We just raised a $30M Series A: Read our story

Imperva Web Application Firewall OverviewUNIXBusinessApplication

Imperva Web Application Firewall is the #6 ranked solution in our list of top Web Application Firewalls. It is most often compared to AWS WAF: Imperva Web Application Firewall vs AWS WAF

What is Imperva Web Application Firewall?

Web application attacks deny services and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes and inspects requests coming in to applications and stops these attacks.

Protect your applications in the cloud and on-premises with the same set of security policies and management capabilities. Safely migrate apps while maintaining full protection.

Deploy Imperva WAF on-premises, in AWS and Azure, or as a cloud service itself. Easily meet the specific security and service level requirements of individual applications.

Imperva WAF protects against the most critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers continually monitor the threat landscape and update Imperva WAF with the latest threat data.

Buyer's Guide

Download the Web Application Firewall (WAF) Buyer's Guide including reviews and more. Updated: October 2021

Imperva Web Application Firewall Customers

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens

Imperva Web Application Firewall Video

Pricing Advice

What users are saying about Imperva Web Application Firewall pricing:
  • "There are a couple of different licensing models."
  • "There are some licenses that you have to buy to use some features. Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell."
  • "The price of this solution is a little bit high compared to competitors."
  • "There is a license for this solution and we purchase the license annually with no additional fees."

Imperva Web Application Firewall Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
KL
Team Lead Senior Technical Engineer at a tech services company with 51-200 employees
Real User
Simple to maintain, easy to configure, and easy to scale

Pros and Cons

  • "It has fewer false positives"
  • "The support for the on-premises version needs improvement."

What is our primary use case?

I am a distributor for Imperva. We provide solutions for our customers. 

This solution is mainly used to protect websites. When it is deployed on the cloud it is used for traffic redirection and URL redirection functionality.

It is also used for dual location blocking and security for the policies that are being applied.

What is most valuable?

Imperva is a good solution.

It has fewer false positives. It is very simple to maintain the device. It is also simple to configure. You don't need to have any HTTP knowledge or understand the HTTP programming languages when it comes to configuring the device.

What needs improvement?

The visibility of the actual traffic needs to be improved. 

We are only monitoring the traffic if there are any issues and the alerts are being triggered. 

We don't log the real-time traffic. We only log the real-time attacks and not the normal traffic that is passing through the device.

The main concern for our customers is to improve the visibility of the actual traffic. Customers feel that is the one feature that will greatly improve Imperva. 

They would like to have the complete network traffic passing through the device. Currently, we are only being alerted for the attack that has passed through the device instead of the genuine traffic.

We would like to see logs of the genuine traffic that passes through the device. It can be optional to enable it for certain customers and certain applications but should be included.

The support for the on-premises version needs improvement.

For how long have I used the solution?

We have been distributing Imperva for the last 10 years.

We are currently dealing with the latest version.

We provide both on-premises and cloud deployment, it depends on the customer's requirement.

What do I think about the stability of the solution?

Once it is configured it is stable. There are no issues with the stability of the Imperva Web Application Firewall.

What do I think about the scalability of the solution?

It is easy to scale. The scalability is fine. You can add gateways and scale, which is a good feature in Imperva.

This device is suitable for everyone.

How are customer service and technical support?

There are two different support teams. The cloud support is very good, but the on-premises support is lacking. The response time could be much better.

How was the initial setup?

The initial setup is easy if you know how to deploy Imperva. Once we do the base installation, the deployment is simple.

Once in six months, there are some patch upgrades required. If there are specific requirements we need to upgrade.

What about the implementation team?

We were able to complete the installation and deployment ourselves.

What's my experience with pricing, setup cost, and licensing?

When it comes to the cost, there are different sets of customers. Some are SMB and veteran customers who go with the cloud version of Imperva, which is a managed service. The next-level customers and enterprise will select the on-premises version along with the cloud. They prefer the hybrid environment.

There are a couple of different licensing models. One is with respect to the Cloud and is based on the number of applications you have to protect. The on-premises model is based on the throughput that is required to be inspected.

Which other solutions did I evaluate?

I know that FortiGate is a niche product and wanted to evaluate Impera and FortiGate for the differences.

What other advice do I have?

You should understand the customer's website, what their website is. They need to configure the ciphers properly. Many engineers are not able to complete the project because they don't understand the customer's environment. 

Before doing an implementation, understand the customer's environment. The ciphers need to be configured properly. Some Imperva engineers are not able to complete the projects because they understand the customer's environment.

Know the ciphers being used and match the ciphers. You must ensure the same ciphers are being matched in the backend load balances. If the backend load or cipher is changed the same should be replicated in Imperva as well. Once this is complete it should be good.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Flag as inappropriate
RK
Senior Software Developer at a computer software company with 1,001-5,000 employees
Real User
Top 20
Stable, protects well against a variety of attacks, especially DDoS

Pros and Cons

  • "The solution has been quite stable. I have not seen any bugs at all."
  • "Sometimes our web application firewall will slow down."

What is our primary use case?

We primarily use the solution for database security.

Basically, the solution is a web application firewall that is used to protect against multiple types of attacks online. It is used for web attacks - mostly DDoS attacks, cross-site scripting attacks, or SQL injection attacks. 

There is also multiple HTTP protocol compliance. If there is any violation it will be detected by this application. It is used for detecting an illegal file type, illegal URL, or bots. 

The solution can prevent a geolocation attack also. If any application is not allowed from certain countries, it will not allow access. We can detect everything via the web application firewall. 

What is most valuable?

The solution offers good security against a variety of web attacks.

The protection from DDoS attacks is very useful. The DDoS attack is a very powerful attack that can harm a company's services. If an application is deployed to any web server or database our service will slow and will go down. A user would not be able to access our service until we can fix the issue. It's a deal if a company can avoid getting hit with DDoS attacks and having something that can effectively protect a company is extremely useful.

The solution has been quite stable. I have not seen any bugs at all.

What needs improvement?

Until now, it is good. There are no issues. As an analyst, I simply monitor. I don't really get too far into the technical aspects of the solution.

Occasionally, I've noticed that the web application firewall was down. If we are not using proper storage, proper memory, proper CPU, and if multiple attacks happen at one time, they will be detected by our web application firewall. Sometimes our web application firewall will slow down. In that sense, it needs some improvement. We do have a precaution for if the solution goes down. We basically, need to increase the memory and the storage and the CPU utilization, so that we can prevent our company from malicious activity. 

I cannot say which type of memory or storage should be improved. The requirements depend on the organization. What organizations need and which type of configurations would work best as per their requirements depend completely on that.

For how long have I used the solution?

I've been working with the solution for about three years or so. It's been a while. I've been mostly working with it over the last 12 months or so.

What do I think about the stability of the solution?

The solution is quite stable. There are no bugs or glitches - or at least, I haven't seen any problems on that front. It doesn't crash or freeze. It's reliable.

What do I think about the scalability of the solution?

Right now, it depends on the company and its needs. I can't speak to if there are plans to increase usage.

How are customer service and technical support?

I've never been in touch with technical support. I can't speak to how knowledgeable and responsive they are, having never communicated with them directly. As an analyst, it's not my responsibility to deal with technical issues directly.

Which solution did I use previously and why did I switch?

It's my understanding that this company has only used this solution. However, if I move somewhere else, it's possible that something else may be used.

How was the initial setup?

I wasn't part of the initial setup. I can't speak to how easy or difficult the process was.

What's my experience with pricing, setup cost, and licensing?

I am not sure of the exact licensing costs of the solution. The licensing is a management decision. The costs and payments are handled by them.

What other advice do I have?

We use the solution's latest version.

We have a partnership with Imperva within our company.

I'd rate the solution at a nine out of ten. We've been mostly quite happy with its capabilities.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Find out what your peers are saying about Imperva, Fortinet, Amazon and others in Web Application Firewall (WAF). Updated: October 2021.
542,029 professionals have used our research since 2012.
BD
CTO at a tech services company with 11-50 employees
Real User
Top 20
It is easy to deploy, manage, and expand

Pros and Cons

  • "Its inline transferring mode is the most valuable because it is 100% transparent. When you change the IP, there is no change on the network side. If you can't and want to try to reach an IP, you can reach the server IP. There are many other advanced security features in it. The smallest appliances of Imperva can handle the highest traffic at a customer site. For example, a smaller appliance from Imperva can provide you the same security as an F5 product."
  • "They can provide an option to create reports, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report."

