My main use case for Imperva Application Security Platform is protecting public-facing websites, and I primarily used Imperva for the web application firewall, which was the principal use case for us.

I recall a time when Imperva's Web Application Firewall helped us detect threats and protect against specific attacks. We used it in a large banking group to avoid and detect threats and protect against OWASP Top 10 vulnerabilities in web application security. This helped us significantly in detecting those vulnerabilities while using custom rules in WAF, making it a very effective use case for our web applications.

In addition to that, we were using Imperva WAF for bot detection and DDoS attacks. We tweaked the firewall rules and added rate-limiting rules to help manage DDoS attacks to a certain level.

What I found most effective about Imperva's WAF is that it has predefined rules covering many use cases, including compliance rules for PCI DSS and local country compliance. The customized rules based on application threats proved to be very useful, along with a good dashboard that, although somewhat complicated for beginners, becomes easy to manage at an expert level with good API integration and effective threat intelligence to detect threats.

After discussing the WAF, I believe Imperva has made significant advancements in its Cloud WAF offerings, which can now effectively protect against bot and DDoS attacks. This showcases a good advantage of being part of the Thales cybersecurity group while expanding its product range in the Cloud WAF space.

Imperva Application Security Platform has positively impacted my organization by providing strong protection for web applications, as many big companies in the UK use Imperva WAF as an essential protection layer, illustrating its effectiveness.

To improve Imperva Application Security Platform, there is a necessity for enhancement in the threat layer, especially regarding DDoS protection and geographical DDoS attacks. Additionally, there is a need for more API integration within the environment, indicating room for improvement in those areas.

I rate this product eight out of ten because I believe there can still be improvements for the WAF, especially in terms of custom rules. I suggest that more rules could be added to the system instead of relying on SMEs for customization. The hardware being more expensive compared to other vendors poses a challenge, along with a need for improvement in the cloud WAF offerings.

I have been using Imperva Application Security Platform for nearly five to six years. I first used it in a large banking group before I joined my current company, where I used both the Imperva on-premise devices and Imperva Cloud.

In my experience, Imperva Application Security Platform is stable.

Regarding scalability, it is good in the cloud but not very strong for on-premise installations.

The customer support from Imperva has been great, with a single point of contact who catered to our company's needs effectively.

We did not use a different solution before adopting Imperva Application Security Platform.

We purchased Imperva Application Security Platform through a partner.

Although it is difficult to quantify the return on investment in monetary terms given that we cannot translate threats into monetary values, the use of Imperva was driven by compliance reasons and resulted in fewer incidents.

My experience with pricing, setup costs, and licensing has shown that the setup cost was high, with the hardware installation in the data center being particularly expensive. Additionally, the cost associated with the appliances used to load balance application traffic resulted in expensive licensing and a need for frequent license rotation. Configuring both hardware and software has also proven to be time-consuming and costly.

Before choosing Imperva Application Security Platform, we evaluated F5 as a WAF solution and also considered Cloudflare.

Although it is difficult to measure the success in commercial or monetary terms, we found that we could manage more threats within the environment, with Imperva flagging threats coming from the internet, resulting in few incidents. This illustrates how Imperva helped us.

I would highly recommend others to consider using Imperva Application Security Platform, and I rate this product eight out of ten.

My main use case for Imperva Application Security Platform involves using it in more than a couple of organizations where I was employed.

We used Imperva Application Security Platform for web application firewall and API security in one of those organizations.

Since we integrate a number of external vendor products in our environment, most of these integrations occur via API, and hence we use Imperva Application Security Platform for API security.

Imperva Application Security Platform offers features such as Attack Analytics.

Attack Analytics has helped us understand what traffic is being received by our applications, and based on that, we have created the policies. The false positives have been reduced, saving a lot of time for us to work on other important tasks rather than wasting time on addressing those false positives.

Imperva Application Security Platform has considerably improved our web application security posture and it has also helped us design our applications with security as the primary concern. Before using Imperva Application Security Platform, we received many attacks, such as command injection attacks, SQL injection attacks, and even though we were using a niche web application firewall, we were not able to tackle those attacks. After moving to Imperva Application Security Platform, these attacks have been prevented significantly, and the attacks on the initial level have been considerably reduced.

