1025 matches found
Fortnite Scammers Approaching $1m in Annual Takings
When something seems too good to be true, it probably is. It’s a hard lesson to learn and, in this case, one that’s being taught by scammers. The perpetrators are abusing the fact that online players of Battle Royale games may be very eager to get free in-game currency and items, and are willing ...
Three Reasons Why GDPR Encourages Pseudonymization
The General Data Protection Regulation GDPR is the European Union’s new data regulation designed to provide individuals with rights and protections over their personal data that is collected or created by businesses or government entities. It unifies data protection regulation across all member...
Botnets, Breaches, and the End of Defense in Depth: Our 2017 Cybersecurity Predictions in Review
As 2016 closed out, Imperva once again peered into its crystal ball. As usual, there was much to foretell regarding the ever-changing cybersecurity realm in 2017. We’ll be doing the same soon as we look ahead into 2018. But before we do, we like to assess how accurate we were against the...
Database Activity Monitoring: A Do’s and Don’ts Checklist for DBAs
In a previous post, we looked at the limitations of native audit, the free tool often used by database administrators DBAs for logging database activity. While it has its appeal—it’s already part of the database server and does not require additional cost for third-party appliances or...
The Hidden Threat: How Sensitive Information Leakage Puts Your Business at Risk
You Don't Know What You Don't Know – And That's the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked all the boxes. Yet somewhere in your application stack, fu...
The Added Value of SNI-Only Mode in Imperva Cloud WAF
Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication SNI-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for the future roadmap. This blog post wil...
Imperva customers are protected against the recent GoAnywhere MFT vulnerability CVE-2024-0204
Recently, Fortra released a security advisory for CVE-2024-0204, a GoAnywhere MFT authentication bypass vulnerability. This bug allows an unauthenticated attacker to create an administrative user by exploiting an InitialAccountSetup.xhtml endpoint–accessible via path traversal–to initiate the...
How Cache Purge Helps Keep Your Website Content Fresh and Responsive
Content Delivery Networks CDNs accelerate web traffic across the internet through servers residing in strategic locations known as points of presence or PoPs across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...
How to Protect Against Data Lake Hacking
Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...
How to Secure All Your APIs Through Multiple Deployment Options
Imperva has invested in strengthening our API Security offering to meet the needs of customers since the acquisition of CloudVector in 2021. Since then, the product’s capabilities have expanded, positioning it as a leader in the growing API Security market. What makes Imperva API Security unique ...
Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release
It’s a new year and we have lots of fresh features for Imperva Online Fraud Prevention solution, which encompasses Advanced Bot Protection, Account Takeover Protection, and Client-Side Protection. We have been busy adding a host of new advanced fraud detection and prevention capabilities as well ...
How profiling employee working hours helps to detect security incidents
At the TimeMachine company there are two special old friends Bob and Alice. Bob, as a team manager, usually has a very busy schedule filled with meetings all day long. You can even find him working late into the night trying to catch up on email he received during the day. Alice on the other hand...
Do CAPTCHAs work and what’s the alternative?
We know youre busy, so the answer is “No”. Users want less friction, and a good bot detection and mitigation solution will do the job MUCH better. The first lesson on the first day of UI school is that users want the path of least resistance. While the gamification of cybersecurity does have a...
Lessons Learned from 100 Data Breaches: Part 3, Securing Public Cloud Services
In the first two parts of this series, we gained insight into what specific types of data get stolen and what the root causes of breaches are, based on data breach information that Imperva’s Security Labs’ gathered, studied, and analyzed over the last ten years. You can get the full report, Lesso...
Imperva Takes on its Largest Recorded Account Takeover Attack on a Single Company
Imperva recently detected and mitigated the largest - and most concentrated - series of brute force ATO account takeover attacks in its history. Over the course of 60 hours from midnight on October 28, our ATO team’s monitoring systems detected more than 44 million ATO attempts on the login page ...
How we productized our staging environment and survived to tell the tale
Managing the Imperva SaaS infrastructure is like herding cats. There are so many moving parts, new developments, testing, fixing bugs, patching, reducing our SLAs, fighting the bad guys and, most importantly, pushing our latest and greatest to production every week. And it all runs like clockwork...
Automating API Security in the Cloud
These days, the most common way for services to communicate and transfer data is by using APIs. However, broken, exposed, or hacked APIs are the cause of some of the latest major data breaches, as they have the potential to expose sensitive data for public consumption. Securing your APIs is...
