Imperva Web Application Firewall Reviews

We are a solution provider and Imperva is one of the products that we implement for our clients. They use it as an application firewall.

If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency. This is better than the competitors.

Imperva SecureSphere integrates well with other tools.

The user interface could be better.

I have been working with Imperva SecureSphere for about four years.

Imperva solutions are the best in terms of stability.

I have not faced any trouble with scalability because you can easily upgrade the appliance. 

I am regularly in contact with Imperva support and I am satisfied with them.

The initial setup is very basic and really easy to do. I wouldn't say that everybody, such as non-technical, people can do the setup and configuration. However, people with a mid-level of experience in application firewalls can do it easily.

The price of this solution is a little bit high compared to competitors.

My advice to anybody who is considering this solution is that if they want a stable product with good scalability then they can choose Imperva. The price is a little bit higher than that of the competitors, which largely impacts whether customers choose Imperva. In fact, if you don't care about budget then Imperva is the only solution for an application firewall.

My only complaint is that the user interface could be better.

I would rate this solution a nine out of ten.

For some time now, I have been the CTO of a consulting company and our main issue is web application security. We also handle database security.

This is one of the solutions that we implement for our clients.

The primary use of this solution is the protection of applications.

This product has a logical perspective of negative and positive security. Negative meaning all of the blacklisted websites, and the positive is the profiling of the website itself. Impera can see and activate the policy, based on what it has learned. Imperva learns things like how dynamic content is dealt with, and what the permitted values are. When you combine these two perspectives, the negative and the positive, you get the optimal protection of the application.

When you want to move to a higher version of the platform, it is not in the GUI and not very easy to do. I expect that this will be available in the next version.

I think that better bot protection is needed in this solution. Bot protection is one of the features in Imperva that lets you recognize if their request is coming from a human or coming from a bot. In this context, a bot is a mechanism being used by the attacker. Good bot protection will reduce a lot of the attacks coming into the applications.

This solution is pretty stable.

If you build this solution properly then you have scalability.

We do not use technical support very often. It is only in cases where we get something that looks like a bug. Their team is good.

The initial setup of this solution is user-friendly and pretty straightforward.

However, the setup, in order to bring the application into inspection, is kind of complex. You need to know what you're doing. It takes approximately four hours to install, setup, and configure this platform.

My team and I handle the integration of this solution for our clients.

The number of people required depends on the environment. Sometimes it is one person, whereas other times there are two.

We have three people who take care of maintaining this solution for our customers.

The cost of this solution depends on the platform. For example, you may be buying virtual or you may be buying appliances. It also depends on the number of environments and the bandwidth that is required.

Compared to other web application firewalls in the market, Imperva does things in the most accurate way.

Overall, Imperva is a pretty good product.

I am working with the development team for Imperva in Israel, and I have submitted some feature requests for things that I think should be changed. Everything that should be fixed, we have a discussion on it and it is probable that these things will be fixed.

My advice to anybody who is implementing this solution is to first go and learn the attack surfaces because you need to protect the assets from attack. In order to do this, you need to understand the attacks. Let's say that a good defense is a good offense.

The biggest lesson that I have learned from working with this solution is to back up the system all of the time. Do it step by step, and be very precise. Have plans for each and every move, all of the time.

I would rate this solution a nine out of ten.

The dynamic profiling of websites is the solution's most valuable feature. The security is also good.

It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself.

The solution is scalable, however, in terms of scalability, you're required to change the appliance, as it's not like a cloud, which is easier to scale. I would not rate it very well when it comes to scalability, because a model of license-based upgrades would be better. They could give you a bigger box to make it easier to grow if you needed to.

The solution's technical support is good.

The initial setup is straightforward. However, when you move to more advanced configurations, you require more expertise.

We are an integration company, so we are providing this as a solution to other customers. They're mostly enterprise-level clients.

I would recommend the solution. I'd rate it eight out of ten.

Data masking is the most valuable feature of this solution. 

Most of the clients are new to this solution and don't have an in-depth knowledge of the solution. It's not so well-known in Ethiopia. Imperva has only been around for a year. 

Licensing should be improved. Most of the clients aren't happy. It's expensive. 

Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved. Also, it should have a privileged account option. In the solution, if you put it there, that would be a very nice feature so that the clients could get all those solutions in one box. It will be easier for support and for clients. 

It's a relatively new product but from the information I got from the Bank of Ethiopia, the stability is okay. They are getting what they are expecting from the product.

Scalability is good especially compared to IBM. It's not so easy to integrate with another solution from another vendor. 

The initial setup was complex. 

The company has to deeply work on it. Also, with regard to support for the distributor, distributors have a big problem. We got the wrong consigning. It was kept for more than three months in a customs warehouse because of the issue of the problems on the distributor side. That is a big problem.

I would rate it an eight out of ten. Imperva is good because it doesn't also only monitor but it also does acquisition.

Data marking is the solution's most valuable feature.

The firewall aspect of the solution needs improvement.

The GUI is not as intuitive enough. It should be more user-friendly, especially for end-users. 

The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you. 

The core functionality of the solution has been met. We find it stable enough.

The solution is very scalable. It is one of the most important features. You can also expand resources and features as well.

