Protect Your Applications and APIs
WAF Gateway inspects and analyzes all requests to your websites and APIs and protects them from attacks aimed at exploiting vulnerabilities and from automated attacks.
Block with confidence
WAF Gateway uses patented dynamic application profiling to learn all aspects of a web application’s normal behavior, including: directories, URLs, parameters, and acceptable user inputs. Detects and blocks attacks with exceptional accuracy and blocks only bad traffic.
API security
WAF Gateway deployed in front of API resources protects core applications by validating and monitoring API traffic, and leveraging features like Profiling and Content Inspection to identify and protect against malicious activity.
Virtual patching for immediate remediation
WAF Gateway performs “virtual patching” for applications via vulnerability scanner integration. When a vulnerability is discovered, virtual patching actively protects applications instead of waiting for code to be modified. This reduces the window of exposure and lowers the costs of emergency fix cycles.
How Imperva WAF Gateway Works
Machine learning app profiling
Machine learning creates a positive security model of the application’s profile to avoid false-positives. WAF Gateway dynamically learns normal application behavior and distinguishes it from the abnormalities of an attack.
Correlated attack validation
Distinguishes attacks from unusual, but legitimate, behavior by correlating web requests across security layers, over time. Correlated attack validation examines protocol conformance, signatures, special characters, and user reputation to accurately alert or block attacks with the lowest rate of false positives.
Extensive reporting
WAF Gateway offers rich graphical reporting capabilities to easily understand security status and meet regulatory compliance. Generates pre-defined and customizable reports. Quickly assess security status and streamline demonstration of compliance with PCI, SOX, HIPAA and FISMA and other compliance standards.
SIEM integration
WAF Gateway easily integrate with most of the leading Security Information and Event Management (SIEM) systems such as Splunk, ArcSight and others. WAF Gateway can exports events as syslog messages, Common Event Format (CEF) and JSON format. Events are intuitively indexed and easily searchable for quick incident response.
Related Content
Key Resources
-
FlexProtect Plans
Learn more › -
WAF Gateway
Read datasheet › -
Cloud WAF
Learn more › -
WAF Appliances
Learn more › -
Data Protection and Audit for z/OS
Learn more ›
“We now spend less time on issues such as software changes and can direct more energy on protecting our members’ data and company information.“
Sharon Black
Sr. Manager of Information Security,
BlueCross BlueShield of Tennessee
“Increasing the visibility into threats allows us to make informed decisions into securing our environment.”
Edward Messina,
IT Security and Risk Manager,
Monash University
