Protect Critical Data and Applications with Leading Cyber Security Technologies

  • Imperva innovations enable successful cyber security deployments. By protecting apps and data in the cloud and on premises, Imperva has encountered security hurdles first-hand—like addressing constantly evolving architectures and delivering laser-precise attack protection without requiring constant policy tuning. Tackling these demands, Imperva has expanded on cyber security best practices to develop breakthrough data security technologies that provide great value to enterprises worldwide.

    Imperva application and data security technologies boost accuracy, decrease complexity, deliver full accountability, increase performance, and broaden deployment options for our customers.

    • Correlated
      Attack Validation
    • Dynamic
    • Transparent
    • Universal
      User Tracking
      • Today's security threats include thorough application reconnaissance, advanced multi-vector attacks, and distributed assaults. Making a security decision based on just one factor might overlook information that would provide context and additional insight into the event. Correlated Attack Validation provides SecureSphere customers with accurate protection against malicious activity by analyzing multiple data points, including protocol violations, attack signatures, data leak signatures, and variance from past behavior. This capability delivers unmatched protection against today's complex, multi-vector attacks. The increased accuracy provided by Correlated Attack Validation means you can protect your business-critical data and apps by blocking attackers, while allowing your customers to access your site.

      Key Capabilities


        Imperva SecureSphere incorporates a multi-layer security architecture that enables precise attack protection without requiring burdensome manual tuning. The SecureSphere security architecture incorporates both white list and black list security models. Robust enforcement algorithms draw on both security models to identify and block even the most sophisticated attacks.

        Dynamic Profiling, which is the core of the company’s dynamic white list security model, enables SecureSphere to detect any changes in application or database usage. The white list security model also includes network firewall white lists and HTTP and SQL protocol validation. Together, these models form a complete picture of normal behavior that extends from valid network IP addresses to high-level application and database operations.

      • Sophisticated Signature Analysis for Strong Cyber Security

        SecureSphere categorizes attack signatures based on attack severity and likelihood of a false positive. If an attack signature has a high probability of false positives, then SecureSphere may be configured to alert, but not block, an HTTP request that contains the signature. However, with a HTTP smuggling attack, SecureSphere will detect that the HTTP request contains multiple Content-Length fields and correlate this information with the attack signature to accurately identify and block the attack. Combining these cyber security technologies creates an unparalleled level of protection for critical databases and applications.

        SecureSphere Correlated Attack Validation tracks and correlates multiple events to accurately identify and block sophisticated attacks and protect your data and applications.

      • Multi-Layered Analysis for Accurate Decision Making

        Unique to Imperva, Correlated Attack Validation examines multiple pieces of information at the network, protocol, and application level immediately and over time to distinguish between attacks and valid user traffic. Correlated Attack Validation bases decisions on multiple observations rather than a single event. The result is a highly accurate, completely automated defense system, built on cyber security best practices, to protect your application from attacks and abuse.

      • One of the key barriers to deploying web application and database security is defining security policies that include application structure, expected user behavior, and acceptable SQL queries. The sheer number of elements to protect and the dynamic nature of applications and databases have made it difficult for even the most sophisticated organizations to manage data security best practices. Through innovative Dynamic Profiling, you can automatically create security policies based on actual application and database behavior.

        Dynamic Profiling and protocol validation augment other layers of security by detecting abnormal behavior outside expected usage—activity that could indicate attack. By correlating Dynamic Profiling violations with other indicators of attack, like SQL injection or XSS keywords or HTTP protocol violations, SecureSphere can correctly identify advanced attacks.

      Key Capabilities

      • Simplifying Policy Configuration

        Imperva Dynamic Profiling technology simplifies policy creation and management. It automatically examines live application and database traffic to learn the structure and dynamics of the application and database. This profile can be viewed by your business stakeholders and security teams and may be manually modified to bridge any differences between actual usage and corporate security policies.

        Dynamic Profiling overcomes the biggest drawback of implementing data center security solutions—manually creating and maintaining an overwhelming number of security policies. Data security technologies require an understanding of hundreds of thousands of constantly changing variables including URLs, parameters, cookies, queries, commands, and stored procedures. Dynamic Profiling automatically profiles all of these application and database elements and builds a baseline of acceptable user behavior. By building an accurate profile or “white list” of application and database usage, Dynamic Profiling streamlines monitoring and security configuration with no need for manual configuration or tuning. Dynamic Profiling enables SecureSphere to use cyber security best practices to protect your business critical apps and data immediately.

      • Increasing Security Effectiveness

        Because Web applications and databases are dynamic in nature, a security solution must continually keep up with all of these changes. Dynamic Profiling not only builds a profile of legitimate user behavior, but it also automatically recognizes valid application and database changes over time. SecureSphere automatically updates the profile according to these application and database changes, ensuring that security policies are up to date.

