Call a Specialist Today! 800-886-5369

Imperva ThreatRadar Community Defense
Keep Your Website Safe and Available with Crowd-Sourced Threat Intelligence

Imperva ThreatRadar Community Defense

Overview:

Your organization faces a never-ending battle against hackers. Without the latest defenses, hackers can infiltrate your website and steal sensitive data, causing brand damage and lost revenue. ThreatRadar Community Defense safeguards your website by gathering attack data from SecureSphere deployments around the world and translating that data into security policies.

With crowd-sourced threat intelligence provided by Community Defense, you can neutralize hackers targeting web applications to prevent multi-million data breaches and costly website downtime.

ThreatRadar Community Defense, an industry-leading innovation for ThreatRadar Reputation Services, delivers crowd sourced threat intelligence to SecureSphere Web Application Firewalls. Community Defense gathers attack data from SecureSphere WAF deployments around the world and translates this data into attack patterns, policies, and reputation feeds. Crowd-sourced security content is distributed in near-real time to fortify the entire community against emerging threats. ThreatRadar Community Defense demonstrates the positive network effect of sharing attack data, a new threat reported from one company could protect hundreds of web applications that are being protected by SecureSphere.

While ThreatRadar Reputation Services relies on security information from leading external security providers, Community Defense draws on live attacks detected by SecureSphere Web Application Firewalls. Together, they provide the most comprehensive protection on the market.

Web Security

Key Capabilities :

  • Strengthen ThreatRadar reputation services with community insight
  • Prevent Never-Before-Seen attacks with Patent-Pending Defenses
  • Deflect attacks from malicious scanners and SQL injection attack sources
  • Securely share data to bolster your application defenses

Features:


Strengthen ThreatRadar reputation services with community insight

Community Defense protects your website from damaging attacks by harnessing the collective insight of SecureSphere deployments around the world. It builds on the early warning provided by ThreatRadar Reputation Services with threat intelligence from Web Application Firewalls on the frontlines of attack. This arms your organization with defenses against attackers specifically targeting Web applications, so they can be blocked before they can do damage.

Prevent Never-Before-Seen attacks with Patent-Pending DefensesPrevent Never-Before-Seen attacks with Patent-Pending Defenses

With Community Defense, you can prevent total web server takeover, defacement, and data theft by stopping zero-day attacks. This service uses patent-pending technology to gather suspicious Web requests, validate that those requests are attacks, and then transform identified attacks into signatures. With Community Defense, you can block dangerous threats like zero-day Remote File Inclusion (RFI) attacks without blocking your customers and partners.

Deflect attacks from malicious scanners and SQL injection attack sources

With Community Defense, you will be able to drastically lower the risk of a data breach by blocking users that repeatedly scan and attack websites. Hackers don’t just target one site, they probe and attack many sites. In fact, 48% of SQL injection attacks originate from users that attacked multiple sites or performed multiple attacks. Community Defense identifies the sources that have scanned or attacked two or more websites, keeping your applications secure.

Securely share data to bolster your application defensesSecurely share data to bolster your application defenses

Community Defense improves SecureSphere’s attack stopping power by identifying zero-day web attacks and attack sources. Since security is your top priority, we’ve gone to great lengths to ensure the confidentiality of data we collect. To that end, SecureSphere automatically removes all private, customer-specific content before sending data to the ThreatRadar cloud, ensuring Community Defense feeds are secure and anonymous. ThreatRadar customers that share their attack data receive Community Defense feeds free of charge.

Deployment:


ThreatRadar Community Defense

Harnessing the collective insight of SecureSphere deployments around the world, ThreatRadar Community Defense delivers crowd-sourced threat intelligence to ThreatRadar-enabled SecureSphere Web Application Firewalls. ThreatRadar Community Defense uses patent-pending algorithms to translate attack information it gathers into attack patterns, policies, and reputation data. Community Defense distributes these feeds in near-real time to fortify the entire community against emerging threats.

While ThreatRadar Reputation Services relies on security information from leading external security providers, Community Defense draws on live attacks detected by SecureSphere Web Application Firewalls. ThreatRadar Reputation customers who opt to send anonymized attack data to the ThreatRadar cloud will receive ThreatRadar Community Defense free of charge.

ThreatRadar Community Defense

Multiple SecureSphere Deployment Options

  • Transparent Layer 2 Bridge: Drop-in deployment and industry-best performance
  • Reverse Proxy and Transparent Proxy: Provide content modification, such as cookie signing and URL rewriting
  • Non-inline Monitor: Zero risk monitoring and forensics
  • High Availability: IMPVHA, VRRP, fail open interfaces, existing redundancy options, non-inline deployment
Multiple SecureSphere Deployment Options

Specifications:

Specification Description
Malicious Sources
  • IP addresses conducting SQL injection attacks
  • IP addresses scanning multiple websites with desktop scanners and malicious scanners
  • IP addresses performing comment spam
Malicious Attack Strings
  • Zero-Day Remote File Inclusion Attacks
Communications to ThreatRadar servers
  • SSL encrypted communications between ThreatRadar cloud servers, MX Management server and SecureSphere gateways
Security Feed Updates
  • Continuous updates; frequency ranges from near real time to daily depending on feed type and configuration
Data Feed Sources
  • Imperva SecureSphere Web Application Firewalls
  • Imperva Application Defense Center (ADC) provides malicious sources, scores and validates feeds, and maintains a Global trusted IP list
SecureSphere Integration
  • Pre-defined and custom SecureSphere security policies
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • Pre-defined and custom graphical reports
  • Real-time dashboard
Supported Products
Pre-Requisites
  • ThreatRadar Reputation Services subscription

Documentation:

Download the SecureSphere ThreatRadar Datasheet (PDF).