• Imperva specializes in end-to-end security offerings that protect applications and data from security breaches and data leaks.
• The company’s products provide customers with an audit trail that tracks user activity, which is important for regulatory compliance.
• “Because we look at Web applications and the database, we’re the only company out there that covers any end-to-end solution for all things data-centric,” says Brian Contos, chief security strategist at Imperva.
Networking security solutions provider Imperva has an impeccable pedigree for its specialty. Its founder and CEO Shlomo Kramer has been an integral part of the network security space since he co-founded Check Point Software Technologies back in 1993. After helping to create numerous network security solutions at Check Point, he went in his own direction and founded Imperva in 2002.
Brian Contos, chief security strategist at Imperva (www.imperva.com), says that even though there were plenty of network security solutions available, Kramer noticed that none of these solutions specifically addressed application and data security. “He wanted to put a specific focus on data security for protecting Web applications and databases,” Contos says.
Eight years later, Imperva now has customers from a wide range of verticals, including three of the top five U.S. commercial banks; more than 60 state, local, and federal government agencies or departments; and top healthcare providers, grocery stores, and utilities, in addition to more than 100 SMEs in various fields. Accor North America, GoDaddy.com, Agilent, and Vonage are among the many companies that have all deployed Imperva solutions.
“We have a global reach right now with thousands of customers worldwide, and we want to continue growing that into both midsized businesses as well as large enterprises and service providers,” Contos says.
End-To-End Data-Centric Network Solutions
According to Contos, Imperva believes that network threats are for the most part targeting data security issues rather than the old paradigm of network security issues. “Because we look at Web applications and the database, we’re the only company out there that covers any end-to-end solution for all things data-centric,” Contos says. “We’d like to continue pushing that forward.”
Contos explains that focusing on the network ultimately makes for a better solution than focusing only on the data itself. “If you asked anybody about security a few years ago, they would tell you they have a network firewall, antivirus protection, an IDS, VPN, and things like that. These are all important. But today’s attacks, like SQL injections, cross-site scripting (XSS), [and] cross-site request forgery (CSRF), are focused on the applications and databases at the application/database layer. It doesn’t matter whether the attacks are coming from an insider or an outsider [because] data is data,” says Contos.
But too many organizations are trying to stop data-centric attacks with yesterday's technology. "It's a bit like stopping raindrops with a tennis racket. It's not going to do a really great job. But you can mitigate [attacks] with data-centric controls, such as Web application firewalls, database firewalls, and database activity monitoring [tools], and that’s what we offer,” says Contos.
Imperva’s SecureSphere appliance is the central component around which all the company’s solutions revolve. Imperva offers several different models, including those that have fault tolerance capabilities and those that can handle copper and different fiber interfaces. Imperva also offers a series of management servers called SecureSphere MX that integrates the configuration and monitoring of distributed SecureSphere gateway deployments.
SecureSphere Standard Edition offers affordable, effective data security for SMEs, with automated protection against data-centric attacks. It comes with Imperva’s WAF (Web Application Firewall) and its DAS (Discovery and Assessment Server), which give users the ability to assess database vulnerabilities, as well as provide means to fix them. “It will go out and find all of your applications and databases and classify all the data, so essentially you know what you’re trying to protect,” Contos says. “You know what the bad guys are targeting, you know what type of data they can take, [and] you know where they reside, so you can apprise appropriate controls at that point.”
Imperva considers its WAF a next-generation Web application firewall because of its ability to profile the ways in which users interact with applications and to track user activity from the application into the database and back so that administrators obtain an end-to-end stream of what users are doing. “Nobody else in the industry can do correlation at the data level because they don’t have the second component, which is our Database Firewall and our DAS, which provides all those same things that our WAF provides with the addition of a full data audit for the database outside of the database,” says Contos.
There are obvious advantages to auditing databases using an outside appliance solution like the one Imperva offers. First off, any substantive audit done on a database kills performance. “Nobody buys a database saying let’s size it for running a full-blown audit,” Contos says.
In addition, if for whatever reason you have a malicious user inside your organization, Imperva’s database solution lets IT administrators and data center managers secure the system from them. “Since you’re handling security outside of the database, there is nothing for [malicious users] to delete and no tracks to hide because they don’t even know it’s there,” Contos says.
Contos presents a real-world example of how Imperva’s database solutions can limit damage caused by malicious hackers. Most states have breach disclosure laws, which means that if a database storing a million customer records gets hacked, you need to be able to show evidence of what occurred. “If you don’t know the specifics of the intrusion, you have to tell these million or so customers that their data was compromised,” which Contos says could lead to having to buy the customers credit card monitoring services for a year, possibly losing them as customers, facing bad PR, and/or losing revenue. “Replay the same scenario where you’re running our Database Firewall and DAS. You have empirical evidence that the hacker only accessed [a single] table that contains records for 100 customers,” Contos says. “With hacking, it’s not a question of if but of when. And when it happens, you want to make sure you’re limiting your liability as much as possible.”
Using Attackers Against Themselves
ThreatRadar, Imperva’s latest add-on security solution, provides automated defense against automated attacks leveraging the strengths that these sorts of attacks use. “It’s an industry-changing solution [because] we take that automation and turn it on its ear,” says Contos. “We track botnets, phishing sites, spammers, malicious IP addresses, hostile geographies, and other things of this nature, all of which change by the minute, and update our customers' solutions with these. It's like a real-time antivirus update that's constantly being pushed to our customers,” he says.
According to Contos, the big upside for ThreatRadar users is that they no longer have to waste time dealing with these automated attacks because ThreatRadar will automatically block or redirect that traffic. “Now, instead of looking at those 10,000 attacks, you know what’s happening and can run reports, but you don’t have to focus on these basic industrialized hackers,” says Contos. “You can focus on advanced persistent threats, or APTs—the ones that are directly targeting your business—without getting inundated with all that noise.”
by Robyn Weisman
Featured Imperva Products |
|Product ||Description |
|Database Firewall ||Protects databases from attacks, data leakage, and other unauthorized activity without impacting the performance of the database itself. Also provides independent audit trail of user activity. Offers built-in security policies, rules, and reports for a range of regulations, including HIPAA and Sarbox. |
|SecureSphere Appliances ||A selection of high-performance network security appliances that provides a reliable, scalable platform and starting point for Imperva network security solutions. |
|ThreatRadar ||Automated add-on security service for the Web Application Firewall that defends against automated attacks, such as those from botnets, phishing sites, and other malicious sources. |
|Web Application Firewall ||Protects Web applications from SQL injection, cross-site scripting, and other sophisticated attacks and provides user profiling and other automated reporting capabilities to manage security policies. |