Crowd-sourced attack data now key to web application defence, says Imperva

Announces ThreatRadar Community

Imperva used this week's Infosecurity Show in London to announce what it believes is a key innovation for its line of web application firewalls - crowd-sourced threat data.

Called ThreatRadar Community Defense and incorporated into the firm's latest SecureSphere 10.0 release, the system analyses attack patterns detected hitting the networks of participating customers, which are then fed into its reputation protection and policies in what is said to be close to real time.

According to the company's analysis of 60 web applications, this type of pattern analysis across offers better defence against the types of large-scale attacks experienced by its customer base.

"Together, Imperva ThreatRadar Reputation Services and Community Defense pull crowd-sourced data from around the world to provide heightened insight into the identity of these attackers," said Imperva's co-founder and CTO, Amichai Shulman.

A key to making the concept work is persuading as many customers as possible to adopt the model as possible, which Schulman believed was possible because of the realisation that such a buy-in offered extra protection. To work well, scale was important.

An important giveaway was attacks that targeted multiple networks, said Shulman, describing them as "noisy" sources. Aggregated attack data made it possible to identify these far more quickly.

Shulman used the example of an SQL injection attack source might be aimed at numerous organisations, each one of which would not be able to 'see' the significance of the source from an isolated perspective.

With ThreatRadar, the significance of such a campaign would be immediately apparent, allowing defensive measures to be distributed to the community.

Payloads were particularly important part of attack patterns where a single entity might distribute an application campaign across multiple sources in which specific pieces of malware were the best identifier.

Imperva was the first vendor to offer web application firewalling using such intelligence, Shulman claimed.

Tags Configuration / maintenanceImpervasecurityhardware systemsintelData Centre

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Audit Management Solutions

Manage the complete audit lifecycle from audit universe identification and risk assessment to management/board reporting and quality assurance.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.