Imperva Web Application Firewall (WAF)

Score7.5 out of 10

14 Reviews and Ratings

Community insights

TrustRadius Insights for Imperva Web Application Firewall (WAF) are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Wide range of features: Users have praised the wide range of features offered by Imperva WAF, with multiple reviewers highlighting this aspect. They appreciate that Imperva WAF provides advanced security measures and enhanced web security capabilities, allowing them to protect their systems effectively.

Easy to learn and implement: Many users find Imperva WAF easy to learn and implement, according to several reviewers. They value the simple portal and minimum prerequisites required for setup. This user-friendly approach makes it convenient for users to start using Imperva WAF without significant barriers or complications.

Cloud-based nature: The cloud-based nature of Imperva WAF is highly valued by users, as mentioned by a number of reviewers. They appreciate the easy access provided by the cloud platform, which eliminates the need for on-premise solutions and reduces operational overheads. This feature allows users to experience hassle-free web security without having to manage physical infrastructure.

Reviews

2 Reviews

A tad on the pricey side, but still a great value

Rating: 9 out of 10

November 22, 2020

Use Cases and Deployment Scope

The Imperva WAF acts as our go-between (proxy) for our public-facing websites. They intercept known bad actor IPs, and we can also block certain countries that have shown to be problematic and we don't do business in. More dynamic attacks are also detected and blocked, making this largely a "fire and forget" tool. We rarely even need to log into the tool, except to pull our weekly reports.

Pros

Block some dynamic attacks such as SQL injection.
Block unfriendly accesses based on geographic source.
Helps us implement SSL in cases where the original server can't (yet).

Cons

The UI can use a little work (but is largely decent)

Likelihood to Recommend

Imperva web application firewall does a great job in giving us control over access to our public web servers. With our regular hosting provider, we couldn't block access based on geography, or really anything. So we had to rely on traditional access controls to protect the data. But with the WAF, we can block countries such as North Korea, or we could stop any SQL Injection attempts, or even do a temporary block of IP in the case of detected brute-forcing.

Ryan Cash

IT Security Analyst III in Information Technology at Tallgrass Energy (501-1000 employees)

Vetted Review

2 years of experience

View profile

Imp-erva is Imp-pressive

Rating: 9 out of 10

Incentivized

January 29, 2016

Use Cases and Deployment Scope

SecureSphere has been purchased mostly due to either a major concern around protecting web applications or adhering to PCI compliance. It provides great insight into web applications outside alerts and can be used not only by the security unit but the applications teams as well.

Pros

Alert Aggregation - Correlates different violations into perceived correlated attacks.
Ease of deployment - as one of the only WAFs that allow bridge mode deployment, this can be deployed with without downtime and no Network Architecture modifications. If the need for proxy is required at a later time, Transparent Reverse Proxy can be deployed within seconds and minimal configuration.
Custom Policies - Custom security policies are easy to configure.
Reporting - There are a good amount of pre-configured reports available by default.

Cons

Attack Correlation Validation - This specific policy produces a lot of false positives as well as the SQL injection policies. Of course it is difficult to tell what a legitimate query is on a public facing web app.
Profiling - I tend to spend more time than any other feature tuning the Web App Profiles. Plugins are used to help cope with this, but on extremely large web apps we are forced to turn off the profiling feature.

Likelihood to Recommend

If you are looking for a cheap product to meet the bare minimum requirements for PCI or any other compliance regulations, this is not the product. Also, the WAF portion only inspects on HTTP/HTTPS traffic which can be very limiting into other forms of web apps that utilize other protocols.

The HTTP/HTTPS inspection that it does do is very in depth and well worth the investment.

Verified User

Consultant in Information Technology (5001-10,000 employees)

Vetted Review

2 years of experience

Loading Reviews List....