Imperva Serverless Protection Launched
May 25, 2021

Imperva launched Imperva Serverless Protection, a new product built to secure organizations from vulnerabilities created by misconfigured apps and code-level security risks in serverless computing environments.

Designed with the developer and security team in mind, the new product is easily deployed as an AWS Lambda layer, protecting functions without changing code.

Built on Amazon Web Services (AWS), Imperva Serverless Protection is a fully integrated tool within AWS Lambda Extensions. The integration gives developers faster access to the new Imperva offering to provide an additional layer of security for their AWS Lambda environment. This latest innovation from Imperva adds to the company’s solutions for protecting applications in all their forms: legacy, APIs, microservices, and serverless functions.

“We see hundreds of thousands of customers of all sizes embrace serverless applications to quickly deliver value to their customers,” says Holly Mesrobian, General Manager, AWS Lambda, AWS. “The Imperva extension enables customers to easily embed additional security in their DevOps processes for serverless applications with just a simple configuration change.”

Developers are increasing adoption of serverless functions that offer lower costs, less configuration and faster deployment. However, “through 2022, 80% of successful attacks on serverless [platform as a service] PaaS will have a root cause of misconfiguration or the use of known vulnerable code due to immature tools and processes,” writes Neil MacDonald, Vice President, Distinguished Analyst, Gartner, in the March 2020 report, “Security Considerations and Best Practices for Securing Serverless PaaS”1. He adds, “New approaches and techniques for securing serverless will be required and should be designed using a life cycle approach, starting in development and carrying through into operations.”

Imperva Serverless Protection offers market-differentiated capabilities to help organizations manage the complex security risks that emerge in serverless functions.

- Protection against malicious activity: Purpose-built for serverless computing, Imperva uniquely enables a positive security model that provides protection against malicious changes, like zero-day exploits, within the function. Deployed as an AWS Lambda layer, it can be deployed once and applied to multiple AWS Lambda functions.

- Visibility and protection from internal and external code vulnerabilities: Imperva Serverless Protection secures serverless functions from vulnerabilities embedded in first and third-party code -- the underlying risk factor that can trigger a software supply chain attack. It effectively monitors and blocks vulnerabilities without elaborate or manual steps involved.

- OWASP Serverless Top 10 coverage: Imperva Serverless Protection offers protections from misconfigurations, code-level risks, injections and weaknesses. It stops HTTP response splitting and method tampering, code injection, and other complex threats. It also monitors for insecure cookies and transport, logging of sensitive information, unauthorized network activity, weak authentication, and other potential vulnerabilities.

- Deep visibility into security incidents at the application layer: Imperva Serverless Protection runtime monitoring gathers log-level information to provide forensic detail so security teams can fully understand the context of every attack with virtually no impact on latency. It also identifies and maps third-party dependencies used during runtime.

“Traditional security technologies are not designed to get visibility into and provide protection for ephemeral workloads like serverless functions. Customers require the combination of protection at the function, contextual awareness, and high performance. Additionally, customers are not interested in modifying their workloads or changing code to support security functions. Imperva Serverless Protection was created exactly to solve these needs,” says Kunal Anand, CTO, Imperva. “With Imperva Serverless Protection, DevOps and SecOps teams have a powerful new capability to stop serverless attacks.”

Share this

Industry News

April 07, 2025

Appfire announced its launch of the Appfire Cloud Advantage Alliance.

April 07, 2025

Salt Security announced API integrations with the CrowdStrike Falcon® platform to enhance and accelerate API discovery, posture governance and threat protection.

April 07, 2025

Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.

April 03, 2025

StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.

April 03, 2025

Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.

April 03, 2025

Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.

April 03, 2025

AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.

April 02, 2025

Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.

April 02, 2025

Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.

April 02, 2025

Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.

April 02, 2025

Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)

April 02, 2025

Opsera raised $20M in Series B funding.

April 02, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.

April 01, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.

April 01, 2025

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.