Author: Impervia
Oct, 09th 2014

In this webinar, Carrie McDaniel and Pravin Rasiah, respectively Product Marketing Manager and Senior Product Manager at Imperva, will talk about security in the cloud. They will cover the cyber threats online applications face, how traditional technologies such as firewalls and IPSs fall short of protecting them, how Web Application Firewall technology is the right approach, and the benefits of Imperva SecureSphere WAF for AWS.



[Andrea] Hi. Hi everybody and welcome to a new Cloud Academy Webinar. I am Andrea. I'm the head of Content Strategy here at Cloud Academy. And I am your host today for this webinar together with our two distinguished guests, Carrie McDaniel and Pravin Rasiah. Respectively Product Marketing Manager and Senior Product Manager at Imperva. Hello and welcome Carrie and Pravin and thanks very much for joining us.

[Carrie] Hi, thank you. - [Pravin] Thank you. - So today we talk about security in the cloud. Imperva is one of the biggest players in the field. Actually it is the only leader in the 2013 Magic Quadrant for Web Application Firewalls by Gartner. So who is better than them to talk about security? It's a complex issue. Security is a very complex issue that any company needs to take seriously to protect its own data and its customer's data. It's also a quite wide and broad topic with many facets, many different problems to tackle.

So in this webinar, Carrie and Pravin will allow us better understand the cyber threats from cloud point of view. Showing us why firewalls and VPSs fall short and why web application firewall technologies like Imperva SecureSphere are the right approach to protect cloud infrastructure in your application. But I don't want to steal a minute more to our guests, because the argument is so important and engaging.

But first I want to remind you all that you can start asking questions right now in the chat. I'll pick the best ones for the question and answer session that we will have in the end. So Carrie, the floor is all yours.

Thank you. Hi everyone and thank you so much for joining us today. My name is Carrie McDaniel. I'm on the Imperva product team and with me I have our Product Manager, Pravin, who will be on the help answer any, maybe more technical questions that anyone has during today's session. So, today's presentation is an introduction to Imperva's Web Application Firewall for applications that are being run on Amazon Web Services. We'll start the presentation by talking briefly about Imperva and what we do as a company. Then I'll talk about the number of data breaches that we've seen in recent years, and how traditional technology stacks up against today's advanced cyber-attacks. And we'll also introduce you to the capabilities of WAF technology. At Imperva we're seeing that a lot of our customers are moving their web applications to the cloud.

So I'm going to talk a bit about why organizations are doing this and also about our SecureSphere Web Application Firewall or WAF for AWS, which like Andrea mentioned is the only Gartner Magic Quadrant leader for web application firewall. And to finish up I'll talk briefly about a test drive for our SecureSphere WAF that you can go ahead and try out on your own. So I'll talk a bit about the use cases that we're showcasing in our AWS test drive. So with that, I'd like jump into a bit about Imperva as a company and what it is that we're focused on. At Imperva we see that businesses spend a lot of money on security. And, despite that, breaches are still happening every day. We're seeing this because threats and attackers have vastly evolved over the past decade.

But we're seeing that investments in security technology from organizations really hasn't evolved that much. We used to see that viruses and amateur hackers were the main problem, and being able to block these types of intruders with pinpoint and network security was sufficient. But things have changed and today's enterprises are more open. They're functioning more and more online. And it gives almost anyone help-yourself-access to the assets in the data center. We're seeing that governments, organized criminals, and hacktivists have really displaced these pranksters. And they're targeting critical applications and data with, you know, very sophisticated, very frequent, and large-scale attacks. And despite that, organizations are still using solutions that were really designed for yesterday's big problems.

Employee and network defenses are very much strained by the new realities we're seeing. And we really do see proof in the headlines. Despite, you know, major investments in the latest antivirus, intrusion prevention systems, and next-generation firewalls, organizations are getting hacked every day. You know, we recently have heard a lot about, you know, Home Depot and J.P. Morgan Chase and other organizations that are experiencing these advanced attacks. You know, other industry experts also acknowledge that network security solutions like Next Generation firewalls are necessary, of course, they're part of the security portfolio, but there really insufficient.

