These capabilities help customers further harden their defences against rapidly evolving attacks. The release extends application protection from the edge all the way to the individual applications themselves. Built on top of Imperva’s integrated single-stack architecture and deployed across a global network, which includes a powerful CDN recently enhanced with developer access, these new services provide comprehensive protection against a wide range of cybersecurity threats. These threats target not just websites, but also business-critical APIs, legacy systems and applications based on open source.
Comprehensive Bot Protection
New Imperva Account Takeover Protection detects and stops hackers from using stolen credentials to hijack accounts, an attack method that results in more than $5.1B in losses each year. Leveraging advances in artificial intelligence, Imperva lets enterprises ensure that only business-critical traffic reaches websites by eliminating botnet traffic long before it reaches a customer’s web applications.
Imperva’s acquisition of Distil Networks will strengthen its anti-bot capabilities even further, when augmented by the industry’s leading bot detection power. Distil Networks’ detection and advanced reporting capabilities are in line with Imperva’s overall intent-focused approach to detection. In combination, they will enable faster security deployment, better accuracy in detection with no added latency, and enhanced visibility and management, for a holistic view of all attack vectors targeting an application.
Built-In Application Protection for Websites and APIs
APIs play a critical role in accelerating innovation and business growth in the digital economy, but they expose a wider attack surface for cybercriminals to exploit. Imperva API Security protects API endpoints by automatically building and enforcing a positive security model of each published API. Seamless integration with best-in-class API vendors, including Microsoft Azure, Amazon AWS, and Red Hat 3scale now empowers Imperva customers to leverage their existing investments.
“API Management can make it easy to open up APIs, and API Gateways help ensure access is controlled, but a solution like Imperva API Security offers protection against intrusion attempts,” said Mark Cheshire, director of product management at Red Hat.
Because of this, Imperva has also announced a new relationship with the OpenAPI Initiative to further show their support and investment in securing everyone's digital landscape via APIs.
“Through our expertise and market leadership within web application security, we recognised enterprises’ desire to include API security within the greater web application security industry,” said Terry Ray, SVP and Imperva Fellow. “As DevOps continue to drive modern application architecture, including APIs, they certainly need security, but almost equally important is the support of automation necessary to build API security into the CI/CD process without maintenance, overhead, and manual effort from security teams. It’s an exciting time for DevOps and we’re delighted to be in a position where we continue to set the bar for security within the CI/CD process.”
Enhanced DDoS Protection
A new anti-DDoS service provides protection for individual IPs, allowing customers with workloads in the cloud to achieve the same level of DDoS protection for TCP/IP services. The service joins Imperva’s existing DDoS protection for websites, the network, and domain name servers (DNS).
Its strength in providing protection against DDoS attacks continues to be validated as Imperva mitigates the largest attacks ever reported, including an attack in early May, which hit a peak rate of 652 Mpps and another attack which came in at 713 Gbps. All attacks are guaranteed to be mitigated in an industry-best three seconds or less DDoS mitigation SLA timeframe.With these application security capabilities, available via Imperva’s flexible and predictable FlexProtect licensing which secures data and applications on-premises and in the cloud, Imperva brings defence in depth to a new level. For protection from the edge, to the network, to individual applications, all the way to APIs, companies no longer have to sacrifice security as they undergo digital transformation and migrate workloads to the cloud.