Imperva DDoS Reviews

Our primary use case is DDoS protection. We are using it to protect access to internet sites. It is a SaaS solution, so everybody has the latest version. 

DDoS protection and WAF are the most valuable features. It is easy to deploy a service. It is easy and quick to deploy to a new website.

Its price could be improved. It is quite expensive.

It will be good if we could export the configuration. Currently, to control the configuration, we need to go to each website, which is not very convenient.

I have been using this solution for six years.

Its capacity is okay for us, and we don't need to scale it or expand its usage.

Their technical support is good. We get a quick response from them.

It was simple. It is very easy and quick to deploy.

It was done in-house.

It is expensive.

I would recommend this solution to others. It has been working fine for us, and it has all the features that we need. I would advise others to know the exact bandwidth that is required for the project because the cost is based on the bandwidth. You must evaluate the required bandwidth beforehand.

I would rate Imperva Incapsula a nine out of ten. Technically, it is a very good solution.

We use it to protect websites against application threats and DDoS attacks. Because it is a cloud solution, we always have the last version. I don't need to update or upgrade. 

We are a partner of Imperva. Imperva doesn't sell directly to customers, so they have to pass through vendors and partners like us. All of my customers have different levels of services with Imperva.

We can protect our customers with Imperva solution very quickly, it's highly appreciated by our customers.  We trust the solution because we saw a lot of blocked attacks, so once the customer website is protected, we don't worry about the security of his acces, it's all managed by the solution.

-WAF protection works almost out-of-the-box

-Anti-DDoS mitigation in less than 1s, I saw it many time in production, I can say it works

-CDN has high performances, and the Smart Caching mode is really "smart" (you can do some efficient caching even if you're not a specialist)

-It's a unique interface for managing security and performance aspects, we don't need to go through multiples providers to manages these aspects.

The weakest point of Imperva is their first level of support, which should be improved. 

They should also improve the access and security logs viewing directly on the portal. I would like to see better access and security logs through the portal and not only through a SIEM solution. Currently, if you want to explore your access and security logs from Imperva, you need a SIEM tool or a SIEM infrastructure on your side to do it. You can't do it manually or directly through the portal, which is a big problem for us. They agreed that this is an improvement point from their side.

I have been using this solution for four years.

It is very stable. I have used this solution for more than 20 customers, and each customer has a lot of websites. I have seen some network outages or things like that over the last four years, but I can say it is very stable.

Scalability is not a problem because it is a cloud. The provider manages this aspect for me.

This is the weakest point of Imperva. They have some very good technicians but not at the first level of support. I have already told them this several times. Each time I meet or talk to a chief or director, I say, "Your product is very good, but your support is not at the same level." I provide support to my customers for their solution. So, I know what the customers expect and how to address this kind of expectation. They need some improvement at this level.

The initial setup is very easy and quick. You can put the protection live in less than 10 minutes if you need it.

It is an expensive solution. The price is high as the level of service and security provided is high. A lot of customers tell us that they would love to use Imperva more. I have some customers who have 50 websites, but they protect only 10 websites on Imperva because of the price. They would love to have all their websites running through Imperva, but they can't. They have to choose the more critical websites to protect because the price is very high. It is a very good product, but it is expensive.

If you buy a plan for 20 megabytes and you don't consume all of your 20 megabytes, it is okay, but if you consume more, you are charged for the superior traffic.

I would recommend this solution because I have also used different WAF and DDoS solutions. For me, it is the best solution available. It is quite simple to do the configuration. You can do whatever you want. If you know the product, you can do fine-tuning and have the configuration that you need. You need the knowledge to do this, but you can do this, and it works. Even though it is a high-cost solution, it is easy for me to sell it to customers because I know it will work. I get a little bit stressed about some of the other solutions because I don't trust those solutions like I trust Imperva. 

I would rate Imperva Incapsula an nine out of ten. It is quite a good solution. They can do some improvements, but it is quite a good solution.

Hands down, the WAF is the most valuable feature; being able to identify, block, whitelist or blacklist as needed, are all valuable.

We now have visibility into our traffic in a scope that we never had before, especially being able to review bot vs human traffic and country of origin.

Reporting and the main Sites dashboard could use refinement. We have a lot of sites, and scrolling through the dashboard becomes cumbersome.

I have used it for six months.

The only deployment issue we encountered was getting Incapsula and Akamai to play nice. However, the Incapsula engineers were very helpful in helping us configure our sites in the WAF correctly.

We have not encountered any stability issues.

We have not encountered any scalability issues.

I have yet to need customer service.

I rate the level of technical support as very high.

We had not used a WAF before deploying Incapsula.

The setup was straightforward and simple.

We implemented it ourselves with the guidance of the Incapsula team.

