F5 Distributed Cloud WAF (Web Application Firewall) vs. Imperva Web Application Firewall (WAF)

So a lot of companies that have a digital side and they have a lot of applications in the cloud, this is one of those areas that it can protect the net so it can lock 'em down, it'll build a baseline so you understand what that application's doing. So if it sees something not normal, it'll get protected against that.

Incentivized

Imperva web application firewall does a great job in giving us control over access to our public web servers. With our regular hosting provider, we couldn't block access based on geography, or really anything. So we had to rely on traditional access controls to protect the data. But with the WAF, we can block countries such as North Korea, or we could stop any SQL Injection attempts, or even do a temporary block of IP in the case of detected brute-forcing.

• Layer seven attacks are becoming far more common. Traditionally it was always layered three, layer four, where you get an additional firewall, but with the application layer attacks become more frequent, more popular, et cetera. So having the web application firewall protecting us, and then with the recent Log4j, that's the most recent use case when it gave us that instant level of protection whilst we remediated the Log4j that we had that and the F5 Distributed Cloud WAF was protecting us.
• I have a great relationship with the account manager, my account manager, and I think he drives the best price possible, um, for me, and I'm happy with that price.
• F5 Distributed Cloud WAF is always innovating and evolving.
• We run a very competitive proof value where we run numerous competitors against each other, and then we evaluate from that and then make the selection, and F5 Distributed Cloud WAF was the winner.

Incentivized

• Alert Aggregation - Correlates different violations into perceived correlated attacks.
• Ease of deployment - as one of the only WAFs that allow bridge mode deployment, this can be deployed with without downtime and no Network Architecture modifications. If the need for proxy is required at a later time, Transparent Reverse Proxy can be deployed within seconds and minimal configuration.
• Custom Policies - Custom security policies are easy to configure.
• Reporting - There are a good amount of pre-configured reports available by default.

Incentivized

• So we just had some performance issues when it comes to routing. Because the web application firewall sits in front of our website, which is hosted on-site, we had some trouble with the VGP protocols between the two sites and it took us a while to figure it out. So that is probably one area where we could improve. Otherwise, when it comes to the WAF functionality itself, it's really good.

Incentivized

• The UI can use a little work (but is largely decent)

There are just a couple of points that are hard to find, that probably could be elsewhere. But these are minor; everything else is right where you'd expect it to be.

We haven't needed support from Imperva since implementation. But during that time, their personnel were very quick to respond to questions. Since then, it's been largely doing its thing for us (which is exactly what we'd hoped).

Basically, Cloudflare is a more economical solution at the level of DNS balancing, easy to use with a few simple clicks and that has gained an advantage in the market, however, compared to F5, it falls short of the entire protection panorama that the solution provides since F5 does not It's just DNS that goes further and that's where it differentiates and stands out.

Incentivized

Ultimately, it was the easiest to work with that was still a "known" company (we've been burned too many times by up-and-comers). We needed something that gave us a lot of control but then didn't need its handheld on a daily basis. Imperva gives us a lot of that and we are still able to navigate it with ease.

• Accelerated time to value as it was a requirement for a workload being provisioned on that cloud
• As an existing f5 customer, access to their solutions integrator (GridZero) made the sizing, licensing, purchases, and downloading of the software very quick and painless

Incentivized

• Meet compliance requirements - Check.
• Better Insight into web application - Absolutely great, checks all the traffic against RFC standards and will alert on common development mistakes that duplicate application traffic or provide attack vectors for potential attackers.
• Have had several issues blocking a customer without producing alerts, while it happened only one week out of 2 years of working with the devices, it did produce a lot of headaches.

Incentivized