C A SE S TUDY

Cloud Video Company Protects Website, Passes Audits with Imperva

22

C A SE S TUDYCloud Video Company Protects Website, Passes Audits with Imperva

Customer

Brainshark, Inc. Waltham, MA

Requirements• Improve security posture• Increase responsiveness to

security events• Provide clear, detailed alerts for

security violations

Solution

Imperva SecureSphere Web Application Firewall has improved Brainshark’s security posture, ensuring marquee customers that its applications are safe.

Bottom Line• Brainshark has streamlined

customer- driven vulnerability assessments

• The security team has gained greater visibility into Web application usage

• Web applications are safeguarded without slowing down application development cycles

Overview

Brainshark, a cloud-based software developer headquartered in Massachusetts, is setting the standard for creating, sharing and tracking video presentations online.

With thousands of customers, including a third of the Fortune 100, Brainshark has enjoyed remarkable growth over the past decade. Brainshark’s customers have come to depend on its services to build high-quality training presentations, marketing webinars, and e-learning and sales enablement videos. Customers have high expectations for Brainshark—its online service must be reliable, highly-available, and secure. In fact, several marquee customers have even mandated that Brainshark perform regular application vulnerability assessments.

To meet customers’ demands, Brainshark engaged third-party consultants to perform vulnerability assessments. The consultants found that some of Brainshark’s applications contained cross-site scripting (XSS) vulnerabilities. This is not surprising—according to a study conducted by the Web Application Security Consortium of 12,186 Web applications, 96% contained urgent or critical vulnerabilities. And XSS is the most widespread vulnerability, according to the study.1 Implementing code changes in order to resolve these types of vulnerabilities in a software-as-a-service environment poses challenges. Any change in code can affect all customers; therefore each change needs to be subjected to a proper quality assurance cycle. The time between a vulnerability being found and mitigated needs to be as short as possible. A Web Application Firewall would allow Brainshark to mitigate the vulnerability until a code change can be properly implemented.

Jim Long, the Director of IT at Brainshark, realized that a Web Application Firewall could help secure the company’s Web applications, but the existing Web Application Firewall that Brainshark had in place, and particularly its learning engine, wasn’t up to the job.

Imperva SecureSphere Exceeds Security Requirements

After several months, Jim decided to look at other Web Application Firewall solutions. When he and his team evaluated the Imperva SecureSphere Web Application Firewall, they were impressed. According to Jim, “There were light-years of difference between Imperva and other solutions.” The Imperva patented Dynamic Profiling immediately started learning the application structure and elements. And SecureSphere’s flexible deployment options allowed Brainshark to pilot the product in non-inline sniffer mode and then move it to inline bridge mode in production.

One of the most striking differences, from Jim’s perspective, was SecureSphere’s dashboard and security alerts. SecureSphere alerts displayed the full Web request, the Web server response code, and other event details such as the type of violation and the time and day. Alerts even highlight the exact string that triggered the violation, making it easy for Brainshark’s security team to investigate security events.

1 Web Application Security Statistics Project, Web Application Security Consortium

3

C A SE S TUDYCloud Video Company Protects Website, Passes Audits with Imperva

“Imperva SecureSphere improved our security posture. We saw dramatic results after we implemented SecureSphere.

SecureSphere stopped application attacks— helping us to pass our security audits—and provided us

greater visibility into our Web applications.”

JIM LONG, DIRECTOR OF INFORMATION TECHNOLOGY, BRAINSHARK

Granular security policies allowed Brainshark to define specific policies to block unauthorized activity. SecureSphere supported custom policies with over two dozen match criteria, including signature and profile violations, user name, IP address, URL, header values, and number of occurrences. In addition, SecureSphere supported policy exceptions. This enabled Brainshark’s engineers to ignore individual SQL injection signatures without disabling all SQL injection protection. Alternative Web Application Firewall solutions “just allowed us to turn protection on or off,” Jim said. “Imperva offered more control. We could adjust security settings to prevent false positives.”

SecureSphere Deployment Streamlines Web Security Audits

After purchasing Imperva SecureSphere, the security team wanted to make sure it was configured according to security best practices. Brainshark wanted to get the most out of its Web application security investment. Brainshark opted for a five-day professional services engagement. According to Jim, the engagement was extremely valuable. The Imperva professional services consultant configured SecureSphere’s fail open interfaces and optimized settings. In addition, the consultant configured rules to mask sensitive data from being displayed in log messages.

More importantly, the professional services consultant provided high-level product training and assistance, empowering the Brainshark security team to better manage the SecureSphere appliances. From Jim’s perspective, “The professional services and technical support engineers at Imperva have been extremely knowledgeable and helpful.”

After deploying the SecureSphere Web Application Firewall in production, Brainshark underwent a Web security audit. To meet customer requirements, Brainshark engaged a third party to perform a rigorous Web application vulnerability assessment. This assessment was performed over a two week period using both automated test tools and manual penetration tests. SecureSphere was able to block nearly all application attacks. The main issues uncovered by the test tools were application configuration problems like non-expiring passwords and unencrypted form data.

44

C A SE S TUDYCloud Video Company Protects Website, Passes Audits with Imperva

imperva.com

© 2014, Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula and Skyfence are trademarks of Imperva, Inc. and its subsidiaries. All other brand or product names are trademarks or registered trademarks of their respective holders. IMPV-CS-Brainshark-0116-v1

Brainshark’s security team is very satisfied with the SecureSphere Web Application Firewall.

It offers accurate Web protection, granular security policies, and clear, comprehensive security alerts. “SecureSphere not only stop malicious activity, but it provides us visibility into how customers are interacting with our Web applications,” said Jim.

“With SecureSphere, we can immediately identify and block security threats.”

Brainshark’s application development team was able to easily address the handful of low severity vulnerabilities uncovered by the security consultants. As a result, Brainshark quickly passed its application security audit. Brainshark’s top customers now had assurance from objective third-party experts that Brainshark’s application is safe.

Visibility into Application Abuse and Errors

The SecureSphere Web Application Firewall blocks a myriad of attacks targeting Brainshark’s site. SecureSphere is configured to send email alerts for high severity events like cross-site scripting and SQL injection. Jim can also log into the SecureSphere console and reviews medium or low priority alerts. Reviewing these lower severity events allows Brainshark to detect Web application errors and improper application usage. For example, SecureSphere helped Brainshark’s security administrators detect a number of spiders that were crawling its site for images. One agent was crawling the Website every ten minutes to illicitly scrape images. In addition, SecureSphere detected comment spam on its online blogs. Security engineers were able to stop the unauthorized access and the comment spam through custom rules based on browser agent name, header value size, and other criteria.

SecureSphere also helped Brainshark identify application errors and security issues. For example, it detected illegal byte code errors and invalid HTTP versions. Brainshark’s application developers can directly log into the SecureSphere console to review any application irregularities. SecureSphere’s detailed security alerts make it easy for developers to investigate and understand application issues.