New Release of SecureSphere Extends the Reach of Innovative Dynamic Profiling Technology

FOSTER CITY, CA – December 13, 2004 – Imperva, Inc., the developer of the world’s first Dynamic Profiling Firewall™, today announced the extension of SecureSphere’s Dynamic Profiling capability to deliver unique insights into the vulnerabilities of enterprise applications in production. This insight allows for better coordination between application development and security operations organizations. The result is a reduction of the cost associated with designing security into applications and building security into the infrastructure.

“SecureSphere 3.0 delivered automated protection against web application hacking, database breach and worm infection, based on the insight provided by Imperva’s unique Dynamic Profiling technology.” said Alan Norquist, Vice President of Marketing and Business Development at Imperva, “The natural next step is to leverage this unique insight to provide advanced visibility into the vulnerabilities and issues of customer applications in production.”

SecureSphere’s Unique Insights on Applications in Production
Imperva’s Dynamic Profiling automatically examines application and database traffic in the production environment to create a profile of the application’s structure and dynamics. This profile is used to identify and block attacks while automatically recognizing valid application changes and incorporating them into the application profile. Imperva’s Unified Architecture protects enterprise applications and their databases from all attack vectors by examining events across network and application layers (and over time) to properly identify and block real threats. Together these technologies provide unique insights into the application that can not be replicated outside the production environment.

“Application vulnerabilities remain a critical concern for enterprises. Finding and fixing vulnerabilities in production as part of an application securability strategy has been a relatively expensive and time-consuming operation.” Said Earl Perkins, Vice President, META Group, “Customers are looking for solutions that can identify production vulnerabilities quickly and provide real-time, automated protection, before hackers can exploit the issue.”

The new feature sets in SecureSphere 3.2 are built on the same Dynamic Profiling and Unified Architecture technology used in SecureSphere 3.0. The new features in SecureSphere version 3.2 include:

  • Application Vulnerability Profiling
  • Application Change Notification
  • Intelligent Attack Summaries

Application Vulnerability Profiling
Many vulnerabilities are dependent on the specifics of an application’s deployment or usage and only become apparent after an application has been placed in production. SecureSphere’s Application Vulnerability Profiling provides a continuous, consistent and comprehensive method to identify security vulnerabilities and risks created by deviations in best practices of system design, as well as those introduced as a result of the complexity of configuration of the production environment. Application Vulnerability Profiling is a valuable supplement to traditional vulnerability scanning tools because it identifies vulnerabilities in the deployment environment of an application that traditional vulnerability tools are not designed to detect or remediate.

Application Change Notification
Business priorities sometimes dictate that application changes be rushed into production outside of the standard release processes. However, operations and security administrators still need to understand the change and react accordingly. SecureSphere’s Application Change Notification provides automatic updates to individuals or groups of any change in the application with specific details of the change. This notification ensures that all affected groups in a company are aware of all application changes as soon as they are put into production. The result is that application development, operations and security groups can now work together more smoothly.

Intelligent Attack Summaries
SecureSphere’s protection of applications and databases often involves complex combinations of attack behaviors. Intelligent Attack Summaries improve security administrator productivity by combining the multiple related events of complex attacks into a single actionable alert. This highly focused information allows security response teams to quickly understand threats precisely when rapid and effective response is critical. The aggregated alerts also preserve detailed forensics so administrators can drill down into the complete details of the underlying events.

Availability and Pricing
Version 3.2 of the SecureSphere Dynamic Profiling Firewall is currently available worldwide.

Pricing for the SecureSphere appliance solution starts at $35,000 for a complete Dynamic Profiling firewall and centralized management appliance solution including 1 year of software subscription and support. Customers with active subscription contracts are entitled to all of the new features and functionality of version 3.2.

About Imperva
Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact
Marc Gendron
(781) 237-0341
marc@mqpr.net