Imperva Web Application Firewall OverviewUNIXBusinessApplication

Imperva Web Application Firewall is the #6 ranked solution in top Web Application Firewalls. PeerSpot users give Imperva Web Application Firewall an average rating of 8.6 out of 10. Imperva Web Application Firewall is most commonly compared to AWS WAF: Imperva Web Application Firewall vs AWS WAF. Imperva Web Application Firewall is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Imperva Web Application Firewall Buyer's Guide

Download the Imperva Web Application Firewall Buyer's Guide including reviews and more. Updated: May 2023

What is Imperva Web Application Firewall?

Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud. 

The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer service and an excellent user interface.

Imperva Web Application Firewall Customers

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens

Imperva Web Application Firewall Video

Imperva Web Application Firewall Pricing Advice

What users are saying about Imperva Web Application Firewall pricing:
  • "There are a couple of different licensing models."
  • "The pricing is somewhat expensive. It is actually a huge investment when compared to other countries."
  • "Imperva Web Application Firewall price is higher compared to other solutions. However, everything is included in the price."
  • Imperva Web Application Firewall Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Team Lead Senior Technical Engineer at a tech services company with 51-200 employees
    Real User
    Simple to maintain, easy to configure, and easy to scale
    Pros and Cons
    • "It has fewer false positives"
    • "The support for the on-premises version needs improvement."

    What is our primary use case?

    I am a distributor for Imperva. We provide solutions for our customers. 

    This solution is mainly used to protect websites. When it is deployed on the cloud it is used for traffic redirection and URL redirection functionality.

    It is also used for dual location blocking and security for the policies that are being applied.

    What is most valuable?

    Imperva is a good solution.

    It has fewer false positives. It is very simple to maintain the device. It is also simple to configure. You don't need to have any HTTP knowledge or understand the HTTP programming languages when it comes to configuring the device.

    What needs improvement?

    The visibility of the actual traffic needs to be improved. 

    We are only monitoring the traffic if there are any issues and the alerts are being triggered. 

    We don't log the real-time traffic. We only log the real-time attacks and not the normal traffic that is passing through the device.

    The main concern for our customers is to improve the visibility of the actual traffic. Customers feel that is the one feature that will greatly improve Imperva. 

    They would like to have the complete network traffic passing through the device. Currently, we are only being alerted for the attack that has passed through the device instead of the genuine traffic.

    We would like to see logs of the genuine traffic that passes through the device. It can be optional to enable it for certain customers and certain applications but should be included.

    The support for the on-premises version needs improvement.

    For how long have I used the solution?

    We have been distributing Imperva for the last 10 years.

    We are currently dealing with the latest version.

    We provide both on-premises and cloud deployment, it depends on the customer's requirement.

    Buyer's Guide
    Imperva Web Application Firewall
    May 2023
    Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
    708,830 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    Once it is configured it is stable. There are no issues with the stability of the Imperva Web Application Firewall.

    What do I think about the scalability of the solution?

    It is easy to scale. The scalability is fine. You can add gateways and scale, which is a good feature in Imperva.

    This device is suitable for everyone.

    How are customer service and support?

    There are two different support teams. The cloud support is very good, but the on-premises support is lacking. The response time could be much better.

    How was the initial setup?

    The initial setup is easy if you know how to deploy Imperva. Once we do the base installation, the deployment is simple.

    Once in six months, there are some patch upgrades required. If there are specific requirements we need to upgrade.

    What about the implementation team?

    We were able to complete the installation and deployment ourselves.

    What's my experience with pricing, setup cost, and licensing?

    When it comes to the cost, there are different sets of customers. Some are SMB and veteran customers who go with the cloud version of Imperva, which is a managed service. The next-level customers and enterprise will select the on-premises version along with the cloud. They prefer the hybrid environment.

    There are a couple of different licensing models. One is with respect to the Cloud and is based on the number of applications you have to protect. The on-premises model is based on the throughput that is required to be inspected.

    Which other solutions did I evaluate?