We have not yet encountered any issues with Imperva Application Security Platform until now; however, improvements are always expected from the vendor. No major improvements are required, but it should still work on reducing the false positives. Although we do not receive that many false positives, some improvement is still required regarding learning the traffic while using Imperva Application Security Platform.

Nothing as of now because we have still not used all the features of Imperva Application Security Platform, but we are exploring it and in the future, maybe we will understand what improvements are required.

I have been using Imperva Application Security Platform on-prem as well as in the cloud for almost four years.

Imperva Application Security Platform is quite stable.

I do not have much experience with respect to the scalability of Imperva Application Security Platform because a different infrastructure team manages all these aspects; we, as a security team, are just using it for protecting our applications and APIs.

I had an experience reaching out to customer support for an issue with Imperva Application Security Platform, and it was quite good; they addressed the issue effectively.

If anyone is concerned about API security, then Imperva Application Security Platform is definitely a good choice.

Imperva is a trusted brand, and I have been using Imperva Web Application Firewall on-prem and also as SaaS, but Imperva Application Security Platform is a next-generation cloud-based service that is quite helpful and powerful. Based on current attacks and the latest AI-based attacks, some improvement is required, but it remains a promising product that I would recommend to others.

I would rate this product an 8 out of 10.

Imperva Application Security Platform is generally used for legacy-type applications that cannot be migrated to the cloud. A specific example of how I use this tool to protect legacy applications in my organization is that we have an intranet which has not been fully developed or technologically advanced enough to run in the cloud, so by having this, we secure it effectively.

Imperva Application Security Platform allows you to enhance your application security posture. Among the best features that Imperva Application Security Platform offers, the policies are very dynamic, and it also has profiling at the application level that allows you to work in this mode.

I would like to highlight especially the ThreatRadar feature, which is an additional subscription, and ThreatRadar helps with threat intelligence by allowing you to block advanced attacks as well as mitigate risks more effectively.

Imperva Application Security Platform positively impacts us because we have a critical website, so by placing a WAF of Imperva's quality, it allows us to have visibility and granular control over the various attacks that can occur on the website.

A concrete improvement I have seen thanks to Imperva Application Security Platform is that it has decreased the level of connections to the final server. The specific improvement is that the connections that reach the server are fewer because Imperva is already filtering them at the WAF stage.

Imperva Application Security Platform could be improved if it allowed integration with Active Directory in the cloud, or if it provided visibility of user roles and permissions.

I have been using Imperva Application Security Platform for a little more than three years.

I consider Imperva Application Security Platform to be a stable solution.

I would rate the scalability of Imperva Application Security Platform as very good since it adapts well and you can grow independently because the interfaces support one and ten gigs.

Imperva Application Security Platform customer support has been very good; the ticketing platform allows us to have visibility of the case, and the staff makes the effort to respond quickly.

I did not previously use any other solution before Imperva Application Security Platform.

The advice I would give to others who are considering using Imperva Application Security Platform is to start with learning mode and then move to blocking mode slowly for approximately one week so that Imperva can identify the website and the connections that are made to it.

I have seen a return on investment with Imperva Application Security Platform, as it is generally associated with time savings, because the review of alerts and the visibility it gives saves us significant operational time. The clarification on time savings is that it refers to the time spent on alerts.

My experience with the pricing, implementation cost, and licenses of Imperva Application Security Platform is that it is high compared to a traditional WAF solution, but it meets expectations.

Before choosing Imperva Application Security Platform, I did not evaluate other options, as we went directly with Imperva due to recommendations.

I would rate Imperva Application Security Platform an eight on a scale from one to ten. Imperva Application Security Platform is a very good platform; even though it is not in Gartner, clients request it and trust the brand. I would rate customer support on a scale from one to ten as an eight. My overall review rating for Imperva Application Security Platform is eight out of ten.

My main use case for Imperva Application Security Platform is onboarding the application on Imperva.

