Compare AWS WAF vs. Imperva SecureSphere Web Application Firewall

AWS WAF is ranked 8th in Web Application Firewall (WAF) with 7 reviews while Imperva SecureSphere Web Application Firewall is ranked 7th in Web Application Firewall (WAF) with 5 reviews. AWS WAF is rated 7.8, while Imperva SecureSphere Web Application Firewall is rated 9.6. The top reviewer of AWS WAF writes "Makes sure files are protected, but the solution should be more proactive in detecting threats". On the other hand, the top reviewer of Imperva SecureSphere Web Application Firewall writes "Gives me peace of mind, blocks everything we need it to block". AWS WAF is most compared with Akamai Kona, Imperva Incapsula and F5 BIG-IP, whereas Imperva SecureSphere Web Application Firewall is most compared with F5 BIG-IP, Imperva Incapsula and Fortinet FortiWeb. See our AWS WAF vs. Imperva SecureSphere Web Application Firewall report.
Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about AWS WAF vs. Imperva SecureSphere Web Application Firewall and other solutions. Updated: September 2019.
365,533 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match.The initial setup was very straightforward. Deployment took about ten minutes or less.The customized billing is the most valuable feature.It is a one-click WAF with no effort needed.It is Amazon. Everything is scalable. It is beyond what we need.It's simple, easy to use.The most valuable feature is the way it blocks threats to external applications.The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system.

Read more »

There are some features that are configured by default, so even without doing much, it can still provide a level of protection.It mitigates all of the availabilities of risks around web applications.The compliance is the most valuable aspect.It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF.Learning mode and custom policies are helpful features.Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance.

Read more »

Cons
The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively.They should work to define more threats, add more security, and make it more compliant with more security companies.In a future release of this solution, I would like to see additional management features to make things simpler.We need more support as we go global.The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on.In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications.They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats.

Read more »

It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default.Their portal is very limited and needs improvement.It's a complicated tool to keep.There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering.The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year.

Read more »

Pricing and Cost Advice
There are different scale options available for WAF.There are no costs in addition to the standard licensing fees.It's an annual subscription.

Read more »

Everybody complains about the price of this solution.Make sure you understand the way that Imperva charges. It's very affordable. However, I would like to see a package with the Virtual Patching included. You get to do patching separately.

Read more »

report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
365,533 professionals have used our research since 2012.
Ranking
Views
2,111
Comparisons
1,753
Reviews
5
Average Words per Review
341
Avg. Rating
7.4
Views
4,546
Comparisons
3,728
Reviews
4
Average Words per Review
646
Avg. Rating
9.5
Top Comparisons
Compared 20% of the time.
Compared 17% of the time.
Compared 12% of the time.
Also Known As
AWS Web Application Firewall
Learn
Amazon
Video Not Available
Imperva
Overview

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.

Web application attacks deny services and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes and inspects requests coming in to applications and stops these attacks.

Protect your applications in the cloud and on-premises with the same set of security policies and management capabilities. Safely migrate apps while maintaining full protection.

Deploy Imperva WAF on-premises, in AWS and Azure, or as a cloud service itself. Easily meet the specific security and service level requirements of individual applications.

Imperva WAF protects against the most critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers continually monitor the threat landscape and update Imperva WAF with the latest threat data.

Offer
Learn more about AWS WAF
Learn more about Imperva SecureSphere Web Application Firewall
Sample Customers
eVitamins, 9Splay, Senao InternationalBlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Find out what your peers are saying about AWS WAF vs. Imperva SecureSphere Web Application Firewall and other solutions. Updated: September 2019.
365,533 professionals have used our research since 2012.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Sign Up with Email