Call a Specialist Today! 855-958-0756

Imperva SecureSphere - Web Application Firewall
Protect Critical Web Applications and Data


Your website receives a continuous barrage of attacks. If hackers uncover a crack in your defenses, they can steal your application data, defraud your users, and take down your website.

The SecureSphere Web Application Firewall stops web attacks and prevents costly data breaches and downtime. Combining multiple defenses, SecureSphere accurately pinpoints and blocks attacks without blocking your customers. It offers drop-in deployment and automated management. Certified by ICSA Labs, SecureSphere satisfies PCI 6.6 compliance and provides ironclad protection against the OWASP Top Ten.

Imperva SecureSphere

The market-leading SecureSphere Web Application Firewall has transformed the way businesses protect their applications by automating web security and providing flexible, transparent deployment. With its comprehensive protection and low administrative overhead, SecureSphere is the ideal solution to secure valuable web assets and achieve PCI compliance. Imperva SecureSphere is available on physical and virtual appliances, and on Amazon Web Services.

Web Security

Key Capabilities :

  • Automatically learns protected applications and user behavior
  • Updates Web defenses with research-driven intelligence on current threats
  • Accurately blocks attempts to exploit known and unknown vulnerabilities
  • Identifies traffic originating from known malicious sources with ThreatRadar
  • Correlates request attributes across security layers and over time to detect sophisticated, multi-stage attacks
  • Virtually patches vulnerabilities by integrating with Web application vulnerability scanners, reducing the window of exposure and impact of emergency fixes
  • Fully addresses PCI 6.6
  • Offers high performance and transparent, drop-in deployment

Firewall Features:

Automated Learning of Applications and User Behavior

A Web application firewall must understand application structure, elements and expected user behavior in order to accurately detect attacks. Imperva's patented Dynamic Profiling technology automates this process by profiling all application elements and building a baseline or "white list" of acceptable user behavior. It also automatically incorporates valid application changes into the application profile over time. Dynamic Profiling eliminates the need to manually configure—and update—application URLs, parameters, cookies, and methods.

Research-Driven Security Policies

Powered by the Imperva Application Defense Center (ADC), an international security research organization, SecureSphere offers the most complete set of application signatures and policies available. The ADC investigates vulnerabilities reported by Bugtraq, CVE®, Snort®, and underground forums and performs primary research to deliver the most up-to-date and comprehensive Web attack protection available.

Adaptable Protection from Large Scale, Automated Attacks

An add-on service to the SecureSphere Web Application Firewall, ThreatRadar Reputation Services offers powerful protection against automated attacks and botnets. ThreatRadar aggregates near real-time feeds of known attack sources, bots, phishing URLs, and anonymizing services to block malicious traffic before an attack can be attempted. Up-to-date geolocation data enables businesses to restrict access by geographic location.

ThreatRadar Community Defense provides crowd-sourced threat intelligence to stop emerging threats by collecting attack data from SecureSphere Web Application Firewalls.

DDoS Protection Service

SecureSphere Web Application Firewall stops application-layer DDoS attacks, but massive network-based DDoS attacks can still saturate your Internet connection and prevent traffic from ever reaching your site. The best place to combat network DDoS threats is in the cloud – before the attack can clog your network. DDoS Protection Service for SecureSphere is a secure, ultra-high capacity service that safeguards organizations from crippling DDoS attacks. DDoS Protection Service for SecureSphere can be deployed quickly and can scale on demand to mitigate multi-gigabit DDoS attacks.

Virtual Patching Through Vulnerability Scanner Integration

For immediate patching of application vulnerabilities, SecureSphere can import assessment results from WhiteHat, IBM, Cenzic, NT OBJECTives, Qualys, and others and create custom policies to block known vulnerabilities. Virtual patching reduces the window of exposure and the cost of emergency fix and test cycles.

Protection Against Malware-based Fraud

ThreatRadar Fraud Prevention, an add-on service to the SecureSphere Web Application Firewall, enables organizations to rapidly provision and manage fraud security without updating web applications. By integrating with leading fraud security vendors, SecureSphere can transparently identify and stop fraudulent transactions. It also provides powerful monitoring and enforcement capabilities, allowing businesses to centrally manage WAF and fraud policies together.

HTTP Protocol, Platform, and XML Protection

SecureSphere enforces HTTP standards compliance to prevent protocol exploits and evasion techniques. Fine-grained policies allow administrators to enforce strict adherence to RFC standards or allow minor deviations. With over 8,000 signatures, SecureSphere safeguards the entire application infrastructure including applications and web server software. Flexible, automated XML security policies protect web services, SOAP, and Web 2.0 applications.

