← WAF / Web Application FirewallImperva WAF

StrongStrongStrongStrong

4.5

Vendors › WAF / Web Application Firewall › Imperva WAF

Imperva WAF

Name: Imperva WAF
Rating: 4.5 (550 reviews)
Author: Imperva (Thales)

Imperva (Thales)

Founded 2002·US·Private

4.5

Combined score

4.4150

Gartner

4.6280

⚠

Security incident on record — Imperva disclosed breach Sept 2023 — API keys, SSL certs, and customer data exposed via cloud provider misconfiguration

▪ Editorial verdict

Imperva has the largest mind share in the WAF market for a reason that independent testing confirms: the 0.009% false positive rate in head-to-head evaluations is the best in the category by a significant margin. For organisations where legitimate traffic disruption from WAF false positives is a business risk, Imperva's precision is a genuine operational advantage. The unified platform combining WAF, API security, DDoS protection, and bot management under one console also reduces the vendor count that security teams need to manage for application protection.

The Thales acquisition in 2023 introduces the standard PE-to-strategic-acquirer transition questions about pricing and roadmap continuity that buyers should address with current Imperva account teams.

The verdict: Imperva App Protect is right for enterprises wanting the most proven WAF with the lowest false positive rate, on-premises deployment option, and unified API and application security. SMBs wanting simpler deployment should evaluate Cloudflare or AppTrana.

Last reviewed: May 2026

4.4150 reviews

Gartner

4.6280 reviews

PeerSpot

8.4120 reviews

Gartner MQ: Leader (Gartner WAAP MQ 2024)

WAF / Web Application Firewall assessment

PROTECTIONStrong

OWASP Top 10 coverage

5 / 5

Bot management

5 / 5

OPERATIONSStrong

Rule management

5 / 5

Performance & latency

4 / 5

ANALYTICSStrong

Traffic & threat analytics

5 / 5

TRUST & ECOSYSTEMStrong

CDN & network quality

4 / 5

Strongest: OWASP Top 10 coverage

Watch out for: CDN & network quality

Strengths & limitations

Strengths

●Longest WAF market tenure — 20+ years with deepest rule library

●Advanced bot management with device fingerprinting and ML

●On-premises, cloud, and hybrid — most flexible deployment options in category

Watch out for

●Thales acquisition 2023 has slowed product development momentum

●Complex legacy on-premises product can be difficult to modernise

●Premium pricing — among the most expensive WAF/WAAP platforms

Best for

Enterprises needing the most mature WAF with deep bot management and flexible cloud/on-premises deployment.

Not suitable for: Organisations wanting pure SaaS — on-premises complexity and Thales acquisition impact evaluation is needed.

Compliance coverage

●Essential Eight

●AU Privacy Act

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●CMMC

●GDPR

●NIS2

●DORA

●ISO 27001

●CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

ModSecurity
F5 BIG-IP legacy
On-premises WAF appliances

Also considering

Vendors typically shortlisted alongside

Also in our database

Imperva (Thales) also appears in:

API Security →

← Back to WAF / Web Application Firewall Compare with other WAF / Web Application Firewall vendors →

Quick facts

Pricing modelper site/month or per GB traffic

Pricing rangeEnterprise custom; estimated $3,000-50,000/site/year

Free trialNo

Min seatsNo minimum

Deployment time1-2 weeks

Complexity3 / 5

Pricing transparency2 / 5

AU presenceYes

IRAP assessedNo

Open sourceProprietary

Deployment

ModelsSaaS, On-premises, Hybrid

OS supportCloud-native, On-premises appliance

CloudAWS, Azure, GCP

SupportPhone, Email, Dedicated CSM, Professional Services

Data residencyUS, EU, AU

Company

Imperva (Thales)

Founded 2002 · 1,500-2,000 (Thales) employees · Private

HQ: US

Part of Thales $21B revenue

Certifications

FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS

Integrations

SplunkServiceNowAWSAzureSIEM via syslogPagerDutyJira