Imperva - Managed Rules for IP Reputation on AWS WAF

Imperva Managed Rules on AWS WAF  was used to protect high traffic enterprise web applications and APIs, handling millions of monthly requests. I was part of the domain management and CDN  network team. It served as the primary baseline security layer, integrated directly into AWS  web ACLs.

Imperva Managed Rules on AWS WAF  is deployed in a hybrid cloud environment in my organization. We have direct traffic from Akamai  CDN , but everything was passing through Imperva.

Automatic updates are the best features Imperva Managed Rules on AWS WAF  offers. When I mention updates, I am referring to the automatic threat intelligence and frequency of rule updates. Imperva automatically updates threat intelligence and signatures, which saved a lot of engineering teams considerable time.

The customer support for Imperva Managed Rules on AWS WAF  is the best. As soon as I had any issue when I was on-call rotation, the support was very friendly, very accurate, and always helpful.

Imperva Managed Rules on AWS WAF's governance and security is very robust. The security and compliance is always the best. If you do not have proper roles or privileges, it's impossible to access information or details from other users or accounts.

Imperva Managed Rules on AWS WAF's accuracy and reliability of output is very accurate. I would say it's one of the industry standards, with more accuracy. I have never seen greater accuracy with Imperva or Incapsula.

Sometimes the rules act as a black box with Imperva Managed Rules on AWS WAF because you cannot see the underlying rule logic or regular expressions, which can be challenging when troubleshooting false positives on complex API payloads.

Better documentation would help with the needed improvements. I was trying to use the Terraform  provider, looking for the Imperva provider, but it was not easy to integrate.

Low operational overhead is the only additional feature I would mention.

I have been using Imperva Managed Rules on AWS WAF for two years.

Imperva Managed Rules on AWS WAF is very stable.

I have never had any issue regarding scalability with Imperva Managed Rules on AWS WAF because it is always cloud-based or hybrid but has never been a concern.

The customer support for Imperva Managed Rules on AWS WAF is the best. As soon as I had any issue when I was on-call rotation, the support was very friendly, very accurate, and always helpful.

I would rate the customer support a ten out of ten.

I did not previously use a different solution before Imperva Managed Rules on AWS WAF. We are still using the same solution.

Imperva Managed Rules on AWS WAF was integrated very quickly without having to build custom rule sets from scratch, positively impacting my organization.

The quick integration of Imperva Managed Rules on AWS WAF benefited my team with compliance like PCI DSS and SOC 2. It was integrated very quickly without creating something from scratch. The security compliance audits were easier.

We did not purchase Imperva Managed Rules on AWS WAF through the AWS Marketplace . We have a direct partner.

I have seen a return on investment when something involves any deployment for blue or green deployment. I was in charge of redirection rules, so traffic from one cluster to another was very useful.

I was not part of the billing team, so I do not have much experience with pricing, setup cost, and licensing. Imperva Managed Rules on AWS WAF was already in place when I joined the team, and it is still one of the most used tools.

I was evaluating Akamai  before choosing Imperva Managed Rules on AWS WAF.

Imperva Managed Rules on AWS WAF is great for meeting security compliance audits, using the out-of-the-box compliance and low operational overheads.

I highly recommend Imperva Managed Rules on AWS WAF when you need something fast and low-maintenance threat protection. For applications with highly customized API payloads, there may be some false positives.

I would highly recommend Imperva Managed Rules on AWS WAF when you need fast, low-maintenance threat protection.

I would like to continue using Imperva and integrate it with Terraform , so my pipelines will be much more secure.

I give this review an overall rating of eight out of ten.

My main use case for Imperva Managed Rules on AWS WAF  is to protect my layer seven applications and application load balancers (ALBs) so that I can protect my applications from layer seven cybersecurity attacks.

I can give a specific example of how I've used Imperva Managed Rules on AWS WAF  to protect an application, as the rules help me protect from cyber attacks which are part of the OWASP Top 10, including cross-site scripting, SQL injection attacks, and sometimes modifications of MFA for specific applications.

I'm mainly focusing on protecting my applications that are hosted on CloudFront and sometimes on the application load balancer in AWS , for which I'm using Imperva Managed Rules on AWS WAF .

The best features of Imperva Managed Rules on AWS WAF  are that all the rules are in line with the updated OWASP Top 10 security vulnerabilities, which allows me to counter attack with the respective attack patterns that are present in the market.

Staying up to date with the latest OWASP Top 10 has helped my team significantly, as with the updated 2026 rules, we can counter the cyber attacks that are more aligned with artificial intelligence tools. Earlier, there were certain OWASP Top 10 rules that were not present in the environment.

Imperva Managed Rules on AWS WAF has impacted my organization positively to a very good extent, as along with the default AWS WAF  rules, Imperva Managed Rules on AWS WAF is giving more edge on layer seven security for protecting the applications at the organization, making them good-to-go rules.