So at Imperva we see, we view pinpoint and network security as the first and second pillars of enterprise security, but you can't conduct business safely without the third pillar, which is data center security.

Rather than trying to secure devices or networks, data center security adds a layer of protection in the data center that directly surrounds your web applications and data assets, like your file storage systems and databases that are very vulnerable to attack, data theft and fraud. So we believe this is what organizations must have at a time where web applications open your data center up to everyone. And modern threats are coming from both outside and inside the organization. Over half of all organizations have experienced a web application breach in the past year. And the majority of these incidents led to severe financial losses for the targeted companies. Pretty much every security professional has read the news stories, you know, from the wave of hacktivist attacks that took place in 2011 that brought down dozens of corporate and government sites. You know, we saw DDoS attacks in 2012 that disabled major US banking sites. And there's also several massive web breaches that resulted in, you know, millions of compromised passwords and credit card numbers and other types of personally identifiable information. In these cases hackers very easily moved around network security defenses like firewalls and IPS systems to take down very popular websites.

Since web applications are an essential part of business operations it's important to protect them, because they are also a top target for attack. Web attacks like SQL injection and cross site scripting are, you know, commonly used in some of the most major security breaches that we've seen.

And you can see in this chart here that that 2012 is a record year, and overall this is trending upward. Like I mentioned, the front landscape has changed dramatically over the past decade from pranksters to very sophisticated operations. Today governments, the first one here, are seriously engaging in cyber espionage and that's resulting in the loss of intellectual property and other types of valuable data that keeps companies competitive. They're motivated by policy, politics, and nationalism, typically. And they generally will use targeted attacks, which we sometimes refer to as APT as their preferred method. Organized crime uses some of the exact same methods, targeted attacks in particular, but they have different motivations. They're typically financially motivated, and they have learned from the government and cyber espionage organizations how to be more effective in their attacks. So we're seeing a lot of targeted attacks from organized crime and also a lot of fraud.

The motivation for hacktivists is almost always political or ideological. Their primary method of attack is usually a targeted attack that they use to steal embarrassing data or jeopardize corporate infrastructure and then sort of release it or expose it out the world. And if that fails they move to another approach, which is denial of service, which is, you know, one method of attack we've seen more and more. And sometimes they actually use DDoS first as a distraction technique for what really may be going on, what other types of attacks could be really going on in the background. When it comes to protecting your web applications from these kinds of threats, what we're showing here on this slide are critical defenses that are really required to prevent technical attacks, business logic attacks, and fraud. The most critical capability of any web application firewall is accuracy.

There are some user activities that are obviously bad that need to be blocked. And there are also some activities are clearly okay, and should be allowed through. The hard part is dealing with that gray zone, things that aren't clearly bad or clearly good at first glance. So a WAF needs to be accurate, especially in this gray zone so that it can stop hackers, but also let your customers, your partners, or your employees through. And the best way to deal with that gray area is by inspecting web application traffic at multiple layers and then correlating across the layers. If you think about technical attacks that exploit application vulnerabilities through methods like SQL Injection and cross site scripting, you need to be able to understand what's normal activity, and then what's considered unusual activity.

And to do that, a WAF needs to learn applications by profiling you. And that learning needs to be ongoing, because web applications are always changing, they're always evolving. So that learning needs to be dynamic. And that is what, here we have dynamic profiling listed, that's what that provides. And of course you also need to look for in stock known patterns of behavior using attack signatures. A WAF also needs to be able to identify when something is wrong with the HTTP mechanics. You know, which can answer questions like, is someone tampered with the protocol, with the cookies? For example is someone trying to hijack a user session? And again to address technical attacks, you need to look at those layers and correlate across them. The same holds true for attacks on the business logic of applications via site creeping, or comment spam, or application level DDoS. And that is why it is important to have a WAF that has IP reputation awareness and also bot identification and mitigation capabilities, so that it can recognize known malicious users or automated bots before they have a chance to either scrape your site content or to form an attack.