It is too soon to tell regarding ROI.

Know your bandwidth requirements.

Before choosing this product, we evaluated so, so, so many other options.

Incapsula:

• Strength of DDoS and WAF
• Simple dashboard
• Analytics
• SSL

CloudFlare:

• Ease of use
• Simple dashboard
• DNS management
• CDN
• SSL

Incapsula:

It has provided heightened visibility and awareness at management level on the actual threat landscape; it paves the way for easier approval for security-related implementations/projects.

CloudFlare:

It provides free SSL certs that can be used on website domains that I did not purchase SSL certs for.

Some protection and CDN caching realized, even though I’m on the free tier.

Incapsula:

• Allow easier scripting of firewall rules.
• Enable more custom actions to trigger turning on/off Incapsula settings (current actions are quite limited).
• Allow setting up of user groups to manage different groups of sites with viewer/operations/admin levels of privileges. This is quite a typical requirement for enterprise clients who will have multiple teams taking care of different sites, plus an overall IT security team who oversees everything.

CloudFlare:

• Improve the strength of WAF/DDoS.
• Reduce the rate of false positives.

I have used Incapsula for about a year.

I have used CloudFlare for almost a year.

Incapsula: The dashboard occasionally is not accessible (probably due to high load) but the sites protected seem intact.

CloudFlare: I have not used it enough to provide useful information.

Incapsula: The only issue so far is with the dashboard.

CloudFlare: I have not used it enough to provide useful information.

Incapsula: Technical support provides fast response via email tickets, and fairly responsive local technical/account reps.

CloudFlare: I have hardly utilized their technical support so far.

I did not previously use a different solution.

For both Incapsula and CloudFlare, initial setup was very easy.

Incapsula:

Pricing is described on their website, but for enterprise agreements, clarify with local reps, as there might be a need for customized needs/pricing. Be clear on how they handle domains and subdomains.

CloudFlare:

Pricing and licensing is very clearly described on their website; 1 site = 1 domain. Clarify how to support subdomains.

We evaluated Incapsula and CloudFlare.

Incapsula:

You need to understand how DNS works (e.g., A records vs CNAME, TXTs etc.), how SSL works and how to set it up, and how web servers work with domains and proxy servers. It is not for the layman, as the dashboard assumes some level of understanding in these topics. Some settings can break your site, so do perform some tests on a development site before turning features on/off in the dashboard. The good thing is that most settings are reversible and take effect quite quickly, so if things do go wrong, it will not stay broken for too long.

Also, use extra caution when dealing with TLDs, as the product does not handle your DNS, so for onboarding of domains using A records, you may need to ask Incapsula support for advice and assistance as it requires assigning the A record to a CNAME or IP address (network folks might understand the problem here).

CloudFlare:

You need to understand how DNS works (e.g., A records vs CNAME, TXTs etc.), how SSL works and how to set it up, and how web servers work with domains and proxy servers. It is not for the layman, as the dashboard assumes some level of understanding in these topics. Some settings can break your site, so do perform some tests on a development site before turning features on/off in the dashboard. The good thing is that most settings are reversible and take effect quite quickly, so if things do go wrong, it will not stay broken for too long.

• Web security
• Protection against DDoS
• Easy to use administration portal
• Reports
• It’s simple to configure
• Very effective
• Easy solution to administer for protecting websites of all sizes

Any website that we publish on the web needs to be fully protected. In hosting environments, installing an on-premise WAF solution or other security device is not feasible. Incapsula provides a very simple to install and configure solution, that can be up and running in minutes. Also, now, we don’t have to worry about the security of the website, or if the bandwidth needs to be increased, as everything is automatic.

It would be nice to have a mobile app as a dashboard interface instead of the web administration, but the service is really great. The product is the best at what it does.

I've used it for three years.

Once the DNS configuration is done, everything works flawlessly.

No issues encountered.

No - in a large scale attack, the protection scaled without problem.

Service is good and prompt, 9/10.

I haven’t had much need for tech support.

We previously used Cloudflare. Although a very good solution, it forces users to completely give up the DNS management of their domain, which most enterprises don’t want to do. Incapsula only needs a redirection of the actual web entry.

Very straightforward. The default settings work very well and are running within minutes. Configuration of advanced features is simple and fast.

Through our own in-house team.

It’s difficult to measure, but without Incapsula, we would be forced to host the website on-premises, with very high costs. ROI is probably within six months.

Setup cost was zero. Annual cost is $7,200.

We evaluated Cloudflare as well.

This is very simple to install. Websites that use SSL should pre-export their certificates and be ready to import them into Incapsula.

All our web services go to the Incapsula cloud application environment for monitoring on the production service.

