Imperva Inc., which has been selling web application security appliances for the last twelve months, will shortly announce it has added firewall features and a web worm blocker to version 3.0 of its flagship SecureSphere boxes.
The system comprises the G4 Dynamic Profiling Firewall, the inline policy-enforcement device, and the MX Management Server, which makes some of the policy decisions based on information it receives from the firewalls.
The company has added a feature to the new version, available September 1, which it says can block zero-day web worms based on four prewritten rules – looking for unknown URLs, destination directories, session IDs and hostnames.
Imperva has also added a deep inspection firewall to the devices. This piece is based on the open source Snort intrusion detection system software, as well as some proprietary signature technology developed in the company’s research labs.
The firm says SecureSphere has a layered approach to security, which looks for not only the signatures of known application attacks, but also for patterns of behavior that deviate from the norm and could imply an attack.
The system creates profiles of good traffic, based on elements such as URLs, cookies, input parameters and the likes, and can then flag deviations as possibly malicious. This is not an unusual way to protect web applications.
But Imperva says its system is designed to not require constant tuning to reduce false positives. The company reckons the software can tell the difference between an attack and a message that is unrecognized because the application has been changed.
The market for application firewalls also includes the likes of Sanctum Inc., NetContinuum Inc. and Teros Inc. Imperva claims its systems require less ongoing manual configuration that its rivals’ appliances.
Companies are fed up with the amount of administrative overhead [in competing products]. They like our story of automation, said director of product marketing Mark Kraynak. He said Imperva has 20 paying customers and many more in pilot.
There’s a lower cost of ownership story, Kraynak said, because companies don’t have to have application developers constantly communicating their changes to a security employee who is tuning the firewall full-time to accommodate them.