Crowd-sourced attack data now key to web application defence, says Imperva

Announces ThreatRadar Community

Imperva used this week's Infosecurity Show in London to announce what it believes is a key innovation for its line of web application firewalls - crowd-sourced threat data.

Called ThreatRadar Community Defense and incorporated into the firm's latest SecureSphere 10.0 release, the system analyses attack patterns detected hitting the networks of participating customers, which are then fed into its reputation protection and policies in what is said to be close to real time.

According to the company's analysis of 60 web applications, this type of pattern analysis across offers better defence against the types of large-scale attacks experienced by its customer base.

"Together, Imperva ThreatRadar Reputation Services and Community Defense pull crowd-sourced data from around the world to provide heightened insight into the identity of these attackers," said Imperva's co-founder and CTO, Amichai Shulman.

A key to making the concept work is persuading as many customers as possible to adopt the model as possible, which Schulman believed was possible because of the realisation that such a buy-in offered extra protection. To work well, scale was important.

An important giveaway was attacks that targeted multiple networks, said Shulman, describing them as "noisy" sources. Aggregated attack data made it possible to identify these far more quickly.

Shulman used the example of an SQL injection attack source might be aimed at numerous organisations, each one of which would not be able to 'see' the significance of the source from an isolated perspective.

With ThreatRadar, the significance of such a campaign would be immediately apparent, allowing defensive measures to be distributed to the community.

Payloads were particularly important part of attack patterns where a single entity might distribute an application campaign across multiple sources in which specific pieces of malware were the best identifier.

Imperva was the first vendor to offer web application firewalling using such intelligence, Shulman claimed.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags intelhardware systemsImpervaConfiguration / maintenance

More about Imperva

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts