Imperva Cyber Community

Both Threatradar and ADC are used to keep the WAF up to date against attacks, but it seems like Imperva intends for them to have slightly different roles.

From the User Guide: "By transmitting attack source feeds in near real time to SecureSphere WAFs, ThreatRadar can quickly and accurately
stop malicious users before an attack can be launched."

And: "The security and compliance experts at Imperva's Application Defense Center (ADC) ensure that SecureSphere is
always up-to-date with the latest defenses against new threats, as well as the most recent regulatory compliance best
practices."

Is there a workflow regarding Threatradar and ADC?  It looks like an update will be sent first via Threatradar, and then later removed from Threatradar and sent via ADC.  I have the impression that updates sent via Threatradar are temporary while updates sent via ADC are permanent, or at least meant to be.  I say this because the Threatradar dictionaries are not very big -- things don't accumulate there.

Do I have a correct understanding of the workflow?

Thanks!

#On-PremisesWAF(formerlySecuresphere)

------------------------------
Ai Wen Lee
Security Developer IV
Charles Schwab & Co. Inc.
Littleton CO
------------------------------

Hello Ai Wen Lee,

You are correct.

To clarify, there are multiple feeds within ThreatRadar that serve various purposes - but the one you are referencing is the ThreatRadar Emergency Feed.

The ThreatRadar Emergency Feed is intended to be an agile stop gap until the signature is added to the ADC updates.

ADC updates occur approximately every 2 weeks. 

------------------------------
Jaired Anderson
Imperva
------------------------------

Original Message:
Sent: 06-05-2023 14:29
From: Ai Wen Lee
Subject: Threatradar and ADC

Both Threatradar and ADC are used to keep the WAF up to date against attacks, but it seems like Imperva intends for them to have slightly different roles.

From the User Guide: "By transmitting attack source feeds in near real time to SecureSphere WAFs, ThreatRadar can quickly and accurately
stop malicious users before an attack can be launched."

And: "The security and compliance experts at Imperva's Application Defense Center (ADC) ensure that SecureSphere is
always up-to-date with the latest defenses against new threats, as well as the most recent regulatory compliance best
practices."

Is there a workflow regarding Threatradar and ADC?  It looks like an update will be sent first via Threatradar, and then later removed from Threatradar and sent via ADC.  I have the impression that updates sent via Threatradar are temporary while updates sent via ADC are permanent, or at least meant to be.  I say this because the Threatradar dictionaries are not very big -- things don't accumulate there.

Do I have a correct understanding of the workflow?

Thanks!

#On-PremisesWAF(formerlySecuresphere)

------------------------------
Ai Wen Lee
Security Developer IV
Charles Schwab & Co. Inc.
Littleton CO
------------------------------