Imperva Web Application Firewall Overview

Imperva Web Application Firewall is the #7 ranked solution in our list of top Web Application Firewalls. It is most often compared to F5 BIG-IP: Imperva Web Application Firewall vs F5 BIG-IP

What is Imperva Web Application Firewall?

Web application attacks deny services and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes and inspects requests coming in to applications and stops these attacks.

Protect your applications in the cloud and on-premises with the same set of security policies and management capabilities. Safely migrate apps while maintaining full protection.

Deploy Imperva WAF on-premises, in AWS and Azure, or as a cloud service itself. Easily meet the specific security and service level requirements of individual applications.

Imperva WAF protects against the most critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers continually monitor the threat landscape and update Imperva WAF with the latest threat data.

Imperva Web Application Firewall Buyer's Guide

Download the Imperva Web Application Firewall Buyer's Guide including reviews and more. Updated: January 2021

Imperva Web Application Firewall Customers

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens

Imperva Web Application Firewall Video

Imperva Web Application Firewall Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Top 5Leaderboard
Oct 7, 2018
Gives me peace of mind, blocks everything we need it to block

What is our primary use case?

Our primary use case is to protect our cloud production environment.

Pros and Cons

  • "It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."
  • "There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering."

What other advice do I have?

I think it's perfect. It's a very good application. When you do large-scale deployment you want to protect your physical web application with Imperva, trust me. It gives me peace of mind. These are guys are from Israel and you should see that place. These guys are the best I have ever seen. They do all kinds of stuff and there is nothing that they cannot do. These people are incredible. They can configure and develop anything, customized, if you want it. Everything has a price, but they can do it right now. They don't have a "no." We use Imperva with Incapsula so we have web security, we have…
Cyber and Information Security Officer at a energy/utilities company with 10,001+ employees
Real User
Mar 5, 2018
We can define custom policies, apply real-time changes and granular configuration

Pros and Cons

  • "Learning mode and custom policies are helpful features."
  • "Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance."
  • "The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year."

What other advice do I have?

I rate it a 10 out of 10 because of the ability to apply real-time changes or creations, export and import applications learned, and it's very easy to use. It also features system logs or incidents, granular configuration in relation to a SIEM. It is the best product on the market, in my opinion. Cyber security leader.
Find out what your peers are saying about Imperva, Fortinet, Amazon and others in Web Application Firewall (WAF). Updated: January 2021.
456,966 professionals have used our research since 2012.
Sr. Consultant at a tech services company with 51-200 employees
Feb 23, 2017
Scan policies allow us to group multiple targets and standardize our database scanning. Technical support is probably the biggest drawback.

What other advice do I have?

Be prepared to obtain every piece of documentation that comes with the product. Thoroughly research it to obtain a clear understanding of how to implement the product and ensure you have a dedicated Imperva first-response engineer that can answer your questions without going through a normal support channel. Be patient when encountering a bug or a feature failure, as well as discrepancies between the product interface and/or behavior with the accompanied documentation. Their support is not prepared to jump in and start working on a fix or update the documentation. In many cases, the…
Systems & Infrastructure Architect at a insurance company with 1,001-5,000 employees
Feb 14, 2017
Provides bad-IP blocking and signature-based blocking. Management of policies and rules can be complicated.

What other advice do I have?

While implementation is not hard, the process and resources for ongoing management should be thought through and agreed to before implementation.
Network Security Engineer at a tech services company with 501-1,000 employees
Jun 24, 2015
The GUI could be improved a little, but the profiling section is the most valuable and fresh aspect about SecureSphere.

What other advice do I have?

I would say to focus on the most convenient area for positioning the WAF in order to take the get the best out of it. In my case, we chose a WAF appliance, and it’s crucial where to put it. For instance, we chose to deploy it downstream from the load balancing network infrastructure for various reasons. One of them was to enable the WAF to see the private IP addresses that a vulnerability assessment tool in the private DMZ would see in order to use the WAF as an application firewall and as a virtual patching tool either.
Senior Security Analyst at a tech services company with 501-1,000 employees
Jun 17, 2015
We can quickly see the attacks that the environment is suffering and take action to mitigate the threat(s).

What other advice do I have?

All products are good, and I believe narrowing the choice of manufacturer is best done when you do proof of concepts in-house and you can see which of your choices is best matched to your needs.
Buyer's Guide
Download our free Web Application Firewall (WAF) Report and find out what your peers are saying about Imperva, Fortinet, Amazon, and more!