Imperva - Managed Rules for IP Reputation on AWS WAF

Imperva Managed Rules on AWS WAF was used to protect high traffic enterprise web applications and APIs, handling millions of monthly requests. I was part of the domain management and CDN network team. It served as the primary baseline security layer, integrated directly into AWS web ACLs.

Imperva Managed Rules on AWS WAF is deployed in a hybrid cloud environment in my organization. We have direct traffic from Akamai CDN, but everything was passing through Imperva.

Automatic updates are the best features Imperva Managed Rules on AWS WAF offers. When I mention updates, I am referring to the automatic threat intelligence and frequency of rule updates. Imperva automatically updates threat intelligence and signatures, which saved a lot of engineering teams considerable time.

The customer support for Imperva Managed Rules on AWS WAF is the best. As soon as I had any issue when I was on-call rotation, the support was very friendly, very accurate, and always helpful.

Imperva Managed Rules on AWS WAF's governance and security is very robust. The security and compliance is always the best. If you do not have proper roles or privileges, it's impossible to access information or details from other users or accounts.

Imperva Managed Rules on AWS WAF's accuracy and reliability of output is very accurate. I would say it's one of the industry standards, with more accuracy. I have never seen greater accuracy with Imperva or Incapsula.

Sometimes the rules act as a black box with Imperva Managed Rules on AWS WAF because you cannot see the underlying rule logic or regular expressions, which can be challenging when troubleshooting false positives on complex API payloads.

Better documentation would help with the needed improvements. I was trying to use the Terraform provider, looking for the Imperva provider, but it was not easy to integrate.

Low operational overhead is the only additional feature I would mention.

I have been using Imperva Managed Rules on AWS WAF for two years.

Imperva Managed Rules on AWS WAF is very stable.

I have never had any issue regarding scalability with Imperva Managed Rules on AWS WAF because it is always cloud-based or hybrid but has never been a concern.

The customer support for Imperva Managed Rules on AWS WAF is the best. As soon as I had any issue when I was on-call rotation, the support was very friendly, very accurate, and always helpful.

I would rate the customer support a ten out of ten.

I did not previously use a different solution before Imperva Managed Rules on AWS WAF. We are still using the same solution.

Imperva Managed Rules on AWS WAF was integrated very quickly without having to build custom rule sets from scratch, positively impacting my organization.

The quick integration of Imperva Managed Rules on AWS WAF benefited my team with compliance like PCI DSS and SOC 2. It was integrated very quickly without creating something from scratch. The security compliance audits were easier.

We did not purchase Imperva Managed Rules on AWS WAF through the AWS Marketplace. We have a direct partner.

I have seen a return on investment when something involves any deployment for blue or green deployment. I was in charge of redirection rules, so traffic from one cluster to another was very useful.

I was not part of the billing team, so I do not have much experience with pricing, setup cost, and licensing. Imperva Managed Rules on AWS WAF was already in place when I joined the team, and it is still one of the most used tools.

I was evaluating Akamai before choosing Imperva Managed Rules on AWS WAF.

Imperva Managed Rules on AWS WAF is great for meeting security compliance audits, using the out-of-the-box compliance and low operational overheads.

I highly recommend Imperva Managed Rules on AWS WAF when you need something fast and low-maintenance threat protection. For applications with highly customized API payloads, there may be some false positives.

I would highly recommend Imperva Managed Rules on AWS WAF when you need fast, low-maintenance threat protection.

I would like to continue using Imperva and integrate it with Terraform, so my pipelines will be much more secure.

I give this review an overall rating of eight out of ten.

Hybrid Cloud

Amazon Web Services (AWS)

My main use case for Imperva Managed Rules on AWS WAF is to protect my layer seven applications and application load balancers (ALBs) so that I can protect my applications from layer seven cybersecurity attacks.

I can give a specific example of how I've used Imperva Managed Rules on AWS WAF to protect an application, as the rules help me protect from cyber attacks which are part of the OWASP Top 10, including cross-site scripting, SQL injection attacks, and sometimes modifications of MFA for specific applications.

I'm mainly focusing on protecting my applications that are hosted on CloudFront and sometimes on the application load balancer in AWS, for which I'm using Imperva Managed Rules on AWS WAF.

