What is most valuable?
Content monitoring is a marvelous feature that I haven't seen in other Web Application Firewalls. It also has a good content filter. We do a lot of penetration testing on our servers, and the Imperva standalone solution for identifying a payload and its signature by deep analysis was very good.
How has it helped my organization?
We never used to know about threat and attack signatures. By using Imperva WAF, we could identify our weak points where an attacker was trying to gain access.
What needs improvement?
They could improve by minimizing false positive results. Although this occurs less with Imperva, we would like to see some further improvements.
We have been using this product for last 1 years, it's result is very impressive. But due to the excessive load on the Web site where thousands of requests are generated from legitimate users, however the request in which any sequential or specialised characters are requested would be directly blocked by impreva . Currently imperva blocks the special character request generated from the user, as I conduct a test where I am parsing the encoded html values of the same special characters to the input field, imperva bypasses these encoded values for example : ' i.e. %27 or / i.e %2F, the WAF bypasses these encoded characters. I hope that this device should have a capability to detect the pattern which is associated with Xss or Xsrf, rather then by not blocking the request which contains any special characters.
For how long have I used the solution?
I have used it for one year.
What do I think about the stability of the solution?
We did not encounter any stability issues.
What do I think about the scalability of the solution?
We never encountered any scalability issues.
How are customer service and technical support?
We were impressed with the technical support.
Which solution did I use previously and why did I switch?
We have examined different vendor WAF solutions but this solution was unique.
How was the initial setup?
Initial setup was straightforward.
What's my experience with pricing, setup cost, and licensing?
Pricing was a little higher but when compared to performance; it's very cheap.
Which other solutions did I evaluate?
We evaluated Akamai and F5.
What other advice do I have?
Imperva Incapsula WAF is an awesome solution for implementing a WAF with good support and reliable hardware performance.
Which version of this solution are you currently using?