Imperva used this week’s Infosecurity Show in London to announce what it believes is a key innovation for its line of web application firewalls – crowd-sourced threat data.
Called ThreatRadar Community Defense and incorporated into the firm’s latest SecureSphere 10.0 release, the system analyses attack patterns detected hitting the networks of participating customers, which are then fed into its reputation protection and policies in what is said to be close to real time.
According to the company’s analysis of 60 web applications, this type of pattern analysis across offers better defence against the types of large-scale attacks experienced by its customer base.
“Together, Imperva ThreatRadar Reputation Services and Community Defense pull crowd-sourced data from around the world to provide heightened insight into the identity of these attackers,” said Imperva’s co-founder and CTO, Amichai Shulman.
A key to making the concept work is persuading as many customers as possible to adopt the model as possible, which Schulman believed was possible because of the realisation that such a buy-in offered extra protection. To work well, scale was important.
An important giveaway was attacks that targeted multiple networks, said Shulman, describing them as “noisy” sources. Aggregated attack data made it possible to identify these far more quickly.
Shulman used the example of an SQL injection attack source might be aimed at numerous organisations, each one of which would not be able to ‘see’ the significance of the source from an isolated perspective.
With ThreatRadar, the significance of such a campaign would be immediately apparent, allowing defensive measures to be distributed to the community.
Payloads were particularly important part of attack patterns where a single entity might distribute an application campaign across multiple sources in which specific pieces of malware were the best identifier.
Imperva was the first vendor to offer web application firewalling using such intelligence, Shulman claimed.