Crowd-sourced attack data now key to web application defence, says Imperva

Announces ThreatRadar Community

Imperva used this week's Infosecurity Show in London to announce what it believes is a key innovation for its line of web application firewalls - crowd-sourced threat data.

Called ThreatRadar Community Defense and incorporated into the firm's latest SecureSphere 10.0 release, the system analyses attack patterns detected hitting the networks of participating customers, which are then fed into its reputation protection and policies in what is said to be close to real time.

According to the company's analysis of 60 web applications, this type of pattern analysis across offers better defence against the types of large-scale attacks experienced by its customer base.

"Together, Imperva ThreatRadar Reputation Services and Community Defense pull crowd-sourced data from around the world to provide heightened insight into the identity of these attackers," said Imperva's co-founder and CTO, Amichai Shulman.

A key to making the concept work is persuading as many customers as possible to adopt the model as possible, which Schulman believed was possible because of the realisation that such a buy-in offered extra protection. To work well, scale was important.

An important giveaway was attacks that targeted multiple networks, said Shulman, describing them as "noisy" sources. Aggregated attack data made it possible to identify these far more quickly.

Shulman used the example of an SQL injection attack source might be aimed at numerous organisations, each one of which would not be able to 'see' the significance of the source from an isolated perspective.

With ThreatRadar, the significance of such a campaign would be immediately apparent, allowing defensive measures to be distributed to the community.

Payloads were particularly important part of attack patterns where a single entity might distribute an application campaign across multiple sources in which specific pieces of malware were the best identifier.

Imperva was the first vendor to offer web application firewalling using such intelligence, Shulman claimed.

Tags: Configuration / maintenance, Imperva, security, hardware systems, intel, Data Centre

Netcraft tool flags websites affected by Heartbleed

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Mobile Security

Comprehensive enterprise protection for mobile devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.