Imperva Blog|Login|中文Deutsch日本語
Web Application Firewall

Protect Critical Web Applications and Data

Video: SecureSphere Web Application Firewall
The SecureSphere Web Application Firewall (WAF) protects applications from current and future security threats by combining multiple security engines into a cohesive Web defense. Certified by ICSA Labs, SecureSphere provides ironclad protection against the OWASP Top Ten, including SQL Injection, XSS and CSRF, and it addresses PCI 6.6.

The SecureSphere WAF offers organizations drop-in deployment, automated, adaptable security, and low operational overhead, providing your business with a practical and highly secure solution that ensures your Web applications and data are safe. As the market leading Web Application Firewall, more organizations rely on Imperva to monitor and protect their critical Web applications than any other vendor.

Key Capabilities
Accurately detect and block Web application attacks with pinpoint precision using multiple layers of protection
  • Automatically learn protected applications and user behavior
  • Update Web defenses with research-driven intelligence on current threats
  • Identify traffic originating from bots and known malicious sources to stop automated attacks
  • Prevent Web fraud with ThreatRadar Fraud Prevention
Virtually patch vulnerabilities by integrating with Web application vulnerability scanners, reducing the window of exposure and impact of emergency fixes
Fully address PCI 6.6
Support high performance and transparent, drop-in deployment

To learn more, click on the Capabilities tab.

Automated Learning of Applications and User Behavior

A Web application firewall must understand application structure, elements and expected user behavior in order to accurately detect attacks. Imperva's patented Dynamic Profiling technology automates this process by profiling all application elements and building a baseline or “white list” of acceptable user behavior. It also automatically incorporates valid application changes into the application profile over time. Dynamic Profiling eliminates the need to manually configure—and update—application URLs, parameters, cookies, and methods.

Research-Driven Security Policies

Powered by the Imperva Application Defense Center (ADC), an international security research organization, SecureSphere offers the most complete set of application signatures and policies available. The ADC investigates vulnerabilities reported by Bugtraq, CVE®, Snort®, and underground forums and performs primary research to deliver the most up-to-date and comprehensive Web attack protection available.

Ironclad Defense Against Malicious Users

ThreatRadar Reputation Services, an industry-first reputation-based Web security service, identifies and stops known attack sources. ThreatRadar Reputation Services mitigates automated, large-scale attacks by integrating credible information about attacking IP addresses, bots, and anonymizing services into SecureSphere WAF defenses. Threat Radar Reputation Services delivers the following security feeds in near real-time:

  • Malicious IP addresses that recently attacked other Websites
  • Anonymous proxy addresses
  • Tor networks
  • Phishing URLs
  • IP geolocation data

ThreatRadar Community Defense, an industry-leading innovation for ThreatRadar Reputation Services, delivers crowd-sourced threat intelligence to SecureSphere Web Application Firewalls. Community Defense gathers attack data from SecureSphere deployments around the world and validates and distributes this data in near-real time to protect the entire community against emerging threats.

Bot and Automated Attack Protection

The SecureSphere Web Application Firewall combines multiple defenses together to stop the automated attacks like site-scraping, application DDoS, comment spam, and automated SQL injection attacks. Automated attack defenses include:

  • ThreatRadar Reputation Services which identifies and stops known attack sources
  • Anti-automation technology which detects automated clients, bots, and scripts based on Web browser capabilities
  • Site scraping, application DDoS, and Google hacking security policies which are specifically designed to stop automated attacks based on rate limiting and known attack attributes.

In addition to automated attack protection provided by SecureSphere, Imperva offers the Imperva Incapsula Service which mitigates DDoS attacks that exceed Internet bandwidth limits.

Web Fraud Prevention

Web-based fraud costs organizations with an online presence hundreds of millions of dollars each year, damages reputation and reduces customer loyalty. ThreatRadar Fraud Prevention enables organizations to rapidly provision fraud detection solutions without needing to update Web applications. By integrating with leading fraud security vendors, SecureSphere can identify and stop fraudulent transactions. With ThreatRadar Fraud Prevention, organizations can also centrally manage WAF and fraud policies together.

Virtual Patching Through Vulnerability Scanner Integration

For immediate patching of application vulnerabilities, SecureSphere can import assessment results from WhiteHat, IBM, Cenzic, HP, NT OBJECTives, Qualys, and others and create custom policies to block known vulnerabilities. Virtual patching reduces the window of exposure and the cost of emergency fix and test cycles.

