Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Protection against web application user account attacks

Imperva : 14 September, 2015  (New Product)
SecureSphere 11.5 brings cloud and on-premises data centre protection through blocking attacks aimed at compromising user accounts
Protection against web application user account attacks

Imperva has announced the availability of Imperva SecureSphere 11.5. The latest release of the SecureSphere platform, which includes Web Application Firewall and Database Activity Monitoring, is designed to block attacks that attempt to compromise web application user accounts, extends SecureSphere data protection to Amazon Web Services and adds data protection for next generation big data engines.

Cloud adoption, consumerisation and bring your own device (BYOD) programmes fundamentally alter traditional enterprise security threat models. What the data cybercriminals are after is no longer housed only in traditional databases within enterprise data centres, but is exploding into public clouds and into next generation big data engines. Simultaneously, cyber criminals are using vast databases of known user credentials and sophisticated automation to systematically take over web application user accounts and then commit fraud or launch further attacks. SecureSphere 11.5 adds critical new capabilities to defend enterprise data and applications against the attacks of this “new normal” threat landscape.

“Enterprise data has evolved beyond traditional data centres and relational database constructions,” said Mark Kraynak, Chief Product Officer, Imperva. “SecureSphere 11.5 directly protects sensitive enterprise data regardless of whether it is stored on-premises or in the cloud, in traditional enterprise databases or new big data engines.  Similarly, cyber criminals have evolved beyond a reliance on end point, network and even application vulnerabilities to direct compromise of application user accounts. We have evolved our Web application firewalls to match changes in cyber-criminal behaviour.”

According to the 2015 Verizon Breach report, over 50 percent of successful web application attacks involved compromised user credentials. To address this reality, Imperva is also announcing a new subscription service, ThreatRadar Account Takeover Protection that enables SecureSphere Web Application Firewall to protect web application accounts from being compromised. ThreatRadar Account Takeover Protection combines real-time:

* Awareness of credentials known to be compromised from past breaches;
* Knowledge of login device reputation and risk, for example, understanding that the device is jailbroken or associated with past fraud activities;
* Detection of credential stuffing and dictionary attacks against passwords;
* Analysis of behaviour across multiple devices and accounts.

These capabilities combine to identify account takeover attempts and compromised accounts, and protect against hackers before they gain access to protected web applications and services. This real-time threat intelligence, combined with the existing ThreatRadar Reputation and Bot Protection services, enables SecureSphere Web Application Firewall to accurately protect against account takeover attempts, and limits the ability of cyber criminals to access critical data and perform fraudulent transactions.

In addition to account risk, today’s threat models add the complexity of sensitive data being housed in next generation big data engines, as well as moving out of datacenters and into IaaS clouds. SecureSphere 11.5 addresses this by adding:

* Database Activity Monitoring and Database Firewall for Amazon Web Services

As enterprises move valuable data onto Amazon Web Services, the world’s most popular IaaS cloud, both hackers and auditors will follow. SecureSphere 11.5 provides data monitoring, and event alerting and reporting, and is designed to block unauthorized data access across AWS and on-premises data centres. With SecureSphere Web Application Firewall and SecureSphere data protection both available on AWS, enterprises get consistency in the cloud and on-premises to save time, improve productivity, and ultimately increase security and compliance accuracy in today’s hybrid cloud environments.

* SecureSphere Data Protection for Big Data

When it comes to meeting security and compliance requirements for protecting data, coverage is critical. Today, many organizations do not have sufficient data protection for emerging big data deployments, leaving them at risk for data breaches and compliance-related penalties. SecureSphere 11.5 includes data monitoring for big data engines including Cloudera, Hortonworks, IBM BigInsights and MongoDB. This enables customers to efficiently demonstrate big data compliance through automated processes, audit analysis, customizable reports and an efficient approach to monitor big data activity.

“Today’s threat landscape requires a holistic approach to directly protecting apps and the data behind them from attack and theft,” said Scott Crawford, Research Director of Information Security, 451 Group. “The enterprise security posture must account for the inherent insecurity of user credentials and sensitive data sprawl beyond highly controlled data centres and traditional database engines. SecureSphere 11.5 offers broad coverage with protection for web applications, web application user accounts and data across structured, unstructured, semi-structured and cloud repositories.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo