1025 matches found
How Cache Purge Helps Keep Your Website Content Fresh and Responsive
Content Delivery Networks CDNs accelerate web traffic across the internet through servers residing in strategic locations known as points of presence or PoPs across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...
How to Protect Against Data Lake Hacking
Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...
How to Secure All Your APIs Through Multiple Deployment Options
Imperva has invested in strengthening our API Security offering to meet the needs of customers since the acquisition of CloudVector in 2021. Since then, the product’s capabilities have expanded, positioning it as a leader in the growing API Security market. What makes Imperva API Security unique ...
Imperva recognized as a Strong Performer in Forrester Wave: Data Security Platforms, Q1 2023
The Forrester Wave evaluated the largest end-to-end providers of data security capabilities across a wide range of functionality to enable controls to enforce data security policies for both structured and unstructured data. In this report, Forrester provides an assessment of the top vendors in t...
How profiling employee working hours helps to detect security incidents
At the TimeMachine company there are two special old friends Bob and Alice. Bob, as a team manager, usually has a very busy schedule filled with meetings all day long. You can even find him working late into the night trying to catch up on email he received during the day. Alice on the other hand...
Do CAPTCHAs work and what’s the alternative?
We know youre busy, so the answer is “No”. Users want less friction, and a good bot detection and mitigation solution will do the job MUCH better. The first lesson on the first day of UI school is that users want the path of least resistance. While the gamification of cybersecurity does have a...
Lessons Learned from 100 Data Breaches: Part 3, Securing Public Cloud Services
In the first two parts of this series, we gained insight into what specific types of data get stolen and what the root causes of breaches are, based on data breach information that Imperva’s Security Labs’ gathered, studied, and analyzed over the last ten years. You can get the full report, Lesso...
Why now is the time to make database security a priority
Today, fast-growing organizations are generating data at a breakneck pace, and building up diverse database environments in order to store and share data more effectively. While these activities are the sign of a thriving business, governing and securing all this data rarely meets the pace of new...
Imperva Takes on its Largest Recorded Account Takeover Attack on a Single Company
Imperva recently detected and mitigated the largest - and most concentrated - series of brute force ATO account takeover attacks in its history. Over the course of 60 hours from midnight on October 28, our ATO team’s monitoring systems detected more than 44 million ATO attempts on the login page ...
How we productized our staging environment and survived to tell the tale
Managing the Imperva SaaS infrastructure is like herding cats. There are so many moving parts, new developments, testing, fixing bugs, patching, reducing our SLAs, fighting the bad guys and, most importantly, pushing our latest and greatest to production every week. And it all runs like clockwork...
Working for a Winning Company
My interest in Imperva was indirectly created two years ago through an introduction to the Thoma Bravo TB team. After meeting a number of the key players at TB, I made a mental note that given the opportunity, this was a group I would love to work for someday. Two years later that opportunity...
Making Compliance and Risk Part of DevOps – 2020 Trend #4
In our 2020 Trends blog, Imperva CTO Kunal Anand predicts that fully automated processes will make compliance more rapid and less expensive. As businesses incorporate security into software development lifecycles SDLC, continuous integration-continuous deployment CICD processes will reduce risk a...
Maintaining Privacy in the Cloud [Podcast Discussion]
Not long ago I joined Brian Contos, CISO and VP of Product Innovation at Verodin, for one of his Verodin Cybersecurity Effectiveness Podcasts. It’s been about 10 years since I worked with Brian at Imperva when he was the Chief Security Strategist. Back then, he was the one traveling the world,...
Three Reasons Why GDPR Encourages Pseudonymization
The General Data Protection Regulation GDPR is the European Union’s new data regulation designed to provide individuals with rights and protections over their personal data that is collected or created by businesses or government entities. It unifies data protection regulation across all member...
Database Activity Monitoring: A Do’s and Don’ts Checklist for DBAs
In a previous post, we looked at the limitations of native audit, the free tool often used by database administrators DBAs for logging database activity. While it has its appeal—it’s already part of the database server and does not require additional cost for third-party appliances or...
Threat Hunting Powered by Efficient and Straightforward Anomaly Detection on Your Data Lake
Effective monitoring and anomaly detection within a data environment are crucial, particularly in todays data-driven landscape. At Imperva Threat Research, our data lake serves as the backbone for a range of critical functions, including threat hunting, risk analysis, and trend detection. However...
Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release
It’s a new year and we have lots of fresh features for Imperva Online Fraud Prevention solution, which encompasses Advanced Bot Protection, Account Takeover Protection, and Client-Side Protection. We have been busy adding a host of new advanced fraud detection and prevention capabilities as well ...
Four Key Findings from the 2022 Cyberthreat Defense Report
For the ninth year, Imperva is proud to sponsor CyberEdge Group’s annual Cyberthreat Defense Report. In this report, CyberEdge Group delivers a detailed accounting of how IT security professionals perceive cyberthreats today and reveals actionable insights into how they plan to defend their...
Financial Services: Web Application Attacks Grow by 38% In First Half of 2021
During his career in the middle of the last century, professional bank robber Willie Sutton made off with an estimated $2 million in stolen money. Urban legend has it that when a journalist asked Sutton why he robbed banks, he replied, “That’s where the money is.” In later interviews, Sutton...
How your application and data security strategy can help you complete a high level FFIEC CAT assessment
More than ever, financial institutions depend on web applications to maintain operations and partner with other enterprises to provide services to customers, but the significant rise in the number of cyber attacks targeted at this industry in the last few years has the potential to undermine...
Opportunities and Threats – IoT and the Rise of 5G
The Internet of Things IoT is expanding rapidly. The number of connected devices in homes, businesses, and vehicles across the world is expected to increase from around 8 billion today to over 24 billion within the next decade, with much of this growth enabled by the introduction of 5G. This...
Virtual Hackathon Generates Next Generation of Imperva Innovation
“How do we run a global hackathon amid a global pandemic?” That was my first thought when I began planning the 2020 Imperva Hackathon earlier this year. While the event is designed to foster innovation and uncover new ideas, in a global company like ours it’s also about making new friends and...
DDoS Protection for Networks: Divert Traffic Using More Specific Routing
In our previous blog post, we talked about AS autonomous system prepending, but sometimes a customer might have restrictions that would not allow them to use AS prepending. If the customer owned more than a less specific prefix, for example /23 prefix, they could advertise a more specific route...
Automating API Security in the Cloud
These days, the most common way for services to communicate and transfer data is by using APIs. However, broken, exposed, or hacked APIs are the cause of some of the latest major data breaches, as they have the potential to expose sensitive data for public consumption. Securing your APIs is...
Q4 2017 Global DDoS Threat Landscape Report
Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,055 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q4 2017. In Q4, the number of application layer attacks nearly doubled, just as the number of network...
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London congratulations, Real Madrid! marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors a...
Navigating the Sea, Exploiting DigitalOcean APIs
Cloud service providers are now fundamental elements of internet infrastructure, granting organizations and individuals the ability to scale and efficiently store, manage, and process data. DigitalOcean is one such provider, well-regarded for its simplicity and developer-friendly platform, and...
Imperva and Kong Partner to Bring API Security to the Gateway for Enhanced API Management
Imperva is delighted to announce a new partnership with Kong Inc, provider of the leading cloud-native API platform, to offer best-in-class API Security to users of the Kong platform. Through the new partnership, Kong Enterprise customers can protect their business applications and data by...
5 high-profile DDoS attacks that should chill you to the bone
Distributed denial of service DDoS attacks are malicious attempts to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. Data revealed in the 2021 DDoS Threat Landscape Report strongly suggests attacks are constantly...
Prepare for more sophisticated security threats in 2021
As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...
Software Supply Chain Attacks: From Formjacking to Third Party Code Changes
2020 wasn’t the first year in which software supply chain attacks caused major damage, but it certainly brought them to the general public. Much has been said about the headline-grabbing nation state examples, but there is a wide spectrum of these attacks and some are commoditized. Protecting...
DDoS Protection for Networks: Utilizing AS Prepending to Route Traffic Through Imperva
In order for Imperva to protect customers’ traffic using DDoS Protection for Networks, the Internet must select Imperva as the best path. So what does this mean? Does Imperva automatically take over the customer’s prefix and control the routing of the Internet? Well…not exactly. Internet Routing...
Developers Versus Automation Engineers: How We Ended the Fighting with the Right CI Process
Hey developers and DevOps professionals: what if I told you that how you wrap and execute your automation tests could be the key to making your development process faster, more professional and stable, and stop the bickering between your developers and automation teams? This post will describe ho...
