Login|Japanese
Web Application Firewall

Market Leading Protection for Web Applications

The Imperva SecureSphere Web Application Firewall protects Web applications and sensitive data against sophisticated attacks such as SQL injection, Cross-Site Scripting (XSS) and brute force attacks, stops online identity theft, and prevents data leaks from applications. SecureSphere offers drop-in deployment, automated, adaptable security, and low operational overhead. Imperva’s Dynamic Profiling technology automatically builds a model of legitimate behavior and recognizes application changes over time, ensuring that SecureSphere’s security policies are up-to-date and accurate without manual tuning.

As the market leading Web application firewall, more organizations rely on Imperva to monitor and protect their critical Web applications than any other vendor. Imperva SecureSphere provides your business with a practical and highly secure solution to ensure that your Web applications and data are safe.

Video: SecureSphere Web Application Firewall

Benefits

  • Accurately monitors and protects Web applications
  • Automates operations through patent-pending Dynamic Profiling technology
  • Supports ultra high performance and sub-millisecond latency
  • Scales to support large, distributed deployments with centralized management
  • Documents security status and compliance with best-in-class monitoring and reporting

SecureSphere Web Application Firewall Features

  • Accurate Protection against Web application attacks – The SecureSphere Web Application Firewall combines a dynamic white list policy model with up-to-date application signatures, session tracking and correlation rules for precise attack detection.
  • Automated, intuitive Management – Imperva’s unique Dynamic Profiling technology automatically learns the structure, elements, and expected usage of protected applications. An easy-to-use Web management interface makes configuration effortless.
  • Transparent Deployment – Multiple configuration options, including layer 2 bridge, proxy and non-inline monitor, enable drop-in deployment with no changes to existing applications or network.
  • Data Leak Prevention – SecureSphere inspects outbound traffic to identify potential leaks of sensitive data such as cardholder data and social security numbers.
  • Ultra-high Performance and Low Latency – Delivering multi-Gigabit performance and sub-millisecond latency, SecureSphere can easily scale to meet the most demanding data center requirements.
  • Flexible High Availability options – A broad array of high availability options, including fail-open interfaces and the proprietary IMPVHA failover protocol, enable zero-risk deployment into any environment.
  • Enterprise-grade Centralized Management – Scaling to protect large, distributed data centers, the MX Management Server centralizes the configuration, monitoring and reporting of multiple appliances. Hierarchical policies, granular administrative permissions, and a unique task-oriented workflow enable flexible management even in the most complex environments.
SecureSphere Web Application Firewall DashboardClick to enlarge
  • Rich Graphical Reporting – SecureSphere includes a powerful reporting framework with both pre-defined and fully-customizable reports that provides instant visibility into security and compliance concerns.
  • Application User Visibility – SecureSphere can automatically capture Web application user names and associate all session activity with the specific user. When SecureSphere is extended to database protection, then it can track SQL queries to Web application users.

Web Application Firewall Specifications


Specification Description
Web Security
  • Dynamic Profile (White List security)
  • Web server & application signatures
  • HTTP RFC compliance
  • Normalization of encoded data
See list of attacks prevented
HTTPS/SSL Inspection
  • Passive decryption or termination
  • Optional HSM for SSL key storage
Web Services Security
  • XML/SOAP profile enforcement
  • Web services signatures
  • XML protocol conformance
Content Modification
  • URL rewriting (obfuscation)
  • Cookie signing
  • Cookie encryption
  • Custom error messages
  • Error code handling
Platform Security
  • Operating system intrusion signatures
  • Known and zero-day worm security
Network Security
  • Stateful firewall
  • DoS prevention
Advanced Protection
  • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks
Data Leak Prevention
  • Credit card number
  • PII (personally identifiable information)
  • Pattern matching
Policy/Signature Updates
  • Security updates provided weekly or immediately for critical threats
User Awareness
  • Automated Tracking of Web Application Users
Deployment Modes
  • Transparent Bridge (Layer 2)
  • Router/NAT (Layer 3)
  • Reverse Proxy and Transparent Proxy (Layer 7)
  • Non-inline sniffer
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Administration
  • MX Server for centralized management
  • Integrated management option (G4, G8)
  • Hierarchical management groupings
Logging/Monitoring
  • SNMP
  • Syslog
  • Email
  • Integrated graphical reporting
  • Real-time dashboard
High Availability
  • IMPVHA (Active/Active, Active/Passive)
  • Fail open interfaces (bridge mode only)
  • VRRP
  • STP and RSTP