Imperva Blog|Login|中文Deutsch日本語
Imperva's Correlated Attack Validation

Correlated Attack Validation

Today's security threats include methodical application and database reconnaissance, advanced multi-vector attacks, and distributed assaults. Making a security decision based on just one factor might overlook information that would provide context and additional insight into the event. Correlated Attack Validation provides SecureSphere customers with accurate protection against malicious activity by analyzing multiple data points, including protocol violations, attack signatures, data leak signatures, and variance from past behavior. This capability delivers stronger protection against today's complex, multi-vector attacks.

Dynamic Positive and Negative Security Models for Precise Monitoring and Protection

Imperva SecureSphere incorporates a multi-layer security architecture that enables precise attack protection without requiring burdensome manual tuning. SecureSphere's security architecture incorporates both positive (white list) and negative (black list) security models. Robust enforcement algorithms draw on both security models to identify and block even the most sophisticated attacks.

Dynamic Profiling, which is the core of Imperva's dynamic positive security model, enables SecureSphere to detect any changes in application or database usage. The positive security model also includes network firewall white lists and HTTP and SQL protocol checks. Together, these models form a complete picture of normal behavior that extends from valid network IP addresses to high-level application and database operations.

Sophisticated Signature Analysis for Stronger Data Security

SecureSphere categorizes attack signatures based on attack severity and likelihood of a false positive. If an attack signature has a high probability of false positives, then SecureSphere may be configured to alert but not block an HTTP request that contains the signature. However, with a HTTP smuggling attack, SecureSphere will detect that the HTTP request contains multiple Content-Length fields and correlate this information with the attack signature to accurately identify and block the attack. Combining these data security layers creates an unparalleled level of protection for critical databases and applications.

Correlated Attack Validation Records and Analyzes Events and Usage Patterns - Screenshot Click to enlarge

SecureSphere's Correlated Attack Validation tracks and correlates multiple events to accurately identify and block sophisticated attacks.

Multi-Layered Analysis for Accurate Decision Making

Imperva's unique Correlated Attack Validation examines multiple pieces of information at the network, protocol and application level immediately and over time to distinguish between attacks and valid user traffic. By basing decisions on multiple observations rather than a single event, Correlated Attack Validation delivers a highly accurate and completely automated defense system against application attacks and abuse.