IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Web Application Firewall (WAF)
June 2022
Get our free report covering Amazon, F5, Microsoft, and other competitors of Imperva Web Application Firewall. Updated: June 2022.
610,229 professionals have used our research since 2012.

Read reviews of Imperva Web Application Firewall alternatives and competitors

Especialista en Informática at a maritime company with 5,001-10,000 employees
Real User
Top 5
Stable with good security and a fairly straightforward setup
Pros and Cons
  • "The initial setup is pretty straightforward, especially if you enlist assistance."
  • "We've had some blocks of the application and some false positives."

What is our primary use case?

The solution is our WAF for Azure. It is for operation for Transit CAS applications.

What is most valuable?

We primarily use the solution for the protection of the active WAF. It offers quite good security.

The solution is stable.

The initial setup is pretty straightforward, especially if you enlist assistance.

What needs improvement?

We've had some blocks of the application and some false positives. Barracuda needs to ensure there are fewer false positives in general. There also needs to be less of a learning curve on the application in general. That might help us eliminate false positives as well. Basically, they need to help new users better learn and understand the solution.

I have an issue with the console currently. I cannot access the console from inside the network. When I access the entire network, it kicks me off all the time. I opened a case with technical support. We've checked the firewall the perimeter firewall, and we've tried to fix that problem, however, it's still the problem. I have to access the console from outside all the time to this day.

For how long have I used the solution?

I've been using the solution for a while now. It's been about five years.

What do I think about the stability of the solution?

The stability is okay. We don't have issues with the reliability of Barracuda. There aren't bugs or glitches. It doesn't crash or freeze at all. I'd describe it as stable for the most part.

What do I think about the scalability of the solution?

The scalability may be okay. However, we have only one Barracuda gateway. We don't really need to scale the solution fight now.

We might have about 500 users within our company using the solution right now.

How are customer service and technical support?

I've reached out to technical support in relation to a console problem and they have yet to fix the issue for us. All they've done is told me to check the firewall, which I have, and to install a new version. I upgraded the version, however, the issue persists. They haven't been extremely helpful and I'd have to say that I am disappointed with their level of service so far.

Overall, I would rate the support at an eight out of ten.

Which solution did I use previously and why did I switch?

We also use Imperva. We use both solutions at once.

How was the initial setup?

I'm not the administrator of the installation process. Therefore, it's hard for me to say if it was difficult or complex. I can't really comment on the initial implementation.

That said, it's my understanding, from talking to the administrator in the past, that it wasn't too complex.

I'm not sure how long the deployment took. I only really deployed the last application protection.

What about the implementation team?

We had the support of the partner for the implementation, which helped iron out any difficulties.

What other advice do I have?

We're just a transportation company. We're a customer. We don't have a business relationship with Barracuda.

I recommend the solution to other organizations for protecting applications specifically in Azure.

Overall, I would rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Giorgi Sakhokia - PeerSpot reviewer
Information Security Officer at State Audit Office
Real User
Top 5
Flexible, easy to learn and configure, and has almost everything that a web application firewall needs
Pros and Cons
  • "It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube."
  • "When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it."

What is our primary use case?

We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries. 

What is most valuable?

It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. 

It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.

What needs improvement?

When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it.

For how long have I used the solution?

I have been using this solution for three months. 

What do I think about the stability of the solution?

Based on what I know and see during the testing mode, it is stable. There has been no major incident. It has not stopped during this time.

What do I think about the scalability of the solution?

It is flexible and scalable. We have about 400 employees, and all of them are using this solution. 

How are customer service and technical support?

We don't have any experience with international support. The local guys from our partner High Tech Solutions are so educated and professionals that we didn't have any need to use international support. They are doing well and are available all the time. They are always ready to help and support whether it is a working hour or not.

What about the implementation team?

We have one System Admin who works on the configuration and an InfoSec officer who looks into events, incidents, and logs and analyzes them. So, we have two people. We also have our head of the department, and we are responsible and accountable to him.

Which other solutions did I evaluate?

We have also tested other products such as Imperva and F5, and the most number of likes were for F5 and FortiWeb.

What other advice do I have?

We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product.

I would rate Fortinet FortiWeb a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SOC Analyst at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Gives the ability to play around with the ciphers and has a immediate display of the support IDs when a real blockage occurs
Pros and Cons
  • "My favorite feature of F5 is the ability to play around with the ciphers. I also like the ability to have an immediate display of the support IDs when a real blockage occurs. The protection offered is great."
  • "The reporting portion of F5 Advance WAF is not great. They need to work out something better, as it is very basic. You only see the top IPs, I think there is more they can offer."