And lastly here WAFs should help prevent fraud by detecting user devices that are infected with malware that may be suspicious, or have performed fraudulent transactions in the past. And correlating across all of these defensive layers using predefined and custom policies is what delivers that really accurate attack protection. Gartner started this conversation in 2013 with the release of its Magic Quadrant for Network Firewalls.

In the report they clearly state that next-generation firewalls are used to control external applications, and they make the distinction here that web application firewalls are used for organizations critical internal web applications. So let's take a look at that same slide, but in a different way, which shows here that if you compare WAF defenses to network security products like next-generation firewalls or IPS solutions, the differences here are pretty clear. First and foremost these network security products don't have a dynamic profiling capability. And the critical point here is that that means that they don't have the ability to learn the elements or the expected usage of the applications that they're protecting. And if you're not doing that, these products typically suffer from a pretty high rate of false positives and negatives, because they're relying on static signatures or known attacks. This means they don't deal well that gray area that I mentioned earlier. And if your security product is inaccurate, it's going to block legitimate users with false positives, and let hackers pass with false negatives. By relying heavily on signatures, like these devices do, it also means that they're susceptible to the signature evasion techniques like encoding and enumeration which can really elude their signature pattern. And then in addition to that, they don't offer cookie or session protection. They're not able to stop business logic attacks like site creeping, brute force, and comment spam. And they're not able to prevent web fraud. And then, lastly, they don't have the ability to offer, you know powerful correlation engines that can accurately stop SQL injection, cross site scripting, or other types of advanced cyber-attacks. And in fact a lot of other WAF vendors don't offer these either, and their WAFs are considered inferior as a result. One way to get a really good sense of what customers are facing out there is look at the OWASP Top 10. The Open Web Application Security Project, also known as OWASP, their top 10 report represents the most critical web application security risks, and these risks were identified by a very broad consensus of web applications security experts from around the world.

And the OWASP Top 10 has become a de facto standard for web applications security across the globe. So their report for 2013 show that the top 10 risks include SQL injection, cross site scripting and cross site request forgery as some examples. So if you were to put next-generation firewalls and IPS systems to the test, you'll see that they only address, and only partially, 40% of this list, which leaves a significant gap that's really exposing businesses to breaches and brand damage, and the mitigation of these things is very costly. Only a web application firewall can fully address 100% of the most critical risks that are shown here and that are faced by web applications. So one example of a dangerous gap in enterprise web application security is shown here in the OWASP threat number two which is broken authentication and session tampering. So here hackers modify the parameters encoded in an application's URL, and are doing that they can hijack someone else's application session maliciously. And that's something that a WAF can detect and protect against, but it's invisible, this type of threat is invisible to next-generation firewalls and intrusion prevention systems. So hackers that are going after web applications have become more industrialized and well-armed.

So they often launch the same attack repeatedly, and they do that across multiple target sites. And they do that using networks' remotely controlled bots.

Threat intelligence comes into play in stopping these automated attacks, and providing what we call an early warning system. So in our research here at Imperva, we found that it's common for a small group of attack sources to be responsible for the majority of attacks.

So it's typically an 80/20 situation. 80% of the attack traffic across a range of websites is usually generated by 20% of the attackers which is pretty significant.

So if you can get your sights on attackers, especially these repeat offenders, you're going to have a lot of leverage in preventing attacks. The kind of threat intelligence that we have found most valuable is near real-time saves that a WAF can leverage to augment what it is seeing first hand. So, for example, intelligence about the IP addresses of known attackers, or the geographic location of users, and whether users are trying to hide their real IP address or coming through on anonymizing servers like the Onion Router or Tor. If you combine these elements together with other layers of attacks protection, a WAF can respond even better to cyber threats. We also see tremendous value and potential in crowd sourcing threat intelligence. In our case there's been a very positive network effect from our large install base. And businesses using our WAF contribute to a community where they share their attack information. Where we take it, we anonymize it, analyze it and then add our own intelligence on top of it. And then what we do is, we feed it back into our community members so that they can defend against emerging threats that are headed their way, which are typically coming from, you know, maybe 20% of attackers.

