Web Application Firewall

Industry Leading Web Application Security

The SecureSphere Web Application Firewall enables businesses to efficiently maintain control over critical data, while providing secure and transparent protection for Web applications.

Automated data security policy development and maintenance eliminates the need for manual configuration and tuning, while SecureSphere®'s drop-in deployment enables its superior security capabilities to begin working without requiring any changes to the Web application or network. Transparent Inspection technology delivers multi-gigabit performance, sub-millisecond latency, and multiple high availability options that meet the most demanding data center requirements.

By monitoring live application activity and applying Imperva's Dynamic Profiling, SecureSphere® builds a comprehensive model of legitimate application usage to automatically generate data security policies. By modeling changes to applications, usage patterns and data structures over time, the SecureSphere Web Application Firewall addresses both the complexity and constant change that are typical within a business environment.

Click to enlarge

By combining sophisticated technologies, such as Transparent Inspection and Dynamic Profiling, SecureSphere Web Application Firewall achieves an unparalleled level of data protection and ease of ownership.

Complete Attack Prevention

The SecureSphere Web Application Firewall delivers unmatched protection by leveraging multiple security defenses. These defenses include Dynamic Profiling, HTTP protocol validation, platform attack security, and Correlated Attack Validation.

Eliminates Manual Configuration and Tuning

SecureSphere incorporates Imperva's unique Dynamic Profiling technology, which automatically learns the structure, elements, and expected usage patterns of protected Web applications, while detecting and incorporating valid application changes into the application profile over time. By comparing Web requests to the profile, SecureSphere detects unacceptable behavior and prevents malicious activity with pinpoint precision.

Dynamic Profiling automatically builds an accurate profile with no need for manual configuration or tuning. SecureSphere Web Application Firewall uses this technology to eliminate the need and substantial costs associated with manually creating and updating a typically enormous white list that can contain thousands of URLs, form fields, parameters and cookies.

Defenses That Are Always Up To Date

The Imperva Application Defense Center (ADC), staffed by Imperva's team of application security and compliance experts, and is recognized globally for its data and application security research. The ADC continuously investigates new database and application vulnerabilities reported worldwide, analyzes exploit traffic from a wide range of live Web sites, and conducts primary vulnerability research to identify the latest threats. This research drives continuous updates to SecureSphere's defenses, including signature updates, protocol validation policies, and correlation rules.

SecureSphere customers can choose to add ADC Insightsfor an added layer of protection, gaining access to Imperva's in-depth business applications expertise, pre-built data security compliance reports, and best practices from compliance and security experts.

Stops Protocol Exploits

SecureSphere's built-in HTTP protocol validation prevents protocol exploits including buffer overflow, malicious encoding, HTTP smuggling, and illegal server operations. Flexible policies enable strict adherence to RFC standards while allowing minor variations for specific applications.

Comprehensive Platform and Network Protection

SecureSphere delivers comprehensive protection against known attacks targeting Web server, middleware and platform vulnerabilities, sourcing more than 4,000 signatures from Bugtraq, CVE®, Snort®, the Imperva ADC, and others. SecureSphere also defends against new, zero-day Web worm attacks by detecting and identifying their unique combination of attributes.

SecureSphere's integrated stateful network firewall provides protection from both external and internal unauthorized users, protocols, and network attacks, while meeting best practice security mandates by preventing non-essential protocols from reaching sensitive Web applications.

Defends Web Services

Leveraging Imperva's Dynamic Profiling technology, SecureSphere also profiles legitimate Web Services behavior including XML files, elements, attributes, schema, variables, and SOAP actions, identifying and blocking any attempt to tamper with normal Web services behavior.

Unmatched Accuracy

Imperva's unique Correlated Attack Validation technology accurately identifies even the most complex attacks by correlating violations across security layers, and over time.

By employing multiple sophisticated technologies, SecureSphere Web Application Firewall is able to prevent even the most complex web application attacks .

Transparent Deployment

Imperva's unique Transparent Inspection technology enables SecureSphere's complete and accurate application security system to be deployed into any environment without forcing organizations to change existing applications, servers or networks, or to redesign their Web applications, change IP or DNS settings, or update authentication schemes.

Kernel-based Transparent Inspection separates security from deployment mode, enabling SecureSphere to support the following operation modes:

• Transparent Layer 2 Bridge for drop-in deployment and industry-best performance
• Layer 3 Router for network segmentation, routing and network address translation
• Reverse Proxy for content modification, such as cookie signing and URL rewriting
• Transparent Proxy for fast deployment of content modification without network changes
• Non-inline Monitor for zero-risk monitoring and forensics

Gigabit Performance for Unparalleled Data Security

SecureSphere delivers multi-gigabit throughput and tens of thousands of transactions per second while maintaining sub-millisecond latency. This is an order of magnitude better than competing approaches, and ensures completely transparent deployment. With SecureSphere, data security policies will never impact data center service level agreements or application performance.

High Availability Enables Deployment for Large Networks

SecureSphere's support for a wide variety of high availability options enables its deployment into some of the largest networks in the world. These availability options include:

• Imperva High Availability (IMPVHA)for sub-second failover
• Virtual Router Redundancy Protocol (VRRP) for router or proxy deployments
• Active-Active and Active-Passive Redundancy for external availability mechanisms
• Fail-open interfaces for single-gateway availability
• Non-inline deployment for zero risk monitoring and assessment

Click to enlarge

Efficient Operations, Low Ongoing Maintenance

Automated Policy Configuration and Maintenance

Implementing a white-list security model has traditionally required constant manual tuning. The application firewall white list needed to be updated whenever the Web application changed. Dynamic Profiling eliminates manual tuning by automatically modeling Web applications and adapting to application changes. SecureSphere administrators still have full access to modify application profiles and create custom policies.

Click to enlarge

Centralized Management for Enhanced Data Security

The SecureSphere MX Management Serveroffers centralized configuration, monitoring, and reporting for larger environments, including mixed Web and database deployments. Hierarchical organizational groupings, granular administrative permissions, and a unique task-oriented workflow streamline management of large enterprise and ASP environments.

Enterprise Class Reporting for Auditing and Compliance

SecureSphere offers rich graphical reporting capabilities, enabling customers to easily understand security status and meet regulatory data compliance requirements. SecureSphere provides both pre-defined and fully-customizable Web based reports. Reports can be viewed on demand or emailed on a daily, weekly or monthly basis. SecureSphere's reporting platform provides instant visibility into security, compliance, and content delivery concerns.

Monitoring and Alerting

SecureSphere screens important database activity and provides the highest level of security.
A dashboard provides a real-time, high-level view of system status and security events. Alerts are easily searched, sorted, and directly linked to corresponding security rules. For flexible integration with Security Event Management products, SecureSphere supports syslog, SNMP, and direct ODBC access.

Application User Tracking

Imperva's Dynamic Profiling technology enables SecureSphere to monitor, enforce and audit policy on a per-user basis by automatically capturing Web application user names and associating all subsequent session activity with that specific user name.

Optional Database Protection

The SecureSphere Web Application Firewall can be extended, via the SecureSphere Database Security Gateway, to monitor and protect Oracle, MS-SQL Server, DB2 and Sybase databases from external attacks and insider abuse, providing end-to-end security for the data center. By leveraging SecureSphere's Application User Tracking to deliver Universal User Tracking, it can trace individual SQL queries back to the Web user, providing unparalleled visibility into database requests, changes and violations.

Click to enlarge