SecureSphere® Web Application Firewall - Exclusive Networks

S e c u reSphere ®Web Application FirewallProtect Your Critical Web ApplicationsWeb Application FirewallSafeguard Web applications from attacksand data breaches with the market leadingWeb Application Firewall. SecureSpherehelps businesses:» Monitor and protect Web applications» Directly address PCI 6.6 compliance» Automate security operations withDynamic Profiling» Transparently protect Web applications withvirtual patching» Deliver high performance, sub-millisecondlatency, and enterprise-class managementand reportingOnly the marketleading SecureSphereWeb Application Firewalloffers automated,non-intrusive and scalableWeb application security.

Market-Leading Web Application SecurityThe SecureSphere® Web Application Firewall protectsWeb applications against sophisticated attacks, stopsonline identity theft, and prevents data leaks fromapplications. Multiple configuration options, includinglayer 2 bridge, proxy and non-inline monitor, enabledrop-in deployment with no changes to existingapplications or network.Internal UsersSECURESPHEREWEB APPLICATIONFIREWALLData Center and DMZWeb & Web ServicesApplication ServersAs the market-leading Web application firewall, moreorganizations rely on Imperva to monitor and protecttheir critical Web applications than any other vendor.Imperva SecureSphere provides your business witha practical and highly secure solution to ensure thatyour Web applications and data are safe.INTERNETSECURESPHEREMANAGEMENT SERVERAccurately Monitor and ProtectWeb ApplicationsThe SecureSphere Web Application Firewallleverages multiple inspection layers andsecurity defenses to provide the highestlevel of protection.HTTP Protocol ValidationHTTP protocol validation prevents protocolexploits including buffer overflow,malicious encoding, HTTP smuggling,and illegal server operations. Flexiblepolicies enable strict adherence to RFCstandards while allowing minor variationsfor specific applications.Data Leak PreventionSecureSphere inspects outbound traffic toidentify potential leakage of sensitive datasuch as cardholder data and social securitynumbers. In addition to reporting on wheresensitive data is used in the application,SecureSphere can optionally prevent thisinformation from leaving the organization.Network and Platform ProtectionSecureSphere delivers comprehensiveprotection against known attacks targetingWeb server, middleware and platformvulnerabilities, sourcing more than 6,500signatures from the Imperva ApplicationDefense Center (ADC). ADC signaturesaddress not only the attacks found insources including Bugtraq, CVE®, andSnort®, but also threats found throughoriginal ADC research. SecureSphere alsodefends against new, zero-day Web wormattacks by detecting and identifying theirunique combination of attributes.SecureSphere’s integrated stateful firewallprovides protection from both externaland internal unauthorized users, protocols,and network attacks, while meeting bestpractice security mandates by preventingnon-essential protocols from reachingsensitive Web applications.Unparalleled AccuracyImperva’s unique Correlated AttackValidation technology correlatesviolations across security layers andover time to accurately identify the mostcomplex attacks. Individual violationsmay not definitively indicate attack, butby correlating unique combinations ofviolations, attacks are validated beyonda doubt.Web 2.0 and Web Services ProtectionSecureSphere protects dynamic Web 2.0and Web Services by learning how theseapplications behave. It learns XML files,elements, attributes, schema, variables, andSOAP actions. SecureSphere will identifyand block any attempt to tamper withnormal Web services behavior. It will alsoprotect against threats common to Web 2.0applications, including SQL injection, XSS,CSRF, and many others.Automate Security OperationsAutomated Application LearningSecureSphere’s unique Dynamic Profilingtechnology automatically learns thestructure, elements, and expected usagepatterns of protected Web applications.Dynamic Profiling automatically detectsand incorporates valid application changesinto the application profile over time. Bycomparing Web requests to the profile,SecureSphere can detect unacceptablebehavior and prevent malicious activitywith pinpoint precision.Application User TrackingUsing Dynamic Profiling, SecureSphereautomatically captures Web applicationuser names and associates all subsequentsession activity with that specific username. As a result, SecureSphere canuniquely monitor, enforce and audit policyon a per user basis.Up-to-Date Security from the ADCThe Imperva ADC, an internationallyrecognized security research organization,continuously investigates newvulnerabilities reported worldwide,analyzes exploit traffic from manydifferent Web sites, and conducts primaryvulnerability