They could improve by minimizing false positive results. Although this occurs less with Imperva, we would like to see some further improvements.

We have been using this product for last 1 years, it's result is very impressive. But due to the excessive load on the Web site where thousands of requests‎ are generated from legitimate users, however the request in which any sequential or specialised characters are requested would be directly blocked by impreva . Currently imperva blocks the special character request generated from the user, as I conduct a test where I am parsing the encoded html values of the same special characters to the input field, imperva bypasses these encoded values for example : ' i.e. %27 or / i.e %2F, the WAF bypasses these encoded characters. I hope that this device should have a capability to detect the pattern which is associated with Xss or Xsrf, rather then by not blocking the request which contains any special characters.

It’s hard to think of an improvement. The three-second service level agreement is already better than the competition.

You would ordinarily say something like API protection. However, they've got that with another product. It's not that DDoS protection does everything. It's that within their family of products, they've got a solution for everything. That's what I like about it, the whole integrated service. There’s nothing that’s missing in terms of features.

We did have a major complaint, however, they fixed it after about a year and a half of complaining. It's not a problem anymore. I don't recall really having any issues with the solution beyond what they have fixed.

The salespeople tend to exaggerate its capabilities, which can cost you money if you don't verify the information.

The solution should integrate with something that looks at continuous security management.

Imperva DDoS does not provide version control. After I make any changes on any portal, I would want to roll back my changes and go back to a stable version if something goes wrong. That particular feature is not there on the UI portal.

They have this roundabout way wherein I can use different tools to integrate, do the versioning, and manage it on my own. It's not directly available, but I can use it indirectly.

I do not see any big problems with the product. Imperva has had a lot of experience developing this product platform and it seems appropriate for my use cases. There are a few places where it can be improved.  

An area of improvement that I was looking for in Incapsula at this moment is enhancing the policy levels. For my purposes, I think there are too few policies. The product and what is included may be good, but it has to be improved further in the area of policies.  

Another area that could do with improvement is certificate management. I do not like the way that incapsula handles certificates very much. It needs to be changed or drastically improved to be more fluid.  

We have to be conscious of the architecture updates. Updates for the application architecture may break the existing protection application if we have made any changes. It does not seem that this should be so big of a concern for the end-user and could be handled better.  

The dashboard is not accessible on occasion. This is probably due to a high load. However, the sites’ protection seems intact.

The solution needs to be improved every time there are new attacks. They need to add new features and techniques to prevent the attacks.

Its price could be improved. It is quite expensive.

It will be good if we could export the configuration. Currently, to control the configuration, we need to go to each website, which is not very convenient.

The weakest point of Imperva is their first level of support, which should be improved. 

They should also improve the access and security logs viewing directly on the portal. I would like to see better access and security logs through the portal and not only through a SIEM solution. Currently, if you want to explore your access and security logs from Imperva, you need a SIEM tool or a SIEM infrastructure on your side to do it. You can't do it manually or directly through the portal, which is a big problem for us. They agreed that this is an improvement point from their side.

Reporting and the main Sites dashboard could use refinement. We have a lot of sites, and scrolling through the dashboard becomes cumbersome.

Incapsula:

• Allow easier scripting of firewall rules.
• Enable more custom actions to trigger turning on/off Incapsula settings (current actions are quite limited).
• Allow setting up of user groups to manage different groups of sites with viewer/operations/admin levels of privileges. This is quite a typical requirement for enterprise clients who will have multiple teams taking care of different sites, plus an overall IT security team who oversees everything.

CloudFlare:

• Improve the strength of WAF/DDoS.
• Reduce the rate of false positives.

It would be nice to have a mobile app as a dashboard interface instead of the web administration, but the service is really great. The product is the best at what it does.

I would like to see automated reporting to improve visibility.

Imperva always needs to adjust to new versions of cyber attacks, it needs to be faster, improve the resiliency of the software of the solution.

Some maintenance must be performed by our IT team.

This is a very limited tool if you're looking to customize. It would be helpful if Imperva would provide additional resources for Terraform that can easily be deployed. There are some cases where we're currently unable to use Terraform.

