Printer Friendly
The Free Library
22,728,043 articles and books

IMPERVA UNVEILS NEXT-GENERATION FIREWALL TECHNOLOGY.



Imperva, Inc., Foster City, Calif., a provider of application security solutions, has unveiled version 3.0 of the SecureSphere(TM) G4 Dynamic Profiling Firewall and MX Management Server application security appliances Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. . This new version represents the first unified security platform to protect enterprise application and database assets from all attack vectors The approach used to assault a computer system or network. A fancy way of saying "method or type of attack," the term may refer to a variety of vulnerabilities. For example, an operating system or Web browser may have a flaw that is exploited by a Web site. , including Web application hacking See hack and hacker. , internal database breaches, and worm infections.

The SecureSphere Dynamic Profiling Firewall includes multiple layers of security including a built-in standards-based deep inspection firewall, industry-leading web and database firewalls, and unique protection from Zero Day worms via Imperva's patent-pending Worm Profiling capability. SecureSphere's core technology, Dynamic Profiling, is the only technology to address the dynamics associated with securing enterprise application and database environments without requiring manual configuration or tuning. Dynamic profiling automatically learns the behavior of applications to provide security that adapts as business needs drive changes to the environment.

"Applications consistently change over time. As a result, application security requires a solution that can continuously learn new application elements in real-time," said Shlomo Kramer, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board.  of Imperva Inc. "With Dynamic Profiling, we are delivering an automated security model that also provides comprehensive protection from all of the critical threats to business applications and data."

The Next Generation of Firewall Technology

Users have found that traditional firewall technology has not evolved to meet the new threats posed as hackers and malicious internal users move from network abuse and worm attacks to attacks on the actual applications, business logic and critical data upon which enterprises rely. Instead, current firewall technologies, often categorized cat·e·go·rize  
tr.v. cat·e·go·rized, cat·e·go·riz·ing, cat·e·go·riz·es
To put into a category or categories; classify.



cat
 as "deep inspection" or "intrusion prevention See IPS and IDS. ," focus on preventing worm storms on internal user segments.

"Today's mainstream firewalls are indeed getting smarter. However, in terms of 'application awareness,' they are generally limited to an understanding of the underlying protocols. They still lack insight into the actual business logic, associated data, and interactions between the two," said Mark Bouchard, senior program director at META Group, a leading provider of information technology research, advisory services advisory services

advisory services provided to the public, in their capacity as owners and managers of animals, are an important part of veterinary science. They may be provided by government bureaux, by commercial companies who deal in pharmaceuticals or animals or animal
, and strategic consulting. "Thus, they are clearly not comprehensive in terms of meeting the security needs of business applications and databases."

Dynamic Profiling

SecureSphere's Total Application Security is based on Dynamic Profiling(TM), which creates a baseline of expected behavior to enable detection and blocking of attempted security breaches. Because application environments are highly dynamic, persistent learning technologies constantly update profiles to reflect recent changes without requiring manual tuning.

SecureSphere's Dynamic Web Firewall protects the application's external Web interface based upon the Web elements of the Dynamic Profile. These Web elements include legitimate URLs, HTTP HTTP
 in full HyperText Transfer Protocol

Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol.
 methods, parameters, cookies, response codes and hidden fields, among others. Based upon this understanding of normal user interactions with the Web server, the Dynamic Web Firewall is able to prevent attacks targeting all of the OWASP (Open Web Application Security Project) An organization founded by Mark Curphey in 2001 to help make open source software secure. With member communities around the world, OWASP projects are involved with specific programming languages, functions and  Top Ten Most Critical Web Application Vulnerabilities

For more information, visit http://www.owasp.org.

SecureSphere's Dynamic Database Firewall relies on the database elements of the Dynamic Profile to detect unusual database queries of any kind. Database elements include legitimate SQL SQL
 in full Structured Query Language.

Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results.
 queries, valid IP addresses per SQL query, valid user names per SQL query, and more. The database firewall prevents direct unauthorized queries from internal sources. SecureSphere's Correlated Attack Validation algorithms can correlate database firewall violations with Web firewall violations to deliver overall system accuracy that is not possible by Web or Database firewalls working independently.

