SecureSphere’s Modes Of Operation – Part II

secure-speres-modes

The previous post explained SecureSphere’s modes of operation: active, simulation and disabled. Today I’ll cover Dynamic Profiling Modes:

Imperva’s Dynamic Profiling technology automatically builds a model of legitimate behavior and adapts to application changes over time, keeping SecureSphere’s application defense up to date and accurate without manual configuration or tuning.
The Server Group Operation Modes described in the previous post will determine if SecureSphere will block or pass traffic when a policy violation occurs. The Dynamic Profiling modes (Learning, Protect, Ignore) determine how SecureSphere learns the application and user behavior and act accordingly.  The Dynamic Profiling mode does not affect the Operational Mode:

  • Learning mode: SecureSphere is not enforcing the profile policy for this object, because it is still learning how this object is accessed.
  • Protect mode:  SecureSphere is enforcing the profile policy.
  • Ignore mode: Used for cookie protection (relevant to Web application only)

Dynamic Profiling uses different algorithms for Web applications and SQL optimization. As a result, different advanced settings options are available as illustrated below.

Advanced Settings for Dynamic Profiling “Protect” mode

Initially, each object is in Learning mode, during which time SecureSphere builds a list of its parameters based on network activity.