    I know that FortiGate is a niche product and wanted to evaluate Impera and FortiGate for the differences.

    What other advice do I have?

    You should understand the customer's website, what their website is. They need to configure the ciphers properly. Many engineers are not able to complete the project because they don't understand the customer's environment. 

    Before doing an implementation, understand the customer's environment. The ciphers need to be configured properly. Some Imperva engineers are not able to complete the projects because they understand the customer's environment.

    Know the ciphers being used and match the ciphers. You must ensure the same ciphers are being matched in the backend load balances. If the backend load or cipher is changed the same should be replicated in Imperva as well. Once this is complete it should be good.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
    PeerSpot user
    IT Infrastructure Manager
    Real User
    Top 20
    Hosts a complete range of features and gives a comprehensive overview of network traffic
    Pros and Cons
    • "The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network."
    • "They recently separated the WAF and the DAM management gateways in order for each of these to be managed from different areas, so I believe it now requires additional investments for what was previously a single complete solution."

    What is our primary use case?

    At my previous workplace in the banking sector, we used Imperva WAF for the monitoring of our internet banking traffic, and we also used Imperva's DAM for the database activity monitoring.

    Our deployment of Imperva WAF was situated on-premises and it was in use throughout the whole organization, which included around 3,500 clients.

    What is most valuable?

    The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network.

    What needs improvement?

    Imperva's product is very good, but when it comes to procuring the software in my country it can be somewhat expensive. I don't recall the exact amount, but in comparison with other countries it is a huge investment.

    They recently separated the WAF and the DAM management gateways in order for each of these to be managed from different areas, so I believe it now requires additional investments for what was previously a single complete solution.

    Although the vendor support from Imperva is not bad, getting a response from them can be a lengthy process at times.

    For how long have I used the solution?

    I have used Imperva WAF for about three years. 

    What do I think about the stability of the solution?

    The stability is mature enough, in my experience. In fact, I would give it a 5/5 for stability.

    What do I think about the scalability of the solution?

    Scalability-wise, there is one issue we encountered that I want to mention. At some point, Imperva, moved their account takeover prevention features from the on-premises edition to the cloud-based edition, and we discovered that this step would take yet another integration, seeing that we were using Imperva on-premises. These account takeover prevention features, however, were already part of our subscription, but since the features moved to the cloud, we missed out on them. So, in this sense, I would say the scalability strategy isn't as solid as it should be, and for this reason I would rate the scalability a 3.5/5.

    On the other hand, when it comes to how many users we were able to scale up to, we actually had the whole organization using it, including around 3,500 clients in total.

    How are customer service and support?

    The support from the vendor side could be improved because their response times weren't great and the process of obtaining the proper support was a long process sometimes. That said, the support itself was not bad.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The setup was actually quite an advanced process. It was a good experience, but all in all it took about one year to get everything fully set up, when you take all the fine-tuning activities and such into account.

    What about the implementation team?

    We deployed the Imperva WAF with the help of organizations in South Africa who acted as consultants and implementation partners for Imperva. Our experience with them was good, and the full implementation required two professionals from the consultant's side and about five people from our own organization. The vendor itself was not part of the implementation process.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is somewhat expensive. It is actually a huge investment when compared to other countries.

    Not only that, but Imperva went on to separate the WAF and DAM management gateways, making it so that each would have to be managed and licensed separately, incurring the cost of additional investments.

    On a related note, there was another licensing issue we encountered where we had a subscription for account takeover prevention features, but these features had been moved by Imperva from the on-premises instance to the cloud. Since we had not moved to the cloud at that point, we did not have access to these features anymore.

    What other advice do I have?

    I can highly recommend Imperva WAF for financial institutions. It's a good solution and I think it's important for financial institutions, particularly those who conduct online banking, to make use of a solid WAF such as this.

    I would rate Imperva WAF a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Imperva Web Application Firewall
    May 2023
    Learn what your peers think about Imperva Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
    708,830 professionals have used our research since 2012.
    GA Consultant Cyber Security at a tech services company with 51-200 employees
    Consultant
    Top 20
    Suits large enterprises, supports different application sources, and provides tight control
    Pros and Cons
    • "Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva."
    • "It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that."