Working for a Winning Company
My interest in Imperva was indirectly created two years ago through an introduction to the Thoma Bravo TB team. After meeting a number of the key players at TB, I made a mental note that given the opportunity, this was a group I would love to work for someday. Two years later that opportunity...
Making Compliance and Risk Part of DevOps – 2020 Trend #4
In our 2020 Trends blog, Imperva CTO Kunal Anand predicts that fully automated processes will make compliance more rapid and less expensive. As businesses incorporate security into software development lifecycles SDLC, continuous integration-continuous deployment CICD processes will reduce risk a...
Maintaining Privacy in the Cloud [Podcast Discussion]
Not long ago I joined Brian Contos, CISO and VP of Product Innovation at Verodin, for one of his Verodin Cybersecurity Effectiveness Podcasts. It’s been about 10 years since I worked with Brian at Imperva when he was the Chief Security Strategist. Back then, he was the one traveling the world,...
Threat Hunting Powered by Efficient and Straightforward Anomaly Detection on Your Data Lake
Effective monitoring and anomaly detection within a data environment are crucial, particularly in todays data-driven landscape. At Imperva Threat Research, our data lake serves as the backbone for a range of critical functions, including threat hunting, risk analysis, and trend detection. However...
Four Key Findings from the 2022 Cyberthreat Defense Report
For the ninth year, Imperva is proud to sponsor CyberEdge Group’s annual Cyberthreat Defense Report. In this report, CyberEdge Group delivers a detailed accounting of how IT security professionals perceive cyberthreats today and reveals actionable insights into how they plan to defend their...
How your application and data security strategy can help you complete a high level FFIEC CAT assessment
More than ever, financial institutions depend on web applications to maintain operations and partner with other enterprises to provide services to customers, but the significant rise in the number of cyber attacks targeted at this industry in the last few years has the potential to undermine...
Virtual Hackathon Generates Next Generation of Imperva Innovation
“How do we run a global hackathon amid a global pandemic?” That was my first thought when I began planning the 2020 Imperva Hackathon earlier this year. While the event is designed to foster innovation and uncover new ideas, in a global company like ours it’s also about making new friends and...
DDoS Protection for Networks: Divert Traffic Using More Specific Routing
In our previous blog post, we talked about AS autonomous system prepending, but sometimes a customer might have restrictions that would not allow them to use AS prepending. If the customer owned more than a less specific prefix, for example /23 prefix, they could advertise a more specific route...
Developers Versus Automation Engineers: How We Ended the Fighting with the Right CI Process
Hey developers and DevOps professionals: what if I told you that how you wrap and execute your automation tests could be the key to making your development process faster, more professional and stable, and stop the bickering between your developers and automation teams? This post will describe ho...
Q4 2017 Global DDoS Threat Landscape Report
Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,055 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q4 2017. In Q4, the number of application layer attacks nearly doubled, just as the number of network...
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London congratulations, Real Madrid! marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors a...
Navigating the Sea, Exploiting DigitalOcean APIs
Cloud service providers are now fundamental elements of internet infrastructure, granting organizations and individuals the ability to scale and efficiently store, manage, and process data. DigitalOcean is one such provider, well-regarded for its simplicity and developer-friendly platform, and...
Imperva and Kong Partner to Bring API Security to the Gateway for Enhanced API Management
Imperva is delighted to announce a new partnership with Kong Inc, provider of the leading cloud-native API platform, to offer best-in-class API Security to users of the Kong platform. Through the new partnership, Kong Enterprise customers can protect their business applications and data by...
5 high-profile DDoS attacks that should chill you to the bone
Distributed denial of service DDoS attacks are malicious attempts to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. Data revealed in the 2021 DDoS Threat Landscape Report strongly suggests attacks are constantly...
Prepare for more sophisticated security threats in 2021
As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...
Software Supply Chain Attacks: From Formjacking to Third Party Code Changes
2020 wasn’t the first year in which software supply chain attacks caused major damage, but it certainly brought them to the general public. Much has been said about the headline-grabbing nation state examples, but there is a wide spectrum of these attacks and some are commoditized. Protecting...
DDoS Protection for Networks: Utilizing AS Prepending to Route Traffic Through Imperva
In order for Imperva to protect customers’ traffic using DDoS Protection for Networks, the Internet must select Imperva as the best path. So what does this mean? Does Imperva automatically take over the customer’s prefix and control the routing of the Internet? Well…not exactly. Internet Routing...
