Imperva ThreatRadar Reputation Services
Leverage Reputation Data to Stop Malicious Users and Automated Attacks
Overview:
Over half of all Web users are not human users at all; they're bots.1 Some of these bots – like search engine crawlers – are harmless; others are more nefarious, probing sites, scraping Web content, posting spam messages, or attacking Websites. Besides stopping dangerous bots, organizations must protect their applications from hackers, who often use anonymous proxies and Tor networks to cloak their identity.
ThreatRadar Reputation Services, an industry-first security service from Imperva, arms the SecureSphere Web Application Firewall with up-to-date reputation data to stop bots and hackers. With ThreatRadar, SecureSphere can identify known malicious sources and prevent attacks like application DDoS, site scraping, and comment spam. ThreatRadar reputation data feeds includes:
- Malicious IP Addresses: IP addresses that have repeatedly attacked other websites
- Anonymous Proxies: Proxy servers used by attackers to hide their true location
- The Onion Router (TOR) Network: Outbound nodes of the identity and locationobfuscating TOR network
- IP Geolocation: Location data of IP addresses, to monitor or block access by country
- Phishing URLs: Referring URLs of fraudulent sites used in phishing schemes
Key Capabilities :
- Protect against botnets and automated attacks
- Monitor and block by country to thwart Web attacks and eliminate unwanted traffic
- Leverage up-to-date attack data from leading security providers and thousands of SecureSphere Web Application Firewalls deployed around the world
- Streamline forensics analysis with user reputation and geolocation data
- Build security policies that combine reputation data with other suspicious activity
Features:
Track Attack Sources on a Global Scale
Aggregating attack data from both third-party security providers and SecureSphere Web Application Firewalls, ThreatRadar provides a comprehensive defense against known malicious sources. ThreatRadar augments SecureSphere's existing layers of protection –such as Dynamic Profiling technology, attack signatures, and bot mitigation rules – to provide additional context on suspicious requests. SecureSphere owners can build custom policies that correlate ThreatRadar reputation and geolocation data with other SecureSphere defenses to accurately pinpoint attacks.
Continuous, Automated Feed of Current Attack Sources
ThreatRadar delivers multiple attack feeds, in near real time, to SecureSphere Web Application Firewalls. Security feeds identify sources that have recently executed SQL injection, cross-site scripting, DDoS, or other Web attacks. Imperva continuously updates the feeds, providing current protection against malicious traffic.
Dynamically Adapt Web Security Policies
As SecureSphere WAF receives attack source information, ThreatRadar dynamically adjusts Web security policies to alert or block traffic from newly identified attack sources. Furthermore, custom security rules can use information provided by the feeds to fine-tune the response for specific types of traffic, such as the ability to block only the traffic that comes from a malicious source exhibiting suspicious behavior.
Early Detection, Blocking of Malicious Sources
ThreatRadar dramatically reduces application visibility to attackers. By blocking Web requests based on user reputation, hackers have virtually no opportunity to explore the Web application for possible weaknesses and are less likely to launch a successful attack.
Crowd-Sourced Threat Intelligence to Identify New Attack Vectors
ThreatRadar Community Defense enables SecureSphere Web Application Firewalls to detect new attack patterns without blocking legitimate requests. Community Defense uses patentpending technology to gather suspicious Web requests, validate that requests are attacks, and transform identified attacks into signatures. Equipped with Community Defense, SecureSphere Web Application Firewalls can spot attacks witnessed by other SecureSphere-protected websites.
Streamlined Forensic Analysis with Clear, Relevant Alerts and Reports
ThreatRadar takes the guesswork out of security event analysis. User reputation and geographic location data provide additional context, enabling precise incident response and minimizing operational workload.
Deployment:
ThreatRadar Community Defense
Harnessing the collective insight of SecureSphere deployments around the world, ThreatRadar Community Defense delivers crowd-sourced threat intelligence to ThreatRadar-enabled SecureSphere Web Application Firewalls. ThreatRadar Community Defense uses patent-pending algorithms to translate attack information it gathers into attack patterns, policies, and reputation data. Community Defense distributes these feeds in near-real time to fortify the entire community against emerging threats.
While ThreatRadar Reputation Services relies on security information from leading external security providers, Community Defense draws on live attacks detected by SecureSphere Web Application Firewalls. ThreatRadar Reputation customers who opt to send anonymized attack data to the ThreatRadar cloud will receive ThreatRadar Community Defense free of charge.
Multiple SecureSphere Deployment Options
- Transparent Layer 2 Bridge: Drop-in deployment and industry-best performance
- Reverse Proxy and Transparent Proxy: Provide content modification, such as cookie signing and URL rewriting
- Non-inline Monitor: Zero risk monitoring and forensics
- High Availability: IMPVHA, VRRP, fail open interfaces, existing redundancy options, non-inline deployment
Specifications:
| Specification | Description |
|---|---|
| Malicious Sources |
|
| Malicious URLs |
|
| Access Control and Forensics |
|
| Communications to ThreatRadar servers |
|
| Security Feed Updates |
|
| Data Feed Sources |
|
| SecureSphere Integration |
|
| Supported Products |
View Demo:
Documentation:
Download the SecureSphere ThreatRadar Datasheet (PDF).