How it works
Imperva Cloud WAF is designed to work in blocking mode with little or no tuning and with near zero false positives. You can easily build custom WAF rules and secure your API interfaces. Automated virtual patching lets you protect all apps with a single change. More than a WAF, Imperva also adds a secure CDN, bot control, account takeover protection, backdoor protection, two-factor authentication and SIEM integration.
Imperva Cloud WAF protects against all application security threats, including SQL injection, cross-site scripting (XSS) and remote file inclusion (RFI), and more.
Minimal customer friction
Other WAFs frequently block legitimate users, or rely on the use of CAPTCHA prompts. Imperva lets you operate in blocking mode while virtually eliminating false positives.
Develop custom rules
IncapRules is a flexible scripting language that lets you build and instantly propagate new security rules. Configure rules according to your specific security needs, based on signals such as IP reputation, URL slug, client type, number of requests, and geo-data. IncapRules can even control a request’s URL structure, headers and cookies.
Every application has its own logic and there’s no one size fits all security solution. With Imperva you have the option to override every default security rule with your own whitelisting policies.
A new security patch signals the start of a race between hackers swarming to exploit new vulnerabilities, and IT teams rushing to close the gaps. Imperva offers you a better option. Patches are applied at the edge, allowing you to update your applications on your schedule instead of under fire.
The effective management of WAF policies can be a full-time job. Imperva takes the responsibility off your hands and places it with our dedicated team of network and security experts.
PCI-DSS compliance is an essential requirement for any service that processes credit card data. Imperva cloud is PCI certified, addressing the PCI DSS 6.6 clause, and comes complete with PCI reporting.