F5 BIG-IP software from Seattle-based F5 Networks is a load balancing and application protection solution suite available on cloud or via virtual editions, on a subscription or perpetual licensing basis.
N/A
Imperva Web Application Firewall (WAF)
Score 7.8 out of 10
N/A
The Imperva Web Application Firewall (WAF) is based on technology acquired with Incapsula and the former WebSphere WAF.
N/A
Pricing
F5 BIG-IP
Imperva Web Application Firewall (WAF)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
F5 BIG-IP
Imperva Web Application Firewall (WAF)
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
F5 BIG-IP
Imperva Web Application Firewall (WAF)
Considered Both Products
F5 BIG-IP
Verified User
Director
Chose F5 BIG-IP
BIG IP can do many things at once, where other technologies are more limited
Definitely in larger environments, more mature organizations that obviously have the budget to spend and want best in class. Where it struggles is those organizations that don't have the funding and money to spend on it and need more basic functionality. So I'd say that's smaller customers we've worked with and kind of mid-market. They tend to get scared when they get the quotes. Also we've had some struggles with account team consistency. So for the sales team, just a lot of turnover and a lot of missteps on customer calls.
Imperva web application firewall does a great job in giving us control over access to our public web servers. With our regular hosting provider, we couldn't block access based on geography, or really anything. So we had to rely on traditional access controls to protect the data. But with the WAF, we can block countries such as North Korea, or we could stop any SQL Injection attempts, or even do a temporary block of IP in the case of detected brute-forcing.
I mean from a basic level, it actually satisfies all the use cases we have, which is basically to have multiple web servers for the front end and then you want that to be equally split across. The traffic comes in from all over the world. We use DRA protection and everything, but then we also internally want to make sure all the servers are being utilized and we provide much more availability across all servers. We just make sure BIG-IP sits in between and handles the traffic accordingly. And it's pretty basic and it comes to drawing traffic. It's pretty easy to configure and set it up and then forget.
Alert Aggregation - Correlates different violations into perceived correlated attacks.
Ease of deployment - as one of the only WAFs that allow bridge mode deployment, this can be deployed with without downtime and no Network Architecture modifications. If the need for proxy is required at a later time, Transparent Reverse Proxy can be deployed within seconds and minimal configuration.
Custom Policies - Custom security policies are easy to configure.
Reporting - There are a good amount of pre-configured reports available by default.
Recently we have been deploying F5 web application firewall and we have started the deployment. We have already moved applications out there, but we are not yet to the point wherein I could comment any positive feedback or any negative feedback because we are still going through it, right. But as far as I'm concerned, I don't see any drawbacks or any shortcomings on the F5 product lineup.
It's not difficult to understand the parts of application configurations and features. Setting up new virtual servers with multiple profiles, certificates, and nodes is easy for new users through the web interface, which also translates to programability in scripts, DevOps, or other configuration management use-cases. Users from different backgrounds such as networking and infrastructure can use F5 BIG-IP, while users who are familiar with API calls can easily configure objects without needing to understand the platform at all.
There are just a couple of points that are hard to find, that probably could be elsewhere. But these are minor; everything else is right where you'd expect it to be.
On the occasions when we've had to engage f5 support, they have been great. They have always resolved our issues quickly and been easy to work with and professional. The reason I give them a 10 out of 10, however, is because when we've had issues that have crossed over between the f5 BIG-IP, our Cisco switches, and our Microsoft IIS server the f5 support representatives have been extremely knowledgeable about every product and device involved and have been able to troubleshoot end-to-end without having to engage other vendors.
We haven't needed support from Imperva since implementation. But during that time, their personnel were very quick to respond to questions. Since then, it's been largely doing its thing for us (which is exactly what we'd hoped).
That's the one thing that really stood out. It was a lot easier to use from an administrator standpoint, so I think that's the one thing that really made our team decide to go with this product versus another competitor. Just ease of use.
Ultimately, it was the easiest to work with that was still a "known" company (we've been burned too many times by up-and-comers). We needed something that gave us a lot of control but then didn't need its handheld on a daily basis. Imperva gives us a lot of that and we are still able to navigate it with ease.
Better Insight into web application - Absolutely great, checks all the traffic against RFC standards and will alert on common development mistakes that duplicate application traffic or provide attack vectors for potential attackers.
Have had several issues blocking a customer without producing alerts, while it happened only one week out of 2 years of working with the devices, it did produce a lot of headaches.