To onboard an application on Imperva, we start with sites, under which we have server groups. Under the server group, we have our applications. So I create a site; let's suppose India is a site. In India, we have multiple regions, we can say states, like Maharashtra and Jaipur, Bangalore. I create a server group, and under that, I can create another, and into that, I can add our applications. For example, in Hyderabad, we have our major applications, so I can add those major applications into the Hyderabad segment, while the same application which works as a DR would reflect on the Jaipur site.

In onboarding, we provide the IP address, FQDN, and the port as well. I put the application into simulation mode for about 15 days. After 15 days have passed, I apply the default policies, whatever the default policies we have. Then, I move the application into blocking mode. Every day, I monitor the traffic pattern, the traffic count, and whether any traffic is getting blocked, checking which particular policy the traffic is getting blocked in. Additionally, if users have requirements for custom policies or custom error pages, I work on that as well.

The best features Imperva Application Security Platform offers include the ADC. Imperva releases their policies every 15 or 20 days, and we have almost covered all the OWASP Top 10 related issues.

In my day-to-day work, the ADC helps because Imperva updates the latest signatures, latest policies, and whatever the latest alerts have been found, creating their policies without requiring us to do a lot of work. I simply update the ADC, and whatever new policies are in Imperva are reflected on our platform as well. This allows me to communicate to the organization that we have the up-to-date policies regarding the latest attacks that have been identified.

Imperva Application Security Platform impacts our organization positively in many ways, such as protecting our applications. Additionally, during compliance audits, I can show what attacks we have prevented and how Imperva helps us mitigate threats. There is also bot protection and CAPTCHA features. I recall a time when we were facing attacks on an application; I identified the issue, and based on that, I created a rate-limiting policy on Imperva, which significantly helped our organization.

I believe Imperva Application Security Platform should have a more interactive wizard. While the dashboard is good, it could be more eye-catching. Based on my perspective, I recommend modifying the dashboards, especially the main dashboard where I can see the traffic hit count, alerts, and other latest information.

In terms of reporting, I find it challenging to create reports; in my earlier days, it was difficult. Over time, I have learned how to create reports, but it should be easier to do so. I have used other tools such as firewalls or SolarWinds, where creating a report is straightforward and does not take much time, unlike in Imperva, where I have to add many elements. Modifications in the integration aspects would also be beneficial.

I have been using Imperva Application Security Platform for 1.5 years.

Imperva Application Security Platform is now stable because we have upgraded it.

We have seen a reduction in attacks because, during a DDoS attack, a lot of requests were made for a single application, preventing legitimate users from accessing it. Thanks to Imperva, I implemented a rate-limiting policy—if a user hits around 300 or 400 requests in five minutes, that IP gets blocked. I protected our applications through this method. Moreover, by analyzing our day-to-day logs, I have identified many latencies. For instance, we have F5, and while it decrypts the traffic, Imperva inspects it, and I have faced numerous challenges due to F5. However, on Imperva, I experience no latency.

The customer support I have encountered is really good.

We previously used F5, but we faced issues related to utilization. We encountered many challenges with F5 crashing due to high traffic, which led us to replace it with Imperva, though I still sometimes face utilization issues with Imperva where it may reach up to 90 or 95 percent but does not crash.

As such, I have not seen a return on investment.

To be honest, I am not handling the pricing costs, so I am unsure about that aspect.

We have a DCDR setup, and because we are on-premises, we have created our DC and DR. We test our DC and DR every three months by switching traffic from the DC to DR for seven days before switching back to the DC.

I suggest others looking into using Imperva Application Security Platform consider it as the best solution. I have worked with both F5 and Imperva, and while F5 offers many solutions in one box, it can lead to numerous issues, and Imperva's feature capabilities surpass those of F5. I definitely recommend Imperva. I would rate this product a 7 out of 10.

The best features Imperva Application Security Platform offers are for speed and protection. There is runtime and zero protection, and we have the sub and sub plus protection.

The speed and protection features of Imperva Application Security Platform help my team day-to-day by providing safe and clear access to the website. For example, my company is a multinational company that experiences many attacks, such as DDoS attacks, hitting the general website of the company before. The protection protects all of the websites in Imperva, so accessing the website is safer right now, not disrupted by DDoS attacks.

