The problem with first-generation Web application firewalls is that they require users to make a variety of changes to existing networks.
Imperva plans to change all that with the latest version of its SecureSphere Dynamic Profiling Firewall.
The new application firewall, deployed on Imperva security appliances, now supports four different deployment modes to “make it easier to drop into networks and data centers,” said Alan Norquist, vice president of marketing for Imperva, in Foster City, Calif.
The latest version allows the firewall to be deployed in router mode, which is intended for networks that require NAT (Network Address Translation) or networks that have Web server IP addresses in a different subnet than the rest of the network.
It also adds a reverse proxy deployment mode for users who wish to replace an existing application proxy.
“When traffic comes in from the [Web] client we can look at it and not have to terminate that session. We can pass it on if the traffic is fine, and block attacks if we see them,” Norquist said.
“We dont add overhead by terminating and redoing sessions, and theres no change to the URL for Web clients, and no rewriting application code,” he added.
The existing deployment modes—bridge mode for high performance and flexibility and monitoring mode for testing—are still supported.
Imperva will also make the SecureSphere Dynamic Profiling Firewall available on Crossbeam Systems security appliances.
The new SecureSphere version will also operate on a new Imperva high-performance appliance, the G 16, which provides up to 2G bps of throughput with full security and fault tolerance.
Version 4.2 of the SecureSphere Dynamic Profiling Firewall is available now and starts at $30,000.