The best features of Imperva Managed Rules on AWS WAF are that all the rules are in line with the updated OWASP Top 10 security vulnerabilities, which allows me to counter attack with the respective attack patterns that are present in the market.

Staying up to date with the latest OWASP Top 10 has helped my team significantly, as with the updated 2026 rules, we can counter the cyber attacks that are more aligned with artificial intelligence tools. Earlier, there were certain OWASP Top 10 rules that were not present in the environment.

Imperva Managed Rules on AWS WAF has impacted my organization positively to a very good extent, as along with the default AWS WAF rules, Imperva Managed Rules on AWS WAF is giving more edge on layer seven security for protecting the applications at the organization, making them good-to-go rules.

Since using Imperva Managed Rules on AWS WAF, I've noticed specific outcomes such as a reduction in security incidents, and it provides me with more robust solutions along with protections and analysis, allowing it to protect against cyber attacks at any level or capacity.

Imperva Managed Rules on AWS WAF keeps updating its rule sets, but the company could increase the number of rules on a yearly basis and incorporate more rules aligned with artificial intelligence security. There should be more alignment with AI and ML security.

I have been using Imperva Managed Rules on AWS WAF for about one or two years.

Everything looks good with Imperva Managed Rules on AWS WAF as of now.

Regarding Imperva Managed Rules on AWS WAF's AI capabilities, I believe it has a good alignment from the governance and security perspective, and it is capable of protecting from cyber attacks effectively.

In terms of accuracy and reliability of output regarding Imperva Managed Rules on AWS WAF's AI capabilities, it all depends on which AI generative model is being used. Currently, Imperva is in good shape with a decent capacity for accuracy and reliability, though not perfect.

My advice to others looking into using Imperva Managed Rules on AWS WAF is that if customers do not want to use the default AWS WAF rules or if they are looking for add-on features or protection, they should proceed with Imperva Managed Rules on AWS WAF to gain more security.

I give this product a rating of 9 out of 10.

Amazon Web Services (AWS)

My main use case is proactive edge security and IP reputation management. I use Imperva Managed Rules on AWS WAF's IP reputation rule group attached to my main application load balancer. Because Imperva leverages crowd-sourced global threat intelligence from their entire network, the rule layer automatically blocks requests originating from known botnets, exit nodes, and active attackers. For example, during a distributed credential stuffing attempt, Imperva dropped the malicious connections at the AWS edge layer instantly. This saves my back-end applications' API from resource exhaustion.

The best feature I would say is the compliance. It satisfies enterprise audit criteria for web application profiling that is required by PCI DSS and HIPAA. Also, it aligns fully with my security compliance matrices, the OWASP Top 10 alignment, and standard core rules to defend against injection attacks, cross-site scripting, and path traversal. These are the major features.

The managed rule set proves that modern security does not have to be slow or complicated. It turns threat intelligence into a utility function that I can enable with a few clicks.

It has eliminated the heavy operational burden of threat research. Instead of my internal security engineers spending hours tracking new malicious IPs or writing custom regex signatures to deal with emerging exploits, Imperva automatically updates the rule set in the background.

There are many improvements I would identify. The native AWS integration plugs directly into my existing Web ACLs along with the native AWS managed rule sets without conflict. There are no software regressions because it relies entirely on standard WAF matching conditions and it has zero impact on the application middleware or container environment. This aspect could be improved.

Other issues include that the marketplace sellers do not allow me to modify individual parameters inside the vendor's compiled rule set, meaning any false positive must be handled by a custom override rule. This also needs improvement.

I have been using Imperva Managed Rules on AWS WAF for about three years.

Imperva Managed Rules on AWS WAF is highly stable because the rules run directly inside the native AWS WAF engine. Availability is backed by AWS global infrastructure. There is no middleman latency or point of failures. It inherits the high stability and scaling of AWS itself.

It scales flawlessly via elastic hyper-scale. Since it handles inspection inside the cloud provider's network edge, it can handle millions of web requests per second without requiring my team to provision large compute instances or worry about bandwidth bottlenecks.

The customer support is providing excellent service. The support and reference models are very structured. AWS documentation explicitly outlines how to subscribe to and deploy vendor rule sets, while Imperva provides clear definitions for what each rule group evaluates. Support for rule matching is managed through AWS Premium Support channels with escalation lines to Imperva's threat research team for enterprise subscribers.