Imperva now offers add-ons to add functionality, but I would like to see these included in the product, even if it would cost more.

Pricing could be more competitive.

It would be beneficial to include vulnerability management in the solution, similar to what they have for their on-premise solution.

Users would benefit from better documentation. There is official documentation, but sometimes we need more detail. We have some use cases that are not so run of the mill. It would be great if there was a knowledge base that we could go to for more answers.

The price could also be more reasonable. The price should at the very least be adjusted for different parts of the world. For example, here in Latin America, our budgets are very different than those for projects in the United States or Europe. It would be really positive if we could get the product at a more affordable price as we are customers with lower budgets without sacrificing features or capabilities of the solution.

If I had the opportunity to recommend an enhancement to Imperva it would be to have more POP (Point of Presence) in East and West Africa, and in Central Africa as well. There is only one POP in South Africa. There are other ones are in Europe, America, and Asia and sometimes the latency can be an issue because for your traffic to hit the website — say in East Africa. First, it has to first go to the nearest point of presence. Because of the distance, there can be some problems. So if they have a POP closer to manage customers around Africa this could be a better service to clients.  

I think the pricing needs some tweaks. 

They once terminated a free account without warning, resulting in a few days downtime. But you get what you pay for.

The interface seems a bit outdated and simplistic.

Its user interface could be improved, as the competition looks better, but it doesn’t really need improvements in its functionality. We would like to have more reports and real-time views. Basically, the core functionality is great.

With the way that protection works, there is no such thing as pure protection, but as soon as Incapsula knows what a problem looks like, they fix it. They have to stay on top of the data intelligence game.

I needed some support and according to the SLA and I couldn’t get telephone support and it took a little while till they got back to me. We’re an enterprise company so I think I would be happier for a bit more support to pick the phone up and ask a question. There was not as much back office help as we would have liked.

The dashboard of the solution is complex. It is complex in the sense that there are too many options. There are two types of Incapsula dashboards. One is the on-prem version and one is cloud-based. Cloud-based is okay. The on-prem one needs some work.

The solution needs to improve Integration with third parties for their on-prem deployment models. The integration is not that good yet.

The default service is great!

We’ve had a few, short outages that didn't have an impact on the business. One outage lasted a couple of hours, so the reliability could be improved.

At times, we can prove the service is not running, but technical support doesn’t reflect that fact. We appreciate that nothing is 100% reliable, but we'd appreciate more information during an outage and not after the fact.

Also, reporting could be improved. We shouldn’t have to look on Twitter to see if others are experiencing a similar issue. Greater transparency is needed when there is an issue.

I think the product could be improved by reducing the price. It would help if they came up with pricing options because as it is now if you're a big company and use the site often, it's more expensive. 

The solution needs to ensure they are compliant and can show the customer in a visual way, like a ticked box, that they are protected. They need to ensure their solution is showcasing if their system is getting attacked so clients know if or when they are under attack.

Clients also often complain about the cost of the solution. They should consider adjusting their pricing models.

We would like them to hire people in Sweden because it's quite hard when people are sitting in the UK or Belgium because some of the customers really want them to be local.

In the next version, they could include more products or more solutions in this solution that you can add on. They need to build more features that they can add so they can help the customers who don't have a particular solution in hand. Most of the end-users are looking for an easy way to manage all of their solutions. Today we're selling a lot of smaller solutions, and they need to have a lot of different management solutions that we can offer to clients. 

• Customer service: Their customer service sometimes has different responses for similar requests. We sometimes need to explain the issue many times before they understand. Their CS staff is not well trained according to a consistent standard. For the same requests, some of them can perform well, but some of them might do it wrong.
• Network management: Their network department sometimes doesn’t take the responsibility to improve network latency until we raise the problem many times or to top management. Sometimes, we encounter latency issues. Only sometimes does their network staff update their routing to improve the performance. Other times, they will not do so and they push the responsibility to another carrier.

More features to help fine tune it. In general, more features for the platform would be nice.

I would like to have support for SSL management and secure DNS.

Incapsula has a built-in monitoring module, but it is a paid feature; I would expect that for the price we pay for the basic service, we would be able to integrate a monitoring solution, even a simple one.