research to identify the latestthreats. The results of this research areupdated defenses at various layers withinSecureSphere, including signatureupdates, protocol validation policies,and correlation rules.SecureSphere protects against many application attacks, including:• Web, HTTPS(SSL) and XMLVulnerabilities• SQL Injection• Session Hijacking• Cross Site Scripting (XSS)• Form Field Tampering• Web Worms• Buffer Overflow• Cookie Poisoning• Denial of Service• Malicious Robots• Parameter Tampering• Brute Force Login• Malicious and Illegal Encoding• Directory Traversal• Web Server and OS Attacks• Site Reconnaissance• OS Command Injection• Cross-Site Request Forgery(CSRF)• Google Hacking• Remote File Inclusion Attacks• Phishing• Sensitive Data Leakage (SSNs,Cardholder data, PII, HPI)• Data Destruction• Anonymous ProxyVulnerabilities

PCI 6.6 Compliance RequirementsSecureSphere Web Application Firewallhelps thousands of Enterprise organizations,including e-commerce, retail, banking,education, technology, and gamingcompanies, meet PCI 6.6.SecureSphere includes over 300 pre-definedreports to automate compliance mandates,including PCI. SecureSphere offers businessrelevant reporting so technical, business unitowners, and PCI auditors can view the rightreport for their specific need.Enable Non-IntrusiveDeploymentNo Network or Application ChangesSecureSphere provides the mostdeployment options of any WAF in theindustry, including a unique transparentdeployment option that enablesdeployment without requiring any networkor application changes.SecureSphere delivers multi-Gigabitthroughput and tens of thousands oftransactions per second while maintainingsub-millisecond latency.» Transparent Layer 2 Bridge – dropindeployment and industry-bestperformance» Layer 3 Router – network segmentation,routing and network address translation» Reverse Proxy – content modification,such as cookie signing and URL rewriting» Transparent Proxy – fast deploymentof content modification withoutnetwork changes» Non-Inline Monitor – zero-riskmonitoring and forensicsFlexible High Availability OptionsSecureSphere supports a broad range ofhigh availability options:» Imperva High Availability (IMPVHA) -sub-second failover» Virtual Router Redundancy Protocol(VRRP) – router or proxy deployments» Active-Active and Active-PassiveRedundancy – external availabilitymechanisms» Fail-open interfaces – single-gatewayavailability» Non-inline deployment – zero riskmonitoring and assessmentProvide Enterprise-GradeCentralized ManagementSupport for Large, DistributedDeploymentsSecureSphere can be deployed as astandalone appliance or scale to protectlarge and/or distributed data centers.The SecureSphere MX ManagementServer offers a centralized configuration,monitoring, and reporting infrastructureto manage multiple appliances andapplications from a single console.Best-in-Class Monitoringand ReportingA real-time dashboard provides a high levelview of system status and security events.Alerts are easily searched, sorted, anddirectly linked to corresponding securityrules. SecureSphere offers rich graphicalreporting capabilities, enabling customersto easily understand security status andmeet regulatory compliance requirements.There are both pre-defined and fullycustomizableWeb based reports. Thesecan be viewed on demand or emailed on adaily, weekly or monthly basis.Hierarchical ManagementManagement of large enterprise and ASPenvironments is streamlined throughhierarchical organizational groupings,granular administrative permissions, and aunique task-oriented workflow.Integrate with 3rd PartyEnterprise ApplicationsSecureSphere integrates with large scaleenterprise applications to integrate WebApplication Firewall with overall securityactivities. This includes leading SIEM andLog Management solutions, directorysolutions for role based authentication, andWeb Application Scanning solutions forvulnerability assessment.Dynamic Profiling for Accurate Protection and Automated Policy ConfigurationAccurate Web application security requires understanding hundreds of thousands ofconstantly changing variables including URLs, parameters, form fields and cookies.Imperva’s innovative, patent-pending Dynamic Profiling technology automaticallyprofiles all Web application elements and builds a baseline of acceptable userbehavior. By building an accurate profile or “white list” of application usage, DynamicProfiling streamlines monitoring and security policy configuration without requiringextensive manual configuration or tuning. Plus, SecureSphere automatically detectsand incorporates valid application changes into the application profile over time.Dynamic Profiling can also generate a complete profile report of your applicationswith real usage statistics that can be used to audit whether actual application usagematches intended usage.

