The TOE is Imperva SecureSphere 9.0, it is categorized as an IDS/IPS type product. Imperva SecureSphere 9.0 protects file, Web and database servers by analyzing network traffic flowing to and from protected servers and applications, detecting requests that may be indicative of intrusion, and reacting by reporting the events and/or blocking the suspected traffic. In addition, SecureSphere 9.0 provides a Database Discovery and Assessment (DAS) capability for scanning databases for vulnerabilities and policy violations.
\r\nThe Target of Evaluation (TOE) is the Imperva SecureSphere 9.0 software running on two or more Imperva appliances. The TOE is deployed as one or more Gateway appliances controlled by a MX Management Servers. Servers may in turn be managed by a SecureSphere Operations Manager (SOM) Management Server. Administrators connect to the Management server using a standard Web browser.
\r\nThe claimed security functionality described in the Security Target is a subset of the product's full functionality. The evaluated configuration is a subset of the possible configurations of the product, established according to the evaluated configuration guidance.
\r\nThe security functionality within the scope of the evaluation included intrusion detection and prevention, matching traffic against configured policies and providing recording, analysis and reaction capabilities; cryptographic operations; identification and authentication; security management; auditing; trusted path and Protection of the TSF.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the TOE is EAL 2 augmented with ALC_FLR.3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Several validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2012. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Imperva SecureSphere 9.0 prepared by CCEVS.
","environmental_strengths":"Imperva SecureSphere 9.0 is focused on network security where TOE appliances detect inappropriate network usage based on all aspects of the network data including the content, source, destination, application, and all aspects of the communication channel. The TOE is used to prevent intrusion of attacks and to prevent the transmission of sensitive data, either as a result of an attack or insider threat, it provides tools to view and analyze the detected activity results and to issue alerts of significant events. The TOE provides security functionalities that include intrusion detection and prevention, as well as security management, audit, identification and authentication and protection of the TSF.
","features":[]}