Start-up Imperva has announced an attack-blocking appliance that is designed to help businesses secure their networks and meet government privacy requirements.
Secure Sphere Gateway is installed between Web servers and the network and analyzes Web application and database traffic. Based on this analysis, it sets a baseline for normal traffic, and flags traffic that falls outside normal that might indicate an attack.
The company is announcing a high-end hardware platform called G16 that operates at 2G bit/sec, as well as a new software platform that inspects database traffic. The Database Security software supports Oracle, MS-SQL, Sybase and DB2 databases.
Other vendors' equipment does some of what Imperva's does, but none is exactly comparable, says Andrew Jaquith, an analyst with the Yankee Group. For instance, Application Security, Guardium and IPLocks focus on protecting databases, he says, while Teros, Breach Security and Protegrity aim to protect Web applications.
SecureSphere differs in that it monitors and protects at the Web browser, Web server, application server and database level. "It's a vertical integration approach to defending applications by looking at them as a stack of processes and protecting the different layers," Jaquith says.
While the device teaches itself to look for abnormal requests, customers must set policies for what to do about suspicious traffic. The device can block the traffic, do so for a set period, e-mail an administrator or log it and pass it through.
The gateway also keeps track of which users access what data so if a regulatory agency needs a record of how well particular data was protected, customers will have a log to draw from.
Imperva customer FFF Enterprises, a $500 million pharmaceutical distributor in Temecula, Calif., protects two of its sensitive applications and their underlying databases with a SecureSphere gateway, says Bob Coates, vice president of technology for FFF.
"We looked at it in learn mode for six months," Coates says. That gave FFF the chance to evaluate how well it performed after it established a baseline for normal traffic. It can identify, for example, if one user who has not accessed a database before attempts to do so, Coates says.
In one case the device e-mailed Coates that an internal user was trying to access a database of private customer data. It turned out to be an application developer who needed the data, but Coates says it demonstrated how effective the device could be.
He has not had to demonstrate to regulators that FFF protects its databases, but says the device will meet the need. "I believe this will position us quite well with [Health Insurance Portability and Accountability Act], " he says.
The SecureSphere hardware acts as a Layer 2 bridge, so has no IP address to be discovered by attackers. It also requires no alterations to the databases it protects, according to Imperva.
SecureSphere G16 supports as many as 100 servers and pricing starts at $120,000.