Since using Imperva Managed Rules on AWS WAF, I've noticed specific outcomes such as a reduction in security incidents, and it provides me with more robust solutions along with protections and analysis, allowing it to protect against cyber attacks at any level or capacity.

Imperva Managed Rules on AWS WAF keeps updating its rule sets, but the company could increase the number of rules on a yearly basis and incorporate more rules aligned with artificial intelligence security. There should be more alignment with AI and ML security.

I have been using Imperva Managed Rules on AWS WAF for about one or two years.

Everything looks good with Imperva Managed Rules on AWS WAF as of now.

Regarding Imperva Managed Rules on AWS WAF's AI capabilities, I believe it has a good alignment from the governance and security perspective, and it is capable of protecting from cyber attacks effectively.

In terms of accuracy and reliability of output regarding Imperva Managed Rules on AWS WAF's AI capabilities, it all depends on which AI generative model is being used. Currently, Imperva is in good shape with a decent capacity for accuracy and reliability, though not perfect.

My advice to others looking into using Imperva Managed Rules on AWS WAF is that if customers do not want to use the default AWS WAF  rules or if they are looking for add-on features or protection, they should proceed with Imperva Managed Rules on AWS WAF to gain more security.

I give this product a rating of 9 out of 10.

My main use case is proactive edge security and IP reputation management. I use Imperva Managed Rules on AWS WAF 's IP reputation rule group attached to my main application load balancer. Because Imperva leverages crowd-sourced global threat intelligence from their entire network, the rule layer automatically blocks requests originating from known botnets, exit nodes, and active attackers. For example, during a distributed credential stuffing attempt, Imperva dropped the malicious connections at the AWS  edge layer instantly. This saves my back-end applications' API from resource exhaustion.

The best feature I would say is the compliance. It satisfies enterprise audit criteria for web application profiling that is required by PCI DSS and HIPAA. Also, it aligns fully with my security compliance matrices, the OWASP Top 10 alignment, and standard core rules to defend against injection attacks, cross-site scripting, and path traversal. These are the major features.

The managed rule set proves that modern security does not have to be slow or complicated. It turns threat intelligence into a utility function that I can enable with a few clicks.

It has eliminated the heavy operational burden of threat research. Instead of my internal security engineers spending hours tracking new malicious IPs or writing custom regex signatures to deal with emerging exploits, Imperva automatically updates the rule set in the background.

There are many improvements I would identify. The native AWS  integration plugs directly into my existing Web ACLs along with the native AWS managed rule sets without conflict. There are no software regressions because it relies entirely on standard WAF  matching conditions and it has zero impact on the application middleware or container environment. This aspect could be improved.

Other issues include that the marketplace sellers do not allow me to modify individual parameters inside the vendor's compiled rule set, meaning any false positive must be handled by a custom override rule. This also needs improvement.

I have been using Imperva Managed Rules on AWS WAF  for about three years.

Imperva Managed Rules on AWS WAF  is highly stable because the rules run directly inside the native AWS WAF  engine. Availability is backed by AWS global infrastructure. There is no middleman latency or point of failures. It inherits the high stability and scaling of AWS itself.

It scales flawlessly via elastic hyper-scale. Since it handles inspection inside the cloud provider's network edge, it can handle millions of web requests per second without requiring my team to provision large compute instances or worry about bandwidth bottlenecks.

The customer support is providing excellent service. The support and reference models are very structured. AWS documentation explicitly outlines how to subscribe to and deploy vendor rule sets, while Imperva provides clear definitions for what each rule group evaluates. Support for rule matching is managed through AWS Premium Support channels with escalation lines to Imperva's threat research team for enterprise subscribers.

I previously managed custom IP blocklists manually via standard network firewall rules. I switched because manual lists are reactive, rigid, and impossible to maintain efficiently against rapidly changing cloud threat vectors.

I fixed this by putting Imperva Managed Rules on AWS WAF's rule group into count mode for the first two weeks. This allowed me to analyze the traffic pattern safely in my logs and write specific bypass exceptions before switching the rules to strict block mode.

I always leverage count mode when introducing a new vendor rule package. Let it observe your real production traffic patterns for a week, verify it against your monitoring dashboard, and only toggle it to fully blocking once you are confident your legitimate APIs will not be disrupted.

The return on investment is highly visible in my infrastructure savings. By stopping illegitimate traffic at my utmost edge, I noticed a 15% drop in junk traffic reaching my application layers. This reduced my downstream compute cost and lowered my database resource consumption.

The experience was very efficient. The product uses a transparent, pay-as-you-go consumption-based pricing model that is billed through the AWS Marketplace . It eliminates heavy upfront contract costs, handles automatic licensing, and bundles all fees directly into my unified AWS monthly billing.

Splunk was another option that I considered, but ultimately I chose Imperva Managed Rules on AWS WAF, which offered many more benefits.

I noticed a 12% drop in junk traffic reaching my application layer. I would rate this solution 9 out of 10.