I previously managed custom IP blocklists manually via standard network firewall rules. I switched because manual lists are reactive, rigid, and impossible to maintain efficiently against rapidly changing cloud threat vectors.

I fixed this by putting Imperva Managed Rules on AWS WAF's rule group into count mode for the first two weeks. This allowed me to analyze the traffic pattern safely in my logs and write specific bypass exceptions before switching the rules to strict block mode.

I always leverage count mode when introducing a new vendor rule package. Let it observe your real production traffic patterns for a week, verify it against your monitoring dashboard, and only toggle it to fully blocking once you are confident your legitimate APIs will not be disrupted.

The return on investment is highly visible in my infrastructure savings. By stopping illegitimate traffic at my utmost edge, I noticed a 15% drop in junk traffic reaching my application layers. This reduced my downstream compute cost and lowered my database resource consumption.

The experience was very efficient. The product uses a transparent, pay-as-you-go consumption-based pricing model that is billed through the AWS Marketplace. It eliminates heavy upfront contract costs, handles automatic licensing, and bundles all fees directly into my unified AWS monthly billing.

Splunk was another option that I considered, but ultimately I chose Imperva Managed Rules on AWS WAF, which offered many more benefits.

I noticed a 12% drop in junk traffic reaching my application layer. I would rate this solution 9 out of 10.

Public Cloud

Amazon Web Services (AWS)

What do you like best about the product?

It is a reliable cybersecurity solution that has many tools to help protect web applications.

What do you dislike about the product?

It is very expensive for our South American region and the support from the partners is bad.

What problems is the product solving and how is that benefiting you?

The technical support from the local partners is bad.

What do you like best about the product?

Very transparent data encryption and attack protection

What do you dislike about the product?

I hate it when it tries to block my penetration attempt.

What problems is the product solving and how is that benefiting you?

prevent penetration and protection againt rougues

What do you like best about the product?

Ease of use and setup. I used inperva for setting up my web application firewall for my websites. It was based on reverse proxy technique.

What do you dislike about the product?

Many hidden options. It's hard to decode the inner level setup of the waf.

What problems is the product solving and how is that benefiting you?

Protecting my website and data from the intruders.

What do you like best about the product?

its strong security features, advanced threat protection, and comprehensive coverage against web application attacks

What do you dislike about the product?

the cost of implementing and maintaining a WAF

What problems is the product solving and how is that benefiting you?

Web Application Security
Threat Mitigation
Regulatory Compliance
Application Performance
Intelligent Analytics

What do you like best about the product?

It provides protection for all the platforms, like Active and legacy applications, third party applications, and also Cloud and container applications. I've already looked into other competitors such as F5 and SiteWall, but the Imperva firewall seems to be a bit better than those two.

What do you dislike about the product?

So far, I haven't seen a downfall while using this firewall since it has been protecting all the applications regardless of the platform and provides full time monitoring, alerting and remediation of Web traffic.

What problems is the product solving and how is that benefiting you?

Since organisations are moving to cloud-based environments and depending more on the internet, WAF can help you precisely monitor Ports 443 and 80 and prevent Web-based Targeted and Non-targeted attacks, which will help you to secure all kinds of applications that the organisations are using and hosting on their web and application servers.

What do you like best about the product?

Imperva Web Application has be a great help in making my computer risk free from external threats an dreducing my vulnerability. Also, it is easy on the pockets due to the minimal cost. Imperva is also very easy to use. Just with a dns change we can activate it.

What do you dislike about the product?

As of now I havent faced any issues with Imperva Web app. It has been a hassle free journey till now with Imperva.Havent faced any technical issues as of now with it.

What problems is the product solving and how is that benefiting you?

Imperva Web application firewall has made securing my system very easy.It has been vwey easy to switch to Imperva. The up to datesignatures of Imperva helps in making my computer safe and secure.

What do you like best about the product?

The imperva firewall has been very helpful for making my personal computer much more safer. The application is very light which makes it very easy to load even in poor networks.

What do you dislike about the product?

I did not face any issues as of now with thje imperva web application. It is working all good. And I hope this will work fine in future as well. No negetive points to raise as such.

What problems is the product solving and how is that benefiting you?

The imperva web application has made it hassle free for me when trying to make my personal and work computers safe from malwares.The imperva is very easy to use which makes it very useful.