Search Blog for

Deploy Instant Virtual Patching on SecureSphere WAF with Highly Accurate Web Vulnerability Data

Deploy Instant Virtual Patching on SecureSphere WAF with Highly Accurate Web Vulnerability Data

Web applications present companies with some of the riskiest cyber security vulnerabilities. McAfee addressed this in their 2017 Threats Predictions Report. The report noted that cloud applications, as opposed infrastructure, represent an increasing point of vulnerability. Similarly, Verizon’s Data Breach Investigation Report (DBIR) for 2016 said attacks on web applications accounted for more than 40 percent of incidents resulting in a data breach and were the single-largest source of data loss.
Imperva and High-Tech Bridge recently established a technology partnership to help organizations simply and cost-effectively confront these issues. By integrating Imperva’s SecureSphere Web Application Firewall (WAF) with High-Tech Bridge’s Application Security Testing Platform ImmuniWeb®, customers can now export accurate, human-verified web app vulnerability data into the SecureSphere WAF to instantly deploy virtual vulnerability patching and reliably protect their apps.
In this post, we explain how the joint solution works, and all the benefits it provides to our mutual customers.

Zero False-Positive Web Application Vulnerability Testing

High-Tech Bridge’s ImmuniWeb uses proprietary machine learning technology for intelligent automation of web vulnerability scanning, complemented by human intelligence. Web security experts from High-Tech Bridge’s SOC (High-Tech Bridge is a CREST accredited company) constantly monitor web vulnerability scanning, and intervene with manual testing for the most complicated vulnerabilities, such as flawed application logic, authentication bypass or improper access control. With this hybrid approach to web security testing, ImmuniWeb delivers a zero false-positive service level agreement (SLA) to every customer.
ImmuniWeb delivers the same quality and reliability of web security testing as manual web penetration testing, but in less time, lending itself to more competitive pricing. It provides custom remediation through integration with its WAF vendor partners, which helps eliminate risky emergency fixes and time-consuming test cycles.

Instant and Reliable Virtual Patching

The combination of the High-Tech Bridge and Imperva technologies enables customers to easily deploy virtual patching of their web applications, web-based APIs and web services.
Customers can use High-Tech Bridge’s ImmuniWeb Application Security Testing Platform to test their web applications and services, and then create highly-reliable virtual patching rulesets within the Imperva SecureSphere Web Application Firewall (WAF) for mitigation of the discovered vulnerabilities. Verified vulnerability data exported from ImmuniWeb does not require any further verification or validation.
The combined solution also exceeds the minimum PCI DSS 6.6 requirements and provides a high level of protection against data compromise.

How it Works

Users of ImmuniWeb Continuous run a vulnerability assessment against their web applications and instantly receive email, SMS or phone notification alerts about newly detected vulnerabilities. The notifications can be customized for the specific requirements and risk threshold of the organization. Detailed security and compliance reports are then generated to show the risk score and exploitability of the vulnerabilities.
Export of ImmuniWeb vulnerability data can then be customized (e.g. unpatched high- and critical-risk vulnerabilities detected during the last two weeks) and imported into SecureSphere WAF in just a few clicks. SecureSphere then creates a mitigation policy for the vulnerabilities—this ensures that only safe traffic reaches a customer’s web application.
Customers can granularly manage security vulnerabilities by importing specific types of detected flaws and weaknesses to SecureSphere based on severity level, patch status, detection date, vulnerability type or other customized filters.

These five easy steps illustrate how the integration works:

1. Create a new project in the ImmuniWeb Portal by clicking on the “Create New Project” button, visible on every page.
create new project in IntelliWeb
2. On the project configuration page (below is an example of an ImmuniWeb On-Demand assessment), select Imperva SecureSphere WAF from the Web Application Firewalls list.
configuration page in IntelliWeb
3. Once your project is active and vulnerabilities are detected, go to the ImmuniWeb Continuous Dashboard. On the right-hand side, above the navigation tabs, click on the “XML Export” button to export all the vulnerabilities from the current tab. To customize, just use the tab filters to hide unnecessary vulnerabilities. Select “Imperva SecureSphere” from the dropdown list.
ImmuniWeb Continuous Dashboard:
ImmuniWeb continuous dashboard
Download XML file with vulnerability data:
XML file export
4. Now we’re ready to upload the report into SecureSphere. In SecureSphere, under the Risk Management tab, select Web Scanner Integration, then upload the ImmuniWeb vulnerability data.
Select “Web Scanner Integration” under Risk Management:
SecureSphere web scanner integration
Upload the ImmuniWeb vulnerability data:
Upload XML file in SecureSphere
5. From the list of parsed vulnerabilities from the XML, click on the vulnerability to set up a mitigation policy.
set up policies risk console
set up policies

Fast, Effective Web Application Protection

That’s all it takes. In just a few steps, customers can identify and manage vulnerabilities at a granular level, then easily implement accurate, reliable virtual patching to help secure vulnerable web services and applications. The end result: improved overall security posture at no additional cost.
For more details about this Imperva Certified Solution, download the complete solution brief: Application Vulnerability Assessment and Virtual Patching with High-Tech Bridge and Imperva.