Gartner has continued their research on web application firewalls versus more traditional technologies. And they put out a report dedicated to web application firewalls and the values that they bring to organizations. And again here, they differentiate web application firewall technology from more traditional technology. Saying that WAFs protect against the enterprises customer web applications, protect the enterprises customer facing web applications against web attacks in a much more granular level.

Now when we think about web applications it's easy to picture them being on-premises. So this slide is interesting, I mentioned that Gartner recently released their Magic Quadrant for Web Application Firewalls which really proves, you know, what we talked about earlier. That the SecureSphere WAF is the only solution featured in the leader category. And the leader's quadrant contains vendors that have had the ability to really shape the market by introducing additional capabilities in their offering, and by raising awareness of the importance of those features. And by being first to do so, and our ability to meet enterprise requirements for different use cases has placed us in this quadrant. So at Imperva we see that organizations all over the world are migrating their IT infrastructure to the cloud and it's pretty easy to see why. Cloud computing allows organizations to avoid the time and expense of building an on-premise data center and when companies move to the cloud they can deploy their applications faster, and they can scale their application deployments on demand which accordingly lowers operational costs. For the same reasons that we talked about earlier, if your organization plans to move applications to the cloud, you also need to move your application defenses there too. And this is because web applications that are hosted in Amazon, they face the same security risks as on-premise applications. Most businesses recognize this risk and are looking for ways to secure their cloud infrastructure.

By not migrating your security to the cloud you expose your organizations to web attacks, data theft and fraud. And sometimes we see that the cost savings that organizations hope to gain from cloud computing can quickly evaporate and become replaced by expensive breach investigation costs, and downtime, and potentially lawsuits. So one question that we get a lot is, doesn't Amazon provide application security? And the answer to this is that Amazon provides security groups or firewall technology for servers. Firewalls do, like we mentioned, do not focus on Web application security because they're deployed at the network perimeter. And just as the firewall that you have in your organization can't stop a web application attack, the same holds true for the firewalls that Amazon is running for their public cloud. As a result we developed our industry-leading WAF to run on Amazon Web Services. The SecureSphere for AWS combines multiple defenses to accurately pin point and block attacks without blocking your customers. And all of those critical capabilities like dynamic profiling technologies which automatically builds a whitelist of acceptable user behavior is there, is running natively on Amazon. And we also offer correlated attack validation to correlate dynamic profiling violations with other suspicious activities, so that we can block attacks with precision and accuracy. Because our solution is specifically designed from leverage made of AWS infrastructure capabilities, it not only delivers those superior WAF capabilities, but it also detects high bandwidth needs and can scale up or down as your organization experiences fluctuations in your application traffic volume. And the benefit here is that customers can quickly deploy us in the cloud and pay only for what they need without having to buy or maintain hardware. So let's talk now a bit more in depth about these key AWS capabilities. - So by integrating with AWS technologies, it allows companies to really take advantage of all of the benefits of cloud infrastructure. So for example using cloud formation and auto-scaling, organizations can quickly scale up or down as needed based on traffic. And we also leverage the Amazon CloudWatch to track the status of SecureSphere instances. So, for example, when CloudWatch detects problems like a sudden spike in throughput, or maybe high CPU utilization, new SecureSphere server instances can be launched as needed. So companies can also use very simple JSON based templates to define settings for AWS like elastic load balancing, elastic IP, Amazon virtual private clouds, S3 as well as import/export across availability zones and in different regions. So companies with these capabilities can rest assured that failover server instances will be rerouted to new physical sites and because our WAF is native to AWS, the SecureSphere can reroute traffic to different availability zones to support any disaster recovery plans that your company may have a place. So next what I'd like to do is to talk about a customer that we have that has had a lot of success using our WAF running on AWS. And this customer, like a lot of companies that we see, you know, they're taking a hard look at their data centers and they often determine that is more cost efficient to move their web applications to the cloud.