What is our primary use case?

We host public-facing web applications or APIs. There are web applications that are owned by the company that is exposed to the outside. The internal infrastructure is within the premise. We use F5 to protect them. It's an HA model, and we have two sites.

How has it helped my organization?

We need to have an extra layer of protection. We were previously exposed to the public API. The deployment and the rate of deploying web-based applications had increased. After we introduced the web application firewall, it increased our ability to expose more of the services to the public. 

What is most valuable?

My favorite feature of F5 is the ability to play around with the ciphers. I also like the ability to have an immediate display of the support IDs when a real blockage occurs. The protection offered is great.

What needs improvement?

The reporting portion of F5 Advance WAF is not great. They need to work out something better, as it is very basic. You only see the top IPs, I think there is more they can offer.

For how long have I used the solution?

I have been using F5 Advanced WAF for four years, since 2018.

What do I think about the stability of the solution?

F5 Advanced WAF is a stable solution.

What do I think about the scalability of the solution?

For the initial deployment, from what we were planning to implement, it was scalable. 

We now have other requirements that we need to engage with. They believe we need to increase our license, so we can accommodate more features.

How are customer service and support?

There have been issues in the availability of quick support. For general issues there is no concern. The issue is when you need support right away, but it is not available.

How would you rate customer service and support?

Positive

How was the initial setup?

The solution was deployed using network security. At the time of deployment, the appliance was there, but we did not have any person that was able to accomplish the deployment. It took six months to deploy.

What was our ROI?

We have definitely seen a ROI by using F5 Advanced WAF.

What's my experience with pricing, setup cost, and licensing?

As far as the pricing of F5 Advanced WAF I would rate it a four out of five depending on what features I am looking for. Imperva is more expensive.

The price has remained consistent at a constant rate. There have not been any increases or any unforeseen increases when we're renewing our license. The price is fixed.

Which other solutions did I evaluate?

I reviewed Imperva only to compare pricing.

What other advice do I have?

On the initial engagement, you should try to look on how best you can accommodate the quick support features, as this was a big struggle for us.

Overall, I would rate F5 Advanced WAF an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Olawale Komolafe - PeerSpot reviewer
SOC Analyst at Paystack Inc
Real User
Successfully prevents web application attacks, SQL injections, and cross-site scripting attacks
Pros and Cons
  • "Does a good job preventing web application attacks."
  • "The reporting could be more granular."

What is our primary use case?

Our use case of this solution is to secure our web applications hosted on Cloudflare. I'm a security operations analyst and we are customers of Cloudflare. 

What is most valuable?

This solution does a good job of preventing web application attacks, SQL injections, and cross-site scripting attacks. We know it's doing a good job because we've tested it. 

What needs improvement?

The reporting could be improved if it were more granular. Fortigate Firewall, for example, shows all the events at a glance with different fields on a table; you can scroll through for patterns and look at all events. That's not possible with CloudFlare where I need to analyze a report that summarizes all the data. It requires exporting the report as a CSV file, analyzing it in Excel, and then going into CloudFlare to carry out a deeper analysis. If I could do that high-level analysis from the web console and then drill down specific events, it would be a great feature that would improve this product. 

For how long have I used the solution?

I've been using this solution for seven months. 

What do I think about the stability of the solution?

The solution is stable, we haven't had any downtime. 

What do I think about the scalability of the solution?

The solution is easily scalable. 

Which solution did I use previously and why did I switch?

I previously used Imperva Web Application Firewall. For tracking metrics, I think CloudFlare does a better job with its graphs and the user interface. Its web console presents those metrics in an easily readable manner and it does that better than Incapsula or Imperva. I think Imperva speaks more to security, and preventing attacks and is more focused on details about the attacks. CloudFlare does more because it shows your availability metrics, traffic metrics, and security metrics. In terms of the user interface, I'd say that CloudFlare does a better job in reporting.

How was the initial setup?

There is some maintenance required when it comes to updates and we periodically have to review the rules sets which require going into the list of rules and finding those connected to that particular view and then enabling them in your environment. We have three admins working on this product. We use the solution on a daily basis. 

What other advice do I have?

If you're going to be reporting heavily and want to leverage the reporting features to measure the performance of your websites, then CloudFlare does that very well.

I rate this solution eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Web Application Firewall (WAF)
June 2022
Get our free report covering Amazon, F5, Microsoft, and other competitors of Imperva Web Application Firewall. Updated: June 2022.
610,229 professionals have used our research since 2012.