Imperva WAF Review: Features & Pricing

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

What Is Imperva WAF?

Imperva WAF protects against critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers monitor the threat landscape and update WAF with the latest threat data.

What Are the Top Imperva WAF Features?

Security: Very good. Imperva WAF uses dynamic application profiling to learn all aspects of a web application’s normal behavior, including directories, URLs, parameters, and acceptable user inputs. It accurately detects and blocks attacks with minimal false positives. It protects from application layer attacks, including all OWASP top 10 and even zero-day threats.

Gartner said: “The vendor competes and frequently wins on the basis of security features and innovation.”

“Imperva is an amazing WAF,” said a senior manager for information security in the media industry.

Performance: Very good. There are no performance restrictions in throughput or transactions. Throughput of 10 Gbps, and less than 5 ms latency.

Value: Good. Despite good performance and features, starting prices are relatively low. But that may change for larger deployments.

Implementation: Very good. The cloud-based WAF is delivered as a managed service and can be up and running in minutes.

On-premises WAF is delivered as physical appliance, virtual appliance or enabled in public cloud (AWS and Azure). The speed of deployment varies depending on if it is deployed in public cloud, the number of appliances and other factors. Gartner said Imperva customers have “easy deployment options as their application environments shift.”

Management: Fair. Gartner said the WAF “Lacks high-level executive reports, and that overall, the reporting could be much improved to reach an enterprise-class level.”

Support: Very good. Gartner clients are highly satisfied with Imperva customer support, citing high-quality, easy ticket resolution.

“Imperva excels at customer service and partnership. Any technical issue we’ve had, we’ve immediately had the full attention of Imperva,” said a CIO in the education industry.

Cloud features: Good. The cloud-based WAF is delivered as a managed service and can be up and running in minutes.

Imperva WAF

What Are Imperva WAF’s Security Qualifications?

FISMA, NIST SP 800-53 and 800-137, DoD DISA, IRS 1075, FIPS 140-2, Common Criteria.

How Is Imperva WAF Delivered?

The product is delivered as a physical appliance, virtual appliance and as a cloud service. It can be deployed both on-premises and in public clouds like AWS and Azure.

What Is the Price of Imperva WAF?

Small business pricing starts at $59 per month. For larger enterprises, pricing starts at $6,000 and goes up from there depending on amount of bandwidth and number of applications. The on-premises WAF is priced per appliance and starts at $10,000. Enterprise customers typically buy four or five physical or virtual appliances and spend anywhere from $50,000 to $100,000.

What Are the Top Imperva WAF Alternatives?

1 AppTrana

Visit website

AppTrana is a fully managed Web application firewall, that includes Web application scanning for getting visibility of application-layer vulnerabilities; instant and managed Risk-based protection with its WAF, Managed DDOS and Bot Mitigation service, and Web site acceleration with a bundled CDN or can integrate with existing CDN. All of this backed with a 24×7 Managed Security Expert service to provide custom rules and policy updates with zero false positive guarantee and promise.

Learn more about AppTrana

2 Prophaze Cloud Web Application Firewall

Visit website

Prophaze is a Cloud WAF built on Kubernetes and a zero-configuration web application and API protection solution that secures web infrastructure from DDoS attacks and bad bots. Prophaze protects web applications deployed on public/private cloud and works natively as a Kubernetes WAF. Key features include AI firewall, Cloud WAF, DDoS protection, virtual patching, incident management, and API security.

Learn more about Prophaze Cloud Web Application Firewall

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis