What is a Web Application Firewall (WAF)?
An appliance or cloud service that protects online applications against internal and external attacks.
Imperva Web Application Security solutions protect Web applications from online attacks. Imperva solutions continuously adapt to evolving threats and enable security professionals, network managers, and application developers to mitigate the risk of a data breach and address compliance requirements
Why is a WAF Important?
Every day organisations face Web attacks from many sources. Custom attacks such as SQL Injection and Cross Site Scripting easily get around signature-based solutions like IPS and NG Firewalls.
Organisations can manually patch vulnerabilities in their web applications but this approach is costly, time consuming and often can only be done in a change window so the threat can remain for a considerable amount of time.
Most traditional security devices including firewalls were designed to protect the network not web applications. Plus it won’t stop attacks like site scraping, DDoS, and fraud.
This means attacks such as SQL Injection and Cross Site Scripting easily evade existing security.
To protect critical Web applications, organisations need a Web Application Firewall.
- Web Application Protection
- Application Virtual Patching
- Fraud Prevention
- DDoS Protection
- Site Scraping Prevention
- Helps organisations stop Web attacks, site scraping and online fraud
- Can virtually patch Web vulnerabilities
- Meets PCI 6.6
- Provides accurate application protection so very few false positives
- Centralised management and flexible deployment options
What’s in it for your customers?
- Accurately detect and block Web application attacks with pinpoint precision using multiple layers of protection
- Automatically learn protected applications and user behaviour
- Virtually patch vulnerabilities by integrating with Web application vulnerability scanners, reducing the time to fix
- Fully address PCI 6.6
- Support high performance and transparent, drop-in deployment
Product Feature Highlights
- Dynamically learns legitimate Web application usage
- Fortifies Web defenses with research-driven intelligence on current threats
Alerts or blocks requests that:
- Deviate from normal application and data usage
- Attempt to exploit known and unknown vulnerabilities Originate from malicious or fraudulent sources
- Indicate a sophisticated, multi-stage attack
- Virtually patches application vulnerabilities through integration with Web application vulnerability scanners, reducing the window of exposure and impact of ad-hoc application fixes
- Supports transparent, drop-in deployment
- Cloud-based services simplify Web application security and prevent DDoS attacks
Web Application Firewalls
The SecureSphere Web Application Firewall (WAF) protects applications from current and future security threats by combining multiple security engines into a cohesive Web defense. Certified by ICSA Labs, SecureSphere provides ironclad protection against the OWASP Top Ten, including SQL Injection, XSS and CSRF and addresses PCI 6.6.
ThreatRadar Reputation Services
ThreatRadar Reputation Services provide an automated defense against automated attacks by instantly detecting and stopping known attackers. As an add-on service for the SecureSphere Web Application Firewall (WAF), ThreatRadar detects Web traffic originating from IP addresses currently attacking other Websites, from anonymizing services, and from undesirable geographic locations.
ThreatRadar Fraud Prevention Services
ThreatRadar Fraud Prevention Services enable organizations to rapidly provision and manage fraud detection solutions without needing to update Web applications.
Imperva Cloud WAF, powered by Incapsula, is an easy and affordable cloud-based Web Application Firewall service that offers businesses a powerful way to protect critical Web applications.
Cloud DDoS Protection
Imperva Cloud DDoS Protection, powered by Incapsula, is a simple, secure service that protects critical Web applications from devastating Distributed Denial of Service (DDoS) attacks. As a cloud-based offering, this service can be deployed quickly and easily, and can scale-on-demand to inspect and stop multi-gigabit DDoS onslaughts.