Imperva Application Security Platform has positively impacted my organization by making the website more secure. It reduces the DDoS attacks and reduces the attacks from threat actors, including SQL Injection and zero-day attacks, by using dynamic application profiling from Imperva. This is very helpful for my company as it reduces the incidents from the website.

I would suggest that Imperva Application Security Platform should include new features combined with AI. When I was using Imperva, it was not yet combined with AI. I believe that AI can now be used to make things easier, to track the attacks or IPs, or perhaps to determine the best configuration for each company that is using Imperva.

I would add that I have a unique observation about the features of Imperva Application Security Platform. For protection to protect more safely and restrictively, I have another use case with an internal website. This website is internal, and those people who want to access it can use the VPN or the internal network. I have encountered cases where a person from the internal company wants to access the website without using the API and got blocked by Imperva because there is a feature or configuration that allows specific IPs. I had to log all of the ways to access the web and allow only a few IPs from the internal IPs. I think Imperva is very secure, very restricted, and good for protecting websites, especially for internal websites and production servers.

Regarding improvements to Imperva Application Security Platform, I think all aspects of Imperva Web Application Firewall, including the UI/UX, are good, and I can operate it smoothly with the application. I give this product a rating of 8.5 out of 10.

Regarding my main use case, I first log into the WAF applications, then access the Alerts section. In that section, I can see different types of activity happening in the firewall. I review each alert to determine whether it is legitimate or suspicious activity. I can also view the target IP address and locations, target servers, and the payload that the attacker was using in that alert. I can see the OWASP Top 10 alerts and the event timing to identify when the attack occurred.

There are many alerts in Imperva Application Security Platform. For example, there is an OWASP Top 10 alert called SSRF, which is server-side request forgery. If someone attempts to access the server, the WAF blocks that SSRF alert, or RCE, Remote Code Execution alert, blocking immediately based on the signature, not only by the payload or the IP address. That is very effective.

Imperva Application Security Platform has positively impacted my organization because every time an attacker uses a malicious payload or malicious signature that is already included in the signature database of the WAF application or Imperva application, the application directly blocks that particular signature immediately. This capability can help any organization achieve better security outcomes.

I gave it a 10 because it is useful for private organizations and it is very safe to have WAF applications, particularly Imperva Application Security Platform.

The advice I would give to others looking into using Imperva Application Security Platform is that it is safer to use or to have it. My overall rating for this product is 10 out of 10.

Imperva Application Security Platform is used primarily for web application firewall security. My organization has a significant number of applications running through the platform, and to monitor those applications, we require firewalls. Imperva Application Security Platform's Web Application Firewall performs the deep inspection necessary for this monitoring.

Imperva Application Security Platform offers customization of security policies, allowing me to create policies tailored to my environment.

The rate limiting policy in Imperva Application Security Platform works based on usage numbers and has proven valuable for our operations.

Imperva Application Security Platform is user-friendly, and I can maintain a customized dashboard to monitor the utilization of all gateways in day-to-day operations.

Imperva Application Security Platform serves as the base pillar for applications to grant or deny access appropriately.

From a compliance perspective, Imperva Application Security Platform has been an improvement, as it has passed all compliance processes.

Imperva Application Security Platform could be improved by providing a more user-friendly dashboard.

I would recommend that support for Imperva Application Security Platform be enhanced to be more effective.

I have been using Imperva Application Security Platform for three years.

Imperva Application Security Platform is stable.

Scalability in Imperva Application Security Platform depends on the region. Imperva Application Security Platform can handle more applications or increased traffic easily as my organization grows. Currently, we are running approximately 1000 applications, and it can handle more.

Customer support for Imperva Application Security Platform is good, though it could be better. I would rate the customer support of Imperva Application Security Platform an eight on a scale of one to ten.

I did not previously use a different solution.

We have seen a return on investment with Imperva Application Security Platform, as we started with a few devices and gradually increased the number of on-premises devices for Imperva Application Security Platform.

