Imperva Web Application Firewall (WAF) vs. F5 Silverline Managed Services (discontinued)

If you are looking for a cheap product to meet the bare minimum requirements for PCI or any other compliance regulations, this is not the product. Also, the WAF portion only inspects on HTTP/HTTPS traffic which can be very limiting into other forms of web apps that utilize other protocols. The HTTP/HTTPS inspection that it does do is very in depth and well worth the investment.

Incentivized

• Alert Aggregation - Correlates different violations into perceived correlated attacks.
• Ease of deployment - as one of the only WAFs that allow bridge mode deployment, this can be deployed with without downtime and no Network Architecture modifications. If the need for proxy is required at a later time, Transparent Reverse Proxy can be deployed within seconds and minimal configuration.
• Custom Policies - Custom security policies are easy to configure.
• Reporting - There are a good amount of pre-configured reports available by default.

Incentivized

• The UI can use a little work (but is largely decent)

There are just a couple of points that are hard to find, that probably could be elsewhere. But these are minor; everything else is right where you'd expect it to be.

We haven't needed support from Imperva since implementation. But during that time, their personnel were very quick to respond to questions. Since then, it's been largely doing its thing for us (which is exactly what we'd hoped).

Ultimately, it was the easiest to work with that was still a "known" company (we've been burned too many times by up-and-comers). We needed something that gave us a lot of control but then didn't need its handheld on a daily basis. Imperva gives us a lot of that and we are still able to navigate it with ease.

• Our on-prem firewall has less work to do, allowing it more cycles for other tasks.
• We have better web traffic visibility and control over what actors are doing outside our network.