In addition to that, Incapsula doesn't feature the option to add/remove available SSL protocols and/or ciphers.

One thing that they really could improve on is the depth of the analytics. The company needs to think more about the risk and analytic side of the application to supply the user with more information to evaluate and use in resolving issues. It is good to be able to depend on the product to provide a reliable solution, but it is better to take steps to resolve issues overall. This means giving information to the user that will help them identify exactly what the issues are. Risk analytics need to improve and this can be done easily.

An Incapsula website configuration instance can be in a "Pending DNS changes" state, where further work is needing to be done by the customer, while website access is otherwise fully functional. While in this state, the PCI Compliance Report for the website in question, which I have set to email me monthly, doesn't get generated and sent. Imperva should decouple the "Pending DNS changes" state from the process that periodically emails the PCI Compliance Report. Until that happens, the workaround is to manually generate the report monthly.

The rules surrounding the making of web applications could be improved.

At that moment, I miss being able to integrate the dashboard with other BI tools we are using. We have to export and import data to be able to present it, and doing so is a lot of work.

• Maybe another pricing tier for home uses with a few more features above the free version.
• An appliance for large enterprise customers.

The cost could be lower; our end clients need to have a high budget to purchase this solution.

The log analytics interface within Incapsula isn't really good. For example, if you have to get all logs from there, it's a very cumbersome process.

The solution doesn't seem to come with any other additional features. There are other products in the market today that give you an overall network perimeter protection. Incapsula is good for what it is, but it can expand its horizon a lot if it decides to include more network perimeter protection features and capabilities. It needs items, for example, at endpoints and some sort of firewall that can work at multiple levels. Items of that nature will really bump up the security and make it a much better product.

I am not sure if this application has a policy where you can create your custom policy and run it as our firewall. We should have some ability to also create some custom policy, then run it as a firewall. Maybe it is not relevant, but I think this would be a good option.

Some things previously happened where we moved one of our websites to a new host and new server, then we had difficulty putting in our user credentials to Incapsula because we could not find them. My boss was aggravated with the issue. I believe he contacted Incapsula and found out how to use the credentials for the website. They had changed the user interface a couple months ago. It was different than now. We had to put some information from the website domain to Incapsula login order to activate it, because they had changed the user interface.

The management interface needs improving. Even with a recent version of the interface, you cannot do all the changes that you would like. As an example, if you want to change one of your protected public IP addresses, you need to request this from support, and it takes a long time.

The API is lackluster but especially for 'customers'. The only thing we wanted to use the API for was only available to resellers.

Although we're only using it for the accelerator part, the purging of files and the way this feature functions could use improvement. It requires the user to either purge everything or go through specific files, but if you do, the latter doesn’t always work. So with the single files sometimes there is more difficulty.

We had an issue when securing the web applications for DDoS protection.

When using protection for some web applications, the customer may encounter a few issues.

Acquire it for all the benefits that this solution brings to organizations, especially nowadays, when we live in a technological era where the speed and response times of the different websites are valued so much.

Caching rules are really basic now and lots of space for improvement here.

- For example, Incapsula does not check the protocol (HTTP vs. HTTPS) when serving cached pages.

- There is no possibility to create a caching rule based on a regular expression.

It would be better if we were able to manage and apply changes to multiple websites/web applications, and search WAF logs for multiple websites, via the Incapsula dashboard.

More products, especially for smaller companies that could benefit them.

It would be nice to get a feed from Incapsula to import into our system. We have to have multiple dashboards open at the same time, and it would be nice to have one single dashboard with all our information.

Improve reporting interface and filtering.

I have found some issues with caching; seems to be inconsistent

Delivery services and information security.

I'd like it to work with Let's Encrypt.

HTML minification could be improved. The actual HTML minification does not provide the maximum HTML minification nor provides the best result. 

• Its firewall should be made less penetrable so that if an IP is blocked once, it doesn't penetrate again.
• The IP analytics should show trends and potential problem areas so that We can take action to minimize the occurrence of more hits from malicious IPs.
• The process of reporting, analysis, and clearance could be improved.

There is nothing as of now that I could suggest.