Imperva named an Overall Leader

We’re thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. Our Leadership excels across the sub-categories of Product, Innovation, and Market Leadership and in three correlated categories designed to provide an additional level of insight for customers looking for a vendor with a combined set of capabilities.

A notable achievement is being recognized as one of the few non-gateway-first vendors as an Overall Leader in API Management and Security.

A complex API landscape

APIs have transformed digital experiences, but the evolving landscape poses new challenges and risks for those managing them. As their usage increases, new standards, technologies, and development methodologies have been introduced. For organizations, this makes managing API architectures more complex.

The KuppingerCole report highlights APIs as a prime attack vector for web applications. As our threat research shows, the rapid pace at which developers push out APIs has led to many APIs being pushed to production without the correct security protocols, leaving them vulnerable to automated attacks. Organizations lacking visibility of their full API inventory expose their application infrastructure to API abuse and potential data theft.

Adding to the problem, a talent shortage in a highly competitive and fast-evolving API market is making Security a growing priority for businesses.

The KuppingerCole Leadership Compass provides essential guidance for buyers when selecting API management or security solutions that can help them overcome increasingly complex API challenges.


Imperva Leadership Differentiators

With our already strong presence in the application security market, expanding our portfolio to include API security was a natural progression. Building on our experience in WAF-based API security, the acquisition of CloudVector in 2021 marked a pivotal moment. We integrated their API detection and response capabilities into the Imperva security suite, which increased our API security footprint significantly. Since the acquisition, the product has significantly matured and continues to improve.

Cohesive API Security in a Unified Platform

One of the key strengths of Imperva API Security lies in its integration with our trusted Imperva Application Security Platform. The product seamlessly aligns with our suite of proven application security capabilities, such as our Content Delivery Network (CDN), our industry-leading Web Application Firewall (WAF), DDoS Protection, and Advanced Bot Protection. Our platform employs a cohesive approach to API security, strengthening organizations’ defenses against many threats, including the OWASP (Web Application Security) Top Ten and the OWASP API Security Top Ten.

WAF as an essential component of API Security

Web Application Firewall (WAF) is frequently overlooked when considering the essential components of a robust API security strategy. Yet, it plays a pivotal role as the primary layer of defense and is instrumental in blocking malicious known-signature attacks and unauthorized access. Its meticulous traffic filtering and analysis not only establishes a secure API environment but also acts as a deterrent against reconnaissance attacks that could potentially escalate into API abuse. Imperva offers an industry leading WAF, which, combined with our API security product, offers full WAAP (Web Application and API Security) protection.

Integrated API Security and Advanced Bot Protection

Automated attacks and bad bots pose the most significant threat to APIs. We have expanded our API security offering by introducing a combined product integrating Imperva API Security with Advanced Bot Protection (ABP). This enhancement provides more comprehensive protection by identifying risky APIs with sensitive data and applying advanced bot protection for added security. The unique combination of bot protection and API security in an integrated product distinguishes Imperva from other API security competitors as it offers unparalleled, in-depth protection for your sensitive APIs.

Compatible with leading API Gateways

Imperva API Security integrates with various API gateways, such as Mulesoft, Azure APIM Gateway, and Apigee. Integrating API security with these gateways becomes imperative to ensure that security measures are applied consistently across the full API lifecycle. Furthermore, we have partnered with Kong, a leading provider of API management solutions, to offer industry-best API security and provide developers and security teams a fast route to bridging the growing API security gap.

Imperva API Security Strengths (as highlighted by the KuppingerCole report):

Unified security platform for web application and API security.

Fully SaaS-based with preconfigured security policies.

Positive security model based on OpenAPI specification as well as on auto-learning.

Support for GraphQL and gRPC standards.

Comprehensive API attack analytics and threat reputation intelligence.

Strong platform hardening and security capabilities.

Additional strength in our integration

The report also acknowledges that we have continued to deliver our “API Security Anywhere” promise, which refers to the ability to deploy the solution in a variety of cloud and hybrid environments as well as with partnerships such as Kong, and all major API gateway vendors. In a recent webinar with our partner Kong, we covered how combining API management and API security organizations can strengthen their security posture by discovering, managing, and protecting APIs without slowing down the speed of your business.

Leaders in every category

Imperva was also named Leader in the subcategories of Product, Innovation, and Market Leadership and across three further correlated categories designed to provide an additional level of insight for customers looking for a vendor with a combined set of capabilities.

Named as a Market Champion in both Market and Product, Imperva stands out as an “overperformer” with a mature product and distinctive market presence. This recognition is attributed to a global footprint, a diverse customer base, and an extensive partner network. Following the 2021 acquisition of CloudVector, our API Security offering has notably evolved, providing expanded coverage for various API risks and deployment types.

Additionally, in the ‘Technology Leaders’ category, Imperva excels by integrating a mature API security product with a trusted application platform and leading API Gateways, showcasing leadership in Product and Innovation. The inclusion of advanced features, such as the integration of Imperva API Security with Advanced Bot Protection, and the introduction of the BOLA risk assessment product, further solidifies our position in innovation.

In the ‘Leadership in Innovation and Market’ category, Imperva’s excellence is evident through a strong market presence, a vast global customer base, and a network of worldwide data centers. Our API security technology seamlessly integrates with leading API Gateways, and our strategic partnership with Kong enables us to offer a holistic API management and security solution. The commitment to “API Security Anywhere” underscores our dedication to providing unmatched flexibility and effectiveness in securing APIs across any environment.

About Imperva API Security

Imperva API Security is a critical component of the Imperva Application Security Platform. It leverages continuous discovery to uncover all public, private, and shadow APIs and protect them from the growing threat of API abuse. By integrating our Advanced API Security capabilities into our trusted Application Security platform, which includes our industry-leading Web Application Firewall (WAF), DDoS Protection, and Advanced Bot Protection, we can offer an unparalleled and comprehensive API security framework to protect against all categories of API threats, including the OWASP API Top 10. Our combined API Security and Advanced Bot Protection (ABP) solution enables the identification of the most high-risk APIs and applies advanced bot protection to protect against automated API abuse.

Read the full report here.
Source and Read More:

Related Post