Our Analysis of 1,019 Phishing Kits
In recent years phishing activity has grown rapidly, with thousands of phishing sites popping for a virtual moment that last weeks, days or even hours, before becoming ineffective—either getting blacklisted by security providers, or brought down by internet providers and authorities, or in most...
7 Steps to Protect Your Data From Insider Threats
Like it or not, your greatest risk is already on the payroll. When internal users with trusted access to data are careless, become compromised or have malicious intent, enterprise data is exposed. Just ask the CIA. Detecting insider threats, however, is challenging for organizations due to the...
Beyond Schema Enforcement: Imperva’s Approach to Delivering Holistic API Security
API security is gaining attention, yet many organizations struggle to move from identifying risks to mitigating them effectively. In their eagerness to strengthen their security posture, some rush to implement schema protection. However, the dynamic and often incomplete nature of API schemas soon...
API Security and The Silent Menace of Unknown APIs
The digital application landscape is evolving rapidly, with APIs as the backbone of modern software development. However, amidst all this innovation lies a silent menace: the prevalence of unknown APIs. These APIs, often lurking beyond sanctioned channels, pose significant security risks to...
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS
TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both the apps blocklist and macOS Gatekeeper, potentially allowing the...
Business Logic Attacks: Why Should You Care?
Imagine this: Youve just launched an amazing new application with top-of-the-line API security, reinforced it with client-side protection, and even set up defenses against bot attacks. Youre feeling safe and secure, congratulating yourself on a job well done. But, despite all your efforts, your...
Preventing Bot Attacks and Online Fraud on APIs
The rapid proliferation of Application Programming Interfaces APIs is spearheading digital transformation, leading to explosive growth in adoption of APIs in recent years. In fact, it’s hard to think of any software that doesn’t use or is in itself, an API. By supporting swift development and...
Deanonymizing OpenSea NFT Owners via Cross-Site Search Vulnerability
TLDR Recently, a cross-site search vulnerability was discovered affecting the popular NFT marketplace OpenSea. When successfully exploited, this issue allows for the deanonymization of OpenSea users by linking an IP address, a browser session, or an email in certain conditions to a specific...
Imperva Boosts Connectivity with New PoP in Manila
We are delighted to announce the addition of a new Imperva Point of Presence PoP in the Asia Pacific region with the opening of our new data center in Manila, Philippines. The new location brings our total number of PoPs in Asia to 15, significantly boosting our presence in the region and providi...
Five Takeaways from FlexBooker’s Data Breach
A few weeks ago, an appointment scheduling solution, FlexBooker notified its customers that it had been breached. Imperva has no specific insider knowledge into how the breach unfolded, but we can learn a lot from FlexBooker’s data breach notification as well as additional related sources. In thi...
The pitfalls of relying only on your ISP for DDoS protection
Relying on your Internet Service Provider ISP for DDoS protection is like going to a restaurant known for the freshest, tastiest seafood and ordering beef. Sure, they have it on the menu and they are happy to sell it to you, but the experience is not likely to compare well to what you’d have in a...
Ransom DDoS: What you need to know now
According to the 2021 DDoS Threat Landscape Report, Ransom DDoS RDoS threats are on the rise. Imperva researchers have been monitoring threats against several of our customers where extortionists have demanded payment in BitCoin to prevent DDoS attacks. The attack patterns this year are very...
Fast, Furious, and Scalable: Designing a High-throughput, Real-time Network Traffic Analyzer
These days, our focus is on spoiling our customers. For example, we give our DDoS Protection customers the peace of mind that their network traffic is routing through Impervas cloud for consistent volumetric attack protection. That protection works pretty well, but customers have started asking u...
Dynamic Swagger Support Comes to Imperva
It’s no secret that the shift to DevOps deployments has taken center stage at organizations small and large. The ability to quickly configure, manage and update via APIs is critical to a company’s ability to push out small iterative changes, without human intervention. And Swagger has become the...
A Web-Driven World Needs Better Web Security
Web interfaces are everywhere. From social media sites to online shopping portals to your CRM, the humble web interface is now used to access much of the online world. So, it isn’t difficult to see why web applications are a prime target for cybercriminals. Because they’re used by customers and...
Imperva to Acquire DevOps Security Leader Prevoty
Today, we announced that we entered into an agreement to acquire Prevoty, an innovator and leader in building application security that can block attacks and monitor interactions inside application stacks using DevOps and agile development. I’m incredibly excited that the Prevoty team will join...