Granular Correlation Policies Reduce False Positives

SecureSphere distinguishes attacks from unusual, but legitimate, behavior, by correlating Web requests across security layers and over time. SecureSphere's Correlated Attack Validation capability examines multiple attributes such as HTTP protocol conformance, profile violations, signatures, special characters, and user reputation, to accurately alert on or block attacks with the lowest rate of false positives in the industry.

Customizable Reports for Compliance and Forensics

SecureSphere's rich graphical reporting capabilities enable customers to easily understand security status and meet regulatory compliance. SecureSphere provides both pre-defined and fully-customizable reports. Reports can be viewed on demand or emailed on a daily, weekly, or monthly basis.

Monitoring for In-Depth Analysis of Attacks

Alerts can be easily searched, sorted, and directly linked to corresponding security rules. SecureSphere's monitoring and reporting framework provides instant visibility into security, compliance, and content delivery concerns. A real-time dashboard provides a high-level view of system status and security events.

Imperva Incapsula

Imperva Incapsula is an easy and affordable service that integrates a PCI-certified Web Application Firewall, DDoS protection, load balancing and failover on top of a global content delivery network. Imperva Incapsula requires no hardware or software installations, and no web application changes, only a simple DNS change, so even business units or other organizations without dedicated security or IT staff can rest assured that their web applications and data are safe.


Multiple SecureSphere Deployment Options

  • Transparent Layer 2 Bridge: Drop-in deployment and industry-best performance
  • Reverse Proxy and Transparent Proxy: Provide content modification, such as cookie signing and URL rewriting
  • Non-inline Monitor: Zero risk monitoring and forensics
  • High Availability: IMPVHA, VRRP, fail open interfaces, existing redundancy options, non-inline deployment
Multiple SecureSphere Deployment Options


Specification Description
Web Securiy
  • Dynamic Profile (White List security)
  • Web server & application signatures
  • Reputation based security and IP geolocation
  • HTTP RFC compliance
  • Normalization of encoded data
  • Automated-client detection
Application Attacks Prevented
  • OWASP Top 10
  • SQL Injection
  • Cross Site Scripting
  • Cross Site Request Forgery
HTTPS/SSL Inspection
  • Passive decryption or termination
  • Optional HSM support for SSL key storage
Web Services Security
  • XML/SOAP profile enforcement
  • Web services signatures
  • XML protocol conformance
Web Fraud Prevention
  • Fraud and malware detection
Content Modification
  • URL rewriting (obfuscation)
  • Cookie signing
  • Cookie encryption
  • Custom error messages
  • Error code handling
Platform Security
  • Operating system intrusion signatures
  • Known and zero-day worm security
Network Security
  • Stateful firewall
  • DoS prevention
Advanced Protection
  • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks
Data Leak Prevention
  • Credit card numbers
  • PII (personally identifiable information)
  • Pattern matching
Policy/Signature Updates
  • Frequent security updates
  • All authentication methods supported transparently and inspected in bridge and non-inline monitor modes. Can actively authenticate users in proxy mode.
  • Support for RSA Access Manager for two-factor authentication
  • Support for LDAP (Active Directory)
  • Support for SSL client certificates
User Awareness
  • Automated Tracking of Web Application Users
Deployment Modes
  • Transparent Bridge (Layer 2)
  • Reverse Proxy and Transparent Proxy (Layer 7)
  • Non-inline sniffer
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
  • MX Server for centralized management
  • Integrated management option (X1010, X2010, X2500, X4500)
  • Hierarchical management groupings
  • SNMP
  • Syslog
  • Email
  • Integrated graphical reporting
  • Real-time dashboard
High Availability
  • IMPVHA (Active/Active, Active/Passive)
  • Fail open interfaces (bridge mode only)
  • VRRP
  • STP and RSTP
Solution Delivery Option
  • Physical appliance
  • Virtual appliance (VMware ESX, Amazon AWS, Cisco Nexus 1110 Series VSA, Blue Coat X-Series)
  • Managed service
Web Application Vulnerability Scanner Integration
  • WhiteHat, IBM, Cenzic, NT OBJECTives, HP, Qualys, and Beyond Security
Enterprise Application Support
  • SIEM/SIM tools: ArcSight, RSA enVision, Prism Microsystems, Q1 Labs, TriGeo, NetIQ
  • Log Management: CA ELM, SenSage, Infoscience Corporation
TCP/IP Support
  • IPv4, IPv6
  • WAF Certification from ICSA Labs

View Demo:

Why have a Web Application Firewall?