Imperva WAM automates the discovery of application vulnerabilities in production systems

05 August 2008
Imperva has announced that its SecureSphere Web Application Firewall now supports comprehensive Web Activity Monitoring (WAM) to automate the discovery and accelerate the remediation of application vulnerabilities in production systems. In addition to blocking attacks, SecureSphere now records malicious inputs and application responses to provide development teams with the information they need to pinpoint and fix coding flaws

These enhancements expand SecureSphere's role as an application protection and security lifecycle management platform, which includes the ability to bi-directionally share data with leading vulnerability scanning tools.

"Because they monitor web traffic and detect attacks, Web Application Firewalls should help developers find and fix flaws in production code. But in reality, the process is too tedious and costly," said Andrew Jaquith, program manager in Yankee Group's Enabling Technologies Enterprise group. "In contrast, Imperva's Web Activity Monitoring solution feeds alerts and reports to both security and development teams, closing the loop between security operations and application developers."

WAM adds another dimension to SecureSphere's application security lifecycle management capabilities, which enable IT departments to connect the dots between web application firewall protection, code reviews, and vulnerability scanning. SecureSphere serves as a hub for the exchange and correlation of web application security information and provides a means to identify vulnerabilities in production applications in real-time. SecureSphere WAM provides:

• Alerts on unrecognized attack behaviors to pinpoint potential new exploits
• Anomalous application activity alerts, to uncover potential logical flaws in the code
• Real-time alerts that capture full response pages on suspicious activity
• Sensitive data usage reports that document which parts of an application process confidential data such as credit card data, social security numbers or other personally identifiable information (PII)
• Application profile reports that show characteristics of the application in use, including pre-defined views of broken links, broken inbound referrers, page response time by URLs, as well as custom analysis capability
• Profile change alerts and reports that identify and track application changes to support closed-loop QA and change control processes

"Historically, Web Application Firewalls have focused on reducing threats to online applications, while code review and vulnerability scanning technologies have focused on discovering vulnerabilities," said Amichai Shulman, CTO of Imperva. "With Web Activity Monitoring, SecureSphere closes this gap by blocking malicious inputs and capturing detailed information on how applications respond to live queries, which allows developers to fix code level security holes."

SecureSphere Web Application Firewall with Web Activity Monitoring is available immediately from Imperva and its business partners worldwide.


Latest bank and financial services security articles

 Secon 2013 to showcase latest technology in Video Surveillance, Access Control, Biometric Recognition, Alarm Monitoring

 Shield Guarding sets sights on major growth

 VDT Direct Launches New Rapid Deployment Video Alarm Solution

 New Biometric Terminals For Employee Self Service And Workforce Management From Accu-Time Systems

 As Cloud Adoption Increases, Enterprises Are Increasingly At Risk

 Allstream joins Arbor Network’s Cloud Signalling Coalition to stop DDoS attacks

 Intersec Dubai 2013 – Avon Barrier Company to show its latest range of anti-terrorist vehicle blocking products for the Middle East

 Why dividing your data after a merger or acquisition won’t need the Sword of Solomon, By David Gibson, VP of Strategy, Varonis

 Evading Malware Researchers: Shylock’s New Trick

 Enhanced safety mirrors launched by Securikey

...[view more articles on bank and financial services security]...


Other security websites:

Bank and Finance security links

Australia's central bank keeps rates at 2.5% Australia's central bank kept interest rates on hold at a record low 2.5 percent Tuesday as it flagged an accommodative monetary policy and stepped up its rhetoric against the local dollar. The Reserve Bank of Australia said it was prudent to maintain a "period of stability in interest rates" to support demand and growth in the economy as it shifts away from a dependence on mining. "In the board ...

Bank's security guards shoot each other dead Two security guards of a cooperative bank of the city died after shooting each other here on Monday morning.

Security Bank now sends SMS on ATM transactions Just received an SMS from my account manager from Security Bank early this morning (this was after one missed call). The SMS asked for confirmation on an ATM withdrawal the day before. Then, we noticed several other Security Bank customers also report of the same SMS confirmation (just that mine was more personalized). This is […] The post Security Bank now sends SMS on ATM transactions appeared ...

Reserve Bank leaves interest rates on hold at record lows The Reserve Bank has held the cash rate at a record low 2.5 per cent for the 12th meeting in a row. It is the longest period the bank has kept rates on hold since an equal stint of steady rates between early 2005 and 2006, and CommSec's chief economist Craig James says it is entirely possible that the RBA will break its record for steady interest rates - 15 meetings on hold at 7.5 per cent - set ...

Central bank rule handicaps India's infrastructure hopes MUMBAI/SINGAPORE (Reuters) - A central bank ban on Indian banks buying new issues of infrastructure bonds has handicapped Prime Minister Narendra Modi's chances of gathering billions of dollars needed for mega-projects through the bond market. Elected in May, Modi has made heavy infrastructure investment and construction of affordable housing for all by 2022 key elements of a reform agenda aimed ...

BANK NEGARA BERI STATUS EMAS KE ATAS SUKUK EXIM KUALA LUMPUR, 2 Sept (Bernama) -- Bank Negara Malaysia (BNM) memberikan status 'Emas' ke atas terbitan sukuk US$300 juta (RM950.36 juta) Export-ImportBank of Malaysia Bhd (Exim). Gabenor BNM Tan Sri Dr Zeti Akhtar Aziz yang memberikan status itu hari inipada Forum Kewangan Islam Global 2014 anjurannya. Ini adalah terbitan ke-14 yang akan diberi status 'Emas' oleh BNM. Diterbitkan pada Februari ...

Delays revealing data breaches costly Rumors of a data breach at a major New York bank started circulating in cyber-security circles more than a week before it went public.

directory of bank and financial security suppliers
Search directory Register your company
Bank Security books: