Allytics Tech Perspectives

Allytics Tech Perspectives

Allytics Tech Perspectives

Imperva

Imperva is a cybersecurity company with a mission to protect data and all paths to it. Imperva strives to safeguard customers from cyberattacks throughout all stages of their digital transformation. The company’s goal is to provide comprehensive security for critical applications, APIs, and data, regardless of scale or location. This involves an integrated approach that combines edge, application security, and data security.

Imperva is recognized as a cybersecurity leader, particularly for its Web Application Firewall (WAF) solutions. The company aims to stay ahead of the evolving threat landscape by leveraging Imperva Threat Research and its global intelligence community, integrating the latest security, privacy, and compliance expertise into its offerings. Innovation is a core value, with a focus on differentiating Imperva and its technologies. Market perception indicates that Imperva is considered a strong player in application and data security, offering robust protection against a variety of cyber threats.

Offerings, Capabilities, and Integrations

Imperva is a cybersecurity company that provides solutions to protect data and applications, whether they are on-premises, in the cloud, or in a hybrid environment. Its integrated approach combines edge, application security, and data security, aiming to protect organizations through all stages of their digital transformation. This comprehensive security strategy, which includes threat intelligence and automated protection, allows Imperva to offer protection against a wide array of cyber threats. Imperva’s solutions are designed to help organizations prevent data breaches, ensure compliance with data protection regulations, and defend against attacks without compromising performance. The company’s ability to secure critical assets from the edge to the database, coupled with its focus on innovation and expertise, contributes to its reputation as a leader in cybersecurity. Imperva’s Technology Alliance Program (TAP) facilitates direct technical relationships with partner companies through product integration, support efforts, code licensing, or reseller relationships, further enhancing its comprehensive security offerings.

Products and Services

Imperva offers a suite of products and services focused on application security (AppSec) and data security. Its flagship product was historically its Web Application Firewall (WAF), SecureSphere. The Imperva Platform is a key offering, providing comprehensive security with orchestration, analysis, and automation capabilities.

  • Application Security: This includes a range of solutions designed to protect web applications and APIs.
    • Web Application Firewall (WAF): Protects against web attacks, including the OWASP Top 10, with near-zero false positives and is a key component of Imperva’s Web Application and API Protection (WAAP) stack. It can secure active and legacy applications, third-party applications, APIs, microservices, cloud applications, containers, and VMs.
    • API Security: Detects vulnerabilities in applications and protects APIs with an automated positive security model, addressing threats like those in the OWASP API Top Ten.
    • Advanced Bot Protection: Defends websites, mobile applications, and APIs from automated attacks and malicious bot traffic without impacting legitimate users.
    • Client-Side Protection: Prevents data breaches and supply chain fraud from client-side attacks like formjacking, digital skimming, and Magecart by identifying risky JavaScript code.
    • Runtime Protection (formerly Runtime Application Self-Protection – RASP): Offers built-in security for runtime environments, protecting applications from the inside out against software supply chain and zero-day attacks.
    • Serverless Protection: Guards and remediates vulnerabilities in serverless functions.
    • DDoS Protection: Secures assets at the edge for uninterrupted operation and business continuity, protecting against large-scale attacks without incurring latency.
    • Secure CDN (Content Delivery Network): Provides content caching, load balancing, and failover natively integrated into the WAAP platform for secure global application delivery.
    • Attack Analytics: Uses machine learning and domain expertise to correlate security events into readable narratives, simplifying investigations and enabling quick responses to threats.
    • Account Takeover (ATO) Protection: Safeguards against the hijacking of user accounts.
    • Application Delivery: Ensures applications are delivered securely and efficiently.
  • Data Security: This suite focuses on protecting enterprise data across various environments.
    • Data Security Fabric (DSF): A data-centric solution that enables security and compliance teams to secure sensitive data wherever it resides with an integrated, proactive approach to visibility and predictive analytics. It protects all data types and supports Guardium customers by extending data activity monitoring.
    • Cloud Data Security: Delivers protection and compliance for data stores in any cloud environment, including AWS and Azure, preserving agility and cost benefits.
    • Database Security: Provides analytics, protection, and response across all data assets, both on-premises and in the cloud, offering risk visibility to prevent breaches and compliance incidents. This includes the Imperva Database Firewall.
    • Data Activity Monitoring (DAM): Monitors and analyzes all user access to business-critical web applications and protects applications and data from cyberattacks.
    • Data Risk Analytics: Automates the detection of non-compliant, risky, or malicious data access behavior across all databases enterprise-wide.
    • Data Discovery and Assessment/Classification: Discovers unknown databases, classifies sensitive data, and detects database vulnerabilities.
    • Data Masking: Pseudonymizes and anonymizes sensitive data for safe use in development, testing, and analytics.
    • File Security: Protects sensitive files.
  • FlexProtect: Offers a flexible way to deploy security products and services on-premises and in the cloud with subscription licensing.
  • Professional Services, Technical Support, and Training: Imperva provides these services to support its product offerings.
  • Managed Security Service Provider (MSSP) Program: Allows MSSPs to offer Imperva’s products and platform to their clients.

