Founded in 2002, Imperva has become the leading provider for cloud and on-premise application and data security solutions. Imperva focuses on internal and external threats. Offering security for cloud applications, SharePoint systems, websites, critical databases, files, and repositories for Big Data, Imperva is an excellent choice. Considered best in class, Imperva offers ease of management, great functionality, and an excellent ROI.
Web Application Security
SecureSphere Web Application Firewall
Imperva SecureSphere uses heuristics to determine the normal behavior of your applications and correlates this information with crowd-sourced threat intelligence to deliver real-time protection. SecureSphere’s Correlated Attack Validation capability has the lowest False Positives in the industry for alerts and examines attributes on multiple levels. Examples of examination include IP reputation, signatures, user reputation, HTTP protocols, special characters, to name a few. Deployment options include virtual, physical, or cloud with granular policy controls. Real-time threats are updated through Imperva’s Threat Radar from the Imperva Application Defense Center. Intelligence feeds offered include:
• Community Defense
• Reputation Services
• Bot Protection
• Fraud Prevention
• Account Takeover Protection
Web applications can be virtually patched through the SecureSphere WAF upon vulnerability discovery. Reports are customizable through graphical reporting, making it easy to review PCI, SOX, HIPAA and FISMA compliance. Alerts can be sorted, searched, and linked to security rules with a real-time dashboard.
Imperva ThreatRadar Subscriptions
An industry leader in threat intelligence, ThreatRadar offers the following protections in conjunction with the SecureSphere Web Application Firewall:
Offering real-time alerting on known malicious sources, the threat reputation service covers events from known malicious sources including
• Anonymous Proxies
• Malicious IP Addresses
• IP Geolocation
• Comment Spammers
• TOR Networks
• Phishing URLs
Harnessing worldwide SecureSphere WAF deployments, ThreatRadar Community Defense offeres threat intelligence near real-time to each SecureSphere WAF. This information is aggregated from live attack information. For those who choose to opt-in for anonymized attack data on the ThreatRadar cloud, this service is free of charge.
Accurately distinguishing human traffic from bot traffic, SecureSphere’s ThreatRadar Bot Protection Services identifies traffic from browser type. This service offers a 30% increase in performance for all website traffic, with improved performance and security.
Offering fraud monitoring solutions and fraud policy management through the iovatoin ReputationManager 360 and ThreatMetrix TrustDefender ID
Account Takeover Protection
ThreatRadar Account Takeover Protection offers real-time detection and mitigation against unauthorized access. Credential intelligence detection and mitigation include credential stuffing from harvested credentials, privileged account default password attacks, and dictionary attacks using weak passwords. Device intelligence detection and mitigation includes device logins from high-risk devices, Geo-based risk locations, multiple devices signing into a single account simultaneously or within a brief period of time, and transactions from proxies or TOR.
SecureSphere for Data
Offering flexible multiple deployment options, and available on premise, hybrid, and in the cloud, this product is available for legacy, traditional, Amazon Web Services and Microsoft Azure environments. SecureSphere is also offered as a managed service. SecureSphere for Data offers a centralized console for management to enable global command and control capabilities, automation of data related tasks, and rapid deployment of policies. Deployment and configuration is seamless for data discovery, software and policy distribution and configuration updates. Vulnerabilities are identified and compliance is measured through the SecureSphere Database Assessment tool. Dual Channel monitoring offers security and compliance auditing simultaneously, and prior to policy violations. This solution is proactive, with detailed auditing trails for each transaction.
User rights are automatically reviewed in order to eliminate dormant accounts or excessive user rights, lowering error risk and labor costs. Excellent for handling thousands of databases, the centralized management handles pre-defined policies, Big Data nodes, and workflow remediation without the need for advanced skills or scripting. This offers an excellent solution for separation of duties. User access control is handled through Imperva’s Dynamic Learning Method and Adaptive Normal Behavior Profile technology, which builds a profile for each account and related white listing. Temporary quarantines are available in order to protect data from unauthorized user activity.
Protection is real-time, including blocking. Insider threats can be logged with Imperva CounterBreach, which uses peer group analytics and machine learning to develop full contextual baselines. Integrates well with SIEM (ArcSight, QRadar, and Splunk), third party solutions, and ticketing. Imperva offers a dedicated Splunk App for database security in order to customize feeds to their Splunk dashboard. No Splunk development experience is required.
SecureSphere Database Assessment
Database assets are assessed for risks, in combination with database sensitivity and vulnerability views through the SecureSphere Database Assessment tool. The dashboard offers drill down capabilities in order to prioritize mitigation and reporting. Sensitive data is highlighted with location, including database object, row, and column in order to develop granular policies to streamline auditing, protection, and reporting. Offering over 1500 vulnerability and misconfiguration tests, including industry assessment policies based on CIS, STIG, and DISA. SecureSphere offers policy uses test tags and database groups to reduce the need for customized tests and vulnerability scanning. Known vulnerabilities are updated through Imperva’s Advance Center. Continual protection even when patching is not available, automated quarterly password updates, and an automation API saves time and money, lowering the risk for error.
SecureSphere Agents for Big Data
With lightweight agents and excellent scalability, non-intrusive network monitoring, or a hybrid of both, Imperva SecureSphere offers a large reduction in the costs of competing tools in one package. This solution is available for cloud and on-premise policy enforcement. In addition to protecting legacy systems, this highly scalable SecureSphere solution automates processes, offers customizable reports, and handles audit analysis, forensic investigation, and incident response. This best in class security solution by Imperva applies unified security policies across multiple data repositories in an easy to use interface. Capabilities include optimized data collection and storage, backward compatibility, in-service updates, automated deployment and configuration updates, centralized management and administration, data leak identification, permanent log collection, fraud identification, local server access monitoring, and dual channel monitoring. All types of data stores are monitored, including RDBMS, SharePoint, mainframe, Big Data, files, and Data Warehouses. Distributions supported include MongoDB, Impala, Cloudera, Hortonworks, IBM BigInsights, NoSQL, HDFS, Hadoop Hive, Hbase, and more. Operating Systems supported include Windows, Linux, and Unix, with specialized agents available for DB2, IMS, DB2/400, and z/OS. File coverage includes NAS, Windows, Linux, Unix, and local or global mode. Sharepoint content and database is also covered.
Imperva Camouflage Data Masking
Replacing your sensitive data with realistic fictional data is the goal of Imperva’s Camouflage Masking. Masking is primarily used in non-production systems, data warehouses, testing systems, and deployment systems. Data can leave company control or go out of the country to off-shore or outsourced teams while maintaining protections against theft and compliance requirements.
Phases include Discover, Assess and Classify, Set Policy, Deploy, and Manage and Report. Utilizing an automated process, Discover identifies which data needs to be masked without compromising data utility, including documentation, for sensitive data. Assess and Classify establishes what criteria must be used for data masking, inter-database dependencies, and transformation requirements. Set Policy uses easy-to-use data masking software that is scalable and flexible to handle requirements with varying complexity in order to develop masking schedules and establish change management processes and integrate data masking configurations into the overall data refresh process. Deploy integrates the data masking in non-production environments for executing configurations that were set in the Policy phase. Related options include report automation, pre- and post-run script options, ancillary processes and requirements Manage and Report includes job maintenance, change management, compliance reporting regarding masking techniques and masked database structures, and configuration updating.
User Rights Management
User Rights Management for Databases (URMD) offers an automated access rights review process. This process will help eliminate risks stemming from excessive user rights, and will demonstrate SOX, and PCI compliance with lower labor costs than traditional management solutions. The process is automatic and repeatable, including a workflow framework that supports authorization processes and user rights reviews. User right information is correlated with data sensitivity and relationship information. Dormant accounts are also managed to lower or eliminate breaches.
Application Defense Center Insights
Streamlining security and compliance for SAP, Oracle E-Business Suite, and PeopleSoft is simple through the Application Defense Center Insights solution by Imperva. Separation of duties, rules and reports come out-of-the-box, saving considerable time. 250 templates are provided for reporting for SOX, PCI, HIPAA, and other compliance needs. Designed for ease of use, this product includes automated user behavior profiling, detection of behavioral changes, and customizable policy definitions.
Imperva Incapsula Website DDoS Protection
Seamlessly compatible with other Incapsula security options, Imperva offers the most robust DDoS offerings. This offering specifically handles DDoS attacks which are launched against web applications and websites. Protection includes infrastructureProtection and Server DDoS Protection services, using DNS redirection for persistent rerouting of website traffic through the Incapsula network. With stringent layers of inspection, masking of origin server IP addresses to counter direct-to-IP attacks, and incoming traffic inspection. A great solution for PCI DSS compliance, your website will maintain normal operating speeds, even during large-scale attacks, with 99.999% uptime without the need for additional hardware or need for multi-gigabit Internet connections, 1.5+ Tbps of scrubbing capacity, bot identification based on reputation and heuristics.
