top of page
Eyal Katz

open-appsec vs. AWS WAF vs. Incapsula



When selecting a security solution, here are some questions you need to ask: will your team need to embed third-party code into your app? And if that is the case, is it safe to do so? Do you have an adequate budget allocated for that? Is your current security solution giving you sufficient visibility into your environments?

Now to help you answer these questions, this article compares two popular web application firewalls made by popular vendors: AWS and Incapsula. It also brings to your attention a new WAF alternative – the open-appsec WAF, an open-source solution that uses machine learning algorithms (and not rules, signatures of exceptions) to help you safeguard your web applications.

Here are the differences between the two WAFS.


Differences between Incapsula WAF, AWS WAF and open-appsec WAF

Feature

AWS WAF

Incapsula

open-appsec

Security

ML-based. No signature needed

No

No

Yes

Zero-day protection

No

Yes

Yes

API protection

Yes

Yes

Yes

OWASP TOP 10

Yes

Yes

Yes

Anti-bot

Yes (Bot Control feature)

Yes

Yes (premium feature)

Management

Declarative configuration and deployment

Yes

No

Yes

SaaS Web-based Event Management & Dashboards

Yes

Yes, Security events page

Yes

Terraform

Yes

Yes

Yes

Pricing

Free version

No

Yes

Yes (for unlimited HTTP requests)

Plans

Web ACL ($5 per month)


Rules ($1 per month)


Requests ($0.60 per 1 million requests)


Pro model ($59 per month)


Business model ($299 per month)


Enterprise model (a custom quotation depending on your needs)


Premium edition (pay-as-you-go per 1M HTTP requests) Enterprise edition (annual payment per 100M HTTP requests)


AWS WAF review



AWS WAF is a web application firewall that helps protect your web applications from common web attacks and vulnerabilities. It monitors incoming traffic to web applications, evaluates it against a set of rules and conditions defined by the customer, and blocks traffic that doesn't meet the specified security criteria.

AWS WAF can also be deployed directly in front of web applications on Amazon CloudFront as part of a CDN solution or on Application Load Balancers. It allows for rule creation based on IP addresses, HTTP headers, and custom rules using regular expressions. Additionally, it integrates with AWS Shield, a managed DDoS protection service, to provide even more comprehensive protection for web applications.



Additionally, the AWS WAF is a fully managed service cloud-based solution, which means that you don't have to manage any hardware or software and can scale your app’s protection as needed. This makes it an effective and scalable solution for organizations of all sizes to protect their web applications from security threats.

Features of the AWS WAF


● Web Access Control List (Web ACL):

This is the main component of AWS WAF. It evaluates incoming web requests against a set of rules to determine whether to allow or block the request.

● The Bot Control

This AWS WAF feature helps protect your application from malicious bots by using machine learning algorithms to identify bot traffic based on patterns in incoming requests and characteristics of the source IP addresses.

● Real-time Visibility

This feature allows you to monitor the traffic in real-time and get detailed information about the requests hitting your application. This information can help you identify malicious traffic patterns and make informed decisions on configuring your WAF rules to protect your application better.

Pros and Cons of AWS WAF

Pros

Cons

It allows you to customize rules to filter web traffic based on IP addresses, domains, HTTP headers and body, and URIs.

Does not have any feature for auto-discovery and classification of APIs.

Effective protection against evasive bot attacks.

Lack of details in monitoring and logging alerts.

It effectively prevents account takeover.


Its rules are easy to create and maintain.



Incapsula (Imperva) WAF review



Imperva Web Application Firewall (WAF) is a security solution that protects web applications from various cyber threats. It inspects incoming traffic to a website or application and analyses it against predefined security rules. If the traffic violates any of these rules, it will block it, preventing the attack from reaching its target.


The Incapsula WAF also monitors common attack patterns and behaviour, allowing it to detect and prevent new and unknown threats in real-time. It can be deployed on-premise or in the cloud and integrated with other security tools for added protection.

Additionally, the Imperva WAF provides reporting and analytics features to help organizations better understand their security posture and identify areas for improvement.

Features of Incapsula (Imperva) WAF



  • Real-Time Threat Detection and Prevention

The Imperva WAF operates in real-time, analyzing incoming traffic and blocking threats as soon as they are detected. It uses a combination of signature-based and behaviour-based techniques to detect and prevent a wide range of cyber threats, including SQL injection, cross-site scripting (XSS), and distributed denial-of-service

(DDoS) attacks.

  • Security Rules and Policies

It provides a comprehensive set of predefined security rules and policies, which can be customized to meet the specific needs of your web application. This allows you to tailor your app’s security posture to meet your unique requirements.

  • Flexible Deployment Options

The Imperva WAF can be deployed on-premise or in the cloud, allowing you to choose the best deployment option that best meets your needs. Additionally, the WAF can be integrated with other security tools, allowing you to build a comprehensive security solution that meets their specific requirements.

Pros and Cons of Incapsula

Pros

Cons

Intelligent, real-time traffic profiling.