The pricing, setup cost, and licensing for Imperva Application Security Platform were user-friendly and good.

Before choosing Imperva Application Security Platform, I evaluated Akamai WAF.

I would recommend Imperva Application Security Platform compared to Akamai WAF. It has been good to use Imperva Application Security Platform, as I have been using it for three years. I would rate this review a nine on a scale of one to ten.

My main use case for Imperva Application Security Platform is for WAF, application firewall, which is a web application firewall. I have my company's sites, websites, and our core application runs on it as well, so all traffic must first come through Imperva Application Security Platform before it's routed to the application.

A specific example of how I use Imperva Application Security Platform for my core application involves dealing with all the unwanted bots on the internet and crawlers.

Regarding my main use case with Imperva Application Security Platform, it denies all forms of malicious attempts to the sites, including SQL injection, brute force attack, DDoS, and all of that. It denies that and provides information about it through logs that indicate which particular IP was denied and the region, so I have the location based on the IP. I can get the location of where the attacks or injections are coming from. Basically, I receive a clean request based on the rules I've set, made to the server, and then receive their request back, while the ones that are not clean are blocked.

Regarding other features, Imperva Application Security Platform has safe logging capability and, as mentioned earlier, it's primarily for my WAF, web application firewall. Any basic web filtering capabilities are there, and that's all I use it for.

The best features Imperva Application Security Platform offers include DDoS protection, anti-DDoS capabilities, and connection protection against different malicious web attacks.

Imperva Application Security Platform has positively impacted my organization, as before its introduction, I usually had a lot of logs on my router, with many foreign attempts from anonymous IPs trying to gain access, including a lot of brute force logs. The CPU of the router would struggle with what it wasn't supposed to be doing while legitimate users suffered. Since implementing Imperva Application Security Platform WAF, as mentioned earlier, only legitimate traffic reaches the server and the router to request what they need, and of course, the response is given. This allows us to accommodate more legitimate traffic, faster and more securely.

While I can't provide a specific metric at this moment as I'm not in front of my system, I can confidently say that we have significantly noticed improved performance in terms of latency, an increased number of requests we can handle, and a reduction in attack attempts.

One improvement I would like to see in Imperva Application Security Platform is the ability to fail over to different sites for my same application. I want to have my disaster recovery site, my current site, and my cloud environment, all different, about three sites so that I can load balance across those sites. It would be beneficial if that could be included as a baseline feature without needing a special license.

I also think about the ability of Imperva Application Security Platform to integrate its logs with various systems; the integration with SIEM solutions is limited to certain types of OEM. I would prefer a situation where they are more agnostic in terms of log integration with SIEM solutions, such as SentinelOne.

I have been using Imperva Application Security Platform for more than three years.

Imperva Application Security Platform is very stable.

In terms of scalability, I believe it's within their infrastructure; there has never been any downtime.

I use the channel partner for support and have never had a need to raise a ticket directly with Imperva.

Imperva Application Security Platform is deployed in a cloud solution, as I was provided with login details, logged in, and configured Imperva Application Security Platform, putting in my public IP. From Imperva, I received a certain CNAME that I placed in my DNS, so all traffic coming to my domain goes through that DNS, through the CNAME to Imperva Application Security Platform, and then Imperva Application Security Platform forwards it to my public IP. Therefore, I would classify it as a private cloud.

I have the impression that there is a return on investment; we enjoy cleaner traffic in our environment, and more requests are being served, indicating a huge return on investment.

My experience with the pricing, setup cost, and licensing is that the pricing is not transparent to me; it's what the vendors give, or whatever the channel partner offers that you can negotiate on. The setup process is pretty easy, and the vendor is very transparent in terms of support.

Prior to choosing Imperva Application Security Platform, I did not evaluate other options in terms of a proof of concept; I only did a feedback assessment on the internet.

I would rate Imperva Application Security Platform a nine on a scale of one to ten. I choose a nine because it has not failed me since I've been using it, and I've not had any attack. My advice to others looking into using Imperva Application Security Platform is that it is highly recommended and certainly worth trying out, at least for web application firewall purposes.