Imperva API Security Released
March 07, 2022

Imperva announced the availability of Imperva API Security with continuous API discovery and data classification.

The product is deployed easily in any environment to provide visibility and protection of data across legacy and cloud-native applications. As a service offering, it can be seamlessly enabled by Imperva Cloud Web Application Firewall (WAF) customers or quickly deployed as a standalone to gain visibility into all API traffic.

Imperva API Security provides protection for Application Programming Interfaces (APIs) in developer environments that often lack adequate security controls and are vulnerable to malicious or inadvertent exposure. According to Gartner®, “By 2024, API abuses and related data breaches will nearly double”, predicts Mark O’Neil and Shameen Pillai, in the May 2021 report, “The 10 Things Software Engineering Leaders Need to Know About APIs[1]”.

The volume of APIs are multiplying as organizations accelerate digital transformation and adopt modern application development approaches. The proportion of web traffic flowing from APIs has grown 30% in 2022, compared to the same period last year, according to an analysis of cloud WAF traffic by Imperva Research Labs. As the volume of API traffic increases, it becomes a greater threat to an organization’s sensitive data. Motivated attackers will increasingly target APIs as the pathway to the underlying infrastructure and database. Imperva API Security enables rapid, secure development by providing continuous visibility and protection for all APIs. The product mitigates the risk of data breaches and data leakage by uncovering shadow APIs, and suggests remediation for software developers and security administrators.

Key Benefits of Imperva API Security:

- Identify and classify data flowing through any API: Protecting APIs should be a direct extension of an organization’s strategy for securing sensitive data. Imperva API Security automatically discovers each API’s full schema while identifying and classifying the data that flows through it.

- Continuous discovery of APIs and schema changes: With a simple activation, REST APIs are quickly detected to enable creation of a positive security model. API inventories are automatically updated, helping the security team keep pace with developers who frequently modify APIs in production.

- Flexible deployment model: Imperva API Security works across legacy, hybrid, and cloud-native environments including: Kubernetes, legacy monolithic apps, standalone microservices, web proxies, or API gateways that integrate with other existing infrastructure. The flexible deployment model provides protection for both public-facing and backend APIs in a single solution without slowing down development teams.

- Enable API governance: Gain visibility beyond the API endpoint and into each API’s underlying payload. This context will help business leaders in highly regulated industries enforce a governance model and stop a potential data breach.

“Organizations need a new approach for protecting APIs as attacks multiply and increase in sophistication,” says Karl Triebes, SVP, Product Management & General Manager, Application Security, Imperva. “Simply knowing how many APIs you have in your environment isn’t enough. With the focus on protecting the underlying data, Imperva API Security is designed to help security and development teams work cooperatively without altering code or slowing down the development lifecycle.”

Imperva API Security is a product uniquely designed to benefit both the security and development teams. As a core component of the market-leading Imperva Web Application & API Protection platform, customers can protect critical applications and infrastructure from online fraud, DDoS attacks, and API abuses.

“Managing the security of APIs is one of the key business risks organizations face today as they accelerate the pace of software development,” says Christopher Rodriguez, Research Director, Cybersecurity Products at IDC. “Protecting APIs should be seen as a critical dimension of a strong data security strategy. API security tools should provide the ability to discover and classify every API in and out of production. Organizations must act quickly as APIs will be the source of more data breaches in the coming years.”

Share this

Industry News

April 25, 2024

JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.

April 25, 2024

Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.

April 25, 2024

SmartBear has added no-code test automation powered by GenAI to its Zephyr Scale, the solution that delivers scalable, performant test management inside Jira.

April 24, 2024

Opsera announced that two new patents have been issued for its Unified DevOps Platform, now totaling nine patents issued for the cloud-native DevOps Platform.

April 23, 2024

mabl announced the addition of mobile application testing to its platform.

April 23, 2024

Spectro Cloud announced the achievement of a new Amazon Web Services (AWS) Competency designation.

April 22, 2024

GitLab announced the general availability of GitLab Duo Chat.

April 18, 2024

SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.

April 18, 2024

Red Hat announced updates to Red Hat Trusted Software Supply Chain.

April 18, 2024

Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.

April 17, 2024

CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.

April 17, 2024

Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.

April 17, 2024

Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.

April 16, 2024

Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).

April 16, 2024

Pegasystems announced the general availability of Pega Infinity ’24.1™.