Imperva WAF Review: Features & Pricing

Bottom line

Imperva WAF protects against critical web application security risks. Its on-premises WAF is rated highly by analysts and should be a strong contender for midsized and large organizations.

Product Description

Imperva WAF protects against critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers monitor the threat landscape and update WAF with the latest threat data.

See our complete list of Top Web Application Firewall Vendors

Imperva WAF Features Rated

Security: Very good. Imperva WAF uses dynamic application profiling to learn all aspects of a web application’s normal behavior, including directories, URLs, parameters, and acceptable user inputs. It accurately detects and blocks attacks with minimal false positives. It protects from application layer attacks, including all OWASP top 10 and even zero-day threats.

Gartner said: “The vendor competes and frequently wins on the basis of security features and innovation.”

“Imperva is an amazing WAF,” said a senior manager for information security in the media industry.

Performance: Very good. There are no performance restrictions in throughput or transactions. Throughput of 10 Gbps, and less than 5 ms latency.

Value: Good. Despite good performance and features, starting prices are relatively low. But that may change for larger deployments.

Implementation: Very good. The cloud-based WAF is delivered as a managed service and can be up and running in minutes.

On-premises WAF is delivered as physical appliance, virtual appliance or enabled in public cloud (AWS and Azure). The speed of deployment varies depending on if it is deployed in public cloud, the number of appliances and other factors. Gartner said Imperva customers have “easy deployment options as their application environments shift.”

Management: Fair. Gartner said the WAF “Lacks high-level executive reports, and that overall, the reporting could be much improved to reach an enterprise-class level.”

Support: Very good. Gartner clients are highly satisfied with Imperva customer support, citing high-quality, easy ticket resolution.

“Imperva excels at customer service and partnership. Any technical issue we’ve had, we’ve immediately had the full attention of Imperva,” said a CIO in the education industry.

Cloud features: Good. The cloud-based WAF is delivered as a managed service and can be up and running in minutes.

Imperva WAF

Security Qualifications

FISMA, NIST SP 800-53 and 800-137, DoD DISA, IRS 1075, FIPS 140-2, Common Criteria.


The product is delivered as a physical appliance, virtual appliance and as a cloud service. It can be deployed both on-premises and in public clouds like AWS and Azure.


Small business pricing starts at $59 per month. For larger enterprises, pricing starts at $6,000 and goes up from there depending on amount of bandwidth and number of applications. The on-premises WAF is priced per appliance and starts at $10,000. Enterprise customers typically buy four or five physical or virtual appliances and spend anywhere from $50,000 to $100,000.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Related articles