eSecurityPlanet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
What Is Imperva WAF?
Imperva WAF protects against critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers monitor the threat landscape and update WAF with the latest threat data.
What Are the Top Imperva WAF Features?
Security: Very good. Imperva WAF uses dynamic application profiling to learn all aspects of a web application’s normal behavior, including directories, URLs, parameters, and acceptable user inputs. It accurately detects and blocks attacks with minimal false positives. It protects from application layer attacks, including all OWASP top 10 and even zero-day threats.
Gartner said: “The vendor competes and frequently wins on the basis of security features and innovation.”
“Imperva is an amazing WAF,” said a senior manager for information security in the media industry.
Performance: Very good. There are no performance restrictions in throughput or transactions. Throughput of 10 Gbps, and less than 5 ms latency.
Value: Good. Despite good performance and features, starting prices are relatively low. But that may change for larger deployments.
Implementation: Very good. The cloud-based WAF is delivered as a managed service and can be up and running in minutes.
On-premises WAF is delivered as physical appliance, virtual appliance or enabled in public cloud (AWS and Azure). The speed of deployment varies depending on if it is deployed in public cloud, the number of appliances and other factors. Gartner said Imperva customers have “easy deployment options as their application environments shift.”
Management: Fair. Gartner said the WAF “Lacks high-level executive reports, and that overall, the reporting could be much improved to reach an enterprise-class level.”
Support: Very good. Gartner clients are highly satisfied with Imperva customer support, citing high-quality, easy ticket resolution.
“Imperva excels at customer service and partnership. Any technical issue we’ve had, we’ve immediately had the full attention of Imperva,” said a CIO in the education industry.
Cloud features: Good. The cloud-based WAF is delivered as a managed service and can be up and running in minutes.
What Are Imperva WAF’s Security Qualifications?
FISMA, NIST SP 800-53 and 800-137, DoD DISA, IRS 1075, FIPS 140-2, Common Criteria.
How Is Imperva WAF Delivered?
The product is delivered as a physical appliance, virtual appliance and as a cloud service. It can be deployed both on-premises and in public clouds like AWS and Azure.
What Is the Price of Imperva WAF?
Small business pricing starts at $59 per month. For larger enterprises, pricing starts at $6,000 and goes up from there depending on amount of bandwidth and number of applications. The on-premises WAF is priced per appliance and starts at $10,000. Enterprise customers typically buy four or five physical or virtual appliances and spend anywhere from $50,000 to $100,000.
What Are the Top Imperva WAF Alternatives?
1 Cloudflare
Cloudflare is a web infrastructure and cybersecurity company founded in 2009 and located in San Francisco, California. Specializing in content delivery network (CDN) services from protecting organizations at the network edge to mitigating DDoS attacks, the Cloudflare WAF protects almost 25 million websites. With a network of that size, Cloudflare offers the latest threat intelligence at scale.
2 F5
Seattle-based F5 traces its roots to the mid-1990s with the release of the BIG-IP load balancer. As the company added appliances, software, and solutions-oriented application layer security, the development of the F5 Advanced WAF became inevitable. From behavioral analytics and machine learning to in-browser data encryption and an anti-bot mobile SDK, F5 offers industry-leading features. F5 is consistently a top alternative for users adopting other WAF solutions.
