The web application landscape is constantly changing, and the tools needed for the best application security protection need to change with the landscape. With Imperva’s recent improvements in API Security, Bot Management, DDoS and Cloud WAF, it’s easy to see why we are among the highest-scored vendors in the new Gartner standard of Cloud Web Application and API Protection (WAAP) Security.
The Gartner report, 2019 Critical Capabilities for Cloud Web Application Firewall Services, analyzes WAF vendors by looking at three industry relevant use cases. In the report, Imperva is the only vendor to score among the top-two vendors in all three use cases, which are:
- Public-Facing Web Application
- API Security
- Web-Scale Critical Business Application
In addition to making it into the top-two-tier of each use case evaluation, Imperva also obtained the highest score in protecting web public facing web-applications and APIs.
Let’s break down the scores for each use case and why they matter.
Public-Facing Web Application
For the Public-Facing Web Application use case, Imperva achieved the highest score with 3.84 out of 5. The reality is, organizations are resource constrained when it comes to protecting all of their public-facing websites. To that end, Cloud WAF has easy onboarding with an intuitive interface and in-depth security coverage.
About 90 percent of our Cloud WAF customers use our out-of-the-box security policies in their default preventative settings. They’re able to take a “set-it-and-forget it” approach, which leaves the burden of tuning to our Imperva security experts. Yet for specific adjustments to security policies, we offer a number of custom security rules with filters for self-service tuning to adapt policies for your particular environment.
In the API Security use case, Imperva achieved the highest score with 3.49 out of 5. As the cornerstone of digital transformation, APIs allow organizations to develop applications in innovative architectures, automate B2B processes, connect IoT devices, and are the backend for mobile applications. As more and more organizations go through a digital transformation, the use of APIs – and attacks launched against them – is rising. To make securing your APIs as easy as possible, we’ve built API Security into our cloud application security suite. It utilizes the same management portal and leverages the SaaS infrastructure and our CDN and DDoS capabilities.
As Senior Vice President and Imperva Fellow Terry Ray said in our webinar on WAF critical trends and requirements, “From an API security perspective, you want it to be bundled into a stack so that you can understand the threats. One of the things we look at is being able to understand the visibility into API endpoints. What that means is whenever you have an API, it gets updated all the time. APIs are changing very, very frequently in most environments. In that case, you don’t want to have to go into your web application firewall and expect to be able to change your web application firewall at the same speed your DevOps or other people are changing the APIs.”
Web Scale Critical Business Applications
In the use case Web Scale Critical Business Applications, Imperva scored a 3.53 out of 5. While we didn’t take the top spot, we recognize that protecting critical business applications means making them always available, always user-friendly, and always secure against cyberattacks. It’s why we provide a scalable infrastructure and are working on adding new Points of Presence (PoPs) all the time. It’s also why we have DDoS protection with an industry-leading 3-second mitigation SLA, and why last year we acquired Distil Networks, the global leader in Bot Management. It gives us more advanced capabilities than ever in terms of protecting websites, mobile applications, and APIs from advanced automated threats without affecting business-critical traffic.
Go With an Industry-Recognized Leader
We’re proud that Imperva has received another outstanding recognition from Gartner after their 2019 Magic Quadrant for Web Application Firewalls, where we were named the only 6-time Leader. Read the full, companion Critical Capabilities for Cloud WAF report here.
The graphics were published by Gartner, Inc as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available here.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.