All the web application protection is under Incapsula because they provide the WAF protection services. Our web services are registered under their cloud environment so all our customers visit our web services. All the web services are under the web application firewall protector.

I think it's from their own cloud solution. I don't think the cloud solution is from Amazon because the IP address does not belong to Amazon. It belonged to Incapsula themselves, so their solution is under their own network cloud environment. Our own data center environment is using the Incapsula cloud service. I think it's a hybrid cloud to include all the private and the public services.

The most valuable features are DDoS protection. The Incapsula environment helps us monitor all the web activity. All the web activity is passed through their WAF cloud services, then that can help us to monitor those activities. That can help protect against DDoS hacking.

We started implementing WAF under Incapsula in 2019 or 2020.

It's very stable because Incapsula services also provides load balancing services for their service IP address environment. So far, with monitoring their services, the IP address was only changed once. Their services are very stable.

We implement the WAF production environment, or the web services, which is needed to provide traffic to the customer. We implement those services under the Incapsula WAF protection. 

We have about one thousand people using the solution globally.

If the scale is 1 to 10, technical support is a 9. Our global service team is more than 10 people. We have a whole Incapsula service team as well as our all global staff team.

We are using our own firewall with the web application services. We used our own firewall before implementing with Incapsula, but we are also implementing it now under Incapsula cloud solutions.

It's very simple because the domain name service is done with the CNAME. We just registered back in our DNS environment. After that, if the domain is resolved by our customer, then they will resolve the domain name which is provided by the Incapsula environment. That means all the network traffic will go through the Incapsula cloud services, and all the network activity can be monitored and protected by Incapsula WAF.

Deployment is simple and very fast. After they define the domain and service, we do some changes, and it takes within one hour. Within 15 minutes, it can transfer all the services from our site. All the network routing paths will pass through the Incapsula WAF cloud environment. It's very fast.

The license is on a yearly basis.

I would rate this solution 9 out of 10.

Because of all these services, you need to look at the company's services budget. If you have the budget and you can implement the web application for tech, or if you just want to move to the cloud, or you're just using your own firewall to do all those protections, Incapsula is a good option. This one just depends on the IT infrastructure budget in your own company or environment.

I would like to see automated reporting to improve visibility.

I have been working with Imperva DDoS for two years now.

Imperva DDoS is scalable.

The setup of Imperva DDoS was easy and we are satisfied with the pricing.

I would rate Imperva DDoS a nine on a scale of one to ten.

Previously I was in software development for more than 15 years. I had developed web applications for internet and cable TV companies. Now, I am a sales executive for Imperva Cloud WAF. 

Imperva Cloud WAF, previously Imperva Incapsula, is a web application firewall that is implemented in the cloud. It protects a public facing web application. It will track if a hacker is doing brute force attack. The web application firewall will detect it and block the source. This could be an IP address or the main name specific for a country. You can then update the profile of your server to block those IP addresses where the attack is coming from .

We have placed Imperva Cloud in our client's employee self service system that they are logged into. The website is protected by Imperva so that employees and customers can log in all over the Philippines. The client is a power generation company, which is a critical service, and has branches all over the Philippines.

We partner with a couple of on-premise data centers in the Philippines, one is PIM. They also provide cloud solutions. We bundle our solutions into their cloud projects.

Imperva Incapsula has many valuable features. One, it protects the top 10 OWAS vulnerability, the open web application software platform, this is standard. Secondly, it protects against broken authentication. As well, it has remote execution of code.

Imperva always needs to adjust to new versions of cyber attacks, it needs to be faster, improve the resiliency of the software of the solution.

I have been using Imperva Cloud WAF for three years.

Imperva is stable. Based on Gartner's survey we are top three, meaning we are reliable based on customer feedback.

This is a scalable solution. We have data centers all over the world. The solution can be set up to be optimized wherever the clients are accessing.

Technical support has good response time. I am also the liaison officer for the technical team in Singapore. Support responds quickly and they do attend to the issues that we raise to them.

The implementation of Imperva Cloud WAF is easy. All you need to do is change the DNS settings, because it is a cloud solution there is no appliance that you need to install at the data center. It just changes the DNS settings, and then a couple of IP address and domain name settings to allow a couple of those IP addresses and domain names settings into the firewall of the client and the firewall of Imperva.

The actual installation will only take a few hours and then full implementation within 24 hours. The initial setup takes time because of the configuration on the client-side. We prepared a questionnaire for the client to assist with preparation.

We created a cross-comparison against hiring a team of cybersecurity staff versus getting a subscription. After using Imperva Cloud for the past three years the cost is already acceptable against hiring a team.

The price depends on the client's needs, it will be impacted depending on whether they need diverse production, or account take over for example.

There is an initial four package bundle with the price changing monthly.

I would rate this solution an 8 out of 10.