Our Analysis of 1,019 Phishing Kits
In recent years phishing activity has grown rapidly, with thousands of phishing sites popping for a virtual moment that last weeks, days or even hours, before becoming ineffective—either getting blacklisted by security providers, or brought down by internet providers and authorities, or in most...
7 Steps to Protect Your Data From Insider Threats
Like it or not, your greatest risk is already on the payroll. When internal users with trusted access to data are careless, become compromised or have malicious intent, enterprise data is exposed. Just ask the CIA. Detecting insider threats, however, is challenging for organizations due to the...
Beyond Schema Enforcement: Imperva’s Approach to Delivering Holistic API Security
API security is gaining attention, yet many organizations struggle to move from identifying risks to mitigating them effectively. In their eagerness to strengthen their security posture, some rush to implement schema protection. However, the dynamic and often incomplete nature of API schemas soon...
API Security and The Silent Menace of Unknown APIs
The digital application landscape is evolving rapidly, with APIs as the backbone of modern software development. However, amidst all this innovation lies a silent menace: the prevalence of unknown APIs. These APIs, often lurking beyond sanctioned channels, pose significant security risks to...
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS
TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both the apps blocklist and macOS Gatekeeper, potentially allowing the...
Preventing Bot Attacks and Online Fraud on APIs
The rapid proliferation of Application Programming Interfaces APIs is spearheading digital transformation, leading to explosive growth in adoption of APIs in recent years. In fact, it’s hard to think of any software that doesn’t use or is in itself, an API. By supporting swift development and...
Dynamic Swagger Support Comes to Imperva
It’s no secret that the shift to DevOps deployments has taken center stage at organizations small and large. The ability to quickly configure, manage and update via APIs is critical to a company’s ability to push out small iterative changes, without human intervention. And Swagger has become the...
A Web-Driven World Needs Better Web Security
Web interfaces are everywhere. From social media sites to online shopping portals to your CRM, the humble web interface is now used to access much of the online world. So, it isn’t difficult to see why web applications are a prime target for cybercriminals. Because they’re used by customers and...
Imperva to Acquire DevOps Security Leader Prevoty
Today, we announced that we entered into an agreement to acquire Prevoty, an innovator and leader in building application security that can block attacks and monitor interactions inside application stacks using DevOps and agile development. I’m incredibly excited that the Prevoty team will join...
Managing Security in a DevOps Environment
DevOps is a software development practice in which development and operations engineers collaborate during the entire product lifecycle. With the adoption of DevOps at mainstream levels, we now see security starting to take a bigger role in DevOps’ day-to-day responsibilities. From a security...
GraphQL Vulnerabilities and Common Attacks: What You Need to Know
GraphQL is a powerful query language for APIs that has gained popularity in recent years for its flexibility and ability to provide a great developer experience. However, with the rise of GraphQL usage comes the potential for security vulnerabilities and attacks. In this blog post, we will descri...
The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short
As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks BLAs. Unlike known attacks, which can be identified by signatures or patterns, such ...
Business Logic Attacks: Why Should You Care?
Imagine this: Youve just launched an amazing new application with top-of-the-line API security, reinforced it with client-side protection, and even set up defenses against bot attacks. Youre feeling safe and secure, congratulating yourself on a job well done. But, despite all your efforts, your...
Deanonymizing OpenSea NFT Owners via Cross-Site Search Vulnerability
TLDR Recently, a cross-site search vulnerability was discovered affecting the popular NFT marketplace OpenSea. When successfully exploited, this issue allows for the deanonymization of OpenSea users by linking an IP address, a browser session, or an email in certain conditions to a specific...
Imperva Boosts Connectivity with New PoP in Manila
We are delighted to announce the addition of a new Imperva Point of Presence PoP in the Asia Pacific region with the opening of our new data center in Manila, Philippines. The new location brings our total number of PoPs in Asia to 15, significantly boosting our presence in the region and providi...
A security architect’s POV on a mature data-centric security program, Part 3
In part one of this series, you learned about the challenges associated with accessing, and searching long-term retained database activity logs and identifying sensitive customer data to comply with stricter compliance regulations. In part two, you gained insight into how security professionals c...
The pitfalls of relying only on your ISP for DDoS protection
Relying on your Internet Service Provider ISP for DDoS protection is like going to a restaurant known for the freshest, tastiest seafood and ordering beef. Sure, they have it on the menu and they are happy to sell it to you, but the experience is not likely to compare well to what you’d have in a...