Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall

2Imperva Confidential Agenda Imperva Application Security Landscape SecureSphere Imperva Application Security Landscape SecureSphere

3Imperva Confidential Imperva Company Focus: Total Application Security Founded in 2000 by world’s elite application security specialists –Israeli Defense Force cyber warfare team –Private sector penetration testing & app security consultants Co-Founder, CEO – Shlomo Kramer –Check Point co-founder –Co-developer of Stateful Inspection SecureSphere Product Family –First “Dynamic Profiling Firewall” Company Focus: Total Application Security Founded in 2000 by world’s elite application security specialists –Israeli Defense Force cyber warfare team –Private sector penetration testing & app security consultants Co-Founder, CEO – Shlomo Kramer –Check Point co-founder –Co-developer of Stateful Inspection SecureSphere Product Family –First “Dynamic Profiling Firewall”

4Imperva Confidential Data Center Security Need to Secure the Data Center Data Center Assets have Never Been More Critical… …or More Vulnerable 92% Vulnerable to* –Identity theft –Data theft –Worms –Denial of Service –SQL Injection –Parameter tampering Business Implications of Attack –Lost revenue –Brand erosion –Regulatory compliance SOX, GLBA, HIPAA, CA SB-1386, CISP, etc Data Center Assets have Never Been More Critical… …or More Vulnerable 92% Vulnerable to* –Identity theft –Data theft –Worms –Denial of Service –SQL Injection –Parameter tampering Business Implications of Attack –Lost revenue –Brand erosion –Regulatory compliance SOX, GLBA, HIPAA, CA SB-1386, CISP, etc Data Center & DMZ Critical Servers, Proprietary Information And Custom Business Applications Users *Source: Imperva Application Defense Center

5Imperva Confidential Application Threats Web Application and Web Services attacks –External SQL injection –Attacks custom business applications Web Application and Web Services attacks –External SQL injection –Attacks custom business applications A multi-dimensional problem Internal Users Web SQL injection Cookie poison etc. Database Data theft Data corruption etc. Worm Code Red Nimda etc. Data Center & DMZ Critical Servers, Proprietary Information And Custom Business Applications Database breach –Internal direct breach –Attacks proprietary information –Using legitimate access for illegitimate purposes Database breach –Internal direct breach –Attacks proprietary information –Using legitimate access for illegitimate purposes Worm infection –External and internal sources of infection –Attacks critical servers –Known vulnerabilities and “zero day” web worm Worm infection –External and internal sources of infection –Attacks critical servers –Known vulnerabilities and “zero day” web worm

6Imperva Confidential Data Center Security Different Problem, Different Solution Corporate NetworkData Center Assets Desktop Computers Microsoft Apps Personal Files Proprietary Information Custom Business Apps Critical Servers Threats Client Worms Spyware Viruses Data Leakage Identity Theft Data Theft Phishing Malicious Robots Server Worms Denial of Service SQL Injection Cost Lost ProductivityBrand, Revenue, and Regulatory Compliance Solutions IPS, Anti-Virus, and Personal Firewalls ????

7Imperva Confidential Securing the Data Center A New Type of Firewall is Needed Network Access (OSI Layer 1 – 3) Protocol Usage (OSI Layer 4 – 7) Application and Database Usage (New Layer 8+) Network Layer Application Layer Application Logic Data Center Application Security not Addressed by Network Firewall or IPS Technology –SQL Injection, Phishing, Identity theft, Data theft, Worms, Denial of Service, Malicious Robots, etc. SecureSphere – Data Center Firewall Protect critical servers, proprietary information and custom business applications Data Center Application Security not Addressed by Network Firewall or IPS Technology –SQL Injection, Phishing, Identity theft, Data theft, Worms, Denial of Service, Malicious Robots, etc. SecureSphere – Data Center Firewall Protect critical servers, proprietary information and custom business applications Perimeter Firewall Network Firewall Data Center Firewall Imperva SecureSphere Dynamic Profiling Firewall Departmental Firewall Intrusion Prevention Systems (IPS) and Deep Inspection Firewall

8Imperva Confidential Securing the Data Center Point Solutions Problematic Fragmented Protection –Deep Inspection Firewall –Application Firewall –Database Firewall –XML Firewall Static Policy & Rules –Requires constant manual tuning Fragmented Management –Set policy on each device –Fragmented logging, forensics, monitoring –No integrated reporting No Cooperation Between Layers Poor Performance and Scalability Fragmented Protection –Deep Inspection Firewall –Application Firewall –Database Firewall –XML Firewall Static Policy & Rules –Requires constant manual tuning Fragmented Management –Set policy on each device –Fragmented logging, forensics, monitoring –No integrated reporting No Cooperation Between Layers Poor Performance and Scalability Data Center Web Servers App. Servers, Databases Internal Users DMZ Web Servers, App Servers, Databases DI Firewall App Firewall Database Firewall XML Firewall

