DEVOPSdigest

Imperva launched Imperva Serverless Protection, a new product built to secure organizations from vulnerabilities created by misconfigured apps and code-level security risks in serverless computing environments.

Designed with the developer and security team in mind, the new product is easily deployed as an AWS Lambda layer, protecting functions without changing code.

Built on Amazon Web Services (AWS), Imperva Serverless Protection is a fully integrated tool within AWS Lambda Extensions. The integration gives developers faster access to the new Imperva offering to provide an additional layer of security for their AWS Lambda environment. This latest innovation from Imperva adds to the company’s solutions for protecting applications in all their forms: legacy, APIs, microservices, and serverless functions.

“We see hundreds of thousands of customers of all sizes embrace serverless applications to quickly deliver value to their customers,” says Holly Mesrobian, General Manager, AWS Lambda, AWS. “The Imperva extension enables customers to easily embed additional security in their DevOps processes for serverless applications with just a simple configuration change.”

Developers are increasing adoption of serverless functions that offer lower costs, less configuration and faster deployment. However, “through 2022, 80% of successful attacks on serverless [platform as a service] PaaS will have a root cause of misconfiguration or the use of known vulnerable code due to immature tools and processes,” writes Neil MacDonald, Vice President, Distinguished Analyst, Gartner, in the March 2020 report, “Security Considerations and Best Practices for Securing Serverless PaaS”1. He adds, “New approaches and techniques for securing serverless will be required and should be designed using a life cycle approach, starting in development and carrying through into operations.”

Imperva Serverless Protection offers market-differentiated capabilities to help organizations manage the complex security risks that emerge in serverless functions.

- Protection against malicious activity: Purpose-built for serverless computing, Imperva uniquely enables a positive security model that provides protection against malicious changes, like zero-day exploits, within the function. Deployed as an AWS Lambda layer, it can be deployed once and applied to multiple AWS Lambda functions.

- Visibility and protection from internal and external code vulnerabilities: Imperva Serverless Protection secures serverless functions from vulnerabilities embedded in first and third-party code -- the underlying risk factor that can trigger a software supply chain attack. It effectively monitors and blocks vulnerabilities without elaborate or manual steps involved.

- OWASP Serverless Top 10 coverage: Imperva Serverless Protection offers protections from misconfigurations, code-level risks, injections and weaknesses. It stops HTTP response splitting and method tampering, code injection, and other complex threats. It also monitors for insecure cookies and transport, logging of sensitive information, unauthorized network activity, weak authentication, and other potential vulnerabilities.

- Deep visibility into security incidents at the application layer: Imperva Serverless Protection runtime monitoring gathers log-level information to provide forensic detail so security teams can fully understand the context of every attack with virtually no impact on latency. It also identifies and maps third-party dependencies used during runtime.

“Traditional security technologies are not designed to get visibility into and provide protection for ephemeral workloads like serverless functions. Customers require the combination of protection at the function, contextual awareness, and high performance. Additionally, customers are not interested in modifying their workloads or changing code to support security functions. Imperva Serverless Protection was created exactly to solve these needs,” says Kunal Anand, CTO, Imperva. “With Imperva Serverless Protection, DevOps and SecOps teams have a powerful new capability to stop serverless attacks.”