        Dynamic Profiling completely automates security configuration, not just during the initial setup, but continuously over time.

      • Enabling Custom Policy Definition

        While Dynamic Profiling automatically builds the profile of protected Web and database resources and detects changes over time, it is still possible for organizations to manually adjust the behavioral profile. All aspects of the SecureSphere profile are customizable. If desired, customers can even manually define the complete profile through the SecureSphere management interface.

        Besides streamlining policy configuration, SecureSphere allows security administrators to define custom security policies about specific attributes of application or database traffic. Granular custom rules can evaluate multiple attributes of Web or database traffic to provide greater control and extensibility than just profile rules alone. For example, a custom Web application rule can look for a profile violation, a specific HTTP header option, an IP source address, the requested URL, and a specific attack signature. With over two dozen match criteria, security administrators can build powerful and precise cyber security best practices and policies.

        SecureSphere Dynamic Profiling technology allows for ease of policy configuration, detection of behavioral changes, and flexible custom policy definition for automated and accurate data center security.

      • Performance and uptime are essential for any cyber security solution. Organizations shouldn’t have to choose between protecting their app and data assets or maintaining their current network architecture or delivering a fast Web experience to end users.

        Transparent Inspection, invented by Imperva, provides true, application layer security—transparently—without needing to terminate or proxy connections. This ground-breaking data security technology delivers multi-Gigabit performance, sub-millisecond latency, and high-availability options without requiring network changes, meeting even the most demanding requirements and ensuring low total cost of ownership.

      Key Capabilities

      • High Performance, Low Latency

        Because of its Transparent Inspection architecture, SecureSphere delivers multi-Gigabit throughput and processes tens of thousands of transactions per second while maintaining sub-millisecond packet latency. A single SecureSphere appliance is sufficient for many customers and SecureSphere can scale to meet the requirements of the largest enterprises by deploying multiple gateways managed from a single unified management server.

      • Flexible Deployment

        The Transparent Inspection engine intercepts packets at Layer 2 and reconstructs Web and SQL transactions without needing to terminate connections. This architecture allows SecureSphere to support the following deployment options:

        • Transparent Layer 2 Bridge
        • Non-Inline Monitor
        • Reverse Proxy
        • Transparent Proxy

        Because of this flexibility, deployment of SecureSphere requires no changes to the existing network architecture, including network routers, load balancers, and servers.

      • No Changes to Application or Database Infrastructure

        Since network traffic passes through SecureSphere without modification, SecureSphere is transparent to end users and to application, database, and file servers. This means SecureSphere easily drops into your data security technology deployment with no changes to its carefully optimized applications and databases. Leveraging Imperva Transparent Inspection technology, SecureSphere provides maximum security with minimal disruption.

        Because SecureSphere is transparent to other devices on the network, it also provides high availability through integrated fail open network interfaces. In the event of a power, hardware or software failure, the fail open interfaces can automatically bridge the connection, allowing uninterrupted communications between the client and the Web, database, or file server.

    • Key Capabilities

      • The Accountability Requirement for Database Auditing

        One of the primary requirements of any auditing process is validating appropriate user accountability. However, today’s complex multi-tiered applications—such as Oracle E-Business Suite, SAP, PeopleSoft, and custom Web applications—make it nearly impossible to track user interactions with data. The inability to validate user accountability often causes organizations to fail audits and, as a result, pay non-compliance fines. SecureSphere Universal User Tracking helps organizations pass audits and avoid non-compliance fines by linking users to their actions, even in complex environments.

      • Typical Data Audit Solutions Do Not Provide Full Accountability

        Often, when users access databases via an application, connections are pooled by the application server into a single connection to the database. Typical database auditing systems do not consistently link database activity with specific users when connection pooling is in use because only the application's login name is recorded. SecureSphere tracks individual user connections, not just application logins, to provide full database audit accountability.

        Often, native database audit logs record the names of intermediary application servers, not actual application user names.

      • Universal User Tracking Meets the Requirement

        Universal User Tracking incorporates multiple tracking mechanisms to identify the accountable end user for every database transaction, even in connection pooling environments. Universal User Tracking methods include:

        • Web Application User Tracking
        • Web to Database User Tracking
        • SQL Connection User Tracking
        • Direct User Tracking

        These four tracking methods enable SecureSphere to audit end users regardless of how they connect to the database, enabling complete accountability. By tracking end users, SecureSphere can display user IDs in database security alerts, audit logs, and reports. In addition, database security policies can be created to restrict access by user ID. Universal User Tracking provides greater visibility into database activity, more granular security controls, and adherence to today's stringent regulatory requirements.

        More thorough database auditing, based on cyber security best practices, enables organizations to achieve regulatory data compliance, such as Sarbanes Oxley, PCI, and HIPAA, with greater ease.

        Web to Database User Tracking, a Universal User Tracking method, provides individual accountability even when an application server pools transactions into a single database connection.