Imperva - Database and Application Security, Reporting and Audit Solutions.Imperva SecureSphere - Web Application Firewall

Accurate, automated protection against online threats

 

Overview:

The SecureSphere Web Application Firewall (WAF) protects applications from current and
future security threats by combining multiple security engines into a cohesive Web
defense. Certified by ICSA Labs, SecureSphere provides ironclad protection against
the OWASP Top Ten, including SQL Injection, XSS and CSRF, and it addresses
PCI 6.6.

The SecureSphere WAF offers organizations drop-in deployment, automated,
adaptable security, and low operational overhead, providing your business
with a practical and highly secure solution that ensures your Web
applications and data are safe. As the market leading Web Application Firewall,
more organizations rely on Imperva to monitor and protect their critical Web
applications than any other vendor.

Web Security

Key Capabilities :

  • Automatically learns protected applications and user behavior
  • Updates Web defenses with research-driven intelligence on current threats
  • Accurately blocks attempts to exploit known and unknown vulnerabilities
  • Identifies traffic originating from known malicious sources with ThreatRadar
  • Correlates request attributes across security layers and over time to detect sophisticated,
    multi-stage attacks
  • Virtually patches vulnerabilities by integrating with Web application vulnerability scanners, reducing the window of exposure and impact of emergency fixes
  • Fully addresses PCI 6.6
  • Offers high performance and transparent, drop-in deployment

Firewall Features:



Automated Learning of Applications and User Behavior

A Web application firewall must understand application structure, elements and expected user behavior in order to accurately detect attacks. Imperva's patented Dynamic Profiling technology automates this process by profiling all application elements and building a baseline or "white list" of acceptable user behavior. It also automatically incorporates valid application changes into the application profile over time. Dynamic Profiling eliminates the need to manually configure—and update—application URLs, parameters, cookies, and methods.

Research-Driven Security Policies

Powered by the Imperva Application Defense Center (ADC), an international security research organization, SecureSphere offers the most complete set of application signatures and policies available. The ADC investigates vulnerabilities reported by Bugtraq, CVE®, Snort®, and underground forums and performs primary research to deliver the most up-to-date and comprehensive Web attack protection available.

Adaptable Protection from Large Scale, Automated Attacks

ThreatRadar, an industry-first reputation-based Web security service, is an optional add-on to SecureSphere WAF. ThreatRadar mitigates automated, large-scale attacks by integrating credible information on known attack sources into SecureSphere defenses. ThreatRadar can quickly and accurately block traffic from malicious sources before an attack is attempted.

Virtual Patching Through Vulnerability Scanner Integration

For immediate patching of application vulnerabilities, SecureSphere can import assessment results from WhiteHat, IBM, Cenzic, NT OBJECTives, Qualys, and others and create custom policies to block known vulnerabilities. Virtual patching reduces the window of exposure and the cost of emergency fix and test cycles.

Network and Platform Attack Protection

SecureSphere protects Web applications and underlying infrastructure by detecting application, Web services, server, and network attacks. With over 6,500 signatures that are continuously updated by the Imperva ADC, SecureSphere fortifies all application layers against online threats. HTTP protocol validation prevents protocol exploits and evasion techniques. Flexible, rapidly-updated defenses allow SecureSphere to protect Web 2.0 applications and XML without requiring any application changes.

Granular Correlation Policies Reduce False Positives

SecureSphere distinguishes attacks from unusual, but legitimate, behavior, by correlating Web requests across security layers and over time. This Correlated Attack Validation examines multiple attributes such as HTTP protocol conformance, profile violations, signatures, special characters, and user reputation, to accurately alert on or block attacks with the lowest rate of false positives in the industry.

Customizable Reports for Compliance and Forensics

SecureSphere's rich graphical reporting capabilities enable customers to easily understand security status and meet regulatory compliance requirements. SecureSphere provides both pre-defined and fully-customizable reports. Reports can be viewed on demand or emailed on a daily, weekly or monthly basis. A real-time dashboard provides a high level view of system status and security events.

Alerts are easily searched, sorted, and directly linked to corresponding security rules. SecureSphere's monitoring and reporting framework provides instant visibility into security, compliance, and content delivery concerns.

Zero Impact Deployment and Ultra High Performance

SecureSphere provides the most flexible deployment options of any WAF in the industry, including a unique drop-in deployment that requires no changes to existing applications or network. SecureSphere delivers multi-Gigabit throughput and tens of thousands of transactions per second while maintaining sub-millisecond latency.

The Trusted Choice for Web Security

As the market-leading Web application firewall provider, more organizations rely on Imperva to monitor and protect their critical Web applications than any other vendor. Imperva SecureSphere provides your business with a practical and highly secure solution to ensure that your Web applications and data are safe.

Deployment:


Market-Leading Web Application Security

More organizations rely on Imperva to protect their critical Web applications than any other vendor. With drop-in deployment and low administrative overhead, SecureSphere provides a practical and highly secure solution to

Multiple Deployment Options

  • Transparent Layer 2 Bridge: Drop-in deployment and industry-best performance
  • Reverse Proxy and Transparent Proxy: Content modification, such as cookie signing and URL rewriting
  • Non-inline Monitor: Zero risk monitoring and forensics
  • High Availability: IMPVHA, VRRP, fail open interfaces, existing redundancy options, non-inline deployment

Web Application Security Deployment


Specifications:

Features Specifications:
Web Securiy
  • Dynamic Profile (White List security)
  • Web server & application signatures
  • HTTP RFC compliance
  • Normalization of encoded data
HTTPS/SSL Inspection
  • Passive decryption or termination
  • Optional HSM support for SSL key storage
Web Services Security
  • XML/SOAP profile enforcement
  • Web services signatures
  • XML protocol conformance
Content Modification
  • URL rewriting (obfuscation)
  • Cookie signing
  • Cookie encryption
  • Custom error messages
  • Error code handling
Platform Security
  • Known and zero-day worm security
  • Operating system intrusion signatures
Network Security
  • Stateful firewall
  • DoS prevention
Advanced Protection
  • Pre-defined and custom correlation rules incorporate all security elements to detect complex, multi-stage attacks
Data Leak Prevention
  • Credit card numbers
  • PII (personally identifiable information)
  • pattern matching
Policy/Signature Updates
  • Security updates provided weekly or immediately for critical threats
User Awareness
  • Automated Tracking of Web Application Users
Deployment Modes
  • Transparent Bridge (Layer 2)
  • Router/NAT (Layer 3)
  • Reverse Proxy and Transparent (Layer 7)
  • Non-inline sniffer
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Administration
  • MX Server for centralized management
  • integrated management option (G4, G8)
  • Hierarchical Management Groupings
Logging/Monitoring
  • SNMP
  • Syslog
  • Email
  • Integrated graphical reporting
  • Real-time dashboard
High Availability
  • IMPVHA (Active/Active, Active/Passive)
  • Fail open interfaces (bridge mode only)
  • VRRP
  • STP and RSTP

View Demo:

Why have a Web Application Firewall?

 

Documentation:

PDF File
Download the Imperva SecureSphere Web Application Security Products Datasheet (PDF).

PDF File
Download the Imperva SecureSphere Web Application Firewall Datasheet (PDF).