Tired of keeping up with security alerts from your system? Worried that your Security Operations Centre (SOC) is getting deluged in low-level reporting? Fear not: Imperva has produced an aggregator aggregation product that sits over the top of all your other alert-generating security software.
The Imperva Sonar platform, billed by the firm as wiping out “the need for siloed point solutions,” hangs above Security Orchestration, Automation and Response (SOAR) and Security Information and Event Management (SIEM) products, the idea being to reduce the number of different things that your company’s SOC needs to keep an eye on.
Chris Waynforth, Imperva’s Northern Europe veep, told The Register: “This is the first unified solution, the unified view for those security-conscious organisations. And that’s quite a critical phrase in my mind, because not everyone cares about that.”
Off the cuff, he added: “We’ve all been in this job long enough, right? The amount of times we’ve probably heard ‘it’s a single pane of glass’ or ‘one dashboard to rule them all’.”
Mandy Rice-Davies’ infamous witticism applies here, but we gave him the benefit of the doubt.
At the Sonar product’s heart is a dashboard, which unites, or so the company said, “security performance metrics, attack analytics and suspicious traffic for easy investigation”, adding in the blurb: “Advanced analytics provide visibility to two of the most challenging information security blindspots: the applications where breaches most often originate and the data most targeted for theft.”
These break down into three broad categories of attack surface: the edge, data (as in databases, including cloud-based ones), and applications.
Aside from that, it also brings denial-of-service attack protection through its content delivery network, as well as Imperva’s traditional web app security stuff going back to the firm’s securing-your-data centre origins. This includes the ability to sniff out bots that are abusing Application Programming Interfaces, to be fair, a useful trick in today’s enterprise landscape.
If this sounds a bit like a SIEM-plus product… well, you’d be wrong, Waynforth reckoned. Rather than hoovering up absolutely everything mildly suspicious on the network, Sonar is supposed “to tell [the SOC] where we should be looking, and actually doing the correlation, rather than relying on all of that [network] information flowing up into the SIEM layer, [where] it has to be then somehow compressed and correlated.”
Imperva isn’t the only company to make a fresh pitch for the ever-expanding SIEM market: a couple of years ago Amazon wheeled out its AWS-specific Security Hub. Earlier that same year, Microsoft did something broadly similar for its Azure cloud, though Imperva’s product is on-premises in terms of focus rather than cloudy.
2019 was a busy year for Imperva, and not because it was acquired by private equity types at Thoma Bravo for $2.1bn, which promptly delisted it from the NASDAQ: the firm also disclosed that its own cloudy firewall had been breached the year before, with malicious people gaining access to an AWS database containing customer emails and (hashed and salted) passwords. Best hope it has learned from that. ®