Giorgi SakhokiaInformation Security Officer at State Audit Office
George OndegoManager, IS Security & Infrastructure at Fintech Kenya Limited
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most valuable features are support and security."
"The GUI is user-friendly and it's easy to understand how to manage it."
"I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks."
"The GUI is user-friendly."
"This product is very user-friendly."
"It is easy to install and to maintain."
"It's stable and works efficiently against OWASP Top 10 attacks."
"It is a stable product."
"It mitigates all of the availabilities of risks around web applications."
"There are some features that are configured by default, so even without doing much, it can still provide a level of protection."
"The solution is very scalable. It is one of the most important features. You can also expand resources and features as well."
"Data masking is the most valuable feature of this solution."
"The dynamic profiling of websites is the solution's most valuable feature. The security is also good."
"Compared to other web application firewalls in the market, Imperva does things in the most accurate way."
"If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency."
"Its inline transferring mode is the most valuable because it is 100% transparent. When you change the IP, there is no change on the network side. If you can't and want to try to reach an IP, you can reach the server IP. There are many other advanced security features in it. The smallest appliances of Imperva can handle the highest traffic at a customer site. For example, a smaller appliance from Imperva can provide you the same security as an F5 product."
"I would like to see more improvements with respect to threat intelligence."
"Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it."
"We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced."
"The integration with other products should be improved."
"FortiWeb needs to have support for the newest technology being used in web applications."
"In terms of performance, it needs to be more robust."
"The Layer 7 DDoS attacks need improvement, it could be better."
"Fortinet WAF came out recently, and there is not much feedback about customer experience. For each project, customers ask about the scenarios and references of the customers who have implemented this solution, which we don't have. They need to simplify the customer experience and provide more information so that we can propose Fortinet Fortiweb as a WAF solution to customers and convince them. They need to improve their service and training. We need good training to implement and use it properly and know more about it. We still don't know much about Fortinet WAF. We didn't get any proper training sessions. Other vendors like Cisco, Palo Alto, Check Point, and Barracuda provide such sessions. Whenever we receive a request from a customer for this solution, we just give the price. We don't propose this solution because we don't know much about it. We propose whatever we are familiar with and what is supported."
"Their portal is very limited and needs improvement."
"It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default."
"The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you."
"Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved."
"It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself."
"I think that better bot protection is needed in this solution."
"The user interface could be better."
"They can provide an option to create reports, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report."
"The costs are standard. We pay around $1,600 yearly."
"All our Fortinet pricing is bundled together for different products, like FortiGate, FortiAnalyzer, and FortiWeb. FortiWeb, by itself, is probably around $2,500 to $3,500."
"FortiWeb is more expensive than some competing products."
"Due to the situation in Iran with the sanctions, the price of this solution is very expensive."
"It's an expensive solution, although there are no additional costs."
"It is fine now. We had to earlier negotiate the price."
"It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise."
"Its subscription prices are cheaper, and it is not very expensive. From a price perspective, Fortinet is a very well-known security vendor. Subscriptions are very simple. They have a couple of licenses on an appliance, and that's it. The cost is not that big. One license is 40K, which they give with all the products. Another one includes the subscriptions for threat prevention, IPS, sandboxing, etc, which is more than enough."
"Everybody complains about the price of this solution."
"The cost of this solution depends on the platform."
"The price of this solution is a little bit high compared to competitors."
"There are some licenses that you have to buy to use some features. Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell."
"There is a license for this solution and we purchase the license annually with no additional fees."
FortiWeb is a web application firewall (WAF) that protects hosted web applications from attacks that target known and unknown exploits. Using multi-layered and correlated detection methods, FortiWeb defends applications from known vulnerabilities and from zero-day threats.
Web application attacks deny services and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes and inspects requests coming in to applications and stops these attacks.
Protect your applications in the cloud and on-premises with the same set of security policies and management capabilities. Safely migrate apps while maintaining full protection.
Deploy Imperva WAF on-premises, in AWS and Azure, or as a cloud service itself. Easily meet the specific security and service level requirements of individual applications.
Imperva WAF protects against the most critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers continually monitor the threat landscape and update Imperva WAF with the latest threat data.
Fortinet FortiWeb is ranked 1st in Web Application Firewall (WAF) with 18 reviews while Imperva Web Application Firewall is ranked 5th in Web Application Firewall (WAF) with 11 reviews. Fortinet FortiWeb is rated 8.2, while Imperva Web Application Firewall is rated 9.0. The top reviewer of Fortinet FortiWeb writes "This flexible suite solves compliance problems but that comes at a cost". On the other hand, the top reviewer of Imperva Web Application Firewall writes "Useful out-of-the-box threat protection, not too complex, and has good technical support". Fortinet FortiWeb is most compared with Fortinet FortiADC, F5 BIG-IP Local Traffic Manager (LTM), Fortinet FortiOS, F5 Advanced WAF and Barracuda Web Application Firewall, whereas Imperva Web Application Firewall is most compared with AWS WAF, F5 BIG-IP Local Traffic Manager (LTM), Imperva Incapsula, Microsoft Azure Application Gateway and F5 Advanced WAF. See our Fortinet FortiWeb vs. Imperva Web Application Firewall report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.