Overview

Imperva’s team of Support Engineers delivers technical assistance to you for all Imperva products, leveraging their SecureSphere expertise and deep knowledge of security and compliance. The team is positioned across the globe to provide 24x7x365 coverage, and can be contacted by phone, email, or online via our Self Service Support Portal.

Technical Support Services

Imperva offers three levels of technical support – Standard, Enhanced, and Premium – that affords you the flexibility to select the plan that best meets your needs. All three programs include a formal escalation procedure that ensures effective resolution to all your issues and questions.

Standard Enhanced Enhanced + DSE Premium Premium + DSE
Service Hours 8am to 6pm local time on work days 24x7x365 24x7x365 24x7x365 24x7x365
Portal Access (Knowledge base, Incident tracking) Yes Yes Yes Yes Yes
E-mail Support Yes Yes Yes Yes Yes
Phone Support Yes Yes Yes Yes Yes
Hardware Replacement Standard Standard Standard Advance Advance
# of Designated Callers and Web Access Users 4 Unlimited Unlimited Unlimited Unlimited
Onsite Visits Twice a year (T&E*) Twice a year (T&E*)
Designated Single Point of Contact Yes Yes
Monthly Reporting Yes Yes
Quarterly Business Review Yes Yes

* The travel and expenses (T&E) for the trip(s) are not included in the Support fee and will be separately billed to the DSE customer.

Designated Support Engineer

An Imperva Designated Support Engineer (DSE) is one of Imperva’s most sophisticated Support staff who partners one-on-one with your organization to reduce system downtime and maximize your data center security investment. Imperva DSEs work with your IT staff to troubleshoot, manage, and resolve all technical issues quickly. Serving as your designated point of contact to Imperva, a DSE will increase your team’s productivity and knowledge of Imperva products. Learn more about the DSE program.

  • Support Lifecycle Policy
  • Software Schedule
  • Hardware Schedule
  • Advisories
  • Imperva Product End-of-Life Information

    Imperva takes great care in helping customers deploy Imperva products as effectively and efficiently as possible. To assist our customers, Imperva has established an End-of-Life Policy for all Imperva Appliances and Software products. Only customers with Imperva products that are currently covered by a valid Support contract are entitled to the benefits set forth by the End-of-Life Policy.

    Disclaimer: Imperva may continue offering Support services beyond the standard EOL period and reserves the right to charge additional fees for continuing Support services on any EOL products. Imperva reserves the right to reduce or amend Support services offerings available for renewal under this policy at any time in its sole discretion, with or without notice. The terms and conditions of the Imperva Reseller Agreement, End User License Agreement, Master License and Services Agreement, as applicable, shall apply to this EOL Policy and, in the event of any conflicting terms the applicable written agreement will govern.

    SecureSphere Software (prior to Version 12.0)

    Imperva is committed to providing Support for SecureSphere Software products (prior to version 12.0) for a minimum of two major Versions. After two subsequent major Versions have been released, Imperva will issue an EOL notification for the EOL Software Version. The EOL Software Version will reach End of Support (EOS) twelve months after the date of EOL notification.

    Software EOL Timeline (SecureSphere releases prior to version 12)
    Milestone Description
    General availability date Date the Software Version is released.
    First subsequent major Version general availability date Date first subsequent major Version is released.
    Second subsequent major Version general availability date Date second subsequent major Version is released.
    End-of-Life Date Date Imperva announces the EOL for a Software Version. Notification of EOL will typically occur at the same time or soon after the second subsequent major Version is released.
    End-of-Support Date The last date Support will be offered. The Software EOS date occurs twelve months after the EOL notification date.  Customer should upgrade to a supported Version by the applicable EOS date.

    SecureSphere Software (Version 12.0 and Beyond)

    For Imperva SecureSphere Software (Versions 12.0 and beyond), Imperva has updated its Software EOL policy to provide longer support timeframes. Effective with Version 12.0, Imperva will make Support available for four years from the generally-available (GA) release date of each SecureSphere release and, upon expiration of this four year period (EOL Date), will make Extended Support for each Version available for an additional, subsequent two year period (EOS Date). Support will no longer be available on the EOL Date, and Extended Support will no longer be available on the EOS Date. Imperva will provide EOL/EOS dates with each SecureSphere release, and will send reminder announcements of worldwide EOL/EOS of each Software Version eighteen months prior to EOL/EOS.

    Software EOL Timeline (SecureSphere version 12.0 and beyond)
    Milestone Description
    General availability date Date the Software Version is released.
    End-of-Life Date The last date Support will be offered. The Software EOL date occurs 48 months after the GA date. The EOL date will be announced upon Version release, and a notification of impending EOL will be sent 18 months prior to EOL.

    Customers that do not want to rely upon Extended Support should upgrade to a later SecureSphere Version prior to the applicable EOL date.
    End-of-Support Date The last date Extended Support will be offered.  The Software EOS date occurs 72 months after the GA date, and 24 months after the EOL date. The EOS date will be announced upon version release, and a notification of impending EOS will be sent 18 months prior to EOS.

