 professionals have used our research since 2012.


