So for advanced digital media and online gaming companies, a move to the cloud made a lot of sense because they were anticipating a major product launch. They were expecting to sell a million units of the new gaming console and they wanted to host their e-commerce and authentication applications in AWS. It had a lot of appeal to them. Because in doing so, they could lean on the bandwidth, the scalability, and ease of use of AWS rather than investing the time and money into upgrading their physical data centers. The company, though, had serious concerns about the security of their applications in a public crowd environment, especially with their upcoming high-profile product release. So for this organization customers have pretty high expectations, you know, its online service needs to be reliable, highly available, but also secure. So delivering services in the cloud exposed the company to web attacks and without question they wanted ironclad defenses in place before they launched.

Without protection for their AWS app, they wouldn't have been able to launch in time for the holiday season. So the company was using Imperva to protect its on premise data center and they knew that they our technology in the cloud too. Because SecureSphere WAF supports cloud formation templates they were quickly and easily able to scale up to 120 gateways during the peak holiday season. And then they had the ability to scale right back down after that peak. And they were protected from SQL injection attacks that occurred right away during lunch weekend. So by running SecureSphere for AWS they were able to replace that upfront capital expense with low variable costs. They scaled the WAF across the globe with high-availability without purchasing additional software or setting up any additional data centers to support their major release, or to account for the increased holiday traffic. So they were able to increase their operational efficiency because, by introducing AWS network server and storage extraction, which really reduced the complexity of their environment. And with accelerated deployment capabilities the team is able to manage their AWS environment with just two full-time employees which allows it to cut costs and allows them to focus on other high priority projects. So in contrast to upgrading the company's physical data center to handle a product launch of this scale, which could take months, but, you know, this solution gives companies, you know, industry-leading WAF protection for applications in a matter of minutes. So here at Imperva we're passionate about protecting organizations from all types of web threats from malicious hackers, and fraudsters and other bad actors so that they can safely conduct their businesses online. The SecureSphere WAF helps protect businesses from threats like SQL injection, bots, known malicious sources and requests from prohibited or maybe undesirable countries.

And it provides protection for custom web applications that would otherwise go unprotected by technologies that guard only against known exploits, and prevent vulnerabilities in off-the-shelf web application software. So overall SecureSphere offers the most accurate and complete web application security available. And Imperva is continually researching emerging web threats to ensure that we can fully protect applications today and in the future, which is why SecureSphere is the most trusted WAF in the world. So now that we've gone through an introduction of our SecureSphere WAF for AWS, I'd like to invite you to try our test drive on Amazon Web Services. And you can take it for free trial run. And you'll be able to see here the use cases that we showcase are protection against SQL injection and also zero day threats, all while using native AWS functionality.

So you can access this from the Amazon Marketplace or directly from the Imperva website. So if you would like to take it for a free trial, we would invite you to try it out.

Thank you very much, Carrie. It has been a great presentation, I think. Very good overview about the whole issue. I really enjoyed the part where you explained why this kind of technology are really important nowadays. And I enjoyed the second part too, about the specific power of your product. And I think our users liked it too. There are a couple dozens of questions so far. I will just pick the best ones because we are running out of time. And Carrie, Pravin, you can choose whoever, which one of you wants to answer to those questions. The first one will be answered by me, by the way, because it's a question from a user who is concerned about joining the webinar lately, just lately. No worries. We are recording this webinar. It will be available on Cloud Academy and on our YouTube channel as of tomorrow probably. So everyone will be able to watch the whole webinar in case they joined lately. So the first question that I would like to pick and ask to our guests is from Anders, or Andres maybe I should say. And it is how customizable SecureSphere is? For example, can I have whitelist IPs or play with VPNs and the like? - Could you repeat that question again? I'm sorry I didn't get the last part.

Oh sure, it is, how customizable SecureSphere is? For example can I have whitelist IPs or play with VPN and the like? - Yes from a web application firewall perspective and for SecureSphere.