9Imperva Confidential A Dynamic Profiling Firewall must build and tune the security profile without human intervention Automatically Built Automatically Tuned Much more information needed for security decisions –Web App elements URLs, Cookies, Parameters, Users, Sessions, etc. –Web Services elements XML URLs, SOAP actions, XML elements, etc. –Database elements SQL Queries, SQL Tables, Users, etc. Too complex for manual intervention Much more information needed for security decisions –Web App elements URLs, Cookies, Parameters, Users, Sessions, etc. –Web Services elements XML URLs, SOAP actions, XML elements, etc. –Database elements SQL Queries, SQL Tables, Users, etc. Too complex for manual intervention Dynamic Profiling Firewall Network Layer (OSI layers 1 – 3) Application Layer (OSI layers 4-7) Application Profile Millions of dynamic items Securing the Data Center Breaking the Barrier Application Logic and Databases New layer(s)! 8+

10Imperva Confidential SecureSphere Dynamic Profiling Firewall Data Center Ready Security Unified Protection –Web, database and worm attacks –Internal and external attackers –Layers 1-7 and 8+ Dynamic Profiling –Automatically models application structure and dynamics Web Application: URLs, cookies, users, parameters, sessions, etc. Web Services: XML URLs, SOAP actions, XML elements, etc. Database: SQL queries, SQL tables, parameters, users, etc. –No on-going manual tuning Adapts when application changes Centralized Management Enforcement & Auditing Across Layers High Performance and Highly Scalable Unified Protection –Web, database and worm attacks –Internal and external attackers –Layers 1-7 and 8+ Dynamic Profiling –Automatically models application structure and dynamics Web Application: URLs, cookies, users, parameters, sessions, etc. Web Services: XML URLs, SOAP actions, XML elements, etc. Database: SQL queries, SQL tables, parameters, users, etc. –No on-going manual tuning Adapts when application changes Centralized Management Enforcement & Auditing Across Layers High Performance and Highly Scalable Internal Users SecureSphere G4 Gateways SecureSphere MX Management Server Data Center Web Servers App. Servers, Databases DMZ Web Servers App Servers, Databases

11Imperva Confidential Security Coverage SecureSphere Secures the Data Center SecureSphere Protects Against Web Application Attack –Both Interface and Logic Web Services Attack –SOAP/XML interfaces Database Breach –Direct Database Attacks –Via Web Application –Via Web Services Worm/Platform Attack –Network Stack –Operating Systems –Infrastructure Server Software SecureSphere Protects Against Web Application Attack –Both Interface and Logic Web Services Attack –SOAP/XML interfaces Database Breach –Direct Database Attacks –Via Web Application –Via Web Services Worm/Platform Attack –Network Stack –Operating Systems –Infrastructure Server Software Web Application & Web Service (Custom to Package) Application Logic (Custom to Package) Application Databases (Custom to Package) Web Server Application Server Database Servers Operating System Network Stack Application Data Center Infrastructure

12Imperva Confidential Web Application & Web Service (Custom to Package) Application Logic (Custom to Package) Application Databases (Custom to Package) Web Server Application Server Database Servers Operating System Network Stack Security Coverage SecureSphere – IPS Protects Critical Data Center Servers –Operating System Platform agnostic of vendor / version –Server Software –Network Access –Network Protocols Attacks Prevented –Server Worms –Unauthorized Access –Protocol Attacks Defenses –User and protocol access control –Protocol Validation and Usage –Full Snort®-compatible signature protection –Imperva’s Advanced ADC defenses –Web Worm Profiling Protects Critical Data Center Servers –Operating System Platform agnostic of vendor / version –Server Software –Network Access –Network Protocols Attacks Prevented –Server Worms –Unauthorized Access –Protocol Attacks Defenses –User and protocol access control –Protocol Validation and Usage –Full Snort®-compatible signature protection –Imperva’s Advanced ADC defenses –Web Worm Profiling Application Data Center Infrastructure

