Compare

Bastion at the network layer. Imunify on the filesystem.

Bastion blocks the request before it reaches the disk. Imunify scans what reaches it anyway. Run them together for full coverage from edge to filesystem.

~22 900: events/24h handled at the network layer
4: active bouncers (firewall, custom, php, appsec)
0: intrusions reaching the filesystem so far

Sample from a production Plesk node running Bastion + Imunify AV side-by-side since 2026-05-11.

Stack fit

Two products, two layers, one stack.

Layered defense, not rivalry

Bastion sits in front of nginx. Imunify sits on top of the disk. Together they cover the request path and the files it could ever touch.

Bastion sees what Imunify cannot

Probes, brute force, scanner paths, blocked IPs and CVE virtual-patches stopped at HTTP 403, before a single byte hits a customer PHP file.

Imunify catches what Bastion misses

Files arriving by FTP, by SSH or via a paid CMS plugin install never traverse the auth_request layer. A filesystem scanner is the right tool for that last mile.

Operational compare

Different product shape, compatible deployment.

Layer

Network and HTTP, in-flight request inspection

Filesystem, scans files at rest

Primary signal

CrowdSec LAPI + CTI community decisions

Signature database + heuristics on PHP/JS

Action surface

Ban, captcha, throttle, scoped allow rules

Quarantine, clean, alert, WP hardening

Plesk integration

Native extension dashboard

Plesk extension + WordPress plugin