    Customers should upgrade to a supported Version by the applicable EOS date.

    Extended Support

    Extended Support is described and compared to Support in the following table:

    Support Entitlement Support Extended Support
    Technical support on configuration and installation of Appliance via email and telephone Available Available
    Knowledgebase: Product-specific information that is available by logging into the Imperva Customer Portal Available Available
    Security updates: Access to Imperva Defense Center attack signature updates and Imperva ThreatCloud intelligence Available Custom fixes available for additional fee
    Non-security update: Software support, upgrades, hotfixes, and patches Available Custom fixes available for additional fee

    CounterBreach Software

    Imperva is committed to providing support for all Software products for a minimum of two major Versions. After two subsequent major Versions have been released, Imperva will issue an EOL notification for the EOL Software Version.  For CounterBreach Software, the EOS date will be the same as the EOL date. Each supported Version of the CounterBreach Behavior Analytics (“CBA”) Software will remain compatible with any then-supported Versions of the corresponding SecureSphere Database Activity Monitor, SecureSphere File Activity Monitor or Skyfence Cloud Gateway Software.

    Software EOL Timeline – CounterBreach Software
    Milestone Description
    General availability date Date the Software Version is released.
    First subsequent major Version general availability date Date first subsequent major Version is released.
    Second subsequent major Version general availability date Date second subsequent major Version is released.
    End-of-Life notification date Date Imperva announces the EOL for a Software Version. This notification will typically occur at the same time or soon after the second subsequent major Version is released.
    End-of-Support date For CounterBreach Software, the Software EOS date will be the same as the EOL date. Customer should upgrade to a supported Version by the applicable EOS date.

    Appliances

    End-of-Life Policy for Appliances

    Imperva hardware models reach the end of product life due to market requirements, technological innovations or replacement by products with new, more advanced technology. To ensure a smooth migration to new Imperva hardware platforms, Imperva will continue to support hardware 60 months after the last order date. The hardware EOL policy guidelines are:

    • Imperva will issue an End-of-Life Notification 90 days prior to the Last Order Date.
    • Imperva will continue to support hardware products for 60 months after the Last Order Date.
    • During that 60 month period, repair services or replacement parts will be available for all Appliances under valid maintenance contracts.
    • All standard technical support services, including access to the Imperva Self Service Support Portal, and to phone and email support, will be available with valid maintenance contracts.

    End of Support Policy for Third-Party Products

    Imperva products are designed for use with multiple databases, operating systems and other third-party products, up to their respective end-of-support dates as identified by the applicable third-party vendor.

    Following the end-of-support date for a compatible third-party product, all versions of Imperva SecureSphere software then generally available and supported by Imperva under its Mainstream support program will be designed to continue to operate with the unsupported third-party product. However, Imperva will not provide any error corrections, bug fixes, agent upgrades/updates or new feature development for its software in order to facilitate operation with a third-party product, once that third-party product has reached its end-of-support date (as provided by the third-party vendor).

    Please contact your vendor representative to confirm the end-of-support dates for that vendor’s respective third-party products.

    Definition of Terms

    "End-of-Life (EOL)" is a process that consists of a series of technical and business milestones and activities that, once completed, make a product obsolete. Once obsolete, the product is not sold, manufactured, improved, repaired, maintained, or supported.

    "End-of-Support (EOS)" is the last date support will be offered and represents the final milestone in a product's lifecycle. Support contracts expire upon reaching product EOS.

    "Appliance" means the physical Imperva hardware and its physical components on which the Software operates.

    "Last-Order-Day (LOD)" is the last date to order the product through Imperva or affiliates.

    "Maintenance" means the delivery of Upgrades and Updates.

    "Version" means a version of the applicable Software made generally commercially available to customers, as designated by the first two numbers separated by a decimal point. For example, for releases designated 4.3.2.1 and 4.3.4, the version in each case shall be Version 4.3.

  • Imperva Software End-of-Life Schedule

    Products Affected Software Version End of Support Date
    SecureSphere Web Application Firewall 5.x (see technical bulletin) January 31, 2011
    SecureSphere Database Security Gateway 5.x (see technical bulletin) January 31, 2011
    SecureSphere Database Monitoring Gateway 5.x (see technical bulletin) January 31, 2011
    SecureSphere MX Management Server 5.x (see technical bulletin) January 31, 2011
    SecureSphere Web Application Firewall 6.x (see technical bulletin) January 31, 2011
    SecureSphere Database Security Gateway 6.x (see technical bulletin) January 31, 2011
    SecureSphere Database Monitoring Gateway 6.x (see technical bulletin) January 31, 2011
    SecureSphere MX Management Server 6.x (see technical bulletin) January 31, 2011
    SecureSphere Web Application Firewall 7.x (see technical bulletin) January 31, 2013
    SecureSphere Database Security Gateway 7.x (see technical bulletin) January 31, 2013
    SecureSphere Database Monitoring Gateway 7.x (see technical bulletin) January 31, 2013
    SecureSphere MX Management Server 7.x (see technical bulletin) January 31, 2013
    SecureSphere Database Security, File Security and Web Application Security Products 8.x (see technical bulletin) May 31, 2014
    SecureSphere MX Management Server 8.x (see technical bulletin) May 31, 2014
    SecureSphere Database Security, File Security, Web Application Security Products and the MX Management Server 9.x (see technical bulletin) January 31, 2016
    SecureSphere for Crossbeam 9.0, 10.0 (see technical bulletin) see associated bulletin
    SecureSphere Web Application Firewall, Database Firewall, and File Security Products, SharePoint Protection and the MX Management Server v10.x (v10.0.x and v10.5.x) (see technical bulletin) March 5, 2018
  • Imperva Hardware End-of-Life Schedule

