July 25, 2016

ThreatRadar IP Reputation for Skyfence: Threat Intelligence for Cloud App Protection

ThreatRadarThe marriage of Imperva ThreatRadar and Imperva Skyfence brings the best of all worlds to risk mitigation for cloud apps: current intelligence data, correlation of activity anomalies with bad-reputation sources, and a robust policy engine.  

Even Gartner unequivocally recommends that customers should ensure that a Cloud Access Security Broker’s “threat prevention features are given appropriate weighting,” especially for sanctioned SaaS apps.  In particular, Gartner maintains that CASBs utilizing security components such as web application firewalls (WAFs), threat intelligence, and analytics should be preferred over other CASBs.1

Thus, the announcement of the integration of ThreatRadar and Skyfence shines the spotlight on the role of threat intelligence as it relates to the CASB space.  It’s an unprecedented integration that ushers in a new dimension for CASB players.

More than just discovery and Shadow IT

Given the relative nascency of the CASB space, up to now, much of the early attention has focused on the discovery of cloud apps being used in organizations, including those not blessed by IT (“Shadow IT”).  As the space has evolved (quickly, I might add), we’re beginning to witness a shift to more proactive risk-mitigation approaches.

What we’re seeing is increasingly more organizations looking for real-time measures to remediate risk.  Discovery is great to give you a “lay of the land” in terms of the risk you’re facing, but at the end of the day, you want to eliminate those risks, not just identify them.

ScreenHunter_986 Jun. 13 14.48

Drill down and get real-time details on access attempts from risky source IPs

Current, accurate intelligence is highly prized

Just about every company looking to protect their sensitive or confidential data covets credible, current intelligence.  Accurate intelligence goes hand-in-hand with data protection.  And these days, that intelligence can come from any number of sources.

Imperva ThreatRadar aggregates data from several sources, including the Imperva Defense Center research team, reputable third-party sources, and customers of Imperva SecureSphere Web Application Firewall (WAF) that can opt in to send anonymized attack data to ThreatRadar.  Types of data tracked by ThreatRadar include malicious IP addresses, anonymous proxies, Tor networks, and content spammers’ IP addresses.

ScreenHunter_990 Jun. 17 10.09

Blocking access from risky IP addresses is easy through a Skyfence Quick Policy

Connecting the dots to CASBs

Building on its market-leading SecureSphere WAF product and leveraging the efforts of one of the industry’s top research teams, ThreatRadar now impacts the fastest growing segment of the security landscape: CASBs.  By integrating with Skyfence CASB, intelligence feeds from ThreatRadar can now be applied to cloud apps. 

Many CASB vendors purport to prevent threats, but only Skyfence integrates intelligence data from multiple sources to augment its rules engine that’s so crucial to securing cloud data.  Whether it’s blocking access or requiring multi-factor authentication, being able to incorporate the latest threat data enables the creation and enforcement of the most accurate policies.

ScreenHunter_989 Jun. 17 10.08

Apply multi-factor authentication on access attempts from risky IP addresses

ThreatRadar and Skyfence are better together

More specifically, what ThreatRadar for Skyfence brings to the table is correlation of activity anomalies and other threat indicators with risky source IPs.  This has the net effect of enhancing data security since Skyfence customers can detect threats to their data more accurately as well as identify new attack vectors before the damage gets out of hand.

Skyfence remediation options include blocking bad IP addresses or requiring multi-factor authentication for any access attempt from sources with bad reputations.  Skyfence also allows for whitelisting of IP addresses.  While whitelisting may not be feasible for everyone, you can still detect malicious source IPs where whitelisting is not a practical option.

ScreenHunter_953 May. 31 15.18

Whitelist trusted IP addresses

Skyfence is in lockstep with the Imperva product suite

The integration with ThreatRadar is the latest step in the evolution of Skyfence, following in the footsteps of the integrations with Imperva Incapsula and Imperva CounterBreach.  Being delivered through the Incapsula service, Skyfence is able to leverage the benefits provided by Incapsula, namely, DDoS protection and reduced latency when accessing cloud apps.  And through CounterBreach, organizations can get a centralized view of all anomalies and threats across cloud apps, databases, and files.

As a result of these seamless integrations, Skyfence now offers the most extensive set of enterprise-class capabilities to protect data and applications without sacrificing performance. More than just a point solution, the Skyfence CASB enables you to get more value out of your cloud security investment.

Learn more about the integration of Skyfence and ThreatRadar and how you can refine your data security policies even further.


1Gartner, “Select the Right CASB Deployment for Your SaaS Security Strategy,” Craig Lawson, Neil MacDonald, Sid Deshpande, March 12, 2015.

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.