Protect Your Critical Web Applications and Data

SecureSphere WAF Specifications

  • Imperva SecureSphere Web Application Firewall (WAF) analyzes all user access to your business-critical web applications and protects your applications and data from cyber attacks. SecureSphere WAF dynamically learns your applications’ “normal” behavior and correlates this with the threat intelligence crowd-sourced from around the world and updated in real time to deliver superior protection.

    The industry leading SecureSphere WAF identifies and acts upon dangers maliciously woven into innocent-looking website traffic; traffic that slips right through traditional defenses. This includes blocking technical attacks such as SQL injection, cross-site scripting and remote file inclusion that exploit vulnerabilities in web applications; business logic attacks such as site scraping and comment spam; botnets and DDoS attacks; and preventing account takeover attempts in real-time, before fraudulent transactions can be performed.

    SecureSphere WAF Diagram

    Key Features

    • Dynamic Application Profiling
      WAF Dynamic Profiling

      SecureSphere WAF uses patented Dynamic Application Profiling to learn all aspects of web applications, including the directories, URLs, parameters, and acceptable user inputs to detect attacks with exceptional accuracy and block only bad parties, while eliminating impact to legitimate customers. SecureSphere WAF mitigates both technical attacks such as DDoS and SQL injection, as well as non-technical attacks such as comment spamming and site scraping.

    • API Security

      The increasing popularity of DevOps and Microservices architecture is driving the importance of APIs. The API economy, as it’s being called, refers to using APIs to deliver new digital products and services to the market. APIs are an additional attack vector for cybercriminals and can make your microservices and other endpoints vulnerable to the full range of web application attacks.

      SecureSphere WAF deployed in front of API resources protects core applications by validating and monitoring API traffic, and leveraging SecureSphere features like Profiling and Content Inspection to identify and protect against malicious activity. The SecureSphere API Security feature set includes the following:

      • Profiling and Protecting API Protocols
      • API Content Inspection
      • Blocking Malicious Bot Activity and DDoS
      • Enforcing API Encryption
      • Enforcing Specific API Versions
      • Tracking API Users
    • Granular Correlation Policies Reduce False Positives

      SecureSphere WAF distinguishes attacks from unusual, but legitimate, behavior by correlating web requests across security layers and over time. SecureSphere Correlated Attack Validation capability examines multiple attributes such as HTTP protocol conformance, profile violations, signatures, special characters, and user reputation, to accurately alert on or block attacks with the lowest rate of false positives in the industry.

    • Flexible Deployment Options

      SecureSphere WAF can be deployed as a physical or virtual appliance on-premises, and as a virtual image on Amazon Web Services or Microsoft Azure. Physical appliance deployments are particularly flexible in that they allow SecureSphere WAF to run transparently, requiring virtually no changes to the customer’s network. And granular policy controls enable superior accuracy and unequaled control to match each organization’s specific protection requirements.

    • Deep Threat Intelligence
      WAF Stop Bots and Malicious Sources

      To protect against today’s well resourced cyber-criminals, it is vital to have an advanced warning system that is aware of and protects against constantly evolving web-based attacks. Imperva ThreatRadar updates SecureSphere WAF with real-time threat intelligence crowd-sourced from around the world and curated by Imperva Application Defense Center. ThreatRadar provides better protection, improves WAF accuracy, and makes the security team more efficient by proactively filtering traffic from known bad sources so the security team can focus on what is really important. The following ThreatRadar intelligence feeds are available:

      • Reputation Services: Filters traffic based upon latest, real-time reputation of source
      • Community Defense: Adds unique threat intelligence crowd-sourced from Imperva users
      • Bot Protection: Detects botnet clients and application DDoS attacks
      • Account Takeover Protection: Protects website user accounts from attack and takeover
      • Fraud Prevention: Simplifies deployment of best-in-class partner fraud prevention solutions
      • Emergency Feed: Delivers latest signatures right away to mitigate against zero-day vulnerabilities instead of delivering them through periodic updates
    • Virtual Patching

      SecureSphere WAF can perform “virtual patching” for your web applications via vulnerability scanner integration. Instead of leaving a web application exposed to attack for weeks or months while code is modified after discovering a vulnerability, virtual patching actively protects web applications from attacks to reduce the window of exposure, and decreases the costs of emergency fix cycles until you are able to patch them.