The policies that we created in SecureSphere are pretty flexible, very flexible in fact. So you can actually whitelist specific capabilities in SecureSphere. For example whitelist IP addresses to allow specific IP addresses to go unhindered. While others will go through the policy mechanism to actually figure out if there is traffic that is malicious. So yes we do have configuration that can help you whitelist specific IP addresses.

Nice feature, great to know. And another question from Quis, another interesting one I think. Is it possible to do security auditing with SecureSphere? - Security auditing could mean a lot, so if there is one additional element of context that we can put into what security auditing means, that would really be helpful.

Yeah, indeed I hope this user is still there and if you're still there you can explain the question and we can go through it again, a little long.

Let me take a hit at it. - Sure. - Let me see what we can, like so from a web application firewall perspective, we are essential for PCI. So a lot of customers actually put us in front of the web applications that actually store PCI data, helps them to be PCI compliant. There is a specific requirement within the PCI DSS that actually requires that application firewall to be in front of web application that store PCI or credit card kind of information. That may not actually answer the exact question, but we are very, the solution is built for protecting your data which actually stored within your web applications. Secondly, from a security audit perspective, there are multiple ways we can help with security audits. We work along with third-party web vulnerability scanners. So we work with the likes of HP and Centrix, Rapid7. These products actually scan your websites to identify specific vulnerabilities in your website. Vulnerabilities like SQL injection, cross site scripting and brute force attacks, and kind of scan your website and they kind of say, hey this is a list of vulnerabilities that I found within your website. What SecureSphere actually does is it allows you to actually import that vulnerability list from the vendor and automatically watchly patches those vulnerabilities. So we understand the vulnerabilities, where the vulnerabilities happen, which parameter within the web application have the vulnerability and we can actually go and write a watcher patch that automatically protects you against that vulnerability.

So that also enables from a STLC process perspective. An STLC process means, it's a security lifecycle, development lifecycle, so you're actually keeping security in mind when you actually do your code or application. So we actually feed into that ecosystem by actually enabling the whole process of actually providing upfront mitigation for some of those vulnerabilities by just importing scanned results from these web vulnerability scanners.

I see. It was a thorough answer. If Quis could give some more explanation about this question we can just ask more in the question box. As you were speaking I saw another very interesting question. I really like this one very much. Because it's very actual I think. It's from Anthony and he says we have some legacy systems with all the parenting systems with no more security support. Does SecureSphere help us preventing stuff like Shellshock or Heartbleed? - Absolutely. So one of the big issues is why our customers actually use SecureSphere is for legacy applications.

Legacy applications for which they don't have code, they don't have any support for vulnerability fixes, and we do provide that, right. So you put SecureSphere in front of those applications and we provide your data attack protection. So shellshock, for example, we can actually write immediate signatures within SecureSphere, out-of-the-box, to actually protect applications behind SecureSphere are protected applications from Shellshock or Heartbleed kind of vulnerabilities. So that's a very simple use case.

I see. - We talked about watcher patching as well. So watcher patching also fits into the whole protection for legacy applications because you can actually put that web application firewall in front of scan, scan the specific web application, import those scan results and automatically prove that you've actually found vulnerabilities and actually mitigated those vulnerabilities. So you can be rest assured that you can take these legacy applications and put them on the Internet with the web application firewall protecting it. Yes, so we do support that use case.

That's good to know. Very good question then, very actual, as I said. A fourth one from Paul. Does SecureSphere work at web level only or it can filter spam or phishing e-mails too? - So we are very focused on the web level. So we understand HTTP and HTTPS that's where our focus has been. Phishing, so from an e-mail protocol level, we do not understand e-mail, but we do have ways in which we can stop phishing attacks. One of the features that Carrie talked about was called threat radar reputation. As a part of threat radar reputation, we also have something called Phishing Feed. Phishing Feed allows a web application that is protected by SecureSphere to identify if there are second group of applications or malicious applications that are out in the wild, which are actually reaching back into the web application to take content out and actually mimic the web application. Officially that's what a phishing site does. Right it cannot, it tries to look and feel very similar to a banking sight, right. So it's going to reach out to the original site to actually pick up images. We can actually detect that. And we can actually say, hey, I see a malicious site is mimicking to be something like a banking site which I'm protecting, so I'm going to stop this specific malicious site from reaching back into this web application. As a result I can also give a forensic study. So I can actually send an email back to, or an alert back to the security administrator saying, hey there's a specific website which is actually reaching back into your banking application or any other application, which looks and feels like your website and is a phishing website.

