Cloud WAF

Imperva Incapsula protects against known and unknown threats, including all OWASP top 10 and zero-day threats.

How Cloud WAF works

How it works

Imperva Incapsula Cloud WAF is designed to work in blocking mode with little or no tuning and with near zero false positives. Easily build custom WAF rules and secure your API interfaces. Automated virtual patching lets you protect all apps with a single change. More than a WAF, Imperva also adds bot control, backdoor protection, two-factor authentication and SIEM integration.

block threats

Block threats

Imperva Incapsula protects against all application security threats, including SQL injection, cross-site scripting (XSS) and remote file inclusion (RFI), and more.

Minimal customer friction on WAF

Minimal customer friction

Other WAFs frequently block legitimate users, or rely on the use of CAPTCHA prompts. Imperva lets you operate in blocking mode while virtually eliminating false positives.

Develop custom rules

Develop custom rules

Imperva Incapsula’s IncapRules is a flexible scripting language that lets you build and instantly propagate new security rules. Configure rules according to your specific security needs, based on signals such as IP reputation, URL slug, client type, number of requests, and geo-data. IncapRules can even control a request’s URL structure, headers and cookies.

Exception handling

Exception handling

Every application has its own logic and there’s no one size fits all security solution. With Imperva you have the option to override every default security rule with your own whitelisting policies.

Virtual patching

Virtual patching

A new security patch signals the start of a race between hackers swarming to exploit new vulnerabilities, and IT teams rushing to close the gaps. Imperva offers you a better option. Patches are applied at the edge, allowing you to update your applications on your schedule instead of under fire.

Managed service

Managed service

The effective management of WAF policies can be a full-time job. Imperva takes the responsibility off your hands and places it with our dedicated team of network and security experts.

PCI-DSS certified

PCI-DSS certified

PCI-DSS compliance is an essential requirement for any service that processes credit card data. Imperva cloud is PCI certified, addressing the PCI DSS 6.6 clause, and comes complete with PCI reporting.

Related Content

Key Resources

five ways imperva waf

Five Ways Imperva Beats WAF Competition

White Paper
Read paper ›
What is Clickjacking?

Explainer Series: What is Clickjacking?

Blog
Read blog ›