Platform and XML Attack Protection

SecureSphere protects Web applications and underlying infrastructure by detecting application, Web services, server, and network attacks. With over 8,000 signatures that are continuously updated by the Imperva ADC, SecureSphere fortifies all application layers against online threats. HTTP protocol validation prevents protocol exploits and evasion techniques. Flexible, rapidly-updated defenses allow SecureSphere to protect Web 2.0 applications and XML without requiring any application changes.

Granular Correlation Policies Reduce False Positives

SecureSphere distinguishes attacks from unusual, but legitimate, behavior, by correlating Web requests across security layers and over time. This Correlated Attack Validation technology examines multiple attributes such as HTTP protocol conformance, profile violations, signatures, special characters, and user reputation, to accurately alert on or block attacks with the lowest rate of false positives in the industry.

Customizable Reports for Compliance and Forensics

SecureSphere's rich graphical reporting capabilities enable customers to easily understand security status and meet regulatory compliance requirements. SecureSphere provides both pre-defined and fully-customizable reports. Reports can be viewed on demand or emailed on a daily, weekly or monthly basis. A real-time dashboard provides a high level view of system status and security events.

Alerts are easily searched, sorted, and directly linked to corresponding security rules. SecureSphere's monitoring and reporting framework provides instant visibility into security, compliance, and content delivery concerns.

Zero Impact Deployment and Ultra High Performance

SecureSphere provides the most flexible deployment options of any Web Application Firewall in the industry, including a unique drop-in deployment that requires no changes to existing applications or network. SecureSphere delivers multi-Gigabit throughput and tens of thousands of transactions per second while maintaining sub-millisecond latency.

The Trusted Choice for Web Security

As the market-leading Web application firewall provider, more organizations rely on Imperva to monitor and protect their critical Web applications than any other vendor. Imperva SecureSphere provides your business with a practical and highly secure solution to ensure that your Web applications and data are safe.

Web Application Firewall Specifications

Specification Description
Web Security
  • Dynamic Profile (White List security)
  • Web server & application signatures
  • Reputation based security and IP geolocation
  • HTTP RFC compliance
  • Normalization of encoded data
  • Automated-client detection
Application Attacks Prevented
HTTPS/SSL Inspection
  • Passive decryption or termination
  • Optional HSM for SSL key storage
Web Services Security
  • XML/SOAP profile enforcement
  • Web services signatures
  • XML protocol conformance
Web Fraud Prevention
  • Fraud and malware detection
Content Modification
  • URL rewriting (obfuscation)
  • Cookie signing
  • Cookie encryption
  • Custom error messages
  • Error code handling
Platform Security
  • Operating system intrusion signatures
  • Known and zero-day worm security
Network Security
  • Stateful firewall
  • DoS prevention
Advanced Protection
  • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks
Data Leak Prevention
  • Credit card number
  • PII (personally identifiable information)
  • Pattern matching
Policy/Signature Updates
  • Frequent security updates
  • All authentication methods supported transparently and inspected in bridge and non-inline monitor modes. Can actively authenticate users in proxy mode.
  • Support for RSA Access Manager for two-factor authentication
  • Support for LDAP (Active Directory)
  • Support for SSL client certificates
User Awareness
  • Automated Tracking of Web Application Users
Deployment Modes
  • Transparent Bridge (Layer 2)
  • Reverse Proxy and Transparent Proxy (Layer 7)
  • Non-inline sniffer
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
  • MX Server for centralized management
  • Integrated management option (X1010, X2010, X2500, X4500)
  • Hierarchical management groupings
  • SNMP
  • Syslog
  • Email
  • Integrated graphical reporting
  • Real-time dashboard
High Availability
  • IMPVHA (Active/Active, Active/Passive)
  • Fail open interfaces (bridge mode only)
  • VRRP
  • STP and RSTP
Solution Delivery Option
  • Physical appliance
  • Virtual appliance (VMware ESX, Amazon AWS, Cisco Nexus 1110 Series VSA, Blue Coat X-Series)
  • Managed service
Web Application Vulnerability Scanner Integration
  • WhiteHat, IBM, Cenzic, NT OBJECTives, HP, Qualys, and Beyond Security
Enterprise Application Support
  • SIEM/SIM tools: ArcSight, RSA enVision, Prism Microsystems, Q1 Labs, TriGeo, NetIQ
  • Log Management: CA ELM, SenSage, Infoscience Corporation
TCP/IP Support
  • IPv4, IPv6