Case Study: Shutterfly, Inc. protects customer data and boosts security posture with Imperva RASP

Shutterfly Protects Customer Data and Increases Security With Imperva RASP

Shutterfly, a leading digital retailer that creates personalized photo products, faced a critical security challenge: its business depends on custom web applications that store sensitive customer photos and media, and a long backlog of vulnerabilities plus operational limits of a traditional WAF left those apps exposed. The company needed a low‑overhead, easily deployable solution that would fit into agile DevOps workflows, scale with growth, and reduce risk without demanding heavy engineering resources.

Shutterfly selected Prevoty (now part of Imperva) RASP, a self-contained runtime plugin using LangSec to detect and neutralize attacks in real time. RASP was integrated into deployment pipelines, provided precise attack telemetry to the SIEM, and immediately reduced vulnerability severity and backlog levels. The result: stronger production security with minimal performance impact, faster, safer releases, and more focused developer and security teams.

Shutterfly, Inc.

Aaron Peck

Head of Information Security