Cloud Web Application

Firewall
Cloud WAF

Name – Pratyush Sinha

Sr. Sales Engineer
[Link]@[Link]

1
Protecting All Paths to Data

Outside Your Inside Your

Network Organization DAM
RASP

Outsider Network Applications Microservices Data Insider

Threats & APIs Threats

Cloud WAF
WAF Gateway
Bot
Protection Protects Workloads
DDoS Running On
API
 Imperva Cloud WAF is a
single stack, always-on,
managed service.

3 Proprietary and confidential. Do not distribute.

Imperva Global Network

After a simple DNS change,

Millions block at the edge, closest to bad traffic
of applications and IPs protected

1.03 Trillion
requests analyzed

3,500,000
bad requests blocked/minute

4 Proprietary and confidential. Do not distribute.

Imperva Cloud WAF Secures at the Edge
so the Traffic You Receive is only the Traffic You Want.

Bad Bot

User
Web Apps
And APIs
Core Capabilities
in a Single Stack
Hacker Security
Performance & Availability
Insights and Analytics

5 Proprietary and confidential. Do not distribute.

Advanced Bot Protection Integrated into Imperva’s Cloud App Security

Cloud

Bad Bot Advanced

DDoS Bot API
CDN Protection Protection Security WAF Load Balancing

ATO

ATO
User
Application Security
Web
Application
or API
- Single stack suite includes best-of-breed solutions
- Better performance and less latency
- Easy button to add Advanced Bot Protection
Hacker - Rapid ‘Under Attack’ ATO with 3-clicks to mitigation

6 Proprietary and confidential. Do not distribute.

Out-of-the-Box Service Backed by Security Experts
– Day 1 Deny
Imperva Research Labs

Monitor Vulnerability Feeds

①

Research Our Network

② traffic/trends for attack patterns - track known malicious attackers

Monitor Social Media

③ trending vulnerabilities and new exploits, potential WAF bypasses

Research Zero Days

④ in common third party libraries and frameworks

Fully Managed Solution

90%+ customers deploy in blocking mode

7 Proprietary and confidential. Do not distribute.

Attack Detection: Out of the Box + Custom Rules

Managed ruleset

Rule actions can be modified to:

Alert Only

Block Request

Block IP

Block User

Ignore

Exclusions added on a per-rule basis

8 Proprietary and confidential. Do not distribute.

Custom Security Rules for Mitigating Business Logic Attacks

Restrict access to a specific part of an

application based on IP

Limit rate of requests

Block
Malicious Clients
Manipulate traffic routes and redirects

Control request URL structure, headers

CAPTCHA for
and cookies High Rate of Access

Security and access control rules on

top of Imperva's existing security logic Block
CSRF Attacks

9 Proprietary and confidential. Do not distribute.

Bad Bot Business Risks for Finance and FinTech
Industry Concerns

Account takeover and fraud Content and financial data scraping

Satisfy regulatory, compliance and data privacy Competitors scraping proprietary content and rates
mandates
FinTech companies scraping data to use and re-sell
Loss of Pll
Aggregators scraping information
Brand damage
Revenue loss to competitors
Dissatisfied customers frustrated with account
lockouts
Increased fraud costs
Increased customer support costs
Customer churn
Unauthorized account automation
Challenges of knowing which aggregators have
account access
Policing account aggregator behavior
Unauthorized automation by legitimate user within
an account

10 Proprietary and confidential. Do not distribute.

Imperva Advanced Bot Protection Handbook of
Automated Threats

Protects Websites, APIs, and Mobile Apps from automated attacks

API Abuse

Skewing

Credential Stuffing
Scraping, Denial of Service and Skewing CC & Gift Card Cracking Vulnerability Scanning
Account Based
Fraud Carding, Card Cracking and
Spamming
Cashing Out

Confusing Metrics

11 Proprietary and confidential. Do not distribute.

The Most Advanced Detection Methods

High-Def Fingerprint-based
Fingerprinting Rate Limiting

Tamper-proofing Rules Engine Can Act

checks on Any Attribute

Automated Browser & Known Violators

Emulator Detection Database

Machine
Learning

12 Proprietary and confidential. Do not distribute.

Cloud WAF: Unified Application and API Protection Platform
Protecting APIs require more than one specific product. It requires the Best-of-Breed of integrated capabilities

API Access Management Authentication

API Gateway
Gateways / Access Management

API Service Abuse Protection DoS/DDoS Protection Imperva DDoS Protection

From humans vs. bots to good vs.

Bot Management Imperva Bot Protection
bad bots

Account Takeover
Credential theft -> API abuse Imperva ATO + Rep. Intelligence
/ Risk Sources / Conditional rule

API Fuzzing Protection API Schema Control Imperva API Security + WAF

Automated detection and API Business Integrity and

Imperva API Security
remediation against anomalies Abnormal Behavior Detection

Proactive/automated discovery of
API Security Testing Imperva API Security
vulnerabilities

Always up-to-date inventory of API Inventory Discovery

Imperva API Security
APIs and their data exposure / Data Classification

Proprietary and confidential. Do not distribute.

DevOps Automation Provisioning

Enable thousands of domains

automatically

Propagate tens of thousands of rules

across accounts in seconds

Infrastructure as code

14 Proprietary and confidential. Do not distribute.

 Attack Analytics: Contextualizing Threats

Leverage Imperva Reputation Intelligence

Protect Against Automated Attacks at

Reconnaissance Stage

Detect and Block Known Vulnerabilities

15 Proprietary and Confidential.

Proprietary and confidential. Do not distribute.
Logs & SIEM Integration

Multiple logging types enabled per site

Security logs provide a detailed alert for each suspicious event
detected by Imperva proxy

Access logs specify every request and response sent between your
customers and the Imperva proxy

Logs via push or pulled self-serve in near real-time

Push: Amazon S3 & SFTP

Pull: REST API, Python, and SIEM packages

SIEM Packages
Ready-made to manipulate and display each log event in your SIEM
dashboard

Facilitates reporting automation, prioritized mitigation, and general

event handling

16 Proprietary and confidential. Do not distribute.

Hands-free Website Acceleration with CDN

Analyzes website content automatically optimizing performance by determining

What is cacheable

How long to cache it

What resources are frequently used, prioritizing their delivery

Faster Loading Less Bandwidth Better Web

Webpages Consumption Server Utilization

17 Proprietary and confidential. Do not distribute.

Imperva Cloud WAF Security Advantage

Crowdsourcing Layered Security Cloud Based

Big Data analysis on Most up to date No hardware or software

3.5 million bad requests IP Reputation lists Deployed in minutes

blocked every minute
Client Classification No expertise needed - rely
on Imperva Research Labs
WAF Signatures
Rules propagate
Clear visibility on <.01% false positive rate automatically

web attack landscape Covers all OWASP Top 10

threats

18 Proprietary and confidential. Do not distribute.

Thank You!

19