Imperva launches Sonar for unified enterprise security analytics

Cybersecurity cloud company Imperva today launched its Sonar platform to help enterprises manage attacks across applications, data, and the edge by automating their workflows and accelerating incident responses. Imperva Sonar uses ML to surface key risk areas and offers single-action resolution capabilities to streamline enterprise IT team efforts.

According to materials Imperva provided, the company’s internal research lab found that data leakage attacks — incidents involving data erroneously being transferred from an enterprise’s internal network to an external network — jumped 93% over the course of 2020. Imperva Sonar looks to fill gaps in the data lifecycle, or how sensitive data is accessed, by providing visibility into IT environments, whose multi-cloud application environments and alternative API ecosystems have grown increasingly diverse — and complex.

In an interview with VentureBeat, Imperva product marketing VP Matt Hathaway explained that the goal is not just to reduce the number of security providers an enterprise uses, but also to streamline the number of consoles and sources of truth. He said companies may see traffic across some user endpoints by looking at patterns and analytics across very different use cases and getting rid of a lot of point products that don’t have context. “The lateral movement brings them to databases, and so piecing all of that together is a real challenge … we add context so that they can investigate and detect,” he added.

Imperva Sonar’s three security vectors exist at the edge, data, and applications. And the company’s main focuses for the edge vector are twofold. First, the platform uses load-balancing and cache management to make websites run and access information more quickly. Second, it supports distributed denial-of-service (DDoS) and domain name system (DNS) protection on its content delivery network.

The applications vector aims to deconstruct advanced attacks with a unified web application and API (WAAP) protection solution that combines a firewall, runtime protection, bot protection, client-side protection, and API security. The runtime protection, for example, analyzes micro-services to identify which part of an application is high risk and potentially connected to the outside world. According to Hathaway, Imperva has been able to use these tools to protect the newer, cloud-distributed application types that have arisen in the last five years.

The data vector is centered around classifying and protecting critical data, with security across the database and cloud, along with providing data risk analytics. “At the data side, it’s very much about activity because the number of accesses to your databases that are more and more distributed in a very hybrid way on-premise in the cloud, multi-cloud, having one central place to really get that pattern recognition is key,” Hathaway said.

Imperva is focusing on applying analytics and hosting a central security space across all of an enterprise’s databases and environments. It’s also incorporating Snowflake, other more advanced data stores, and NoSQL, along with semi-structured databases.

“The focus is no longer the traditional on-prem structured databases,” Hathaway said. “That’s where we also play a great deal of automation and response to be able to take action for an activity.” Imperva also built its own proprietary data lake to structure and live-audit data.

Imperva has already opened the Sonar platform’s beta version to select enterprise users. This launch corresponds with rising enterprise security threats, including the recent cyberespionage attack that springboarded off SolarWinds to target federal government networks.

Hathaway said that while SolarWinds was highly sophisticated, its supply chain attack structure wasn’t new, suggesting that some websites often have 20 or 30 JavaScript instances they don’t write that work as commodity malware to take credit card information, for example.

Hathaway said automated attacks have been the biggest rising attack vector, complicated by the presence of more sophisticated bots. “We’ve already seen a trend up since last year, when I think in some analyses we had 85% of all traffic [attributed to] bots again.” He said not all are malicious, but “having a good approach and a good way of analyzing that is huge.”