What is most valuable?

Its inline transferring mode is the most valuable because it is 100% transparent. When you change the IP, there is no change on the network side. If you can't and want to try to reach an IP, you can reach the server IP. There are many other advanced security features in it.

The smallest appliances of Imperva can handle the highest traffic at a customer site. For example, a smaller appliance from Imperva can provide you the same security as an F5 product. 

What needs improvement?

They can provide an option to create a report, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report.

For how long have I used the solution?

I have been using this solution for more than nine years.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is easy to scale up.

How are customer service and technical support?

After nine years with Imperva, we know mostly everything about it, and we are using it very deeply. None of the support can handle us when it comes to R&D. They are able to help us with all other categories.

How was the initial setup?

The initial setup is very easy. You can just plug it in, and it asks you some questions about the IP address, DNS, SSL, etc. After that, it asks you for license codes, and everything is online. It is easy to deploy. You don't have to change any network configuration.

What's my experience with pricing, setup cost, and licensing?

There are some licenses that you have to buy to use some features.

Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell.

What other advice do I have?

In Turkey, we mostly have on-premises deployments. There are some Azure Amazon projects, but it is mostly deployed on-premises. It is not so easy to send Incapsula solutions to Turkey.

I would recommend this solution. It is easy to manage and expand. I would rate Imperva SecureSphere Web Application Firewall a ten out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
SO
Security Engineering at a computer software company with 5,001-10,000 employees
Real User
Top 20
Straightforward to set up with good technical support and stability

Pros and Cons

  • "The solution can scale."
  • "In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy."

What is our primary use case?

My experience is to integrate this application. It's a firewall. You must connect it with the traffic the infrastructure must be routed through this firewall in order to block and search for any problems with the applications.

What is most valuable?

As a system, it's very effective at blocking potentially malicious items. The security is very good.

The solution can scale.

The stability has been pretty good.

Technical support is helpful.

The initial setup is rather straightforward.

What needs improvement?

In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy.

For how long have I used the solution?

I've been working with the solution for about three years or so.

What do I think about the stability of the solution?

I have previously found bugs within the solution and in the past, I have contacted Imperva in order to deal with them to get them resolved.

That said, for the most part, I have found the solution to be quite stable. It doesn't crash or freeze. It works well. 

What do I think about the scalability of the solution?

The solution can scale.

We typically deal with medium-sized enterprises as clients. Typically, these companies have around 500,000 or so employees. They aren't massive, however, they are quite sizeable. 

How are customer service and technical support?

I've dealt with technical support on multiple occasions and I find them to be very helpful and responsive. They are knowledgeable. We're very happy with the level of service we get. 

How was the initial setup?

The initial setup is straightforward, although it does take time to integrate the solution into your existing infrastructure.

What about the implementation team?

As an integrator, I can help clients set up the solution at their companies.

What's my experience with pricing, setup cost, and licensing?

I'm not sure what the exact licensing costs are for the solution. I can't speak to the pricing. It's not part of my responsibilities to cover sales or billing.

What other advice do I have?

Imperva has different three parts - the Web Application Firewall (WAF), Incapsula for cloud, and DAM for database firewalls. This is in one central monitor.

We aren't using the latest version of the solution.

We use the solution as a customer as well as an integrator.

I'd rate the solution at a ten out of ten. It's very good. We've been quite happy with its overall capabilities.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
DK
Technical Account Manager at a tech services company with 201-500 employees
Reseller
Top 5Leaderboard
Easy to deploy with good cost savings and great scaling potential

Pros and Cons

  • "The solution is stable."
  • "I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one."

What is most valuable?

The product is very good. 

It's so easy to do the deployment. The installation is very straightforward. You can't even compare it to others on the market. It's that easy.

The features on offer are very nice.

The solution is stable.

The licensing setup makes the product easy to scale. 

The pricing is very good. 

What needs improvement?

I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one. 