Imperva Incapsula Infrastructure DDoS Protection
Highly resilient, this on-demand security service with enabled GRE tunneling and Border Gateway Protocol routing protection solution to safeguard your critical network infrastructure from protocol and volumetric DDoS attacks. Imperva’s proprietary “Behemoth” scubbing servers are capable of mitigating 170 Gbps of DDoS attacks per appliance, complemented by CDN-based services to offer complete protection for connected devices and network protocols. DDoS protection covers all types of services, complements the Impreva SecureSphere Web Application Firewall, offers GRE tunneling for seamless onboarding, DDoS protection for complete subnet ranges is enabled on demand, and protection from direct-to-IP address DDoS attacks. All traffic is inspected prior to forwarding to the enterprise network. The Incapsula Infrastructure DDoS Protection does not use BGP routing. Instead, customers are provided a protected IP address, which will inspect and filter all incoming traffic, which is ideal for SaaS or gaming servers. Smaller organizations are offered the same protections as enterprises in order to protect multiple protocols and service types for every IP address. External monitoring is available for analysis of NetFlow and sFlow statistics.
Imperva Incapsula Name Server DDoS Protection
Designed to protect Name Servers against DDoS attacks, this solution is always on, with fast DNS responses, and complementary to SecureSphere Web Application Firewalls, this is part of Incapsula’s complete suite of DDoS Protection Services. As with other Incapsula solutions, there is no need for additional connections or hardware, with the elimination of setup and overhead expenses. This solution offers verification with the authoritative DNS server takes 30 seconds, and does not require customers to change DNS processes or maintenance tools. DNS servers are protected via DNS proxy with heuristic and reputation inspection of incoming DNS queries in order to filter out malicious packets.
CounterBreach interfaces well with Imperva SecureSphere and Imperva SkyFence in order to determine misuse of enterprise data stored on cloud apps, file servers, and databases. This is done by recognizing anomalies. Providing visibility into databases and servers on-premise or in the cloud, access to sensitive information is easily obtainable, including when and who accessed information. SkyFence is designed to monitor uploads, downloads, and sharing of PII within SalesForce, Box, and Office 365. CounterBreach uses advanced machine learning to monitor user activity and flag dangerous behavior for immediate investigation. Potential data leaks are contained through CounterBreach by quarantining questionable users and activities.
Using machine learning and peer groups, CounterBreach focuses on discerning when a data access event is malicious in nature. A fully contextual baseline is developed for typical access to database tables, files, objects, and cloud shares, and activities are prioritized. Detection of compromised endpoints are detected by CounterBreach Deception Tokens, which lures attackers with enticing files names, web browser cookies, and artificial database credentials to add context to CounterBreach Behavior Analytics. It spots the risky users, client hosts and servers for easy prioritization and investigation by security teams. Behaviors of potentially risky users can be easily compared to their peer group baseline in a consolidated view.
SecureSphere File Activity Monitor
SecureSphere offers an excellent data management solution, with a focus on compliance. All records are monitored, with detailed records of access, in order to provide easy and effective reporting for all compliance needs. The access rights and review processes are streamlined, and automated tools offer auditing in a time efficient manner. Through the SecureSphere File Security solutions, unstructured data governance can be implemented, unusual activity monitored, file permissions and activities managed, and data owners identified. Through the use of policy-based file security, your files are safe, and unusual activity is blocked. An additional asset to this offering is efficient archiving and/or deletion of unused data that is taking up extra space, thus reclaiming storage.
SecureSphere File Firewall
The SecureSphere File Firewall generates alerts and blocks unusual file activity and protects against unstructured data theft, by using the industry’s leading security policy framework. With an interactive auditing system, analytics are easy, and details are easy to obtain. File permissions can be reviewed and administered, and malware is quickly detected.
SecureSphere Directory Services Monitor
Prevention of lateral movement through your network is easy with SecureSphere Directory Services Monitor. Active Directory reporting is a snap with high visibility and real-time triggered notifications for security policy violations or questionable activities. Active Directory changes are reported to one convenient location, to garner immediate insight and analysis. Audit trails are kept up to date with included templates that will assist in forensic investigations.
