Imperva

Imperva is a cybersecurity firm that provides a cloud-based web application firewall (WAF) service designed to protect websites and web applications from a range of threats. The company's core offering includes traffic inspection, threat detection, and mitigation capabilities that operate inline with customer traffic. Beyond the WAF, Imperva supplies complementary security modules such as distributed denial-of-service (DDoS) protection, bot management, API security, and data security solutions. These products are marketed to enterprises across various sectors that require continuous availability and protection of their online assets. Imperva's services are delivered from a cloud infrastructure, allowing customers to apply security policies without deploying on-premises hardware.

The firm is headquartered in Israel, as indicated in the organisational context. Imperva's security platform is positioned as a specialized tool for safeguarding web‑facing applications against the OWASP Top Ten vulnerabilities and other application‑layer attacks. Its technology integrates SSL certificate handling and API key management, which are essential components for maintaining encrypted communications and secure integrations. The company emphasizes a cloud‑native approach that enables rapid scaling and updates to threat intelligence feeds.

In August 2019, Imperva disclosed a breach affecting its cloud‑based WAF product, wherein customer email addresses, hashed and salted passwords, API keys, and SSL certificates for accounts created before a 2017 cutoff were exposed. The breach was identified through third‑party notification and highlighted the potential for attackers to misuse the stolen API keys to disable security controls, bypass traffic filtering, intercept or modify communications, and redirect web traffic. Imperva advised impacted customers to reset credentials, rotate API keys, replace certificates, and enable multi‑factor authentication to mitigate the risks. The incident underscored the critical nature of the data handled by the service and the importance of robust credential and key management practices.