SecureSphere Features and Appliance SpecificationsWeb SecurityDynamic Profile (White List security)Web server & application signaturesHTTP RFC complianceNormalization of encoded dataSee list of attacks prevented on page 2HTTPS/SSL InspectionPassive decryption or terminationOptional HSM for SSL key storageWeb Services SecurityXML/SOAP profile enforcementWeb services signaturesXML protocol conformanceContent ModificationURL rewriting & obfuscationCookie signingCookie encryptionCustom error messagesError code handlingPlatform SecurityOperating system intrusion signaturesKnown and zero-day worm securityNetwork SecurityStateful firewallDoS preventionAdvanced Application ProtectionCorrelation rules incorporate all securityelements (white list, black list) to detectcomplex, multi-stage attacksData Leak PreventionCredit card numberPII (Personally Identifiable Information)Pattern matchingPolicy/Signature UpdatesSecurity updates provided weekly orimmediately for critical threatsAuthenticationAll authentication methods supportedtransparently and inspected in bridge andnon-inline monitor modes. Can activelyauthenticate users in proxy mode.Support for RSA Access Manager fortwo-factor authenticationSupport for LDAP (Active Directory)User AwarenessAutomated Tracking of Web ApplicationUsersDeployment ModesTransparent Bridge (Layer 2)Router/NAT (Layer 3)Reverse Proxy and Transparent Proxy (Layer 7)Non-inline Sniffer (Monitoring only)ManagementWeb User Interface (HTTP/HTTPS)Command Line Interface (SSH/Console)AdministrationMX Server for centralized managementIntegrated management option (all modelsexcept G16 FTL)Hierarchical management groupingsLogging/Monitoring/ReportingReal-time dashboardIntegrated graphical reporting (HTML, PDF,CSV formats)SNMPSyslogEmailCommon Event Format (CEF)High AvailabilityIMPVHA (Active/Active, Active/Passive)Fail-open interfaces (bridge mode only)VRRPSTP and RSTPIntegration with 3rd Party EnterpriseApplicationsSIEM/SIM tools: ArcSight, RSA enVision, PrismMicrosystems, Q1 Labs, TriGeo, NetIQLog Management: CA ELM, SenSage,Infoscience Corp.Web application vulnerability scanners: IBM,Cenzic, NTObjectives, othersSpecification SecureSphere G2 SecureSphere G4 SecureSphere G8 SecureSphere G16 FTLThroughput 100 Mbps 500 Mbps 1,000 Mbps 2,000 MbpsMax HTTP Trans/Sec 8,000 22,000 36,000 44,000Latency Sub-millisecond Sub-millisecond Sub-millisecond Sub-millisecondInterfaces 4 x 10/100 Mbps 6 x 10/100/1000 Mbps(max 4 Fiber interfaces)6 x 10/100/1000 Mbps(max 4 Fiber interfaces;optional 10 Gbps interfaces)6 x 10/100/1000 Mbps(max 4 Fiber interfaces;optional 10 Gbps interfaces)Interface Types Copper Copper/Fiber SX/Fiber LX Copper/Fiber SX/Fiber LX Copper/Fiber SX/Fiber LXMax Network Segments(1)Bridge; (3)Proxy,(1)Non-inline(2)Bridge; (5)Router,Non-inlineForm Factor 1U; 19-inch rack 1U; FTL Model:2U19-inch rackHard Drive 80GB SATA 250GB SATA; FTL Model:(2) Hot-Swap 250GB SATAPower Supply 250W 350W; FTL Model:(2) Hot-Swap 750W total(2)Bridge; (5)Router,Non-inline1U; FTL Model:2U19-inch rack250GB SATA; FTL Model:(2) Hot-Swap 250GB SATA350W; FTL Model:(2) Hot-Swap 750W total(2)Bridge; (5)Router,Non-inline2U 19-inch rack(2) Hot-Swap 250GB SATA(2) Hot-Swap 750W totalAC Power 90-264V, 47-63 Hz 100-240V, 50-60 Hz 100-240V, 50-60 Hz 100-240V, 50-60 HzImpervaNorth America HeadquartersInternational Headquarters3400 Bridge Parkway 125 Menachem Begin StreetSuite 101 Tel-Aviv 67010Redwood Shores, CA 94065IsraelTel: +1-650-345-9000 Tel: +972-3-6840100Fax: +1-650-345-9004 Fax: +972-3-6840200Toll Free (U.S. only): +1-866-926-4678www.imperva.com© Copyright 2009, ImpervaAll rights reserved. Imperva and SecureSphere are registered trademarks of Imperva.All other brand or product names are trademarks or registered trademarks of their respective holders. #DS-WAF_0409rev1