Imperva Web Application Firewall
By Imperva
A long-established WAF with particularly deep bot management and DDoS mitigation built in, sold standalone or as part of Imperva's broader application and data security portfolio. Part of the French Thales Group since Thales completed its ~$3.6B acquisition from Thoma Bravo in December 2023.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaSOn-prem
- Organization size
- Mid-marketEnterprise
- Pricing tier
- $$$
Capability checklist
WAFHow Imperva Web Application Firewall measures up against the full WAF & API Security taxonomy.
- Attack signature blocking — supported
- Blocks OWASP Top 10 style attacks like SQL injection and XSS at the edge.
- API discovery — supported
- Automatically inventories known and shadow API endpoints from observed traffic.
- Schema validation — not supported
- Enforces that requests match the declared API schema, blocking anything that doesn't.
- Bot management — supported
- Distinguishes automated and malicious bot traffic from legitimate users.
- Rate limiting — supported
- Throttles abusive request volumes per client or endpoint.
- Runtime API protection — not supported
- Detects and blocks data leakage and abuse in live API traffic.
Alternatives
Other WAF & API Security tools with overlapping capabilities, sized for similar teams.