Zero-Day Web Worm Protection

With the delivery of 3.0, SecureSphere now brings unprecedented Zero-Day Web Worm protection by using the profile to identify behavioral attributes of a potential worm threat. This patent-pending technology can stop the propagation of web-based worms without relying on signatures or other computationally intensive worm-detection algorithms.

A zero-day worm is a self-propagating attack on a previously unknown vulnerability. According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.
 Nicholas Weaver and Vern Paxson Vern Paxson is an Internet researcher based at the International Computer Science Institute in Berkeley, California. His interests range from transport protocols to intrusion detection and worms. , two security researchers who work with the International Computer Science Institute (ICSI ICSI - International Computer Science Institute at Berkeley, CA. ), a nonprofit A corporation or an association that conducts business for the benefit of the general public without shareholders and without a profit motive.

Nonprofits are also called not-for-profit corporations. Nonprofit corporations are created according to state law.
 research group associated with the University of California at Berkeley (body, education) University of California at Berkeley - (UCB)

See also Berzerkley, BSD.

http://berkeley.edu/.

Note to British and Commonwealth readers: that's /berk'lee/, not /bark'lee/ as in British Received Pronunciation.
, the direct economic damage of one plausible worst-case worm could be $50 billion or more.

For more information, visit http://www.dtc.umn.edu/weis2004/weaver.pdf.

Built-in Deep Inspection

Also included in 3.0 is a comprehensive Deep Inspection Firewall to protect critical server assets from packet level threats such as worms. The Deep Inspection Firewall is included with the purchase of SecureSphere and includes the following:

* Stateful network firewall to prevent network level access control to application resources.

* Comprehensive signature detection to prevent known attacks on commercial application software platforms such as web servers, mail software, etc.

* Protocol compliance to prevent known and unknown attacks that specifically target protocol vulnerabilities in commercial software.

Existing Customer Deployments and SecureSphere 3.0 Imperva's initial SecureSphere customer deployments include Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page.
, Government, Health Care and eCommerce companies around the world. With the delivery of 3.0 customers with active subscription contracts are entitled to all of the new features and functionality.

Pricing and availability

Pricing for the complete SecureSphere appliance solution starts at $35,000 for a complete dynamic profiling firewall and centralized cen·tral·ize  
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es

v.tr.
1. To draw into or toward a center; consolidate.

2.
 management appliance solution including 1 year of software subscription and support. Version 3.0 of the SecureSphere Dynamic Profiling Firewall will be available worldwide September 1st, 2004.

About Imperva, Inc.

Imperva, developer of the first Dynamic Profiling Firewall(TM), delivers Total Application Security solutions -- including protection from Web application, database, and worm attacks -- requiring no manual configuration or tuning. The firm's SecureSphere gateway appliances are deployed in leading financial, healthcare, and retail organizations around the globe. Led by Shlomo Kramer, a Check Point Software Technologies founder, Imperva is privately funded by Accel Partners, US Venture Partners, and Venrock Associates.

For more information, call 415/442-4038 or visit http://www.imperva.com.
COPYRIGHT 2004 Worldwide Videotex
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004 Gale, Cengage Learning. All rights reserved.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:SecureSphere Dynamic Profiling Firewall
Publication:Computer Security Update
Geographic Code:1USA
Date:Oct 1, 2004
Words:942
Previous Article:CA EXTENDS PRESENCE IN CONSUMER DESKTOP SECURITY MARKET.
Next Article:MPOWER OFFERS CSCI OFFICESCREEN FIREWALL/VPN SERVICES.
Topics:



Related Articles
3-D Web Application Risk Assessment Service.
3-D Web Application Risk Assessment Service.
Imperva Discovers and Helps Microsoft Address SQL Server Vulnerability; Application Defense Center Submits Audit Evasion Vulnerability to Microsoft.
Dynamic firewall.
Staffmark Selects Imperva to Protect PeopleSoft Self-Service Web Applications.
BREACH SECURITY UNVEILS BREACHGATE WEBDEFEND ENTERPRISE 2.0.
Imperva SecureSphere audits all database changes.
Security news and products; Universal Visibility Architecture.
CROSSBEAM SYSTEMS RANKED NUMBER ONE AGAIN IN UTM.

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters