Technology Alliance: Imperva and iovation

SOLUTION BRIEF
Technology Alliance:
Imperva and iovation
Integration of Imperva SecureSphere with
iovation® ReputationManager® 360
Integration Benefits
▪▪ Quick start up - deploy device-based
reputation protection without updating
Web applications.
▪▪ Reduce fraud at key touch points such as
account origination, online payment, and
account updates.
▪▪ Reduce review queues to cut operational
costs, lower fraud losses and improve
customer experience.
▪▪ Correlate fraud and WAF policies for
granular detection of fraudulent devices.
▪▪ Enforce fraud strategies in real-time through
business rules that are tailored to the
organization’s risk policies.
▪▪ Consider the device reputation of
your website visitors at the time of the
transaction.
Imperva has partnered with iovation, the world’s leading provider of device reputation
solutions, to help businesses prevent online fraud in real-time. ThreatRadar Fraud
Prevention, an add-on service to the SecureSphere Web Application Firewall,
empowers businesses to verify payment transactions, new account creation, and online
authentication. iovation ReputationManager 360 is now integrated out of the box with
Imperva to stop fraud at key user activity points without requiring up-front IT efforts by
the client and without impacting the customer experience.
Integrated Fraud and Web Application Firewall Management
The SecureSphere Web Application Firewall (WAF) provides powerful custom policies
that can correlate multiple attributes for more accurate attack protection. By combining
fraud prevention with web application security policies, organizations can build fraud
detection rules that analyze factors such as a suspicious web request with device
identification and reputation data provided by iovation to accurately detect fraudulent
transactions. It is easy for organizations to create policies that block fraudulent devices,
monitor devices for a specified period, or redirect users to answer security questions for
identity verification.
Recommended
Decision
Web Servers
Fraud Check
Users
SECURESPHERE
Web Application
Firewall
The Imperva SecureSphere WAF integrates seamlessly
with iovation’s distributed fraud detection servers
to identify suspicious devices and crack down on
fraud rings. As highlighted in the diagram, when a
user accesses a website protected by SecureSphere,
SecureSphere redirects the user’s browser to iovation’s
cloud-based service. iovation identifies the device and
evaluates its history, including associations between
it and other users and devices in iovation’s global
device reputation database. Based on this data and an
organization’s custom business rules, iovation returns
a risk score to the SecureSphere WAF, which can then
enforce security policies.
Detailed Security Alerts and Reports for Forensics
SecureSphere offers clear, comprehensive security alerts out-of-the-box. These alerts,
which capture the full web request, source IP address, and other user details, allow fraud
investigators to analyze fraudulent events with ease. More importantly, SecureSphere can
track the user name of infected clients, making it easy to follow up with compromised
end users. Graphical reports summarize fraudulent activity.
iovation ReputationManager 360
Device reputation from iovation provides a unique layer of fraud
protection. Without impacting the customer experience, iovation
ReputationManager 360 protects against fraud from any Internetenabled device – from PCs, laptops and tablets to smart phones and
smart TVs. At important touch points like account creation, login and
purchase, iovation assesses transactions in real-time to reveal:
▪▪ Unique device recognition – Precisely which tablet, mobile
phone, PC or other device is in use?
▪▪ True device location – Determine where the transaction is
physically originating based on proxy piercing technology.
▪▪ Device anomalies – Are there discrepancies in device
characteristics such as a mismatch between geolocation
time zone and device time zone?
▪▪ History of fraud for this device – Has the device been
flagged for fraud in the past? Have other companies within
or outside your industry verified fraud and abuse events
such as chargebacks, identity theft, and account takeovers?
▪▪ Risky associations – Is the device associated with other
risky devices or accounts?
▪▪ Velocity-based red flags – Is the pace of online activity
suspicious? Measure events over time to track risk from bots
and scammers. Large numbers of accounts created in a day
or an hour could indicate risk.
▪▪ Recommended action – Based on the comprehensive
device reputation and customized business rules, should
the organization accept, review or deny the requested
transaction?
About iovation
iovation protects online businesses and their end users against
fraud and abuse through an industry-leading combination
of advanced device identification, shared device reputation
and real-time risk evaluation. More than 2,000 fraud managers
around the globe leverage iovation’s database of Internet devices
and relationships between them to determine the level of risk
associated with any type of online transaction. Retail, financial
services, insurance, social network, gaming and other companies
make real-time queries to iovation’s knowledge base of more
than 1.5 billion devices from every country in the world. Every
day, iovation stops more than 150,000 fraud attempts.
Imperva SecureSphere Web Application
Firewall
The SecureSphere Web Application Firewall has transformed
the way businesses secure their web applications and data by
automating web attack protection. With patented Dynamic
Profiling technology, SecureSphere automatically builds a model of
legitimate behavior and adapts to application changes over time,
ensuring that defenses are up to date without manual tuning.
As the market-leading Web Application Firewall, thousands
of enterprises rely on Imperva SecureSphere to monitor and
protect their critical web applications and data. SecureSphere
offers businesses a practical and highly secure solution that stops
advanced application threats, automated attacks, and web fraud.
Imperva SecureSphere provides:
▪▪ Accurate protection against web application attacks
▪▪ Reputation-based security to stop automated threats
▪▪ Virtual patching to instantly mitigate web vulnerabilities
▪▪ Pre-defined and custom correlation rules to block multistage attacks
▪▪ Transparent deployment and ultra-high performance
▪▪ Centralized management and reporting
About Imperva
Imperva, pioneering the third pillar of enterprise security,
fills the gaps in endpoint and network security by directly
protecting high-value applications and data assets in physical
and virtual data centers. With an integrated security platform
built specifically for modern threats, Imperva data center security
provides the visibility and control needed to neutralize attack,
theft, and fraud from inside and outside the organization,
mitigate risk, and streamline compliance.
Imperva customers can consider fraud data contributed by other
fraud teams through iovation’s global device reputation database.
www.imperva.com
© Copyright 2014, Imperva
All rights reserved. Imperva and SecureSphere are registered trademarks of Imperva.
All other brand or product names are trademarks or registered trademarks of their respective holders. #SB-TA-IOVATION-0414rev2