Reputation-Based Security for Automated Attacks
ThreatRadar Reputation Services provide an automated defense against automated attacks by instantly detecting and stopping known malicious sources. As an add-on service to the SecureSphere Web Application Firewall (WAF), ThreatRadar detects Web traffic originating from users attacking other websites, from anonymizing services, and from undesirable geographic locations. Up-to-date lists of phishing sites enable SecureSphere to detect compromised users and fraudulent file requests.
Crowd-Sourced Threat IntelligenceThreatRadar Community Defense, an industry-leading innovation for ThreatRadar Reputation Services, delivers crowd-sourced threat intelligence to SecureSphere Web Application Firewalls. Community Defense gathers attack data from SecureSphere deployments around the world and translates this data into attack patterns, policies, and reputation feeds. Crowd-sourced security content is distributed in near-real time to fortify the entire community against emerging threats.
While ThreatRadar Reputation Services relies on security information from leading external security providers, Community Defense draws on live attacks detected by SecureSphere Web Application Firewalls.
To learn more, click on the Capabilities tab.
Track Attack Sources on a Global Scale
Aggregating IP address and URL reputation data from leading security providers, ThreatRadar enables SecureSphere Web Application Firewalls to stop automated attacks. ThreatRadar identifies:
- Malicious Sources: IP addresses that have repeatedly performed malicious activity on other websites. To date, over ten million botnets have executed attacks on behalf of remote hackers.
- Anonymous Proxies: Web traffic originating from anonymous proxy servers. By hiding the identity of the traffic source, anonymous proxies are often exploited by hackers to launch attacks.
- The Onion Router (TOR) Networks: Traffic sources that use TOR network to launch attacks without revealing their identity and location.
- IP Geolocation: IP addresses that are based in a specific geographic location. Geolocation enables organizations to monitor or block access from objectionable countries.
- Phishing URLs: Real-time alerting on phishing incidents against the customer domain.
By understanding which users attacked other websites, SecureSphere Web Application Firewalls can identify automated attacks like Distributed Denial of Service (DDoS). For many automated attacks, each individual Web request may appear legitimate, but together, automated requests from thousands or millions of clients have the power to disable all Web application access. Understanding the reputation of Web users can help organizations fight automated attacks.
Identify Attackers with ThreatRadar Community Defense
Harnessing the collective insight of SecureSphere deployments around the world, ThreatRadar Community Defense detects and tracks hackers actively performing Web attacks. While ThreatRadar Reputation Services identifies users conducting automated attacks like DDoS, Community Defense classifies users conducting advanced Web attacks like SQL injection. Community Defense offers powerful protection against Web application hackers.
Stop New Attack Vectors with Crowd-Sourced Threat Intelligence
Community Defense enables SecureSphere Web Application Firewalls to detect new attack patterns without blocking legitimate requests. Community Defense uses patent-pending technology to gather suspicious Web requests, validate that requests are attacks, and transform identified attacks into signatures. Equipped with Community Defense, SecureSphere Web Application Firewalls can spot attacks witnessed by other Imperva-protected websites.
Stay Up-to-Date with Continuous, Automated Security Feeds
ThreatRadar Reputation Services deliver integrated attack source feeds, in near real time, to all ThreatRadar-powered SecureSphere WAFs. ThreatRadar Reputation Services are fully maintained by Imperva and eliminates the manual effort required to identify, subscribe, and maintain these security feeds. Imperva continuously updates the feed, providing current protection against malicious traffic.
Instantly Detect and Block Malicious Sources
ThreatRadar increases the accuracy of the SecureSphere Web Application Firewall and dramatically reduces application visibility to attackers. By blocking access requests based on traffic source reputation, hackers have virtually no opportunity to explore the Web application for possible weaknesses and are less likely to launch a successful attack.
Streamline Forensics with Reputation and Geolocation Data
ThreatRadar Reputation Services take the guesswork out of event analysis by providing greater operational insight into attacker origins and methods. Information such as the source IP address and geographic location of requests provide additional context on attacks, enabling precise incident response procedures and minimizing operational workload.
ThreatRadar Reputation Services Specifications
|Malicious Attack Strings|
|Access Control and Forensics|
|Communications to ThreatRadar servers|
|Security Feed Updates|
|Data Feed Sources|