Imperva SecureSphere is a comprehensive, cyber security platform that includes Web, Database and File Security. It scales to meet the security demands of even the largest organizations and is backed by the Imperva Defense Center, a world-class security research organization that maintains the product's cutting-edge protection against evolving threats.

Cyber Security for What Matters Most


Imperva helps with 11 of the 20 CIS Critical Security Controls – See our attack plan

Hackers and malicious insiders steal your business-critical data and information by exploiting the gaps left by traditional endpoint and network products. As many companies have painfully discovered, a breach goes far beyond the loss of data. It results in financial losses, regulatory fines, and damage to a company’s reputation. The Imperva SecureSphere, Prevoty and Skyfence product lines enable organizations to discover assets and vulnerabilities, protect information wherever it lives—in the cloud and on-premises—and comply with regulations.

Imperva Provides:

  • Cyber and Cloud Security
  • Web Application Security
  • Website and Infrastructure DDoS Protection
  • Database Security
  • Privileged Access
  • Solution platform to protect company data
  • Minimization of false positives
  • Reduction in the number of point solutions

DDoS Protection

Comprehensive Protection from All DDoS Attacks

The Imperva Incapsula service delivers a multi-faceted approach to DDoS defense, providing blanket protection from all DDoS attacks to shield your critical online assets from these threats. Incapsula DDoS protection services are backed by a 24×7 security team, 99.999% uptime SLA, and a powerful, global network of data centers.

Website DDoS Protection
The Incapsula Website DDoS Protection solution is an always-on, cloud-based DDoS mitigation service which automatically detects and mitigates all types of DDoS attacks launched at websites and web applications. This service is built on-top of the Incapsula Content Delivery Network (CDN) and leverages a PCI DSS compliant Web Application Firewall technology. As a result, in addition to securing websites against DDoS threats, Incapsula also guards against exploitation of application vulnerabilities and ensures that website traffic runs normal operating speeds, even during large-scale volumetric attacks.

Infrastructure DDoS Protection
Enabled via GRE tunneling and leveraging Border Gateway Protocol (BGP) routing, Infrastructure Protection is an on-demand security service that safeguards critical network infrastructure from volumetric and protocol-based DDoS attacks. Powered by proprietary “Behemoth” scrubbing servers capable of mitigating 170Gbps of DDoS attacks per appliance clean traffic at each datacenter to ensure the Incapsula network is never overwhelmed. Infrastructure Protection complements other CDN-based services from Incapsula to provide complete protection from all DDoS threats for all network protocols and internet connected devices.

Name Server DDoS Protection
Name Server DDoS Protection safeguards DNS servers from DDoS attacks. Deployed as an always-on service, NS DDoS Protection automatically identifies and blocks attacks seeking to target DNS servers, while also accelerating DNS responses. Name Server Protection is seamlessly compatible with other security solutions offered by Incapsula, providing customers with the most robust DDoS offering on the market.

Prevoty Autonomous Application Protection

Prevoty keeps applications secure by default so that organizations can focus on building applications that solve problems, connect people, and drive business.


The Applications That Power Business Remain Dangerously Insecure.
Applications are prime targets for cyberattacks because they handle troves of personally identifiable information, intellectual property, financial information, and other critical data. According to the most recent Verizon Data Breach Investigation Report, data breaches stemming from application-targeted attacks have skyrocketed since 2013. Last year, web application targeted attacks became the most likely attack vector to trigger a data breach. Traditional application security tools fail to protect organizations from attacks because they mostly rely on signatures and rules that are easy to circumvent, struggle to stop zero-day attacks, suffer from high false positive rates, and lack real-time context and visibility. Prevoty believes that securing applications requires radical thinking: applications must defend themselves.

Prevoty Autonomous Application Protection = Security by Default
Prevoty Autonomous Application Protection fills the security gaps that leave applications vulnerable to attack with a single plugin that protects both legacy and modern applications. The Prevoty plugin is completely autonomous, portable, and works in any type of deployment architecture including on-premise, in the cloud, and in containers.


Prevoty autonomous plugins enable applications to protect themselves using an industry-leading runtime application self-protection (RASP) technology plus a lightning-fast, attack detection method called Language Theoretic Security (LANGSEC) that understands how payloads will execute within the context of a given environment and neutralizes known and zero-day attacks. The result is applications that are secure by default, regardless of any latent vulnerabilities in the application software that would otherwise be susceptible to attack.


Prevoty integrates security into application development lifecycles, augmenting the traditional vulnerability-management approach to AppSec
with attack-based risk mitigation informed by real attack data. Because Prevoty not only pinpoints
the vulnerabilities a neutralized attack would have exploited – down to the exact line of code – but also secures applications despite those vulnerabilities, organizations have more time to implement patches and more insight into which vulnerabilities are actually being attacked.