Imperva API Security
A solution for securing APIs by automating discovery, risk classification, and real-time monitoring.
| Category | API Security |
|---|---|
| Last page update | 19 days ago |
| Pricing Details | Contact for pricing details. |
| Target Audience | Security teams, API developers, IT administrators. |
Imperva API Security manages maintaining visibility and security in increasingly API-centric environments, where cyberattacks are becoming more sophisticated and frequent. This solution automates the discovery of API endpoints, including both known and unknown (shadow) APIs, without requiring additional workload on development teams or the need for OpenAPI specifications.
The technical architecture of Imperva API Security involves continuous API discovery and risk classification, leveraging machine learning to detect and classify sensitive data such as personal identifiable information (PII). It integrates with various environments, including cloud-native microservices, legacy systems, and hybrid setups. The solution can be deployed as an add-on to Imperva Cloud WAF or as part of the API Security Anywhere offering, which supports cloud-managed or self-managed configurations. It also integrates with leading API gateways like Kong, Mulesoft, and Apigee, and can operate as a lightweight sidecar sniffer in microservices architecture or as a standalone network sniffer in Kubernetes environments.
Operationally, Imperva API Security ensures real-time monitoring and risk assessment, enabling security teams to enforce policies based on the identified risks without hindering development velocity. The solution aligns with the OWASP Top 10 API Security Risks, providing protection against common threats such as Broken Authentication, Business Logic Abuse, and others. However, it is important to note that while it covers nine out of the OWASP top ten risks, it does not address the vulnerability associated with Unsafe Consumption of APIs (A10).
In terms of technical details, Imperva API Security offers advanced API verification capabilities, including thorough API specification assessment and targeted API fuzzing tests. This comprehensive approach helps in evaluating API specifications precisely and strengthening defenses against zero-day attacks and other vulnerabilities. The solution is highly accurate out-of-the-box, requiring no tuning, which simplifies its deployment and management.