Imperva has invested in strengthening our API Security offering to meet the needs of customers since the acquisition of CloudVector in 2021. Since then, the product’s capabilities have expanded, positioning it as a leader in the growing API Security market.
What makes Imperva API Security unique is its ability to secure all APIs against known and unknown API attacks through multiple deployment options:
- A cloud-managed solution in the Imperva application security platform
- An “API Anywhere” solution for APIs on-premises or in private cloud environments with the capacity to manage data in-house. As part of the API Anywhere offering, it is also available as a plug-in via the Kong Hub
By offering flexibility in deployment, we enable organizations to secure APIs in whatever environment they use, including the Imperva cloud or any other cloud platform, as well as on-prem or hybrid environments.
API Security is Integrated into the Imperva Cloud Security Platform
Imperva API Security, previously available as an add-on, is now fully integrated into the Imperva Application Security platform, a move which offers customers unified access to our other leading application security products within one solution: WAF, DDoS Protection and Advanced Bot Protection (ABP). This provides customers with a more efficient and effective user experience, reducing the complexity of managing multiple security vendors across several platforms.
How to Maintain Control of Data with Imperva API Security Anywhere
For organizations that manage APIs and applications in private cloud environments or data centers, Imperva API Security is offered as part of the cloud-managed API Security Anywhere offering.
With API Security Anywhere, an on-prem installation of an API Security controller ensures that the data stays locally under the customer’s control, while metadata such as API inventory and security events are managed through the Imperva Unified Management Console (UMC).
In a typical API Security Anywhere deployment, API inspection sensors and plug-ins are deployed to integrate the solution into your existing application environments.
Imperva API Security is Compatible with Leading API Gateways
API Management Gateway plug-ins are available, giving security teams visibility into every API call, and the ability to assess risk exposure and take preventative measures from potential attacks.
For example, Imperva is partnered with Kong Inc, provider of the leading cloud-native API platform, to offer best-in-class API Security to users of the Kong platform.The Imperva API Security plug-in is available to Kong Enterprise customers in the Kong Hub.
Imperva API Security is also compatible with F5 BigIP proxies, and API Management Gateways including Mulesoft, Apigee, and Azure APIM Gateway.
Imperva API Security Provides Protection From the OWASP API Security Top 10
At the beginning of 2023, we introduced a number of new enhancements for Imperva API Security, including the capability to identify vulnerabilities and security risks in certain categories associated with the OWASP API Security Top 10.
After integrating Imperva API Security into the Imperva Application Security Platform, customers can now protect APIs from the full list of OWASP API Security Top 10, leveraging WAF, DDoS, and ABP to block known attacks, and leveraging API Security to discover, detect, and remediate unknown attacks on APIs including business logic abuse.
Integrated Imperva API Security and Imperva Advanced Bot Protection Protects from Business Logic Attacks
Imperva API Security and Advanced Bot Protection Protection are perfectly suited to provide the visibility, detection, and mitigation needed to protect APIs and business logic from abuse from automated threats, like bad bots.
The products work harmoniously together to:
- Bring visibility to sensitive APIs that need protection
- Detect if those sensitive APIs are under automated attack by bots
- Mitigate the threat by enabling the Imperva Advanced Bot Protection (ABP) policy purpose-built for APIs
By combining Imperva API security and Advanced Bot Protection with WAF, we offer customers complete application security protection manageable in a single Unified Management Console (UMC).
Imperva continues to invest in enhancing our products and solutions with the goal of giving customers the benefit of faster and more effective protection against the latest threats.
Learn more about Imperva API Security here.
Try Imperva for Free
Protect your business for 30 days on Imperva.