For how long have I used the solution?

I've been using the solution for the last five years. I've used it for quite a while now. 

What do I think about the stability of the solution?

The stability of the product is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

What do I think about the scalability of the solution?

We typically deal with medium-sized organizations.

The licensing model makes the solution very simple to scale. If a company wants to expand, it's not a problem.

How are customer service and technical support?

We need an improvement in the support. We need a lot of turnarounds. Whenever is a ticket open, it's something that has become a concern. 

Which solution did I use previously and why did I switch?

I'm not currently working with any other solution. I just use this product. 

Previously, I did work with F5 and Fortinet. However, Imperva is superior to both of these products.

How was the initial setup?

The initial setup is easy and the solution is very simple to deploy.

What's my experience with pricing, setup cost, and licensing?

The solution is very affordable and the cloud is making it even easier in terms of cost savings. 

What other advice do I have?

We are resellers and we are based in Kenya. We're actually doing the whole suite. I'm working with Database Security and I'm also doing the Web Application Firewall, both of which are on-prem and on the cloud. I'm also doing the DRA.

It's the best in breed in terms of a solution you can put in place.

I'd rate the solution at an nine out of ten. We're quite happy with its overall capabilities. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
Mustafa Okay
Senior Security Engineer at a tech services company with 11-50 employees
Real User
Top 5
Provides good network transparency and integrates well with other products

Pros and Cons

  • "If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency."
  • "The user interface could be better."

What is our primary use case?

We are a solution provider and Imperva is one of the products that we implement for our clients. They use it as an application firewall.

What is most valuable?

If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency. This is better than the competitors.

Imperva SecureSphere integrates well with other tools.

What needs improvement?

The user interface could be better.

For how long have I used the solution?

I have been working with Imperva SecureSphere for about four years.

What do I think about the stability of the solution?

Imperva solutions are the best in terms of stability.

What do I think about the scalability of the solution?

I have not faced any trouble with scalability because you can easily upgrade the appliance. 

How are customer service and technical support?

I am regularly in contact with Imperva support and I am satisfied with them.

How was the initial setup?

The initial setup is very basic and really easy to do. I wouldn't say that everybody, such as non-technical, people can do the setup and configuration. However, people with a mid-level of experience in application firewalls can do it easily.

What's my experience with pricing, setup cost, and licensing?

The price of this solution is a little bit high compared to competitors.

What other advice do I have?

My advice to anybody who is considering this solution is that if they want a stable product with good scalability then they can choose Imperva. The price is a little bit higher than that of the competitors, which largely impacts whether customers choose Imperva. In fact, if you don't care about budget then Imperva is the only solution for an application firewall.

My only complaint is that the user interface could be better.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
SS
Acquisitions Leader at a healthcare company with 10,001+ employees
Real User
Top 5Leaderboard
Reliable, and has easy backup and restore functions

Pros and Cons

  • "The most important feature I have found to be the ease in how to do the backup and restores."
  • "The process to upgrade from one version to another can be a lot simpler than it is currently."

What is our primary use case?

We are using this solution for backing up all of our day-to-day use data and the ability to restore it when we want. For example, when there is a catastrophe or disaster.

What is most valuable?

The most important feature I have found to be the ease in how to do the backup and restores.

What needs improvement?

The process to upgrade from one version to another can be a lot simpler than it is currently.

For how long have I used the solution?

I have been using this solution for six years.

What do I think about the stability of the solution?

When it comes to stability the solution work well.

What do I think about the scalability of the solution?

The solution in my experience has been scalable. In my organization we have approximately 10,000 users using the solution, the whole company uses it.

How was the initial setup?

The initial setup was straightforward. We have a team that does the maintenance of the solution.

What's my experience with pricing, setup cost, and licensing?

There is a license for this solution and we purchase the license annually with no additional fees.

What other advice do I have?

My advice is to follow the three, two, one backup rule, this solution is very suitable for this. Make sure you are defining your mean time for recovery of the backup, and try to see that it makes the mean time.

I rate Imperva Web Application Firewall a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Web Application Firewall (WAF) Report and find out what your peers are saying about Imperva, Fortinet, Amazon, and more!