 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
Imperva SecureSphere v2 Stops
Known, Unknown Attacks On Apps
Imperva Inc, a leader in data center application security, announced the
availability of SecureSphere v2 with a series of new capabilities that
complement and extend the existing state-of-the-art Correlated Attack
Validation architecture of the first security product designed specifically to
secure Internet and intranet applications in the corporate data center.
After years of application penetration testing on behalf of enterprise and
public sector clients, Imperva created and launched the SecureSphere family of
products in 2002. SecureSphere is the attack prevention solution for the
security challenges presented by Internet or intranet applications such as
e-commerce, online banking, and supply chain management found in today's data
centers. These applications consist of two elements that each requires a
different type of protection; the commercial platform applications and the
enterprise business logic and data. SecureSphere includes state-of-the-art
Intrusion Prevention to protect the commercial platform applications, but adds
a proprietary technology named Correlated Attack Validation which detects and
stops attacks on the unique business logic and data.
Web services, utility computing, .NET, CPU harvesting and distributed
computing are just a few of the technologies that fall under the Grid
computing umbrella. Gt04 -- a premiere enterprise Grid computing conference
targeting industrial and commercial users -- will gather experts, and outline
strategies and road maps for Grid deployment. For more information, visit
www.gt04.com.
Grid computing is here!
The Most Advanced Application Intrusion Prevention
Attacks on application infrastructure products (web server, database
server,
etc.) are referred to as known or signature attacks. Imperva's Application
Defense Center (ADC) -- the world's premiere application security research
group -- has completed over 250 application penetration tests for customers
and determined the number of vulnerabilities to known attacks typically
represent only about 15 percent of all potential vulnerabilities in these
applications. But because known attacks are launched en mass to exploit known
vulnerabilities, they must be blocked immediately and very accurately to avoid
massive spread and damage.
SecureSphere v2 adds robust attack signature management capabilities to its
existing intrusion prevention capability. Derived from the work of ADC, this
capability supersedes what some security companies provide with Deep Packet
Inspection technology. SecureSphere v2 automates the process of applying the
appropriate signatures to a particular application based on their
applicability and the company's risk tolerance. All attack signatures are not
relevant to all applications. And some are more prone to false positives than
others. So IT departments need the ability to intelligently choose and apply
which known attacks they wish to protect against. The new SecureSphere allows
users to customize their application intrusion prevention in order to achieve
the highest accuracy for their data center environment.
SecureSphere v2 also adds a new deployment option for the SecureSphere
sensor.
The sensor can now be installed as a bridge to the application as well as in
the existing network sniffing mode. So now it is capable of taking blocking
action in-line in the case of known attacks. Using the transparent bridging
technology, in-line protection can be "plugged-in" the network with complete
transparency and without any change to existing network architecture or any
performance impact on the application.
Improved Correlated Attack Validation -- Persistent Learning
SecureSphere v2 adds Persistent Learning to its proprietary Correlated
Attack
Validation. Correlated Attack Validation is the third screen that suspicious
events must pass through that enables accurate detection. While SecureSphere's
application firewall and application intrusion prevention capabilities include
the most accurate available technologies, application firewall and IPS by
themselves are still prone to generating false positives if used alone.
Applications are too customized and dynamically changing to rely on any rule
base being 100 percent accurate at any point in time. Correlated Attack
Validation associates the numerous events that are suspicious, but by
themselves not obvious attacks, by user session over time. This eliminates
false positives by separating simple errors or unusual uses from malicious
attacks.
The new Persistent Learning enables SecureSphere to automatically adapt to
changes in the application it is protecting. As applications are changed,
SecureSphere can detect the difference between an unknown request that is a
potential attack and one which is related to a new application capability.
This enables SecureSphere to exist in real-world application data center
environments where applications are changed frequently, but still require
accurate detection of attacks to avoid false positives.
"Most security managers are faced with a new challenge in securing the
applications in their data center. Securing the platform applications that
they are based on -- like Microsoft IIS or Apache or the SQL database -- is
the first and easiest step," said Imperva CEO Shlomo Kramer. "Securing the
business logic and proprietary data is equally as critical, and yet more
difficult due to the need to achieve accurate protection of a custom code
base. With SecureSphere the security manager gets a single comprehensive
solution for securing all aspects of the Internet and intranet applications in
their data center. SecureSphere was designed on four years of penetration
testing knowledge to protect what we call the application sphere in its
entirety with accuracy and transparency that no other solution can come close
to."
Improved Enterprise Management And Deployability
SecureSphere v2 also includes new deployment and management options to
reduce
operational costs. A comprehensive reporting tool delivers illustrative
evidence regarding the security of these important applications. In addition,
the SecureSphere sensor has been streamlined as a complete and automated build
with a hardened and compatible operating system as well as the sensor
code.
|