Imperva
SecureSphere - Web Application Firewall
Market Leading Protection for Web Applications
Overview:
The Imperva SecureSphere Web Application Firewall protects Web applications and sensitive data against sophisticated attacks such as SQL injection, Cross-Site Scripting (XSS) and brute force attacks, stops online identity theft, and prevents data leaks from applications. SecureSphere offers drop-in deployment, automated, adaptable security, and low operational overhead. Imperva’s Dynamic Profiling technology automatically builds a model of legitimate behavior and recognizes application changes over time, ensuring that SecureSphere’s security policies are up-to-date and accurate without manual tuning.
As the market leading Web application firewall, more organizations rely on Imperva to monitor and protect their critical Web applications than any other vendor. Imperva SecureSphere provides your business with a practical and highly secure solution to ensure that your Web applications and data are safe.
Benefits:
- Accurately monitors and protects Web applications
- Automates operations through patent-pending Dynamic Profiling technology
- Supports ultra high performance and sub-millisecond latency
- Scales to support large, distributed deployments with centralized management
- Documents security status and compliance with best-in-class monitoring and reporting
Firewall Features:
- Accurate Protection against Web application attacks – The SecureSphere Web Application Firewall combines a dynamic
white list policy model with up-to-date application signatures, session tracking and correlation rules for precise attack detection.
- Automated, intuitive Management – Imperva’s unique Dynamic Profiling technology automatically learns the structure,
elements, and expected usage of protected applications. An easy-to-use Web management interface makes configuration effortless.
- Transparent Deployment – Multiple configuration options, including layer 2 bridge, proxy and non-inline monitor, enable
drop-in deployment with no changes to existing applications or network.
- Data Leak Prevention – SecureSphere inspects outbound traffic to identify potential leaks of sensitive data such as
cardholder data and social security numbers.
- Ultra-high Performance and Low Latency – Delivering multi-Gigabit performance and sub-millisecond latency, SecureSphere
can easily scale to meet the most demanding data center requirements.
- Flexible High Availability options – A broad array of high availability options, including fail-open interfaces and the
proprietary IMPVHA failover protocol, enable zero-risk deployment into any environment.
- Enterprise-grade Centralized Management – Scaling to protect large, distributed data centers, the MX Management Server
centralizes the configuration, monitoring and reporting of multiple appliances. Hierarchical policies, granular administrative
permissions, and a unique task-oriented workflow enable flexible management even in the most complex environments.
- Rich Graphical Reporting – SecureSphere includes a powerful reporting framework with both pre-defined and fully-customizable
reports that provides instant visibility into security and compliance concerns.
- Application User Visibility – SecureSphere can automatically capture Web application user names and associate all session activity with the specific user. When SecureSphere is extended to database protection, then it can track SQL queries to Web application users.
Complete Attack Prevention:
The SecureSphere Web Application Firewall delivers unmatched protection by leveraging multiple security defenses. These defenses include Dynamic Profiling, HTTP protocol validation, platform attack security, and Correlated Attack Validation.
Eliminates Manual Configuration and Tuning
SecureSphere incorporates Imperva's unique Dynamic Profiling technology, which automatically learns the structure, elements, and expected usage patterns of protected Web applications, while detecting and incorporating valid application changes into the application profile over time. By comparing Web requests to the profile, SecureSphere detects unacceptable behavior and prevents malicious activity with pinpoint precision.
Dynamic Profiling automatically builds an accurate profile with no need for manual configuration or tuning. SecureSphere Web Application Firewall uses this technology to eliminate the need and substantial costs associated with manually creating and updating a typically enormous white list that can contain thousands of URLs, form fields, parameters and cookies.
Defenses That Are Always Up To Date
The Imperva Application Defense Center (ADC), staffed by Imperva's team of application security and compliance experts, and is recognized globally for its data and application security research. The ADC continuously investigates new database and application vulnerabilities reported worldwide, analyzes exploit traffic from a wide range of live Web sites, and conducts primary vulnerability research to identify the latest threats. This research drives continuous updates to SecureSphere's defenses, including signature updates, protocol validation policies, and correlation rules.
SecureSphere customers can choose to add ADC Insights for an added layer of protection, gaining access to Imperva's in-depth business applications expertise, pre-built data security compliance reports, and best practices from compliance and security experts.
Stops Protocol Exploits
SecureSphere's built-in HTTP protocol validation prevents protocol exploits including buffer overflow, malicious encoding, HTTP smuggling, and illegal server operations. Flexible policies enable strict adherence to RFC standards while allowing minor variations for specific applications.
Comprehensive Platform and Network Protection
SecureSphere delivers comprehensive protection against known attacks targeting Web server, middleware and platform vulnerabilities, sourcing more than 4,000 signatures from Bugtraq, CVE®, Snort®, the Imperva ADC, and others. SecureSphere also defends against new, zero-day Web worm attacks by detecting and identifying their unique combination of attributes.
