Imperva Web Application and API Protection (WAAP)

Additional Info

Company size (employees)1,000 to 4,999
Headquarters RegionNorth America
Type of solutionSoftware


As businesses digitally evolve and mature, more applications operate in cloud-native and hybrid environments. What’s more, monolithic apps have evolved into a complex ecosystem of APIs, serverless functions, and microservices. Traditional WAFs are effective at stopping basic application security risks targeting legacy applications, but are not equipped to stop sophisticated attacks in cloud-native environments. Further, organizations need visibility into API behavior and the vulnerabilities that might be lurking in their software supply chain.

Imperva Web Application and API Protection (WAAP) builds on the value of the Web Application Firewall, but is strengthened by incorporating advanced bot protection, API security, runtime protection, DDoS protection, and a secure content delivery network (CDN). This year, Imperva was positioned as a leader in the 2022 Gartner Magic Quadrant for Web Application and API Protection, the ninth consecutive time Imperva was recognized as a leader in this market.

Imperva WAAP blocks attacks quickly and confidently, while saving organizations time and money on management, incident investigations, and compliance tasks. Imperva Attack Analytics sorts and groups security events into clusters of narratives, assigning each a severity level and supplying additional reputation intelligence so teams can quickly investigate. Meanwhile, Imperva Threat Research works around the clock to generate new security rules to protect customers automatically from emerging vulnerabilities.

The unified WAAP stack provides a more detailed level of inspection to distinguish potential attacks from legitimate traffic. For example, as use of TLS encryption grows, Imperva WAAP can inspect TLS connections and identify sensitive data and malicious content, like malware, hiding in the encrypted traffic.

While protecting organizations from the OWASP Top 10, DDoS attacks, API abuse, online fraud, and more, Imperva WAAP provides website and web application protection that is PCI-compliant and reduces risks created by third-party dependencies. All while allowing organizations to easily extend their security as requirements change.

How we are different

- Replace 6+ point security products with one unified platform to protect websites, applications, and APIs from automated threats like DDoS or bot attacks, online fraud, and supply chain attacks.

- Protects modern and hybrid applications against advanced and multi-vector attacks regardless of whether they are on-premises, hybrid, or cloud-native.

- Using data from Imperva WAF, DDoS, API Security, and more, Imperva Attack Analytics is a cloud-based tool included at no additional cost that reviews thousands of security events and consolidates them into prioritized alerts. Each alert provides a detailed narrative of the attack, giving analysts everything they need to know in one screen. Instead of reviewing hundreds of security events and trying to find the commonality between them, Attack Analytics does the heavy lifting for security teams. This decreases alert fatigue, increases efficiency, and provides security teams with the full picture of their Imperva environment.