13Imperva Confidential Web Application & Web Service (Custom to Package) Application Logic (Custom to Package) Application Databases (Custom to Package) Web Server Application Server Database Servers Operating System Network Stack Security Coverage SecureSphere - Web App Firewall Dynamic Profiling Protects “Traditional” Web App Elements –Application Logic Form fields, cookies, URLs, Parameters –Agnostic Web / App Server Software Apache, IIS, etc. Example Attacks Prevented –Cross-site scripting –SQL Injection –Command Injection –Illegal encoding –Buffer Overflows –Cookie Poisoning –Parameter Tampering –Form Field Tampering –Malicious Scanning / Robots –Phishing –Denial of Service Integrated IPS Protects the OS and the Network (point solutions don’t) Dynamic Profiling Protects “Traditional” Web App Elements –Application Logic Form fields, cookies, URLs, Parameters –Agnostic Web / App Server Software Apache, IIS, etc. Example Attacks Prevented –Cross-site scripting –SQL Injection –Command Injection –Illegal encoding –Buffer Overflows –Cookie Poisoning –Parameter Tampering –Form Field Tampering –Malicious Scanning / Robots –Phishing –Denial of Service Integrated IPS Protects the OS and the Network (point solutions don’t) Application Data Center Infrastructure

14Imperva Confidential Security Coverage SecureSphere - XML Firewall Dynamic Profiling Protects Web Services Elements –Application / Web Servers Agnostic to vendor brands –Web Services Protocols and Standards XML, SOAP, WSDL Attacks Prevented –“Element Tampering” –“Structure Tampering” –SQL Injection –Command Injection –Illegal encoding –Cross Site Scripting –Buffer Overflow Integrated IPS Protects the OS and the Network (point solutions don’t) Dynamic Profiling Protects Web Services Elements –Application / Web Servers Agnostic to vendor brands –Web Services Protocols and Standards XML, SOAP, WSDL Attacks Prevented –“Element Tampering” –“Structure Tampering” –SQL Injection –Command Injection –Illegal encoding –Cross Site Scripting –Buffer Overflow Integrated IPS Protects the OS and the Network (point solutions don’t) Application Data Center Infrastructure Web Application & Web Service (Custom to Package) Application Logic (Custom to Package) Application Databases (Custom to Package) Web Server Application Server Database Servers Operating System Network Stack

15Imperva Confidential Deployment Performance and Scalability High Performance –Up to 1 Gbps throughput –Sub millisecond latency –Up to 8,000 transaction/second Scalability –G4: Entry for small to medium segments –G8: Performance for larger segments –MX: Centralized management for multi-gateway environments High Performance –Up to 1 Gbps throughput –Sub millisecond latency –Up to 8,000 transaction/second Scalability –G4: Entry for small to medium segments –G8: Performance for larger segments –MX: Centralized management for multi-gateway environments G4 Gateway Appliance Throughput500 Mbps Requests Per Second4000 Form Factor1U Max Sniffing Interfaces3 Max Inline Segments1 G8 Gateway Appliance Throughput1000 Mbps Requests Per Second8000 Form Factor1U Max Sniffing Interfaces3 Max Inline Segments1

16Imperva Confidential Operations Centralized Management Centralized Management Services –Manages all devices from a single console –Application level profiles and policy –Integrated logging and forensics –User specific alerts and monitoring –Integrated compliance reporting Scalable for Large Deployments –Three-tier architecture –Browser-based interface –Role-based administration –Easy appliance deployment Appliances auto-configured by mgt server Centralized Management Services –Manages all devices from a single console –Application level profiles and policy –Integrated logging and forensics –User specific alerts and monitoring –Integrated compliance reporting Scalable for Large Deployments –Three-tier architecture –Browser-based interface –Role-based administration –Easy appliance deployment Appliances auto-configured by mgt server MX Management Server SecureSphere Gateway Appliances Browser Interface

17Imperva Confidential Summary Securing the Data Center Businesses Vulnerable to New Data Center Threats –Identity theft, data theft, SQL injection, worms, and DoS –Risking brand, revenue, and regulatory compliance IPS and Network Firewalls are Not Enough –Do not protect proprietary information and custom business applications SecureSphere - Data Center Ready Protection –Security Protects proprietary information, custom applications, and critical servers Blocks even the most sophisticated attacks –Deployment No change to existing applications and infrastructure Flexible networking and high availability Performance and scalability –Operations No manual tuning Centralized management  Low TCO and High ROI Businesses Vulnerable to New Data Center Threats –Identity theft, data theft, SQL injection, worms, and DoS –Risking brand, revenue, and regulatory compliance IPS and Network Firewalls are Not Enough –Do not protect proprietary information and custom business applications SecureSphere - Data Center Ready Protection –Security Protects proprietary information, custom applications, and critical servers Blocks even the most sophisticated attacks –Deployment No change to existing applications and infrastructure Flexible networking and high availability Performance and scalability –Operations No manual tuning Centralized management  Low TCO and High ROI

18Imperva Confidential Thank You Imperva Inc. 950 Tower Lane, Suite 1710 Foster City, CA Sales: (866)

19Imperva Confidential MX Management DatabaseY2 GatewayG2 Web App X1 Web App X2 GatewayG1 Database Y1 OOBOOB Test Env Real Life Env