Thoughts on Imunify360?
Hi,
I would like to know what you think, since I wonder if Imunify 360 is really the best firewall available?
Do you have any other suggestions / Opinion?
Thank you.
Jack
-
Hello, We use both Imunify360 and ConfigServer firewall both at the same time. It seems to be a great balance between both as they are able to work togheter. I have not tried Imunify360 alone. 0 -
We've looked at Imunify360 several times, but so far have passed. From the last time we looked, I'd have a hard time calling it a firewall. By default it allows all traffic and then you block what you don't want. Every firewall I've dealt with works the opposite. Everything is denied by default and then you open what you want. I've seen this request on the Imunify360 forum, but it was old and not acted on. @Jean Boudreau how does Imunify360 and CSF work together in your experience? From what we've been able to see the Imunify360 WAF won't add rules to CSF so I'm having a hard time seeing how it adds value? TIA 0 -
I often see that we talk about Imunify 360 and Bitninja. Do you have any idea if Bitninja would be better than Imunify 360? Thanks :) 0 -
how does Imunify360 and CSF work together in your experience? From what we've been able to see the Imunify360 WAF won't add rules to CSF so I'm having a hard time seeing how it adds value?
CSF doesn't manage WAF, mod_security does. Imunify360 adds its rules, and evaluate them based on a number of conditions, and will block things in iptables if rules have a high severity. Additionally, Imunify360 takes over the blocking of of IPs that CSF usually does (thanks to a hook system) - but CSF will still be the one deciding which default iptables rules you have in place for port blocking, default policies etc. We use Imunify360 on all servers, and the main benefits I find other than the malware scanner (which is absolutely amazing), is the fact that requests are blocked a bit more intelligently than it would normally be the case when using CSF directly for example. Just because a mod_security rule exists, doesn't mean it should block the IP for example, or prevent the request - and Imunify360 is rather good at determining this. Additionally, they're moving away from IP blocks and will instead implement RBLs for various things - e.g. if you deal with people on NAT, then blocking IPs make no sense.0 -
HI @CollectifHub I hope the insight from other users helped! Please let us know if it helped you make a choice! 0 -
We've used Imunify360 with and without CSF on over 20 servers for testing. We found that it a great piece of software but unfortunately it gave us some issues where cpu load would go up randomly and we not sure why. Also we would get abuse complaints more frequently than what we go when we tested bitninja. We find even the basic bitninja is good for production use if you have CSF and maybe CXS modsec rule or maldet modsec rule in place. Best is for you to test it yourself. 0 -
Since moving to the latest Imunify360 (v4.3.10-3), the load on the servers did cut by 50% if not more. The prior version was indeed taxing the server a bit. But the latest version is far better on the CPU usage. 0 -
Thanks will give it another try then 0 -
Tried it as stated above last few weeks and servers load unfortunately went up to load avg between 23 - 40 (too many customer complaints) - with bitninja it stays around 3 - 5. Just doesnt work for us. I do love the new modsec ruleset though on imunify360 its awesome. But unfortunately we cannot sacrifice load for that. Put bitninja back on now. Load on our nodes are far better. 0
Please sign in to leave a comment.
Comments
9 comments