Imperva Web Application Firewall Reviews

Imperva WAF's strongest features are the detection of web application threats and vulnerabilities in the source code.

An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics. In the next release, Imperva WAF should include more use cases for Advanced Persistent Threats and next emission sophisticated attacks.

I've been working with Imperva WAF for six to seven months.

Imperva WAF is scalable.

Imperva's technical support is very good.

I'd recommend Imperva WAF as a good product in terms of occupation perspective and strong WAF. I'd rate it as seven out of ten.

The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications. 

The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier. 

I have been using the product for three years. 

I rate the tool's stability an eight out of ten. We have encountered bugs, but they are fixed fast. 

I rate Imperva Web Application Firewall's scalability an eight to nine out of ten. 

Imperva Web Application Firewall's customer support is good and responsive. However, they are less responsive on public holidays. 

Positive

Imperva Web Application Firewall's deployment is easy. Onboarding a website on Imperva Web Application Firewall is much easier than Fortinet. With the product, the process is simplified, as you only need to enter your application's IP address on the website for the site, and the profiling firewall automates the process. For large-scale web applications, deployment can take four days to complete. 

Imperva Web Application Firewall's pricing is expensive. 

I rate Imperva Web Application Firewall a nine out of ten. 

The solution is used by SMBs and enterprises that have a lot of websites that they need to protect.

Since the product is categorized in Gartner as a Web Application and API Protection tool, it protects APIs and web applications. It provides bot and client-side protection. I have done POCs. Once the platform is configured to block DDoS attacks, no traffic regarding DDoS or bots gets into the application.

If the clients have requirements for APIs and microservices, we can offer such services with the help of the solution. We can offer it as a security solution that protects APIs and microservices. Imperva’s real-time monitoring makes it very easy for administrators to monitor their existing web applications.

My clients raised a concern that even if they need the tool only for DDoS protection, they still have to buy the WAF license. It’s difficult to position the tool if the client already has a WAF solution and needs Imperva only for DDoS protection.

I have been using the solution since June last year.

I rate the tool’s stability a ten out of ten. Since I've been onboarded, I haven't had any issues.

I rate the tool’s scalability a ten out of ten. Imperva allows only clean traffic. The scalability is based on the clean traffic and not the overall bandwidth of the client. Our clients are mostly enterprise businesses. I have some SMB customers.

Sometimes, support tickets don't get addressed quickly. However, the support team gets to it eventually.

Positive

The initial setup is very easy. I rate the ease of setup a ten out of ten. The time taken for deployment depends on the number of applications we want to onboard. Usually, we can do it in a day.

Imperva is a very proactive solution. It is not reactive. We can prevent attacks or issues even before they happen. It is something people must consider since many enterprises are facing DDoS attacks, and their data is getting compromised.

I rate the solution’s pricing a seven out of ten. Some solutions are cheaper than Imperva. Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF.

We are partners. I rate the product's integration with our client's IT infrastructure a nine out of ten. It is easily integrated since many configurations are needed to onboard Imperva into a client’s infrastructure fully. Overall, I rate the product a nine out of ten.

We use the solution for traffic inspection. 

The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security.

I would like to improve the tool's turnaround time in terms of support. 

I have been working with the solution for three years. 

I have never had any issues on stability. 

The tool is scalable. 

The solution's setup is straightforward. 

The tool is expensive. 

I would rate the solution a nine out of ten. The solution is very mature and covers everything for its use cases.