Imperva Unveils Next Generation Firewall Technology: Dynamic Profiling
FOSTER CITY, Calif. – August 23, 2004 – Imperva, Inc., a leading provider of application security solutions, today announced the availability of version 3.0 of the SecureSphere(tm) G4 Dynamic Profiling Firewall and MX Management Server application security appliances. This new version represents the first unified security platform to protect enterprise application and database assets from all attack vectors, including Web application hacking, internal database breaches, and worm infections.
The SecureSphere Dynamic Profiling Firewall includes multiple layers of security including a built-in standards-based deep inspection firewall, industry-leading web and database firewalls, and unique protection from Zero Day worms via Imperva’s patent-pending Worm Profiling capability. SecureSphere’s core technology, Dynamic Profiling, is the only technology to address the dynamics associated with securing enterprise application and database environments without requiring manual configuration or tuning. Dynamic profiling automatically learns the behavior of applications to provide security that adapts as business needs drive changes to the environment.
“Applications consistently change over time. As a result, application security requires a solution that can continuously learn new application elements in real-time,” said Shlomo Kramer, CEO of Imperva Inc. “With Dynamic Profiling, we are delivering an automated security model that also provides comprehensive protection from all of the critical threats to business applications and data.”
The Next Generation of Firewall Technology
Users have found that traditional firewall technology has not evolved to meet the new threats posed as hackers and malicious internal users move from network abuse and worm attacks to attacks on the actual applications, business logic and critical data upon which enterprises rely. Instead, current firewall technologies, often categorized as “deep inspection” or “intrusion prevention,” focus on preventing worm storms on internal user segments.
“Today’s mainstream firewalls are indeed getting smarter. However, in terms of ‘application awareness,’ they are generally limited to an understanding of the underlying protocols. They still lack insight into the actual business logic, associated data, and interactions between the two,” said Mark Bouchard, senior program director at META Group, a leading provider of information technology research, advisory services, and strategic consulting. “Thus, they are clearly not comprehensive in terms of meeting the security needs of business applications and databases.”
Dynamic Profiling
SecureSphere’s Total Application Security is based on Dynamic Profiling(tm), which creates a baseline of expected behavior to enable detection and blocking of attempted security breaches. Because application environments are highly dynamic, persistent learning technologies constantly update profiles to reflect recent changes without requiring manual tuning.
SecureSphere’s Dynamic Web Firewall protects the application’s external Web interface based upon the Web elements of the Dynamic Profile. These Web elements include legitimate URLs, HTTP methods, parameters, cookies, response codes and hidden fields, among others. Based upon this understanding of normal user interactions with the Web server, the Dynamic Web Firewall is able to prevent attacks targeting all of the OWASP Top Ten Most Critical Web Application Vulnerabilities (www.owasp.org
SecureSphere’s Dynamic Database Firewall relies on the database elements of the Dynamic Profile to detect unusual database queries of any kind. Database elements include legitimate SQL queries, valid IP addresses per SQL query, valid user names per SQL query, and more. The database firewall prevents direct unauthorized queries from internal sources. SecureSphere’s Correlated Attack Validation algorithms can correlate database firewall violations with Web firewall violations to deliver overall system accuracy that is not possible by Web or Database firewalls working independently.
Zero-Day Web Worm Protection
With the delivery of 3.0, SecureSphere now brings unprecedented Zero-Day Web Worm protection by using the profile to identify behavioral attributes of a potential worm threat. This patent-pending technology can stop the propagation of web-based worms without relying on signatures or other computationally intensive worm-detection algorithms.
A zero-day worm is a self-propagating attack on a previously unknown vulnerability. According to Nicholas Weaver and Vern Paxson, two security researchers who work with the International Computer Science Institute (ICSI), a nonprofit research group associated with the University of California at Berkeley, the direct economic damage of one plausible worst-case worm could be $50 billion or more.
Built-in Deep Inspection
Also included in 3.0 is a comprehensive Deep Inspection Firewall to protect critical server assets from packet level threats such as worms. The Deep Inspection Firewall is included with the purchase of SecureSphere and includes:
* Stateful network firewall to prevent network level access control to application resources.
* Comprehensive signature detection to prevent known attacks on commercial application software platforms such as web servers, mail software, etc.
* Protocol compliance to prevent known and unknown attacks that specifically target protocol vulnerabilities in commercial software.
Existing Customer Deployments and SecureSphere 3.0
Imperva’s initial SecureSphere customer deployments include Financial Services, Government, Health Care and eCommerce companies around the world. With the delivery of 3.0 customers with active subscription contracts are entitled to all of the new features and functionality.
Pricing and availability
Pricing for the complete SecureSphere appliance solution starts at $35,000 for a complete dynamic profiling firewall and centralized management appliance solution including 1 year of software subscription and support. Version 3.0 of the SecureSphere Dynamic Profiling Firewall will be available worldwide September 1st, 2004.
About Imperva, Inc.
Imperva, developer of the first Dynamic Profiling Firewall(tm), delivers Total Application Security solutions — including protection from Web application, database, and worm attacks — requiring no manual configuration or tuning. The firm’s SecureSphere gateway appliances are deployed in leading financial, healthcare, and retail organizations around the globe. Led by Shlomo Kramer, a Check Point Software Technologies founder, Imperva is privately funded by Accel Partners, US Venture Partners, and Venrock Associates.