Customers actually require a lot of support. They want an easier channel that can provide support. The solution should offer a monthly check-in with clients. Other solutions offer this, and it's helpful for the clients, just to make sure everything is running okay.

In general, however, technical support has been good.

The initial setup required a lot of help. It took a month or two to deploy so it wasn't exactly straightforward. However, it was not as difficult as other solutions either.

I handle the on-premises deployment model. We have the latest version of the solution. We also sell the product.

I would rate the solution nine out of ten.

This is one of the solutions that we provide to our customers.

We use this solution for application-level security, above layer four protection where the firewall cannot reach.

I have worked with both on-premises and cloud deployments.

The most valuable feature is the out-of-the-box detection engine. It has the ability to detect some of these things without being configured. There are some features that are configured by default, so even without doing much, it can still provide a level of protection.

The visibility provided by this solution can be improved. I often tell my customers that "You can't fight what you can't see". I can recall a time when I did a presentation after a deployment, and it prompted them to put the solution into enforcement mode immediately. Normally, we wait one week with the solution in monitoring mode. However, once they saw the types of vulnerabilities they had, they wanted to take action right away. It gave them a great deal of knowledge, and knowing that they are protected from these types of attacks has boosted their confidence.

This solution has a lot of features, and some of the students were confused when I was discussing them. It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default. If somebody has installed the product several times but is doing the same thing incorrectly, then they get experienced in doing the wrong thing. You should be able to specify which assets you need to be protected, and the solution will tell you the minimum in terms of features that need to be turned on. If you need more advanced protection then the others will become relevant.

Imperva partner training is something that I would be interested in if it ever came my way. There should be partner-specific webinars, meetings, and other training provided to us,

So far, I don't think that we've had any issues with this solution in terms of stability. People discussing this solution have given the same remark.

This solution is used on almost a daily basis.

Scalability of this solution is based on the design. If you get your design right, then you shouldn't have a problem with the scalability.

While we were installing this solution, we had contact with technical support and they were good. I have referenced information that is on their site and it is helpful, as well.

During the initial installation, there was a warning that was not part of the known CVEs. When I checked with support, they told me that this type of problem is blocked out-of-the-box. However, if I wanted to be really sure, they showed me how to create a custom policy, or custom rule, to specifically deal with it.

I have used other solutions, but I usually follow the Gartner reports and their suggestions. My previous solution had not been doing too well.

Also, as I became more familiar with this solution, it became easier for me to identify issues. I had also read research on Imperva blocking denial-of-service attacks, and I like practical evidence of issues such as this. By reading these articles, and about other people's experiences, it is like seeing it for myself. With other solutions, you are not privy to such visibility.

Complexity and cost are two important factors when it came to choosing this solution.

Unless the client has as serious issues and does not want Imperva, this is my first choice.

The initial setup of this solution was not too straightforward. We did have to contact Imperva during the deployment. The length of time for deployment depends on the experience of the people performing the installation, as well as the environment.

My team and I performed the implementation of this solution. To make sure that we were on track, we contacted Imperva support for some clarification. Most of the things that we do, we follow best practices.

Everybody complains about the price of this solution. 

This is a security device, and it is used almost every day. It is not just used when there is an issue. Based on what the dashboard or the reports say, you can change policies to meet your security requirements or business needs.

Based on my experience, and what I know this product can do, I would never recommend another solution. I advise most of my customers to go for this.

I would rate this solution a nine out of ten.

We are a reseller and integration partner, and we have customers who are using this solution in on-premises deployments.

This solution has helped in securing our clients' assets, which is key. It mitigates all of the availabilities of risks around web applications.

The most valuable feature of this solution is web application security.

This is a user-friendly solution.

This solution has good performance ratings.

I would like to see more support available for this product online. Some customers find this to be a real limitation.

The virtual processing could be improved.

Their portal is very limited and needs improvement.

This is a very stable solution.

The solution is very scalable, but of course, the scalability comes with a cost.

I think that technical support needs to be improved by making it more localized, or regionalized. Our support is currently coming from the US, and it is not very good. They need to take care of their global customers.

We previously used Fortinet, but this solution has better performance ratings.

I don't want to say that the initial setup is straightforward, but it is manageable. It requires a bit of technical knowledge.

This is a solution that I highly recommend.

The biggest lesson that I have learned from this solution is that Imperva is not a one-house solution. They create a specialized solution, and that comes with a lot of value.

I would rate this solution a nine out of ten.

The primary use was to cover the database. Imperva we recognized on the market as the best solution for techs on databases. The banks here in Chile always ask for these types of solutions.

The compliance is the most valuable aspect.

I just need it to be a stable and normal version. I'd want to hear about the new features to see which I would need.

I find this solution stable. We have 2,000 users in financial services.

The solution is scalable.

The setup initially was simple, but when we tried to run it we had problems with the log parameters and it was complicated to use. The operation was complicated to use, but that is just the experience of my team. It took two months to deploy. The setup and installation of the technologies took one week, and after that, one month to set up the parameters and after that, in order to set up the logs, it took about two weeks. So two months total. We have three engineers, including an architect and a security engineer. We also had a fourth engineer that knew the application.

We have a yearly license, but I'm unsure of the pricing.

We didn't evaluate other options, just Imperva.

I would rate the solution as an 8 out of 10, simply because of the difficulty of operation management. It's a complicated tool to keep.