The latest defense in the ongoing battle against Internet worms and hacker attacks is intrusion detection and prevention.
This method differs from the traditional firewall approach, which focuses mainly on filtering Internet traffic for suspicious or malicious packets. Intrusion detection is not without its challenges, since no two applications are alike. Cookie-cutter solutions are often ineffective at protecting applications from infiltration. What's more, internal threats are as dangerous as external and Web-based attacks. These elements make properly protecting an application without compromising ease-of-use a difficult process. Imperva's SecureSphere Dynamic Profiling Firewall family of products, built around the SecureSphere G4 Gateway and the SecureSphere MX Management Server, offers integrators and customers a solution.
Priced at $35,000, certified partners can expect margins in the 30 percent to 35 percent range. Imperva refers to its technology as a "dynamic profiling firewall." This designation refers to two key features: Dynamic describes the product's ability to automatically detect and prevent attacks, while profiling describes the product's adaptive learning capability.
In short, the SecureSphere suite works by examining network and application traffic to learn normal behavior. The suite uses that information to normalize application access and address any abnormal activity with a prevention technique or an administrator alert. This technology is extremely effective at battling not-yet-recognized attacks, worms or intrusions, also called "zero-day" attacks. SecureSphere stores activity records and provides administrators with the tools to generate realtime and historical reports, which can help further secure a network and/or application. These records can offer ROI proof for busy administrators. While the technology behind the process is somewhat complex, Imperva has gone to great lengths to ease installation and administration of the solution. Installation borders on plug-and-play simplicity, while administration tasks are almost completely automated. Solution providers can still provide management services for a price, or they can take an install-it-and-forget-it approach.
That said, solution providers must still complete a certification process to become an Imperva authorized partner. Partners fall into two primary levels: Authorized or Certified partners. Certified partners must have two or more staff members successfully complete sales and technical training and sign a contractual agreement. Certified partners can offer direct first-line support for Imperva products, but Authorized partners can only resell Imperva's vendor support. The latter are not qualified to provide product technical support. Partners will appreciate the custom evaluation tools, which they can use to demonstrate attacks and the methods by which SecureSphere counters them. Partners also benefit from dedicated tech support, a dedicated integrator Web site and other perks that ease the sales and support process.
Although the solution may seem pricey, the security benefits and low administrative overhead will more than justify the costs on both a short-term and long-term basis.
CHANNEL PROGRAM SNAPSHOTS
> SecureSphere Dynamic Profiling Firewall
COMPANY: Imperva, Inc.
Foster City, Calif.
DISTRIBUTORS: Direct from vendor
Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.