    What is our primary use case?

    We have an Akamai cloud-based solution for it. We have an in-house customer, and they have their own Akamai cloud for WAF. As a solution provider, we are working with their private Akamai WAF. 

    What is most valuable?

    Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva.

    It is quite proficient in terms of logs reports, and it provides tight control for policy configuration. So, there can't be any unwanted applications on the internal LAN site. It is quite restrictive, which is a plus point. The sizing of an application is quite easy to understand while we are configuring and deploying Imperva.

    What needs improvement?

    It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that. 

    For how long have I used the solution?

    I have about two to three years of experience with Imperva. I'm working as a GA consultant for cybersecurity and information security. I'm working on different security solutions such as WAF, IAM, DDoS, Azure firewall proxy, and antivirus. I work with different customers, and I also do the architecture review or assessment.

    What do I think about the stability of the solution?

    Its stability is quite good. It is not at all an issue. 

    It is also quite good performance-wise. We are confident about its performance.

    What do I think about the scalability of the solution?

    It is for large-scale enterprises where the traffic is huge, and there are many internet-facing applications, which is a plus point of Imperva.

    We don't have the HA mode for the respective solution in Imperva, which has to be there when we have the DC and DR locations. We can activate only one solution at DC, but while we are conducting the drills between DC and DR, it is quite difficult to import all the configurations at the DR location in Imperva. It takes time.

    How are customer service and support?

    Their support is good. It is not an issue. Whenever we have any questions or concerns, we're getting an appropriate solution for our queries. 

    Some of the clients have had direct support from Imperva, and some of the clients had a third-party vendor. We also get support from a local Imperva employee. When I was working for a bank, there was good support from this person who was working with Imperva. 

    How was the initial setup?

    The support for the setup is very good from the provider, but it can be difficult for an engineer to have an in-depth understanding of the configuration of a policy for an application.

    What other advice do I have?

    I would rate it an eight out of 10.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Security Engineering at a computer software company with 5,001-10,000 employees
    Real User
    Top 20
    Straightforward to set up with good technical support and stability
    Pros and Cons
    • "The solution can scale."
    • "In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy."

    What is our primary use case?

    My experience is to integrate this application. It's a firewall. You must connect it with the traffic the infrastructure must be routed through this firewall in order to block and search for any problems with the applications.

    What is most valuable?

    As a system, it's very effective at blocking potentially malicious items. The security is very good.

    The solution can scale.

    The stability has been pretty good.

    Technical support is helpful.

    The initial setup is rather straightforward.

    What needs improvement?

    In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy.

    For how long have I used the solution?

    I've been working with the solution for about three years or so.

    What do I think about the stability of the solution?

    I have previously found bugs within the solution and in the past, I have contacted Imperva in order to deal with them to get them resolved.

    That said, for the most part, I have found the solution to be quite stable. It doesn't crash or freeze. It works well. 

    What do I think about the scalability of the solution?

    The solution can scale.

    We typically deal with medium-sized enterprises as clients. Typically, these companies have around 500,000 or so employees. They aren't massive, however, they are quite sizeable. 

    How are customer service and technical support?

    I've dealt with technical support on multiple occasions and I find them to be very helpful and responsive. They are knowledgeable. We're very happy with the level of service we get. 

    How was the initial setup?

    The initial setup is straightforward, although it does take time to integrate the solution into your existing infrastructure.

    What about the implementation team?

    As an integrator, I can help clients set up the solution at their companies.

    What's my experience with pricing, setup cost, and licensing?

    I'm not sure what the exact licensing costs are for the solution. I can't speak to the pricing. It's not part of my responsibilities to cover sales or billing.

    What other advice do I have?

    Imperva has different three parts - the Web Application Firewall (WAF), Incapsula for cloud, and DAM for database firewalls. This is in one central monitor.

