Let’s take an honest look at the features of Imperva’s Client-side Protection product vs c/side.
You’re on the c/side website, so just know that we are biased. But we’re able to back it up! Here’s the product page of Imperva, to complete your research.
Let’s start by listing the differences. Scroll down to see the differences described in more detail.
The differences between Page Shield and c/side
| c/side | Imperva Client-side protection | |
|---|---|---|
| Doesn't rely on CSP policies | ✅ | |
| Doesn't cause errors in the browser terminal | ✅ | |
| Client-side JS script detection | ✅ | |
| Uses threat feed intel | ✅ | ✅ |
| Monitors Who-is records | ✅ | ✅ |
| Monitors SSL | ✅ | ✅ |
| Able to detect inline scripts | ✅ | |
| Uses AI to analyse scripts | ✅ | |
| Can autonomously block malicious scripts | ✅ | |
| Is able to block scripts without creating an allow list for all other scripts | ✅ | |
| Proxies scripts | ✅ | |
| Stores script content for future review | ✅ | |
| Has 100% certainty that the script reviewed is the one seen by the browser of the user | ✅ |
What we don’t like about Imperva’s Client-side Protection
On their product page, they claim they “protect your website against client-side attacks and streamline regulatory compliance with PCI DSS 4.0.”
The latter is true. But the first, that’s worth a debate. Imperva’s Client-side Protection just monitors and alerts on third-party JavaScript sources embedded on your site.
They don’t really have any advanced detection mechanism. They will let you do “out-of-the-box blocking of known malicious services”, which is just going down a list, and they’ll alert you if you have ****newly discovered resources, scripts, and headers. Where they get this information, is not clear, but it’s likely via threat feeds.
They also write on their product page: “continuously monitors which JavaScript services are present and only allows pre-approved services to execute”.
So as far as we can tell, they basically list your scripts and let you block or allow those while showing limited data/information. However, they also write “… continuously monitoring catches any new unapproved services that were added by a third party and are attempting to execute”. This is good! It shows an improved level of security compared to other competitors. But, they’ll only alert, not autonomously protect your site.
That’s where we differ massively.
Why c/side is more secure
C/side not only does all of the above, but we also have the capability to take action at the exact moment something is about to go wrong. The main way we do that is by wrapping your scripts to flow through our proxy. That way we're able to detect changes right there and then and put a stop to it.
We also store every version of the script’s content for feature review and to update our detection mechanisms, a mix of our AI/LLM and various other detection mechanisms that are continuously updated.
In short, our free tier offers more in both usage and protection than Imperva’s Client-side Protection tool on Enterprise.
Imperva business info you should know
Lastly, some recent info about Imperva you should know.
In December of 2023, Imperva was acquired by Thales, a public French multinational company that designs, develops, and manufactures electrical systems as well as devices and equipment for the aerospace, defense, transportation, and security sectors. It is not unlikely for pricing plans to change drastically as a result of an acquisition. This may make it less attractive to adopt their products for crucial security needs.
Your choice!
So there you have it, our understanding and thoughts on Imperva’s Client-side Protection tool and how we differ. Have we made our case or are you still looking for some more information? Hop on our free tier and theirs, and take it for a spin.
Or, you can go here to read more on how c/side works and find other comparisons.