Linkedin Tag

Back to blog

Imperva Client-side Protection vs c/side

Sunday, April 28th, 2024

Updated June 24th, 2024
Carlo D'Agnolo's profile picture

Carlo D'Agnolo

Let’s take an honest look at the features of Imperva’s Client-side Protection product vs c/side.

You’re on the c/side website, so just know that we are biased. But we’re able to back it up! Here’s the product page of Imperva, to complete your research.

Let’s start by listing the differences. Scroll down to see the differences described in more detail.

The differences between Page Shield and c/side

c/side Imperva Client-side protection
Doesn't rely on CSP policies
Doesn't cause errors in the browser terminal
Client-side JS script detection
Uses threat feed intel
Monitors Who-is records
Monitors SSL
Able to detect inline scripts
Uses AI to analyse scripts
Can autonomously block malicious scripts
Is able to block scripts without creating an allow list for all other scripts
Proxies scripts
Stores script content for future review
Has 100% certainty that the script reviewed is the one seen by the browser of the user

What we don’t like about Imperva’s Client-side Protection

On their product page, they claim they “protect your website against client-side attacks and streamline regulatory compliance with PCI DSS 4.0.”

The latter is true. But the first, that’s worth a debate. Imperva’s Client-side Protection just monitors and alerts on third-party JavaScript sources embedded on your site.

They don’t really have any advanced detection mechanism. They will let you do “out-of-the-box blocking of known malicious services”, which is just going down a list, and they’ll alert you if you have ****newly discovered resources, scripts, and headers. Where they get this information, is not clear, but it’s likely via threat feeds.

They also write on their product page: “continuously monitors which JavaScript services are present and only allows pre-approved services to execute”.

So as far as we can tell, they basically list your scripts and let you block or allow those while showing limited data/information. However, they also write “… continuously monitoring catches any new unapproved services that were added by a third party and are attempting to execute”. This is good! It shows an improved level of security compared to other competitors. But, they’ll only alert, not autonomously protect your site.

That’s where we differ massively.

Why c/side is more secure

C/side not only does all of the above, but we also have the capability to take action at the exact moment something is about to go wrong. The main way we do that is by wrapping your scripts to flow through our proxy. That way we're able to detect changes right there and then and put a stop to it.

We also store every version of the script’s content for feature review and to update our detection mechanisms, a mix of our AI/LLM and various other detection mechanisms that are continuously updated.

In short, our free tier offers more in both usage and protection than Imperva’s Client-side Protection tool on Enterprise.

Imperva business info you should know

Lastly, some recent info about Imperva you should know.

In December of 2023, Imperva was acquired by Thales, a public French multinational company that designs, develops, and manufactures electrical systems as well as devices and equipment for the aerospace, defense, transportation, and security sectors. It is not unlikely for pricing plans to change drastically as a result of an acquisition. This may make it less attractive to adopt their products for crucial security needs. 

Your choice!

So there you have it, our understanding and thoughts on Imperva’s Client-side Protection tool and how we differ. Have we made our case or are you still looking for some more information? Hop on our free tier and theirs, and take it for a spin.

Get started with c/side.

Or, you can go here to read more on how c/side works and find other comparisons.