SecureSphere Provides Continuous Real-Time Visibility into Attack Methods and Application Responses to Automate Vulnerability Discovery

Redwood Shores, CA, August 5, 2008 – Imperva®, the leader in application data security, today announced that its award-winning SecureSphere Web Application Firewall now supports comprehensive Web Activity Monitoring (WAM) to automate the discovery and accelerate the remediation of application vulnerabilities in production systems. In addition to blocking attacks, SecureSphere now records malicious inputs and application responses to provide development teams with the information they need to pinpoint and fix coding flaws.

These enhancements expand SecureSphere’s role as an application protection and security lifecycle management platform, which includes the ability to bi-directionally share data with leading vulnerability scanning tools.

“Because they monitor web traffic and detect attacks, Web Application Firewalls should help developers find and fix flaws in production code. But in reality, the process is too tedious and costly,” said Andrew Jaquith, program manager in Yankee Group’s Enabling Technologies Enterprise group. “In contrast, Imperva’s Web Activity Monitoring solution feeds alerts and reports to both security and development teams, closing the loop between security operations and application developers.”

Comprehensive Web Activity Monitoring

WAM adds another dimension to SecureSphere’s application security lifecycle management capabilities, which enable IT departments to connect the dots between web application firewall protection, code reviews, and vulnerability scanning. SecureSphere serves as a hub for the exchange and correlation of web application security information and provides a means to identify vulnerabilities in production applications in real-time. SecureSphere WAM provides:

  • Alerts on unrecognized attack behaviors to pinpoint potential new exploits
  • Anomalous application activity alerts, to uncover potential logical flaws in the code
  • Real-time alerts that capture full response pages on suspicious activity
  • Sensitive data usage reports that document which parts of an application process confidential data such as credit card data, social security numbers or other personally identifiable information (PII)
  • Application profile reports that show characteristics of the application in use, including pre-defined views of broken links, broken inbound referrers, page response time by URLs, as well as custom analysis capability
  • Profile change alerts and reports that identify and track application changes to support closed-loop QA and change control processes

“Historically, Web Application Firewalls have focused on reducing threats to online applications, while code review and vulnerability scanning technologies have focused on discovering vulnerabilities,” said Amichai Shulman, CTO of Imperva. “With Web Activity Monitoring, SecureSphere closes this gap by blocking malicious inputs and capturing detailed information on how applications respond to live queries, which allows developers to fix code level security holes.”

Availability

SecureSphere Web Application Firewall with Web Activity Monitoring is available immediately from Imperva and its business partners worldwide

About Imperva

Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit www.imperva.com.

# # #

Imperva and SecureSphere are registered trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net