    We aren't using the latest version of the solution.

    We use the solution as a customer as well as an integrator.

    I'd rate the solution at a ten out of ten. It's very good. We've been quite happy with its overall capabilities.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
    PeerSpot user
    Technical Account Manager at a tech services company with 201-500 employees
    Reseller
    Top 20
    Easy to deploy with good cost savings and great scaling potential
    Pros and Cons
    • "The solution is stable."
    • "I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one."

    What is most valuable?

    The product is very good. 

    It's so easy to do the deployment. The installation is very straightforward. You can't even compare it to others on the market. It's that easy.

    The features on offer are very nice.

    The solution is stable.

    The licensing setup makes the product easy to scale. 

    The pricing is very good. 

    What needs improvement?

    I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one. 



    For how long have I used the solution?

    I've been using the solution for the last five years. I've used it for quite a while now. 

    What do I think about the stability of the solution?

    The stability of the product is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

    What do I think about the scalability of the solution?

    We typically deal with medium-sized organizations.

    The licensing model makes the solution very simple to scale. If a company wants to expand, it's not a problem.

    How are customer service and technical support?

    We need an improvement in the support. We need a lot of turnarounds. Whenever is a ticket open, it's something that has become a concern. 

    Which solution did I use previously and why did I switch?

    I'm not currently working with any other solution. I just use this product. 

    Previously, I did work with F5 and Fortinet. However, Imperva is superior to both of these products.

    How was the initial setup?

    The initial setup is easy and the solution is very simple to deploy.

    What's my experience with pricing, setup cost, and licensing?

    The solution is very affordable and the cloud is making it even easier in terms of cost savings. 

    What other advice do I have?

    We are resellers and we are based in Kenya. We're actually doing the whole suite. I'm working with Database Security and I'm also doing the Web Application Firewall, both of which are on-prem and on the cloud. I'm also doing the DRA.

    It's the best in breed in terms of a solution you can put in place.

    I'd rate the solution at an nine out of ten. We're quite happy with its overall capabilities. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    PeerSpot user
    Application Security Engineer at a insurance company with 10,001+ employees
    Real User
    Top 20
    One of the best solutions on the market for protecting all your web applications
    Pros and Cons
    • "The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security."
    • "I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic."

    What is our primary use case?

    Our primary use case is for protection of all our web applications.

    How has it helped my organization?

    Imperva Web Application Firewall is a very good solution and very feasible for any corporation. We can almost accommodate everything with this solution. We were able to accommodate almost all our use cases with this. This is one of the best solutions I have found so far.

    What is most valuable?

    The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security.

    What needs improvement?

    In terms of what could be improved, I would say reporting on the cloud side.

    Additionally, I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic.

    In the next release I would like to see more API security.

    For how long have I used the solution?

    I have been using Imperva Web Application Firewall for almost five years.

    We currently use a hybrid version but we are moving towards purely 100% cloud where we will shortly get rid of all the appliances.

    What do I think about the stability of the solution?

    Its stability is very good. In all aspects, it is very good. It is beyond my expectations actually.

    What do I think about the scalability of the solution?

    In terms of scaling, Imperva Web Application Firewall is amazing. The product is really good so far.

    We have very few users with direct usage - 10 users approximately.

    There is zero maintenance.

    How are customer service and support?

    Their customer support is very good. They are very quick.

    Which solution did I use previously and why did I switch?

    I previously used F5 and something else whose name I don't remember.

    We made the switch to Imperva because it is one of the best solutions on the market.

    How was the initial setup?

    The initial setup is very easy.

    It just took a few days.

    What about the implementation team?

    We used the consultant. Our experience with them was not bad. But as I mentioned, things are not difficult here. It is fairly easy.

    What other advice do I have?

    My advice to anyone considering Imperva Web Application Firewall is that they can safely go to this environment without having a second thought. I have done so much testing. I did so many use cases. It never failed so far.