You need to provide your private keys to Imperva

Effective protection against sophisticated bots, SQL injection, intruders, etc.

No pre-emptive zero-day protection as it is based on signatures

Outgoing traffic is accelerated to decrease website load times.

Compatibility issues with a few Microsoft OS versions.

Quick and dependable 24/7 hotline accessible in case of an attack.

​Will not protect access within your data center, only from the Internet

Provides both cloud-based and on-site WAF solutions.


open-appsec Web Application Firewall Review


Are you looking for a way to block attacks on your web application before they happen? open-appsec uses machine learning to continuously detect and preemptively block threats before they can do any damage. Our code has also been published on GitHub, and the effectiveness of our WAF has been successfully proven in numerous tests by third parties. Try open-appsec in the Playground today.



The open-appsec Web Application Firewall (WAF) is an open-source solution that helps secure web applications from malicious attacks. It sits before your application to monitor incoming traffic and identify and block malicious requests.


Unlike other web application firewalls, the open-appsec WAF doesn't use rules or signatures to detect and block known attacks. Instead, it uses a machine-learning algorithm to preemptively protect your web application against known and unknown web attacks. While using signatures, rules, and policies isn't a bad approach to protect web applications, it is best used to defend against known vulnerabilities. This is because it doesn't preemptively detect unknown vulnerabilities (unlike open-appsec's machine learning approach) but waits until after a public CVE is released and a public signature is developed, leaving vulnerabilities in systems for an extended period.


Here are some of the features of an open-appsec WAF


Features of open-appsec WAF


● Machine-learning WAF approach:


The open-appsec WAF uses two machine-learning algorithms to decipher whether an incoming request is malicious. The presence of the two machine learning algorithms makes up the two stages that the open-appsec WAF subjects all incoming requests to before they can access your web application.

open-appsec's offline machine learning algorithm carries out the first stage with the sole intention of reducing the chances of false negatives and preventing malicious attacks from acces your web application. The second stage is carried out by open-appsec's online machine learning algorithm, whose duty is to re-analyze requests that the first stage (the offline algorithm) has flagged as suspicious. This online machine-learning algorithm aims to eliminate all chances of false positives and smoothen the passage of benign requests.

  • API Security:

API calls are important because they facilitate data sharing between different applications. Because of this, API calls make up more than half of web traffic. With this number and access to web applications, attackers can use API calls as a medium to infect unprotected web apps with malware, trigger DDoS attacks, etc. To prevent this, the open-appsec WAF has provided the API security feature to keep your apps safe by hardening your API attack surface to keep its activities within safe limits and monitoring your API endpoints to ensure that it's not compromised. The open-appsec WAF also provides real-time data to help you monitor your API's efficiency and blocks malicious API calls using Open API Schema and its machine-learning WAF approach.


● Integrations:


For easy deployment and usage in different environments, the open-appsec web application firewall can be integrated into the following environments: NGINX and NGINX express, Envoy, Kubernetes, Kong, Ambassador, Helm, Terraform, etc.


Pros and Cons of open-appsec

Pros

Cons

It uses ML-powered WAF to prevent web attacks.

It has a limited user base, and limited information is accessible online.

It uses request behaviour analysis to prevent malicious bots.


Automatic IPS security updates for Premium and Enterprise edition users.


Conclusion


AWS WAF is a firewall application that would suffice if you want to protect your application layer resources, like your websites, from malicious web traffic. Suppose you need comprehensive security for your organization, including protection against DDOS attacks and faster loading of websites, and you have a sufficient budget. In that case, Imperva Incapsula is the right security solution for you.


You could use an open-source solution if you’re unsure about your security needs and allocated budget. open-appsec has a machine learning-based approach toward security and assures protection against OWASP 10, zero-day, and botnets. Try open-appsec in the Playground today.


Frequently Asked Questions


Is incapsula the same as Imperva?


No, Incapsula and Imperva are two different security companies. However, Imperva acquired Incapsula in 2014 as part of its product portfolio.


Is AWS WAF good enough?


Whether AWS WAF (Web Application Firewall) is good enough depends on an organization's specific security needs and requirements. The AWS WAF provides basic protection against common web attacks and can be a good option if you have limited security budgets and already use an Amazon Web Service.


What is the difference between Imperva Incapsula and SecureSphere?


Imperva Incapsula and Imperva SecureSphere are both products offered by Imperva. Imperva Incapsula is a cloud-based WAF and content delivery network (CDN) service; Imperva SecureSphere is a data security solution that helps protect sensitive data and applications.


Do I need a firewall if I have a WAF?


A WAF and a firewall are both security tools that can provide different levels of protection for your network and applications. So whether you need both of them depends on your specific security requirements and the threat landscape you face. A firewall provides a basic level of protection for your network, while a WAF is designed to protect web applications specifically.


Comments


Experiment with open-appsec for Linux, Kubernetes or Kong using a free virtual lab

bottom of page