We performed a comparison between Barracuda Web Application Firewall and Imperva Web Application Firewall based on real PeerSpot user reviews.
Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We use Barracuda to protect the application. That's the main feature we use it for."
"The solution ensures layer seven is secure from attacks."
"There is no one special feature, but the WAF itself is valuable: user-friendly protection against web attacks etc., authentication, reporting, accountability, alerting, and hardened OS."
"The stability of the solution is good. I don't think we've experienced bugs, crashes, or glitches."
"Setup of this solution is straightforward. It's a stable and scalable solution, with good performance and fast technical support."
"One of the strongest points is its robust issue discovery capabilities. Barracuda invests significant efforts in identifying and resolving issues. They have multiple products that work in tandem to perform these checks, which is beneficial because it automates security updates. This is the primary reason I recommend it to my customers."
"The stability of the product is good. Stability-wise, I rate the solution a ten out of ten."
"It significantly improved our overall web security posture, addressing intrusions and enhancing control over web URLs in our environment."
"The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security."
"I have had a positive experience with Imperva Web Application Firewall's tech support so far. They are knowledgeable and respond on time."
"The solution is stable."
"Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance."
"Imperva monitors all traffic, even customer access, to the web application. Then, Imperva uses features like signatures to identify attacks like cross-site scripting or SQL injection."
"One good thing about Imperva Web Application Firewall is it can be on the cloud and also it can be on-premise."
"Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva."
"The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security."
"I have issues with the load balancing of the solution which is slow. The connection pooling in Barracuda also doesn't work. There is an issue when someone needs access to a site quickly. The issue is with HTTPS services. I am not sure if they have changed all these in the solution’s latest version."
"I would like to see an improved capacity to store logs so that they will be available for a longer time."
"While the UI is good, it can get a little bit complicated."
"An area for improvement in Barracuda Web Application Firewall is attack identification. Other banks identified attacks and tracked logs that the solution wasn't able to identify because of its ready-made rules pre-deployed by the vendor. My organization raised this issue with the technical support team. Another area to improve in Barracuda Web Application Firewall is its service desk. The team resorted to stonewalling because they couldn't accept that a feature was missing in the solution, and it was only after a lot of drilling down that the service desk team accepted that, and would be adding that feature in the future. My organization had to submit a report to the Reserve Bank of India with information on the logs identified and the attacks that happened, and that there was a failure on the part of the Barracuda Web Application Firewall. The Reserve Bank of India conducts a tri-monthly cyber risk audit in all Indian banks. Even smaller banks identified and caught attacks that my organization wasn't able to do, so I was looking into other solutions that competitor banks could be using because Barracuda Web Application Firewall failed to identify some of the attacks."
"I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. Barracuda has something like this, but not with the same functionality from my point of view."
"As most people are aware, the implementation is not easy."
"The reporting aspect of the solution needs improvement. I don't find that it's very good. They could do some work on it to make it much better. It's not that the reporting isn't secure. It's just that I would prefer to store my reports for an extended period of time. Right now, that's not possible and I'd prefer it if that could change. I also would say that the reports themselves are expensive."
"The solution needs to leverage some additional features to a broader scale of software-defined networks."
"Their portal is very limited and needs improvement."
"There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering."
"I would like to improve the tool's turnaround time in terms of support."
"I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one."
"The solution works for particular zones but isn't always the best solution for all zones."
"Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement."
"The UI interface needs improvement."
"They can provide an option to create reports, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report."
More Barracuda Web Application Firewall Pricing and Cost Advice →
More Imperva Web Application Firewall Pricing and Cost Advice →
Barracuda Web Application Firewall is ranked 14th in Web Application Firewall (WAF) with 38 reviews while Imperva Web Application Firewall is ranked 6th in Web Application Firewall (WAF) with 47 reviews. Barracuda Web Application Firewall is rated 8.2, while Imperva Web Application Firewall is rated 8.6. The top reviewer of Barracuda Web Application Firewall writes "Provides strong issue discovery capabilities; enhance the security parameters of web applications and suitable for medium to large enterprises". On the other hand, the top reviewer of Imperva Web Application Firewall writes "Offers simulation for studying infrastructure and hybrid infrastructure protection". Barracuda Web Application Firewall is most compared with Fortinet FortiWeb, F5 Advanced WAF, Microsoft Azure Application Gateway, HAProxy and Citrix NetScaler, whereas Imperva Web Application Firewall is most compared with AWS WAF, F5 Advanced WAF, Microsoft Azure Application Gateway, Fortinet FortiWeb and Azure Web Application Firewall. See our Barracuda Web Application Firewall vs. Imperva Web Application Firewall report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Really depends on your requirement, budget and IT resources you have. If you are after an advanced WAF, imperva is the clear winner in my opinion. Comprehensive feature set, quite matured. But you will need proper training and experience to manage and get the best out of it. Mind you they are the only leader in Gartner MQ. But the price tag can be high. If you are looking for another good contender, look at Radware AppWall. Their product is good and the fully managed service offering is ideal for someone who has no expertise in WAF, in day today managing and making sure the rule set is optimized.
BTW Like any security solution, WAF is also as good as how well it is tuned. Specially if you plan to put it inline, make sure you not only consider the product, but a good service partner too.
They're both great products that provides WAF services at the top of their class and hence not better but more suitable in different scenarios. It all comes down to the environment you wish to deploy those into, the scale of the web services which you will be protecting, the ratio of dynamic pages to static ones, the volume of traffic, the location of your customers/end-users and finally the cost (e.g. you may need to load balance over a few Barracudas to accomplish the same throughput provided by Imperva)
Barracuda is deployed in a pinch, but is very clearly a "conformity" WAF. Imperva's is a fulll fledge WAF, very complete, with a lot of granularity and reporting. Imperva's solution requieres a long, costly deployment. Both companies target very different market segments.
Today i would say Barracuda is the better WAF based on that Imperva Dev slowed down over the last two years and the customers give bad feedback on the support, but there is a newer generation of WAF´s in the market that is better than Imperva and Barracuda, both in performance and price, PT application firewall, the only visionary in the GMQ