Content monitoring is a marvelous feature that I haven't seen in other Web Application Firewalls. It also has a good content filter. We do a lot of penetration testing on our servers, and the Imperva standalone solution for identifying a payload and its signature by deep analysis was very good.
Improvements to My Organization:
We never used to know about threat and attack signatures. By using Imperva WAF, we could identify our weak points where an attacker was trying to gain access.
Room for Improvement:
They could improve by minimizing false positive results. Although this occurs less with Imperva, we would like to see some further improvements.
We have been using this product for last 1 years, it's result is very impressive. But due to the excessive load on the Web site where thousands of requests are generated from legitimate users, however the request in which any sequential or specialised characters are requested would be directly blocked by impreva . Currently imperva blocks the special character request generated from the user, as I conduct a test where I am parsing the encoded html values of the same special characters to the input field, imperva bypasses these encoded values for example : ' i.e. %27 or / i.e %2F, the WAF bypasses these encoded characters. I hope that this device should have a capability to detect the pattern which is associated with Xss or Xsrf, rather then by not blocking the request which contains any special characters.
Use of Solution:
I have used it for one year.
We did not encounter any stability issues.
We never encountered any scalability issues.
We were impressed with the technical support.
We have examined different vendor WAF solutions but this solution was unique.
Initial setup was straightforward.
Pricing, Setup Cost and Licensing:
Pricing was a little higher but when compared to performance; it's very cheap.
Other Solutions Considered:
We evaluated Akamai and F5.
Imperva Incapsula WAF is an awesome solution for implementing a WAF with good support and reliable hardware performance.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Dec 13 2016