Transparent Inspection
Imperva's Transparent Inspection technology delivers multi-gigabit performance, sub-millisecond latency, and options for high availability that meet the requirements of even the most demanding application and database environments. Transparent Inspection makes it possible for SecureSphere to be deployed in minutes with no changes to the web or database server or any other aspect of the data center infrastructure. With Transparent Inspection, SecureSphere can begin protecting your data quickly.
Typical database and application protection products face a security or operational challenge. To achieve high security performance, inspecting the upper layers of the OSI model and beyond is required. To avoid an ongoing operational networking nightmare -seamless, transparent operation is the top priority. Operating at lower layers is desirable for application and database security solutions due to how a device functions as a networking node. SecureSphere is based on an architecture that balances security and operational networking needs, delivering both high data security and seamless operation.
The Transparent Inspection engine intercepts traffic at layer 2 and reconstructs the upper layers of the stack in order to inspect application and database behavior. This architecture allows SecureSphere to operate in the following deployment modes:
- Transparent Layer 2 Bridge
- Layer 3 Network Router
- Reverse Proxy
- Transparent Proxy
- Non-Inline Monitor
High Performance, Low Latency
SecureSphere delivers multi-gigabit throughput and tens of thousands of transactions per second while maintaining sub-millisecond packet latency. This level of performance is an order of magnitude better than competing approaches. A single SecureSphere gateway is sufficient for many customers and SecureSphere can scale to meet the requirements of the largest enterprises by deploying multiple gateways managed from a single unified management server. With SecureSphere, security will never impact our customers' data center service level agreements (SLAs).
No Changes to Existing Network
SecureSphere can be flexibly deployed in the network as a transparent bridge, a router, a non-inline network monitor, or—for the SecureSphere Web Application Firewall—as a reverse proxy. Because of this flexibility, deployment of SecureSphere requires no changes to the existing network architecture, including network routers, load balancers, and servers.
No Changes to Application or Database Infrastructure
Since network traffic passes through SecureSphere without modification SecureSphere is transparent to the endpoints (the client and the application or database servers). This means SecureSphere easily drops into any enterprise's data centers with no changes to the data center's carefully optimized applications and databases. SecureSphere provides maximum data security with minimum disruption.
High Availability
SecureSphere supports a broad range of options to ensure maximum uptime and application availability.
- Imperva High Availability (IMPVHA) protocol provides sub-second failover for two or more SecureSphere gateways deployed in bridging mode.
- Virtual Router Redundancy Protocol (VRRP) provides for failover when SecureSphere is configured as a router or—for the SecureSphere Web Application Firewall—as a reverse proxy.
- Redundant gateways can be deployed in environments with redundant system infrastructures. SecureSphere's transparent deployment modes support both active-active and active-passive fail-over configurations when using external HA mechanisms.
- Inline fail-open network interfaces ensure availability in the event of software, hardware, or power failures
- Non-inline monitoring configuration offers transparent deployment with no single point of failure.
SecureSphere’s Transparent Inspection technology ensures fast, seamless deployment of its application and data security features.