Imperva’s team of Support Engineers delivers technical assistance to you for all Imperva products, leveraging their SecureSphere expertise and deep knowledge of security and compliance. The team is positioned across the globe to provide 24x7x365 coverage, and can be contacted by phone, email, or online via our Self Service Support Portal.
Technical Support Services
Imperva offers three levels of technical support – Standard, Enhanced, and Premium – that affords you the flexibility to select the plan that best meets your needs. All three programs include a formal escalation procedure that ensures effective resolution to all your issues and questions.
|Standard||Enhanced||Enhanced + DSE||Premium||Premium + DSE|
|Service Hours||8am to 6pm local time on work days||24x7x365||24x7x365||24x7x365||24x7x365|
|Portal Access (Knowledge base, Incident tracking)||Yes||Yes||Yes||Yes||Yes|
|# of Designated Callers and Web Access Users||4||Unlimited||Unlimited||Unlimited||Unlimited|
|Onsite Visits||Twice a year (T&E*)||Twice a year (T&E*)|
|Designated Single Point of Contact||Yes||Yes|
|Quarterly Business Review||Yes||Yes|
* The travel and expenses (T&E) for the trip(s) are not included in the Support fee and will be separately billed to the DSE customer.
Designated Support Engineer
An Imperva Designated Support Engineer (DSE) is one of Imperva’s most sophisticated Support staff who partners one-on-one with your organization to reduce system downtime and maximize your data center security investment. Imperva DSEs work with your IT staff to troubleshoot, manage, and resolve all technical issues quickly. Serving as your designated point of contact to Imperva, a DSE will increase your team’s productivity and knowledge of Imperva products. Learn more about the DSE program.
- Support Lifecycle Policy
- Software Schedule
- Hardware Schedule
Imperva Product End-of-Life Information
Imperva is focused on helping you deploy Imperva products effectively and efficiently. To assist you, Imperva has established an End-of-Life Policy for all Imperva hardware and software products. Imperva customers with a valid support and maintenance agreement are entitled to the benefits set forth by this policy.
The following information outlines the Imperva Software and Hardware End of Life (EOL) Policy, effective April 30, 2010.
Software End-of-Life Policy
Imperva supports all software products for a minimum of two major versions. After two major versions have been released, Imperva will issue an EOL notification for the EOL software version. The EOL software version will reach End of Support (EOS) twelve months after the EOL notification date.
Software EOL Timeline Milestone Description General availability date Date the software version is released. First subsequent major version general availability date Date first subsequent major version is released. Second subsequent major version general availability date Date second subsequent major version is released. End-of-Life notification date Date Imperva announces the EOL for the software version. This notification will typically occur at the same time or soon after the second major subsequent version is released. End-of-Support date The last date support will be offered. The Software EOS date occurs twelve months after the EOL notification date. Customer should upgrade to a supported version by this date.
Click here to see the Imperva Software End-of-Life Schedule for software versions that have reached EOL.
Hardware End-of-Life Policy
Imperva hardware models reach the end of product life due to market requirements, technological innovations or replacement by new, more advanced technology. To ensure smooth migration to new Imperva hardware platforms, Imperva will continue to support hardware 5 years after the last order date. The hardware EOL policy guidelines are:
- Imperva will issue and End-of-Life Notification 90 days prior to the Last Order Date.
- Imperva will continue to support hardware products for 60 months after the Last Order Date.
- During the 60 month period, repair services or replacement parts will be available for all appliances under valid maintenance contracts.
- All standard technical support services, including access to the Imperva Self Service Support portal, and to phone and email support, will be available with valid maintenance contracts.
Please see the Imperva Hardware End-of-Life Schedule for the EOL schedules of hardware platforms that have reached the Last Order Date in the product lifecycle.
Definition of Terms
End-of-Life (EOL): A process that consists of a series of technical and business milestones and activities that, once completed, make a product obsolete. Once obsolete, the product is not sold, manufactured, improved, repaired, maintained, or supported.
- Last-Order-Day (LOD): The last date to order the product through Imperva or affiliates.
- End-of-Support (EOS): The last date support will be offered and represents the final milestone in a product's lifecycle. Support contracts expire upon reaching product EOS.
- Hardware: The physical appliance and its physical components.
- Software: Firmware and software applications that run on Imperva hardware
Disclaimer: Imperva may continue offering support services beyond the standard EOL period and reserves the right to charge additional fees for continuing support services on any EOL products. Imperva reserves the right to reduce or amend support services offerings available for renewal under this policy at any time in its sole discretion, with or without notice. The terms and conditions of Imperva’s Reseller Agreement, End User Agreement, Support and Maintenance Agreement, as applicable, shall prevail and apply to this EOL Policy and will supersede any conflicting terms thereof.
Imperva Software End-of-Life Schedule
Products Affected Software Version End of Support Date SecureSphere Web Application Firewall 5.x (see technical bulletin) January 31, 2011 SecureSphere Database Security Gateway 5.x (see technical bulletin) January 31, 2011 SecureSphere Database Monitoring Gateway 5.x (see technical bulletin) January 31, 2011 SecureSphere MX Management Server 5.x (see technical bulletin) January 31, 2011 SecureSphere Web Application Firewall 6.x (see technical bulletin) January 31, 2011 SecureSphere Database Security Gateway 6.x (see technical bulletin) January 31, 2011 SecureSphere Database Monitoring Gateway 6.x (see technical bulletin) January 31, 2011 SecureSphere MX Management Server 6.x (see technical bulletin) January 31, 2011 SecureSphere Web Application Firewall 7.x (see technical bulletin) January 31, 2013 SecureSphere Database Security Gateway 7.x (see technical bulletin) January 31, 2013 SecureSphere Database Monitoring Gateway 7.x (see technical bulletin) January 31, 2013 SecureSphere MX Management Server 7.x (see technical bulletin) January 31, 2013 SecureSphere Database Security, File Security and Web Application Security Products 8.x (see technical bulletin) May 31, 2014 SecureSphere MX Management Server 8.x (see technical bulletin) May 31, 2014 SecureSphere Database Security, File Security, Web Application Security Products and the MX Management Server 9.x (see technical bulletin) January 31, 2016 SecureSphere for Crossbeam 9.0, 10.0 (see technical bulletin) see associated bulletin
Imperva Hardware End-of-Life Schedule
Appliance Characteristics Last Order Date End of Support Date SecureSphere model is G4, G8, G16 or MX and purchase date is between 2005 and January 2008 and chassis model is 1300, 1400, 1450 or 4850 January 31, 2008 January 31, 2011 SecureSphere model is G2, G4, G8, G16 or MX and purchase date is between January 2008 and July 2010 and chassis model is 3100, 3140, 1530 or 2500 July 31, 2010 July 31, 2015 SecureSphere model is X1000, X2000, or M100 December 31, 2013 December 31, 2018 SecureSphere model is X2500, X4500, X6500, or M150 April 15, 2015 April 15, 2020 SecureSphere model is X1010, X2010, X2510, X4510, X6510, X8510, X10K, M110 or M160 To be announced 5 years after Last Order Date
If Imperva SecureSphere is listed on a vulnerability alert, such as from CERT, the ADC publishes Security Responses to those alerts. Check this page to locate newly published Responses.
Imperva Security Response to a Variation of HTTP Parameter Pollution Attack
On Nov. 4th a possible bypass to the Imperva WAF was disclosed via email on public message board SECLISTS.ORG. Read this security advisory to learn how you can protect your organization and your Imperva WAF Implementation.
Imperva Security Response to CVE-2015-7547
Google has identified a security vulnerability, known as CVE-2015-7547 (glibc getaddrinfo stack-based buffer overflow) that has been classified as critical. This vulnerability puts DNS clients with certain versions of the glibc DNS client side resolver at risk, and could allow a remote attacker to perform a buffer overflow attack. Read this security advisory to learn how you can protect your organization and your Imperva SecureSphere implementation.
Imperva Security Response to CVE 2015-1635
Microsoft has issued a Security Bulletin, known as CVE-2015-1635, has been classified as critical. This HTTP.sys vulnerability puts users with certain versions of Windows and IIS at risk, and could allow a remote attacker to perform a buffer overflow attack. Read this security advisory to learn how you can protect your organization with Imperva SecureSphere and Imperva Incapsula.
Imperva Security Response to OpenSSL & TLS/RC4 Vulnerabilities
Two high-severity OpenSSL-related threats have recently been identified, CVE-2015-0291 which can theoretically create opportunities for DoS attacks against a server, and CVE-2015-0204 in which an attacker could theoretically force a user and server to downgrade to a set of export ciphers which are weak and outdated. Initial investigation shows that SecureSphere components are not vulnerable to these CVEs.
Imperva Security Response for CVE-2014-3566 - aka "POODLE"
Google researchers recently uncovered a security bug (CVE-2014-3566) that they say could allow hackers to steal data. The bug has been referred to in the press as "POODLE"", or "Padding Oracle On Downloaded Legacy Encryption". This vulnerability is a Man-In-The-Middle (MITM) attack which means a client-to-server session is being hijacked and then used in a malicious manner. This attack has been associated with SSLv3 connections, and could force TLS sessions to downgrade to SSLv3.
Imperva Security Response for CVE-2014-6271 – aka "Shellshock"
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment
Imperva Security Response for CVE-2014-0224
OpenSSL does not properly restrict processing of ChangeCipherSpec messages before version 0.9.8za, and in version 1.0.0 before 1.0.0m, and in version 1.0.1 before 1.0.1h.
Imperva Security Response for CVE-2014-0160 – aka "Heartbleed"
OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat Extension packets
Imperva Security Response for CVE-2011-4887
Under some configurations an attacker can invoke a XSS attack against the SecureSphere WAF management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere.
Imperva Security Response for CVE-2011-0767
Under some configurations an attacker can invoke a XSS attack against the SecureSphere management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere.
Imperva Security Response for CVE-2010-1329
It is possible to evade some of the detection mechanisms of the SecureSphere Web Application Firewall and Database Firewall by sending a specially crafted, extremely large request.
Imperva Security Response for VU#739224
The U.S. Computer Emergency Response Team (US-CERT) has reported a Web attack evasion technique using full-width and half-width Unicode characters intended to evade inspection by IDS/IPS/WAF security products.