


How it works
Imperva’s Advanced Bot Protection gives you the most visibility and control over human, good bot, and bad bot traffic. Automatically mitigate 100% of OWASP Automated Threats without imposing friction on legitimate users. Simply create a content protection setting, then apply it to a specific path, domain, or your entire account.
- Path-specific settings let you get more aggressive in protecting vulnerable pages
- Evaluate how dialing up machine learning thresholds and device-based rate limits will affect your traffic
- View threats by country, organization, and traps, then block devices, IPs, and/or competitors
- Choose your bot response
With Imperva you’ll see fewer false positives and have the confidence to not just throttle malicious traffic, but to CAPTCHA or block bad bot traffic outright. And Imperva is the only vendor that proves its accuracy claims with a false positive report showing CAPTCHAs served, attempted, and failed.

The Holistic Approach to Bot Defense
Enterprises are fighting an endless war against a constant barrage of automated attacks. Fraudsters, hackers, and competitors use bots to commit online fraud, break into customer accounts, and gain an unfair competitive advantage.
Only Imperva’s unique, holistic approach provides the vigilant service, superior technology, and industry expertise needed for full visibility and control over this abusive traffic.

Bot Protection for Your Website, APIs, and Mobile Apps
Why would you lock your front door while leaving your back door wide open? Unlike other solutions that only protect your website, Imperva’s Advanced Bot Protection also blocks bad bots from accessing the API servers behind your web and mobile applications.

Advanced Browser Validation
Sophisticated web scraping bots claim to be one browser type, and then rapidly cycle through user agents to escape detection. Imperva’s Advanced Bot Protection validates that each browser is what it claims to be; that it has the correct JavaScript engine, is formatted correctly, and that all components perform as they should.
Our deep understanding of browser automation frameworks and human behavior can even distinguish between browser automation tools and legitimate users.

Machine Learning Identifies Malicious Behavior
As each device roams your website, Imperva’s Advanced Bot Protection collects and analyzes data about its behavior, then pinpoints anomalies specific to your site’s unique traffic patterns. Ensemble machine learning models identify bad bot behavior across all Advanced Bot Protection protected sites which, along with other real-time intelligence, this is fed through our database of known violators and shared with all Imperva’s Advanced Bot Protection customers 24/7.
Biometric data validation, such as mouse movements, mobile swipe, and accelerometer data, catches botnets that use malware to hijack real devices.

Real-time Updates from Largest Known-Violators Database
When one domain is under assault, Imperva gathers the attack information and distributes it to all Advanced Bot Protection-protected sites. Imperva has identified millions of malicious fingerprints to ensure that no offending user is ever let back in.
In addition, Imperva curates threat intelligence feeds from third-party fraud, spam, malware and proxy lists — all of which are updated to protect you in real-time.

The Only Bot Detection Hi-Def Device Fingerprint
The Imperva’s Advanced Bot Protection Hi-Def Fingerprint goes well beyond IP- and header-centric identification by analyzing over 200 additional device attributes.
Hi-def fingerprints stick to each bot—even if it attempts to reconnect from random IP addresses or hide behind peer-to-peer networks and anonymous proxies. This also enables you to set rate limits based on device fingerprints—not IPs—to govern pages per minute, pages per session, and session length.