Imperva Case Studies 360° Web Application Security Achieved by IT Services Company with Imperva SecureSphere Virtual Appliances

Edit This Case Study Record

	360° Web Application Security Achieved by IT Services Company with Imperva SecureSphere Virtual Appliances Imperva

360° Web Application Security Achieved by IT Services Company with Imperva SecureSphere Virtual Appliances

Imperva

Technology Category	Application Infrastructure & Middleware - Event-Driven Application Cybersecurity & Privacy - Application Security
Applicable Industries	Cement National Security & Defense
Applicable Functions	Product Research & Development
Use Cases	Inventory Management Tamper Detection
Services	Cybersecurity Services System Integration
Challenge	A Fortune 500 IT services and business software company, with over 20,000 employees, provides data center hosting services for its own financial applications and for third-party web applications. Many of these applications are internet-facing and regulated by the Sarbanes-Oxley and Gramm-Leach-Bliley Acts, requiring the company to protect sensitive data. The company faced challenges in maintaining security due to the dynamic and highly-customized nature of its applications. Continual scanning of applications after every change was burdensome and required significant coordination between application developers and security engineers. The company needed a solution that would not impact release schedules, provide instant vulnerability remediation, and integrate seamlessly into their virtualized environment. Read More
About Customer	The customer is a Fortune 500 IT services and business software company with over 20,000 employees. They provide data center hosting services for their own financial applications and for third-party web applications. Many of these applications are internet-facing and are regulated by the Sarbanes-Oxley and Gramm-Leach-Bliley Acts. The company has a highly virtualized environment, with web applications, databases, and load balancers all moved to VMware. They also maintain a remote disaster recovery site that mirrors the infrastructure at their primary site. Read More
Solution	The company implemented Imperva SecureSphere virtual appliances, a comprehensive protection solution with granular security policies for their corporate data center and disaster recovery site. The SecureSphere Web Application Firewall was chosen due to its accurate web application protection, easy deployment in a virtualized environment, granular security policies, detailed alerting and reporting, and virtual patching capabilities. The solution was able to stop all application attacks without blocking legitimate traffic. It also provided comprehensive alerts that contained the full HTTP request and clearly identified what part of the request violated security policy. SecureSphere was also able to integrate with the company's existing IBM AppScan and HP Webinspect tools to virtually patch application vulnerabilities, allowing the company to enforce stricter security rules for known vulnerable application elements. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - Event-Driven Application

Cybersecurity & Privacy - Application Security

Applicable Industries

Cement

National Security & Defense

Applicable Functions

Product Research & Development

Use Cases

Inventory Management

Tamper Detection

Services

Cybersecurity Services

System Integration

Challenge

A Fortune 500 IT services and business software company, with over 20,000 employees, provides data center hosting services for its own financial applications and for third-party web applications. Many of these applications are internet-facing and regulated by the Sarbanes-Oxley and Gramm-Leach-Bliley Acts, requiring the company to protect sensitive data. The company faced challenges in maintaining security due to the dynamic and highly-customized nature of its applications. Continual scanning of applications after every change was burdensome and required significant coordination between application developers and security engineers. The company needed a solution that would not impact release schedules, provide instant vulnerability remediation, and integrate seamlessly into their virtualized environment.

About Customer

The customer is a Fortune 500 IT services and business software company with over 20,000 employees. They provide data center hosting services for their own financial applications and for third-party web applications. Many of these applications are internet-facing and are regulated by the Sarbanes-Oxley and Gramm-Leach-Bliley Acts. The company has a highly virtualized environment, with web applications, databases, and load balancers all moved to VMware. They also maintain a remote disaster recovery site that mirrors the infrastructure at their primary site.

Solution

The company implemented Imperva SecureSphere virtual appliances, a comprehensive protection solution with granular security policies for their corporate data center and disaster recovery site. The SecureSphere Web Application Firewall was chosen due to its accurate web application protection, easy deployment in a virtualized environment, granular security policies, detailed alerting and reporting, and virtual patching capabilities. The solution was able to stop all application attacks without blocking legitimate traffic. It also provided comprehensive alerts that contained the full HTTP request and clearly identified what part of the request violated security policy. SecureSphere was also able to integrate with the company's existing IBM AppScan and HP Webinspect tools to virtually patch application vulnerabilities, allowing the company to enforce stricter security rules for known vulnerable application elements.

Impact #1	The implementation of SecureSphere has enhanced the company's software development processes. Security engineers and application developers are now able to examine security alerts to understand how hackers are attacking the site. Graphical reports identify application errors, most attacked web pages, and other security statistics, providing a clearer picture of the attacks and probes targeting their applications. The company has also begun to virtually patch vulnerabilities found by its application assessment solution, protecting applications in the critical time between when a vulnerability is discovered and it is patched in the application. SecureSphere's granular custom policies have allowed the security team to build custom policies based on a myriad of conditions to address unique requirements.

Impact #1

The implementation of SecureSphere has enhanced the company's software development processes. Security engineers and application developers are now able to examine security alerts to understand how hackers are attacking the site. Graphical reports identify application errors, most attacked web pages, and other security statistics, providing a clearer picture of the attacks and probes targeting their applications. The company has also begun to virtually patch vulnerabilities found by its application assessment solution, protecting applications in the critical time between when a vulnerability is discovered and it is patched in the application. SecureSphere's granular custom policies have allowed the security team to build custom policies based on a myriad of conditions to address unique requirements.

Benefit #1	SecureSphere provides continuous, real-time Web application security
Benefit #2	New Web applications can be brought to market faster because emergency application fix cycles are eliminated
Benefit #3	Centralized management enables wide-scale deployment and accelerates data restoration

Benefit #1

SecureSphere provides continuous, real-time Web application security

Benefit #2

New Web applications can be brought to market faster because emergency application fix cycles are eliminated

Benefit #3

Centralized management enables wide-scale deployment and accelerates data restoration

Download PDF Version

Overview

360° Web Application Security Achieved by IT Services Company with Imperva SecureSphere Virtual Appliances

Operational Impact

Quantitative Benefit