    Appliance Characteristics Last Order Date End of Support Date
    SecureSphere model is G4, G8, G16 or MX and purchase date is between 2005 and January 2008 and chassis model is 1300, 1400, 1450 or 4850 January 31, 2008 January 31, 2011
    SecureSphere model is G2, G4, G8, G16 or MX and purchase date is between January 2008 and July 2010 and chassis model is 3100, 3140, 1530 or 2500 July 31, 2010 July 31, 2015
    SecureSphere model is X1000, X2000, or M100 December 31, 2013 December 31, 2018
    SecureSphere model is X2500, X4500, X6500, or M150 April 15, 2015 April 15, 2020
    SecureSphere X1010, X2010, and M110 October 25, 2017 October 25, 2022
    SecureSphere model is X2510, X4510, X6510, X8510, X10K or M160 To be announced 5 years after Last Order Date
  • Security Advisories

    If Imperva SecureSphere is listed on a vulnerability alert, such as from CERT, the ADC publishes Security Responses to those alerts. Check this page to locate newly published Responses.


    Imperva Security Response to a Variation of HTTP Parameter Pollution Attack

    On Nov. 4th a possible bypass to the Imperva WAF was disclosed via email on public message board SECLISTS.ORG. Read this security advisory to learn how you can protect your organization and your Imperva WAF Implementation.


    Imperva Security Response to CVE-2015-7547

    Google has identified a security vulnerability, known as CVE-2015-7547 (glibc getaddrinfo stack-based buffer overflow) that has been classified as critical. This vulnerability puts DNS clients with certain versions of the glibc DNS client side resolver at risk, and could allow a remote attacker to perform a buffer overflow attack. Read this security advisory to learn how you can protect your organization and your Imperva SecureSphere implementation.


    Imperva Security Response to CVE 2015-1635

    Microsoft has issued a Security Bulletin, known as CVE-2015-1635, has been classified as critical. This HTTP.sys vulnerability puts users with certain versions of Windows and IIS at risk, and could allow a remote attacker to perform a buffer overflow attack. Read this security advisory to learn how you can protect your organization with Imperva SecureSphere and Imperva Incapsula.


    Imperva Security Response to OpenSSL & TLS/RC4 Vulnerabilities

    Two high-severity OpenSSL-related threats have recently been identified, CVE-2015-0291 which can theoretically create opportunities for DoS attacks against a server, and CVE-2015-0204 in which an attacker could theoretically force a user and server to downgrade to a set of export ciphers which are weak and outdated. Initial investigation shows that SecureSphere components are not vulnerable to these CVEs.


    Imperva Security Response for CVE-2014-3566 - aka "POODLE"

    Google researchers recently uncovered a security bug (CVE-2014-3566) that they say could allow hackers to steal data. The bug has been referred to in the press as "POODLE"", or "Padding Oracle On Downloaded Legacy Encryption". This vulnerability is a Man-In-The-Middle (MITM) attack which means a client-to-server session is being hijacked and then used in a malicious manner. This attack has been associated with SSLv3 connections, and could force TLS sessions to downgrade to SSLv3.


    Imperva Security Response for CVE-2014-6271 – aka "Shellshock"

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment


    Imperva Security Response for CVE-2014-0224

    OpenSSL does not properly restrict processing of ChangeCipherSpec messages before version 0.9.8za, and in version 1.0.0 before 1.0.0m, and in version 1.0.1 before 1.0.1h.


    Imperva Security Response for CVE-2014-0160 – aka "Heartbleed"

    OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat Extension packets


    Imperva Security Response for CVE-2011-4887

    Under some configurations an attacker can invoke a XSS attack against the SecureSphere WAF management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere.


    Imperva Security Response for CVE-2011-0767

    Under some configurations an attacker can invoke a XSS attack against the SecureSphere management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere.


    Imperva Security Response for CVE-2010-1329

    It is possible to evade some of the detection mechanisms of the SecureSphere Web Application Firewall and Database Firewall by sending a specially crafted, extremely large request.


    Imperva Security Response for VU#739224

    The U.S. Computer Emergency Response Team (US-CERT) has reported a Web attack evasion technique using full-width and half-width Unicode characters intended to evade inspection by IDS/IPS/WAF security products.