Imperva DDoS Protection

Imperva DDoS Protection

Imperva DDoS protection mitigates the largest attacks within 3 seconds without interfering with legitimate users.

DDoS Protection service that works

Maybe you’ve been hit by a DDoS attack and need to better understand how to protect your organization, regardless of whether this was a minor nuisance, or you incurred significant harm. Or you may be simply looking for a replacement DDoS solution that is better equipped to handle the changing threat environment. Perhaps you’re one of the few who haven’t been attacked yet, (but chances are you will be!) Imperva has the solution: DDoS protection for websites, networks, application servers, DNS servers and individual IPs. Imperva has mitigated the largest attacks in history, immediately and without incurring latency or interfering with legitimate users. DDoS cybercrime is an ever-changing landscape, but the Imperva cloud service is prepared to protect you, whatever attack comes your way and no matter what the future holds.

Imperva DDoS protection mitigates the largest attacks immediately without incurring latency or interfering with legitimate users. Multiple DDoS protection options have been designed to meet your exact needs.

  • DDoS protection for websites: Always-on DDoS protection automatically detects and mitigates attacks targeting websites and web applications.

    The DDoS protection for websites complements the Imperva cloud web application firewall (WAF), which blocks hacking attempts and attacks by malicious bots. A change to your DNS records ensures that all HTTP/S traffic to your domain(s) is routed through the Imperva network. Acting as a secure proxy, Imperva DDoS protection for websites masks your origin server IP and constantly filters incoming traffic, blocking DDoS traffic while legitimate requests flow through.
  • DDoS protection for networks: On-demand or always-on protection against DDoS attacks that directly target your network infrastructure. DDoS protection for networks can be used to defend entire subnets.

    The DDoS protection shields entire networks by leveraging the Imperva network’s multi-terabit scrubbing capacity and high-capacity packet processing capabilities to instantly mitigate the largest, most sophisticated DDoS attacks. Imperva supports multiple deployment models, including Cross Connect, GRE tunnels, and Equinix Cloud Exchange. DDoS protection for networks is available as an always-on or on-demand service, with flow-based monitoring and support for automatic or manual switchover.
  • DDoS protection for domain name servers: Always-on DDoS protection for your Domain Name Server (DNS) against network and application layer assaults. DDoS protection for domain name servers also accelerates DNS responses.

    The service is deployed in front of your DNS server, becoming the first destination for all DNS queries. Acting as a secure proxy, Imperva prevents illegal DNS queries from reaching your server while masking it from direct-to-IP network layer attacks. From the Imperva dashboard you can whitelist specific queries and for additional peace of mind, you can also set a threshold to rate-limit the queries your server receives. Finally, with DDoS protection for domain name servers in place you will still be able to manage your DNS zone files outside of the Imperva network.
  • DDoS protection for IPs: Always-on DDoS protection against attacks targeting your Internet-facing websites or services hosted on a public cloud.

    Imperva DDoS Protection for IPs provides critical protection for any service exposed to the Internet. If you run your applications on a single host, and do not control your entire network, DDoS Protection for IPs provides an easy-to-manage solution for environments that include cloud-hosted websites and services.

Imperva proxies all web requests to block DDoS attacks from being relayed to client origin servers. Imperva detects and mitigates any type of attack, including:

  • TCP Fragment
  • UDP
  • Slowloris
  • Spoofing
  • ICMP
  • IGMP
  • HTTP Flood
  • Brute Force
  • Connection Flood
  • DNS Flood
  • NXDomain
  • Mixed SYN and UDP or ICMP and UDP Flood
  • Ping of Death
  • Smurf
  • Reflected ICMP & UDP
  • As well as other attacks


All-inclusive DDoS protection

Support of Unicast and Anycast technologies, powering a many-to-many defense methodology. This automatically detects and mitigates attacks exploiting application and server vulnerabilities, hit-and-run events and large botnets.

3-second mitigation SLA

Imperva offers the only service that has an SLA-backed guarantee to detect and block any website attack, of any size or duration — in 3 seconds or less.

High-capacity network

A high-capacity global network holds over 6 Terabits per second of on-demand scrubbing capacity and can process over 65 billion attack packets per second.

Attack visibility

Gain visibility over attacks and actionable insight into Layer 7 attacks. A dashboard lets you quickly analyze attacks and adjust security policies on-the-go, to stop web application attacks.


Insights from 2019 Cyberthreat Defense Report

Infrastructure DDoS Protection Analytics Demo by Imperva