    On a scale of one to ten, I would give Imperva Web Application Firewall a 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    SOAR Consultant at a tech services company with 1,001-5,000 employees
    Consultant
    Scalable and stable firewall for web applications with a good interface, but path and traffic visibility need improvement
    Pros and Cons
    • "Very scalable and very stable firewall for web applications, with a good interface in its cloud version. Mitigation is its most valuable feature. The technical support for this product is also good."
    • "Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement."

    What is most valuable?

    The mitigation feature is what I find most valuable in Imperva Web Application Firewall. The interface of the cloud version of this solution is also good.

    What needs improvement?

    Every product has a room for improvement, and in Imperva Web Application Firewall, we found a limitation when we need to check which email IP traffic is coming from, e.g. we cannot find it.

    Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement. If we can populate those information, we can block them in our firewalls, and that would make this solution better.

    Though the cloud interface of Imperva Web Application Firewall is good, the interface of the on-premises version is not as appealing, and it's what I'd like to see improved in the next release of this solution.

    What do I think about the stability of the solution?

    Imperva Web Application Firewall is a very stable solution.

    What do I think about the scalability of the solution?

    The cloud version of Imperva Web Application Firewall is very scalable.

    How are customer service and support?

    Technical support for this solution is good.

    How was the initial setup?

    It's very easy to set up the cloud version of Imperva Web Application Firewall. It's not difficult, because you just need to map your DNS, and that's it. Setting up this solution is not a problem.

    What other advice do I have?

    I'm working as a cyber security consultant and I provide Imperva Web Application Firewall and other similar solutions to customers.

    We are working in the Middle East, e.g. we are deploying solutions to different organizations.

    I don't have any input on the pricing for Imperva Web Application Firewall, as that part is covered by the research team.

    I don't have advice for people looking into implementing this solution, except that everyone has different opinions and different requirements. Every organization has different requirements, and their choices will be based on their requirements. If all their requirements are fulfilled by Imperva Web Application Firewall, then they'll want to implement or use it.

    I've giving Imperva Web Application Firewall a score of seven out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Akhilesh Mishra - PeerSpot reviewer
    Technical Lead at M.Tech
    Reseller
    Top 5Leaderboard
    Useful DDoS protection, good support, and reliable
    Pros and Cons
    • "The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis."
    • "Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis."

    What is our primary use case?

    Imperva Web Application Firewall is used for customers who are looking to secure their multiple applications and want to block the threats, such as DDoS and ransomware attacks. Imperva Web Application Firewall delivers three main things, data security, data availability, and access control. For data security, it prevents malware and malicious threats. For the data availability, by preventing threats, such as malware, data can be available each and every time. You are able to have Access control, you have the ability to control the access.

    What is most valuable?

    The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis.

    What needs improvement?

    Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis.

    For how long have I used the solution?

    I have been using the Imperva Web Application Firewall for approximately 15 years.

    What do I think about the stability of the solution?

    Imperva Web Application Firewall is stable, and the performance is good.

    What do I think about the scalability of the solution?

    The solution is best suited for enterprise-sized businesses. It is a scalable solution.

    How are customer service and support?

    The Technical support is good from Imperva Web Application Firewall.

    Which solution did I use previously and why did I switch?

    I have used another solution previously which was good. However, Imperva Web Application Firewall had more features.

    How was the initial setup?

    The deployment of the Imperva Web Application Firewall is simple. However, it is not very user-friendly. It would be a benefit because the customers would have a better time with the installation.

    What about the implementation team?

    I did the implementation Imperva Web Application Firewall myself and it took approximately three days.

    What's my experience with pricing, setup cost, and licensing?

    Imperva Web Application Firewall price is higher compared to other solutions. However, everything is included in the price.

    What other advice do I have?

    I do the maintenance and upgrades of the solution if it requires it. I would recommend this solution to everyone. 

    I rate Imperva Web Application Firewall a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Buyer's Guide
    Download our free Imperva Web Application Firewall Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2023
    Buyer's Guide
    Download our free Imperva Web Application Firewall Report and get advice and tips from experienced pros sharing their opinions.