New version extends Intrusion Prevention and Correlated Attack Validation(sm) Capabilities
DEMO 2004, Scottsdale, AZ, Feb. 17, 2004 – Imperva Inc., a leader in data center application security, today announced the availability of SecureSphere™ v2 with a series of new capabilities that complement and extend the existing state-of-the-art Correlated Attack Validation™ architecture of the first security product designed specifically to secure Internet and intranet applications in the corporate data center.
After years of application penetration testing on behalf of enterprise and public sector clients, Imperva created and launched the SecureSphere family of products in 2002. SecureSphere is the attack prevention solution for the security challenges presented by Internet or intranet applications such as e-commerce, online banking, and supply chain management found in today’s data centers. These applications consist of two elements that each requires a different type of protection; the commercial platform applications and the enterprise business logic and data. SecureSphere includes state-of-the-art Intrusion Prevention to protect the commercial platform applications, but adds a proprietary technology named Correlated Attack Validation which detects and stops attacks on the unique business logic and data.
The most advanced application intrusion prevention
Attacks on application infrastructure products (web server, database server, etc.) are referred to as known or signature attacks. Imperva’s Application Defense Center (ADC) – the world’s premiere application security research group –has completed over 250 application penetration tests for customers and determined – the number of vulnerabilities to known attacks typically represent only about 15% of all potential vulnerabilities in these applications. But because known attacks are launched en mass to exploit known vulnerabilities, they must be blocked immediately and very accurately to avoid massive spread and damage.
SecureSphere v2 adds robust attack signature management capabilities to its existing intrusion prevention capability. Derived from the work of ADC, this capability supersedes what some security companies provide with Deep Packet Inspection technology. SecureSphere v2 automates the process of applying the appropriate signatures to a particular application based on their applicability and the company’s risk tolerance. All attack signatures are not relevant to all applications. And some are more prone to false positives than others. So IT departments need the ability to intelligently choose and apply which known attacks they wish to protect against. The new SecureSphere allows users to customize their application intrusion prevention in order to achieve the highest accuracy for their data center environment.
SecureSphere v2 also adds a new deployment option for the SecureSphere sensor. The sensor can now be installed as a bridge to the application as well as in the existing network sniffing mode. So now it is capable of taking blocking action in-line in the case of known attacks. Using the transparent bridging technology, in-line protection can be “plugged-in” the network with complete transparency and without any change to existing network architecture or any performance impact on the application.
Improved Correlated Attack Validation – Persistent Learning
SecureSphere v2 adds Persistent Learning™ to its proprietary Correlated Attack Validation. Correlated Attack Validation is the third screen that suspicious events must pass through that enables accurate detection. While SecureSphere’s application firewall and application intrusion prevention capabilities include the most accurate available technologies, application firewall and IPS by themselves are still prone to generating false positives if used alone. Applications are too customized and dynamically changing to rely on any rule base being 100% accurate at any point in time. -Correlated Attack Validation associates the numerous events that are suspicious, but by themselves not obvious attacks, by user session over time. This eliminates false positives by separating simple errors or unusual uses from malicious attacks.
The new Persistent Learning enables SecureSphere to automatically adapt to changes in the application it is protecting. As applications are changed, SecureSphere can detect the difference between an unknown request that is a potential attack and one which is related to a new application capability. This enables SecureSphere to exist in real-world application data center environments where applications are changed frequently, but still require accurate detection of attacks to avoid false positives.
“Most security managers are faced with a new challenge in securing the applications in their data center. Securing the platform applications that they are based on – like Microsoft IIS or Apache or the SQL database – is the first and easiest step” said Imperva CEO Shlomo Kramer. “Securing the business logic and proprietary data is equally as critical, and yet more difficult due to the need to achieve accurate protection of a custom code base. With SecureSphere the security manager gets a single comprehensive solution for securing all aspects of the Internet and intranet applications in their data center. SecureSphere was designed on four years of penetration testing knowledge to protect what we call the application sphere in its entirety with accuracy and transparency that no other solution can come close to.”
Improved Enterprise Management and Deployability
SecureSphere v2 also includes new deployment and management options to reduce operational costs. A comprehensive reporting tool delivers illustrative evidence regarding the security of these important applications. In addition, the SecureSphere sensor has been streamlined as a complete and automated build with a hardened and compatible operating system as well as the sensor code.
Launch at DEMO 2004
Executive Director Chris Shipley announced, “This is what DEMO is all about; stripping away the hype and demonstrating obvious leaps forward in products and solutions. Imperva has created an impressive solution to help companies protect the information that consumers, employees and partners have entrusted to them.”
Pricing and availability
SecureSphere v2 will be available in March 2004. The product will be priced by the number of web or database servers protected (regardless of the number of SecureSphere sensors required to do so) and will start at one protected web server for $6,000 and one protected database server for $12,000. In addition, one SecureSphere server will be needed (no matter the number of web or database servers protected) which will cost $12,000. Prices include software maintenance for the first year, which will include IPS signature updates as well as free upgrades to new versions. Prices will also include basic product technical support. Quantity discounts will be available.
About Imperva
Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com
# # #
Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.
Editorial Contact
Marc Gendron
(781) 237-0341
marc@mqpr.net