Target Customers

Imperva’s target customers range from small businesses to large enterprises across various sectors. The company focuses on organizations with a significant online presence, those handling sensitive data, or those requiring robust security for their web applications and APIs. Key industries served include finance, healthcare, e-commerce, retail, telecommunications, and government. Imperva’s solutions help these customers protect critical applications, APIs, and data anywhere, at scale. For example, in the healthcare sector, Imperva helps protect Personal Health Information (PHI) and meet HIPAA compliance. Financial services clients benefit from protection for personal financial data and assistance in achieving compliance in a highly regulated industry. Retailers are supported in protecting customer data amidst increasing online shopping and cyber threats. Telecommunications companies and ISPs, which are key targets for cyber attackers due to their vast networks and customer bases, also utilize Imperva’s solutions. Government agencies use Imperva to protect sensitive citizen data, mitigate risks during cloud migration, and ease the burden of data privacy compliance.

Cloud Integrations and Marketplaces

Imperva offers various cloud integrations and has a presence on major cloud marketplaces, enabling customers to protect their applications and data across different cloud environments.

  • Amazon Web Services (AWS): Imperva provides solutions for protecting applications and data on AWS. This includes native integrations with services like Amazon RDS, Amazon Aurora, Amazon Redshift, and Amazon DynamoDB for data security. Imperva’s Web Application Firewall (WAF) is available on the AWS Marketplace, allowing customers to deploy and manage WAF instances. Imperva is an AWS Security Independent Software Vendor (ISV) Competency partner and participates in the AWS Marketplace and AWS ISV Accelerate Program. Imperva Data Security Fabric (DSF) is available in the AWS Marketplace and supports securing data lakes built on AWS, integrating with services like AWS Lake Formation, AWS Glue, and Amazon Macie. Imperva also offers managed rules for IP reputation on AWS WAF. The Imperva Cloud API Security Integration tool has predefined integrations with Amazon API Gateway. Log integration with AWS S3 is also supported.
  • Microsoft Azure: Imperva offers protection for applications and data deployed in Microsoft Azure. Imperva’s WAF is available on the Azure Marketplace, allowing for flexible deployment and integration with Azure services. Imperva supports hybrid Azure cloud and on-premises environments, providing data audit and protection for both Azure IaaS and PaaS database offerings like AzureSQL. Imperva provides a deployment kit for Azure Security Center to streamline provisioning and monitoring. The Imperva Cloud API Security Integration tool includes predefined integrations with Microsoft Azure API Management. Imperva Cloud WAF also integrates with Microsoft Sentinel for ingesting WAF events. Terraform modules are available for provisioning Imperva DSF Agent Gateway on Azure. Imperva’s Application Security, including WAF, Advanced Bot Protection, Client-Side Protection, DDoS Protection, API Security, Runtime Protection, Attack Analytics, and Secure CDN, is available for private offers on the Azure Marketplace.
  • Google Cloud Platform (GCP): Imperva has partnered with Google Cloud to provide application security, including WAF and API protection, integrated with the Google Cloud environment. This allows customers to use Google Cloud’s global load balancing and Cloud CDN while protecting applications with Imperva’s security solutions without traffic leaving Google Cloud. Imperva offers WAF Gateway deployment on GCP. Imperva WAF logs can be collected by Google Security Operations (Chronicle) via API or Amazon S3. While a direct listing on the Google Cloud Marketplace for “Imperva” shows solutions like “Imperva – WAF Managed Rules” and “Imperva Data Security Fabric (DSF) BYOL,” specific details about these listings require accessing the marketplace directly. Imperva Cloud WAF can also be integrated with Google Cloud using n8n.io for workflow automation.
  • Other Integrations: Imperva’s Cloud WAF supports log integration with various SIEM platforms, including IBM QRadar, AlienVault USM Anywhere, Elastic SIEM, and Chronicle. Imperva Data Security Fabric (DSF) is designed to integrate with existing Data Activity Monitoring implementations and supports over 100 data repositories, including those from major cloud providers, to provide unified data security across on-premises, cloud, and multi-cloud environments. Imperva Cloud WAF logs can also be sent to LogScale (formerly Humio) via AWS S3. Wazuh can be integrated with Imperva Cloud WAF for enhanced visibility and alerting.