I see. And another question from a namesake of yours, Pravin, and is asking, I see SecureSphere uses CloudWatch. Is it possible to export logs manually or automatically on S3? - Could you repeat this question once more? I'm sorry I didn't hear that.

Sure. It says I see SecureSphere uses AWS CloudWatch. is it possible to export logs manually or automatically on S3? - Automatically out of SecureSphere? - Automatically on S3? AWS S3, the storage system.

So yes we do use CloudWatch, and CloudWatch is a mechanism which is very native to AWS. Like Carrie mentioned it actually looks at, what it does is it looks for the system performance. It looks for how well the system health of not only SecureSphere but also the application. So if it kind of figures out that SecureSphere is not performing at its optimal level because the application traffic has actually increased, what CloudWatch will do is it will indicate back into the system to actually start off another instance of SecureSphere to go and handle that extra load. Now from a logging perspective, database has got its own logging mechanism. We actually, from an alerting perspective, we can, the way we do it is we have a management server. So we alert based on system statuses. So we say, we actually know exactly number of cases that are spun up. So we can actually find the status of the number of cases spun up.

But we also, what we also do is alert on security incidents that are local within AWS on a management console. So we have a management console that gets shipped along as an AMI on AWS and actually captures all the logs. Now you have the ability to actually set up external logging or external alerting from SecureSphere into like a SIM device. So if you have a SIM device or a log management device on an AWS platform, you actually push all those logs back into that SIM device. Anything that is supported from on-premise deployment perspective, we support on AWS as well.

Is it also possible to export the threat logs or something like that? - Whether we actually export out the threat logs? - Yeah.

Yes absolutely. So essentially we can actually capture, we capture a whole bunch of data. Like when we actually see active hacking on the web application, we capture essentially the whole HTTP request, right? So we look at the registry request and say, hey, this specific cookie or this specific value or parameter within the HTTP request has the attack parameter. So we actually capture that and we store it within our logs. You have the option to actually take that exact HTTP log and pass it off to an external device to actually do your forensics outside of SecureSphere if you want to do it. A lot of my customers actually use security alerts from SecureSphere alongside security alerts from other devices. It could be antivirus machines, it could be from IPS, IPS devices, or from firewalls. Just to correlate information so they can identify a kind of attack or attack prints within a log management system. So we enable that whole ecosystem.

I see. Just one more question out of the few that we still have, but we are definitely running out of of time. This question is from Merrick. Do you support other platforms like GCP, Azure, or Office Hack? - So when we looked at this space, and we looked at the cloud, the first cloud opportunity that we looked at was AWS, right. And when you actually look at Gartner's recommendation cloud, AWS is one of the biggest platforms, right. Five of the next infrastructure service platforms altogether do not make up what AWS is. A lot of people are adopting AWS and we want to make sure that we have our platform ready for AWS from SecureSphere perspective, right. Eventually we are going to get into new platforms like Azure and so on. So we have not started seeing a lot of action in those new platforms, but we are going to invest our time to building support for those platforms. But apart from this we do have other technology as well within our portfolio of products to actually go and support Azure and the other platforms from the cloud. So we do have cloud services that can enable you to protect your applications which are on different platforms.

I see, I see. Very good to know, Merrick would be happy to hear that. Okay, Pravin, Carrie, thank you very much for your time. It has been a pleasure to be with you. It has been a great presentation and a great webinar.

Thank you very much again for being here with us. And thank you, just thank you. - Thank you for having us.

Thank you also. - It has been a pleasure. Bye-bye. Bye everybody.