SecureSphere for Sharepoint
Imperva offers the only solution on the market for protecting SharePoint from web based attacks and insider attacks. With support from Imperva’s Application Defense Center, the latest intelligence is available for defending from online attacks. Compliance auditing and security investigations are easily handled, with clear visibility into the back-end SharePoint database and front-end Web server. SharePoint permissions can be audited and managed, and file access rights reviewed. Compromised devices are restricted from access to SharePoint through FireEye’s Malware Protection System, which will also provide a full listing of restricted devices. SecureSphere for SharePoint will also notify administration what data is not used, in order to reduce the costs of maintenance.
Skyfence for CounterBreach
In a non-intrusive process, the highly scalable Skyfence Cloud Gateway is a Cloud Access Security Broker that provides the ability for organizations to monitor and control all cloud applications, determine which SaaS applications are in use, monitor user and administrative activities, enforce controls, meet compliance requirements, and protect data in the cloud. Users are able to access the applications that they need, while IT is able to view, access potential risks, enforce consistent policies, detect and protect against attacks, prevent data leakage, and control application access. All cloud applications are discovered and catalogued, and on screen filtering offers quick views, assessments of behavior, and remediation. Skyfence tracks status of services for compliance measurements, and for prioritization for application migration. With continuous monitoring, insider threats are detected at multiple levels, including database tables, data stored in cloud applications, and files stored in file shares. Skyfence also offers multi-factor authentication, automatic anomaly detection, and data leak prevention.
Highly scalable, Incapsula is a cloud based application delivery service that focuses on protecting, increasing performance, and safeguarding data and applications from web based attacks. Among the areas that it covers are DDoS mitigation, thwarting attacks, ensuring content delivery, acceleration of web traffic, and load balancing. It is an excellent solution for responding to OWASP Top 10 threats and other attacks. Utilizing machine learning, Incapsula is able to dynamically learn the attributes related to changes in strings, parameter values, encoding, and attributes. SSL traffic is inspected, low-data rate events, and application exploits are interrogated in order to prevent DDoS attacks, without interruption of user services. Utilizing a global content delivery network, bandwidth is lowered, webpages load faster, and application performance is increased, without the need for additional IT resources. Incapsula is a PCI certified solution. Two-factor authentication is easily implemented with a single click, and webpage access is centrally located. Load balancing and failover traffic can be handled via the cloud for quick scalability, with real-time health monitoring and traffic optimization. By changing your DNS settings, Incapsula cloud-based security is easily implemented, without having to change hosting providers or network infrastructure. The Incapsula API can be used as a link for SIEM integration, supporting strong data encryption and near-time reporting, with customizable dashboards.
SecureSphere for AWS
Learning “normal” behavior and correlating with excellent threat intelligence, your critical web-based applications are protected from attacks. Imperva SecureSphere is able to leverage AWS features like Elastic Load Balancing, CloudWatch, VPC, and CloudFormation natively, with the additional benefits of SecureSphere Web Application Firewall, Database Firewall, and Database Activity Monitoring. With enterprise-class protection provided by Database Activity Monitoring and Database Firewall, databases are protected, compliance is streamlined, and risk is reduced on-premises and in AWS. These solutions are available in the AWS marketplace. Subscriptions include annual Bring Your Own License, on-demand hourly, and on-demand annual.
SecureSphere Database Activity Monitoring for AWS is highly scalable with lightweight agents that monitor local traffic from database nodes. SecureSphere MX management offers alerting and out-of-the-box reporting. This is the only enterprise-class web application firewall for AWS offered. SecureSphere is approved for government application.
SecureSphere for Azure
Highly scalable, and with the ability to dynamically learn “normal behavior,” SecureSphere Web Application Firewall for Microsoft Azure is an excellent solution for protecting applications from attacks. Behaviors are reported to Imperva’s ThreatRadar. multiple virtual instances of SecureSphere WAF can be hosted in Azure through one SingleSphere Management Server. Available via AWS, or as a hybrid on-premise model, this solution interfaces well with Azure Resource Manager for monitoring, auto-scaling, and network configuration, Load Balancing to boost uptime and handle large traffic loads, Azure Application Insights, and Azure Security Center for streamlining provisioning and monitoring of multiple Web Application Firewalls hosted on Azure.