Imperva > Case Studies > 360° Web Application Security Achieved by IT Services Company with Imperva SecureSphere Virtual Appliances

360° Web Application Security Achieved by IT Services Company with Imperva SecureSphere Virtual Appliances

Technology Category

Application Infrastructure & Middleware - Event-Driven Application
Cybersecurity & Privacy - Application Security

Applicable Industries

Cement
National Security & Defense

Applicable Functions

Product Research & Development

Use Cases

Inventory Management
Tamper Detection

Services

Cybersecurity Services
System Integration

About The Customer

The customer is a Fortune 500 IT services and business software company with over 20,000 employees. They provide data center hosting services for their own financial applications and for third-party web applications. Many of these applications are internet-facing and are regulated by the Sarbanes-Oxley and Gramm-Leach-Bliley Acts. The company has a highly virtualized environment, with web applications, databases, and load balancers all moved to VMware. They also maintain a remote disaster recovery site that mirrors the infrastructure at their primary site.

The Challenge

A Fortune 500 IT services and business software company, with over 20,000 employees, provides data center hosting services for its own financial applications and for third-party web applications. Many of these applications are internet-facing and regulated by the Sarbanes-Oxley and Gramm-Leach-Bliley Acts, requiring the company to protect sensitive data. The company faced challenges in maintaining security due to the dynamic and highly-customized nature of its applications. Continual scanning of applications after every change was burdensome and required significant coordination between application developers and security engineers. The company needed a solution that would not impact release schedules, provide instant vulnerability remediation, and integrate seamlessly into their virtualized environment.

The Solution

The company implemented Imperva SecureSphere virtual appliances, a comprehensive protection solution with granular security policies for their corporate data center and disaster recovery site. The SecureSphere Web Application Firewall was chosen due to its accurate web application protection, easy deployment in a virtualized environment, granular security policies, detailed alerting and reporting, and virtual patching capabilities. The solution was able to stop all application attacks without blocking legitimate traffic. It also provided comprehensive alerts that contained the full HTTP request and clearly identified what part of the request violated security policy. SecureSphere was also able to integrate with the company's existing IBM AppScan and HP Webinspect tools to virtually patch application vulnerabilities, allowing the company to enforce stricter security rules for known vulnerable application elements.

Operational Impact

The implementation of SecureSphere has enhanced the company's software development processes. Security engineers and application developers are now able to examine security alerts to understand how hackers are attacking the site. Graphical reports identify application errors, most attacked web pages, and other security statistics, providing a clearer picture of the attacks and probes targeting their applications. The company has also begun to virtually patch vulnerabilities found by its application assessment solution, protecting applications in the critical time between when a vulnerability is discovered and it is patched in the application. SecureSphere's granular custom policies have allowed the security team to build custom policies based on a myriad of conditions to address unique requirements.

Quantitative Benefit

SecureSphere provides continuous, real-time Web application security
New Web applications can be brought to market faster because emergency application fix cycles are eliminated
Centralized management enables wide-scale deployment and accelerates data restoration