Key People

  • Chief Executive Officer: Pam Murphy.
  • Chief Technology Officer and Chief Information Security Officer: Kunal Anand.
  • Chief Financial Officer: Jim Dildine.
  • Chief Customer Officer and GM of the Application Security business unit: Nanhi Singh.
  • Chief Revenue Officer: Scott Lovett.
  • Senior Vice President of Cyber Security Products, Thales CSP: Sebastien Cano.
  • Senior Vice President of Product Development: Moshe Lipsker.
  • Vice President of Global Marketing, Thales CSP: Poupak Modirassari-Enbom.
  • Vice President of Human Resources, Thales CSP: Sanjeet Purohit.
  • Vice President of Worldwide Sales, Application & Data Security, Thales CSP: Eric Benson.
  • Vice President of Application Security Products, Thales CSP: Tim Chang.
  • Vice President of Data Security Products, Thales CSP: Todd Moore.

Key Facts

  • Headquarters Location: San Mateo, California, U.S.
  • Number of Employees: Over 1,400
  • Annual Revenue: Approximately $500 million (in 2022)
  • Parent Company: Thales Group
  • Subsidiary Companies: Includes Incapsula, Inc., Imperva Ltd. (Israel), Imperva Japan K.K., Imperva B.V. (Netherlands), Imperva UK Limited, and others. Imperva has made several acquisitions, including Distil Networks and jSonar.
  • Publicly Listed: No (acquired by Thoma Bravo in 2019, then by Thales Group in December 2023)

Analyst Recognition

Imperva is recognized by several major analyst groups for its cybersecurity solutions.

  • Gartner has named Imperva a Leader in the Magic Quadrant for Web Application and API Protection (WAAP) for nine consecutive years as of 2022. In 2024, Gartner recognized Imperva as a Visionary in the Magic Quadrant for Access Management. Gartner’s evaluation of Web Application and API Protection focuses on capabilities delivered as cloud services.
  • Forrester Research recognized Imperva as a Leader in The Forrester Wave™: Web Application Firewall (WAF), Q1 2025. Imperva was also listed as a Strong Performer in the 2023 Forrester Wave for Data Security Platforms and in the 2024 Forrester Wave for Bot Management Software.
  • IDC named Imperva a Leader in the 2024 IDC MarketScape for Web Application and API Protection (WAAP) enterprise platforms. This recognition highlights Imperva’s converged security solution that integrates tools like API security, bot management, and DDoS mitigation into a unified platform.
  • There is no specific information available in the search results regarding recognition of Imperva by the Everest Group in its PEAK Matrix assessments for relevant technology categories.

Related articles

No results found.

Enter a search