SecureSphere's integrated stateful network firewall provides protection from both external and internal unauthorized users, protocols, and network attacks, while meeting best practice security mandates by preventing non-essential protocols from reaching sensitive Web applications.
Defends Web Services
Leveraging Imperva's Dynamic Profiling technology, SecureSphere also profiles legitimate Web Services behavior including XML files, elements, attributes, schema, variables, and SOAP actions, identifying and blocking any attempt to tamper with normal Web services behavior.
Unmatched Accuracy
Imperva's unique Correlated Attack Validation technology accurately identifies even the most complex attacks by correlating violations across security layers, and over time.
By employing multiple sophisticated technologies,
SecureSphere Web Application Firewall is able to prevent
even the most complex web application attacks.
Transparent Deployment:
Imperva's unique Transparent Inspection technology enables SecureSphere's complete and accurate application security system to be deployed into any environment without forcing organizations to change existing applications, servers or networks, or to redesign their Web applications, change IP or DNS settings, or update authentication schemes.
Kernel-based Transparent Inspection separates security from deployment mode, enabling SecureSphere to support the following operation modes:
- Transparent Layer 2 Bridge for drop-in deployment and industry-best performance
- Layer 3 Router for network segmentation, routing and network address translation
- Reverse Proxy for content modification, such as cookie signing and URL rewriting
- Transparent Proxy for fast deployment of content modification without network changes
- Non-inline Monitor for zero-risk monitoring and forensics
Gigabit Performance for Unparalleled Data Security
SecureSphere delivers multi-gigabit throughput and tens of thousands of transactions per second while maintaining sub-millisecond latency. This is an order of magnitude better than competing approaches, and ensures completely transparent deployment. With SecureSphere, data security policies will never impact data center service level agreements or application performance.
High Availability Enables Deployment for Large Networks
SecureSphere's support for a wide variety of high availability options enables its deployment into some of the largest networks in the world. These availability options include:
- Imperva High Availability (IMPVHA) for sub-second failover
- Virtual Router Redundancy Protocol (VRRP) for router or proxy deployments
- Active-Active and Active-Passive Redundancy for external availability mechanisms
- Fail-open interfaces for single-gateway availability
- Non-inline deployment for zero risk monitoring and assessment
Efficient Operations, Low Ongoing Maintenance:
Automated Policy Configuration and Maintenance
Implementing a white-list security model has traditionally required constant manual tuning. The application firewall white list needed to be updated whenever the Web application changed. Dynamic Profiling eliminates manual tuning by automatically modeling Web applications and adapting to application changes. SecureSphere administrators still have full access to modify application profiles and create custom policies.
Centralized Management for Enhanced Data Security
The SecureSphere MX Management Server offers centralized configuration, monitoring, and reporting for larger environments, including mixed Web and database deployments. Hierarchical organizational groupings, granular administrative permissions, and a unique task-oriented workflow streamline management of large enterprise and ASP environments.
Enterprise Class Reporting for Auditing and Compliance
SecureSphere offers rich graphical reporting capabilities, enabling customers to easily understand security status and meet regulatory data compliance requirements. SecureSphere provides both pre-defined and fully-customizable Web based reports. Reports can be viewed on demand or emailed on a daily, weekly or monthly basis. SecureSphere's reporting platform provides instant visibility into security, compliance, and content delivery concerns.
Monitoring and Alerting
SecureSphere screens important database activity
and provides the highest level of security.
A dashboard provides a real-time, high-level view of
system status and security events. Alerts are easily
searched, sorted, and directly linked to corresponding
security rules. For flexible integration with Security
Event Management products, SecureSphere supports syslog,
SNMP, and direct ODBC access.
Application User Tracking
Imperva's Dynamic Profiling technology enables SecureSphere to monitor, enforce and audit policy on a per-user basis by automatically capturing Web application user names and associating all subsequent session activity with that specific user name.
Optional Database Protection
The SecureSphere Web Application Firewall can be extended, via the SecureSphere Database Security Gateway, to monitor and protect Oracle, MS-SQL Server, DB2 and Sybase databases from external attacks and insider abuse, providing end-to-end security for the data center. By leveraging SecureSphere's Application User Tracking to deliver Universal User Tracking, it can trace individual SQL queries back to the Web user, providing unparalleled visibility into database requests, changes and violations.
Features and Appliance Specifications:
| Features Specifications: | |
|---|---|
| Web Securiy |
|
| HTTPS/SSL Inspection |
|
| Web Services Security |
|
| Content Modification |
|
| Platform Security |
|
| Network Security |
|
| Advanced Protection |
|
| Data Leak Prevention |
|
| Policy/Signature Updates |
|
| User Awareness |
|
| Deployment Modes |
|
| Management |
|
| Administration |
|
| Logging/Monitoring |
|
| High Availability |
|
| Appliance Specifications: | |||||
|---|---|---|---|---|---|
 |
 |
|
 |
|
|
| X6500 | X4500 | X2500 | X2000 | X1000 | |
| Fault Tolerance | Dual, hot-swap hard drives, power supplies, and fans | Dual, hot-swap hard drives, power supplies, and fans | Dual, hot-swap hard drives, power supplies, and fans | N/A | N/A |
| Throughput | 2 Gbps | 1 Gbps | 500 Mbps | 500 Mbps | 100 Mbps |
| HTTP Transactions/Sec | 44,000 | 36,000 | 22,000 | 22,000 | 8,000 |
| SQL Transactions/Sex | 200,000 | 100,000 | 50,000 | N/A | N/A |
| Latency | Sub-millisecond | Sub-millisecond | Sub-millisecond | Sub-millisecond | Sub-millisecond |
| Interfaces |
10 x 10/100/1000 Mbps (max 4 Fiber interfaces; optional 10Gbps Fiber) |
6 x 10/100/1000 Mbps (max 4 Fiber interfaces; optional 10Gbps Fiber; optional 4 additional Copper) |
6 x 10/100/1000 Mbps (max 4 Fiber interfaces) |
6 x 1GbE | 6 x 1GbE |
| Interface Types | Copper, Fiber SX, Fiber SR or Fiber LR | Copper, Fiber SX, Fiber SR or Fiber LR | Copper or Fiber SX | Copper | Copper |
| Max Network Segments | (4) Bridge; (9) Proxy, Non-inline | (4) Bridge; (9) Proxy, Non-inline | (2) Bridge; (5) Proxy, Non-inline | (2) Bridge; (5) Proxy, Non-inline | (2) Bridge; (5) Proxy, Non-inline |
| Inline Fail Open (Bridging only) | 4 bypass segments | Up to 4 bypass segments | 2 bypass segments | 2 bypass segments | 2 bypass segments |
| Hard Drive | 2 hot-swap 1 TB | 2 hot-swap 1 TB | 2 hot-swap 500 GB | 500 GB | 500 GB |
| Memory | 8 GB | 8 GB | 4 GB | 4 GB | 2 GB |
| Serial Port | RJ45 connector | RJ45 connector | RJ45 connector | RJ45 connector | RJ45 connector |
| USB Port | 2 | 2 | 2 | 2 | 2 |
| SSL Acceleration | Included | Optional | Optional | N/A | N/A |
| Fibre Channel, LOM or HSM | Optional | Optional | Optional | N/A | N/A |
| Power Supply | Dual 400 W | Dual 400 W | Dual 400 W | 250 W | 250 W |
| AC Power | 100-240V, 50-60 Hz | 100-240V, 50-60 Hz | 100-240V, 50-60 Hz | 100-240V, 50-60 Hz | 100-240V, 50-60 Hz |
| Typical Consumption | 290 W | 210 W | 190 W | 110W | 80 W |
| Typical Heat Output | 990 BTU/Hr | 720 BTU/Hr | 650 BTU/Hr | 375 BTU/Hr | 275 BTU/Hr |
| Form Factor | 2U | 2U | 2U | 1U | 1U |
| Dimensions | 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm | 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm | 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm | 17 x 14 x 1.73 in 431.8 x 355.2 x 44 mm | 17 x 14 x 1.73 in 431.8 x 355.2 x 44 mm |
| Weight | 53.3 lbs (24.2 Kg) | 51.10 lbs (23.2 Kg) | 50.44 lbs (22.9 Kg) | 14.1 lbs (6.4 Kg) | 14.1 lbs (6.4 Kg) |
| Operating Environment |
Temperature: 5° - 40° C Relative Humidity: 20% - 90% |
||||
| Storage Environment |
Temperature: 0° - 70° C Relative Humidity: 20% - 90% |
||||
| Safety Agency Approval | CE/FCC/cTUVus/VCCI | ||||
| Supported SecureSphere Products |
Web Application Firewall Discovery and Assessment Server Database Activity Monitoring Database Firewall Data Security Suite |
Web Application Firewall Web Application Firewall Standard Edition (SE) Discovery and Assessment Server |
|||
| Database Agents Included1 | 100 | 50 | 20 | N/A | N/A |
| Database Vulnerability Assessments Included2 | 400 | 200 | 100 | 100 | 25 |
1 Database agents only included with SecureSphere Database Activity Monitoring, Database Firewall, and Data Security Suite.
2 Database assessments only included with Discovery and Assessment Server, Database Activity Monitoring, Database Firewall, and Data Security Suite. (and Discovery and Assessment Server for X2000 and X1000)
View Demo:
Why have a Web Application Firewall?
Documentation:
Download the Imperva SecureSphere Web Application Firewall
Datasheet (PDF).