    • Customizable Reports for Compliance and Forensics

      SecureSphere WAF rich graphical reporting capabilities enable customers to easily understand security status and meet regulatory compliance. SecureSphere WAF provides both pre-defined and fully-customizable reports. This enables you to quickly assess your security status and streamline demonstration of compliance with PCI, SOX, HIPAA and FISMA and other compliance standards.

    • Out-of-the-box SIEM Integration

      SecureSphere WAF can easily integrates with most of the leading Security Information and Event Management (SIEM) systems such as Splunk, ArcSight, RSA enVision and others. SecureSphere WAF exports events as syslog messages in Common Event Format (CEF) and JSON format. SecureSphere WAF events in any SIEM are intuitively indexed and are easily searchable for quick incident response.

  • Specification Description
    Web Security
    • Dynamic Profile (White List security)
    • Web server and application signatures
    • Reputation based security and IP geolocation
    • HTTP RFC compliance
    • Normalization of encoded data
    • Automated-client detection
    Application Attacks Prevented
    • OWASP Top 10
    • SQL Injection
    • Cross Site Scripting
    • Cross Site Request Forgery
    HTTPS/SSL Inspection
    • Passive decryption or termination
    • Optional HSM for SSL key storage
    Web Services Security
    • XML/SOAP profile enforcement
    • Web services signatures
    • XML protocol conformance
    Content Modification
    • URL rewriting (obfuscation)
    • Cookie signing
    • Cookie encryption
    • Custom error messages
    • Error code handling
    ThreatRadar Threat Intelligence
    • Reputation: filters traffic based on source reputation
    • Community Defense: crowd-sourced from Imperva users
    • Bot Protection: Protects against malicious bot activity
    • Account Takeover: protects user accounts from compromise
    • Fraud Prevention: Simplifies deployment of best-in-class partner fraud prevention solutions
    • Emergency Feed: Delivers latest signatures right away to protect against zero-day vulnerabilities
    Platform Security
    • Operating system intrusion signatures
    • Known and zero-day worm security
    Network Security
    • Stateful firewall
    • DoS prevention
    Advanced Protection
    • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks
    Data Leak Prevention
    • Credit card number
    • PII (personally identifiable information)
    • Pattern matching
    Policy/Signature Updates
    • Frequent security updates
    • All authentication methods supported transparently and inspected in bridge and non-inline monitor modes. Can actively authenticate users in proxy mode.
    • Support for RSA Access Manager for two-factor authentication
    • Support for LDAP (Active Directory)
    • Support for SSL client certificates
    User Awareness
    • Automated Tracking of Web Application Users
    Deployment Modes
    • Transparent Bridge (Layer 2)
    • Reverse Proxy and Transparent Proxy (Layer 7)
    • Non-inline sniffer
    • Web User Interface (HTTP/HTTPS)
    • Command Line Interface (SSH/Console)
    • MX Server for centralized management
    • Integrated management option (X1010, X2010, X2510, X4510)
    • Hierarchical management groupings
    • SNMP
    • Syslog
    • Email
    • Integrated graphical reporting
    • Real-time dashboard
    High Availability
    • IMPVHA (Active/Active, Active/Passive)
    • Fail open interfaces (bridge mode only)
    • VRRP
    • STP and RSTP
    Solution Delivery Option
    • Physical appliance
    • Virtual appliance (VMware ESX, Amazon AWS, Cisco Nexus 1110 Series VSA, Blue Coat X-Series)
    • Managed service
    Web Application Vulnerability Scanner Integration
    • WhiteHat, IBM, Cenzic, NT OBJECTives, HP, Qualys, and Beyond Security
    Enterprise Application Support
    • SIEM/SIM tools: ArcSight, RSA enVision, Prism Microsystems, Q1 Labs, TriGeo, NetIQ
    • Log Management: CA ELM, SenSage, Infoscience Corporation
    TCP/IP Support
    • IPv4, IPv6