1025 matches found
Imperva Boosts Connectivity with New PoP in Manila
We are delighted to announce the addition of a new Imperva Point of Presence PoP in the Asia Pacific region with the opening of our new data center in Manila, Philippines. The new location brings our total number of PoPs in Asia to 15, significantly boosting our presence in the region and providi...
Imperva Adds Active Attack Detection to its Data Security Platform
Protecting the data perimeter Organizations are in constant pursuit of technology that provides rapid insight into threats. Early visibility, in combination with context-rich alerting and efficient incident response workflows, streamline threat containment and remediation efforts. Identifying...
A security architect’s POV on a mature data-centric security program, Part 3
In part one of this series, you learned about the challenges associated with accessing, and searching long-term retained database activity logs and identifying sensitive customer data to comply with stricter compliance regulations. In part two, you gained insight into how security professionals c...
From basic text to streaming 4K movies: A brief history of the World Wide Web
When Sir Tim Berners-Lee wrote his proposal for the World Wide Web WWW in 1989, he probably didn’t predict just how much his ideas would change the way we communicate. With about 1.83 billion websites to date, the World Wide Web has been the cornerstone of the information age. Famously Berners-Le...
Infographic: How Do You Stop Bad Bots?
According to Imperva’s Bad Bot Report 2021, bad bot traffic has maintained its upwards trend, amounting to 25.6 percent of all traffic in 2020, an all-time high. Combined with good bot traffic, 40.8 percent of internet traffic in 2020 wasn’t human, as human traffic decreased by 5.7 percent to 59....
API Security Checks in the Post-Pandemic World
The digital transformation journeys of many enterprises have been accelerated by the COVID-19 pandemic. For 2020, IT resources shifted to support WFH policies with mobile and remote productivity solutions, while simultaneously managing multiple datacenter migration projects to the cloud for scale...
Putting Your Data Security at the Center of our Mission
We’re more than just an industry-leading Web Application Firewall! For a long time now, Imperva has been known in the cyber security industry as ‘the WAF company’. The go-to brand for Application Security and Web Application Firewalls. But this is only possible due to our data protection DNA. Thi...
Imperva Prevents Client-Side Attacks like Formjacking and Magecart
The Blindspot of Web Security is Client-side Code One of the troubling blindspots for security teams is third party JavaScript services embedded on a website. The popularity of JavaScript services used by developers and marketing teams means this blindspot is hiding an expanding attack service. I...
2019 Hackathon Challenges Imperva to Solve Problems Together
The smell of pizza –150 boxes to be exact – filled our global offices last week as more than 220 Impervians technical and non-technical rolled up their sleeves to participate in Imperva’s annual company-wide hackathon. As chair of the event this year, I was determined to host a hackathon that...
DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers
In this post we’ll unpack a short -- but no less serious -- attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect...
Five Ways Imperva Attack Analytics Helps You Cut Through the Event Noise
The maddening volume of events security teams have to deal with each day is growing at an exponential pace, making it increasingly difficult to effectively analyze and process credible threats. As more organizations move to cloud-based solutions, applications now reside at multiple locations – on...
Cloud Database Migration Peer Insights [Study]
Not long ago, for security, compliance or other reasons, it was unthinkable for many regulated organizations to move sensitive data into the cloud. It’s striking how things have changed. Maybe it was inevitable that services like email were cloud migration candidates. People trust Microsoft, and...
How to Deploy SecureSphere WAF on Azure
If you host apps in the cloud, then you need security in the cloud. The Imperva SecureSphere Web Application Firewall WAF identifies and acts upon dangers maliciously woven into innocent-looking website traffic, both on-premises and in the cloud, such as: Blocking technical attacks such as SQL...
Thwart Insider Threats with Machine Learning [Infographic]
Potentially the most lethal kind of threat to an organization’s security, insider threats can pose risks as significant as—if not more than—external attacks. Because insiders are granted trusted access to sensitive data, these threats often fly under the security radar. By examining how users...
Enhancing Security with AI: Revolutionizing Protection in the Digital Era
In the ever-evolving landscape of cybersecurity, the integration of Artificial Intelligence AI and Machine Learning ML has emerged as a transformative force. AI, with its ability to mimic human cognition and problem-solving capabilities, combined with MLs capacity to iteratively learn from data, ...
From ChatBot To SpyBot: ChatGPT Post Exploitation
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, "XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT," where we...
Imperva Successfully Mitigates Record-Breaking DDoS Attack in Retail Industry
In the dynamic world of cybersecurity, November 13, 2023, marked a significant milestone for Imperva as we successfully mitigated the largest application-layer DDoS attack we’ve ever recorded in the retail industry. The target was a prominent Indonesian eCommerce platform, known for its diverse...
New Secaucus Point of Presence Increases Resilience for Financial Services
We are thrilled to announce the opening of a new cutting-edge Point of Presence PoP in Secaucus, New Jersey, which adds resilience to our network infrastructure located in the Northeastern United States region. This PoP represents the first build using next generation technology designed to...
Abusing JSON-Based SQL
Overview Modern databases, such as PostgreSQL, natively support JSON as data values that can be queried. This capability uses JSON-specific operators, including an operator to test for key presence. Imperva Threat Research has investigated these database native JSON operators and discovered...
The Four-Step Approach to Modernizing Your DAM Strategy
Effective data security is critical to an organizations success and requires a strategy that aligns with the company’s objectives and those of its stakeholders. As the data landscape changes, most Database Activity Monitoring DAM solutions struggle to meet new data security requirements. The resu...
Gone Ape? How to Protect NFTs from Theft
What are NFTs? Non-fungible tokens NFTs are unique and irreplaceable digital assets that, by their nature, have an intrinsic value. These could be digital art, photography, GIFs, avatars, memes, 3D objects, domain names, trading cards, virtual land, music, or other digitally tradable tokens. Each...
Five Takeaways from FlexBooker’s Data Breach
A few weeks ago, an appointment scheduling solution, FlexBooker notified its customers that it had been breached. Imperva has no specific insider knowledge into how the breach unfolded, but we can learn a lot from FlexBooker’s data breach notification as well as additional related sources. In thi...
Imperva mitigates largest DDoS attacks of 2020… so far…
The word “unprecedented” has never been used so much as it has during 2020. And in the latest of many unprecedented events, July saw the two largest recorded DDoS attacks of the year so far. As revealed in our July 2020 Cyber Threat Index Report, published today, Imperva Research Labs recorded tw...
Key Elements for DDoS Detection, Mitigation and Analysis
Given today’s volatile DDoS threat landscape with attacks ranging from massive volumetric assaults to sophisticated and persistent application level threats, comprehensive protection is a must for online businesses. But what are the most important considerations for evaluating potential solutions...
Improve the ROI of Your Database Protection Investment
When an organization considers switching a mission-critical compliance or security system from one vendor’s solution to another it’s a very big decision. There is expense involved in acquiring the new solution, it will take time and money to deploy and retrain staff, and it will take careful...
Five Cloud Migration Strategies for Applications
Regardless of your current IT environment or your vision for migrating to the cloud, numerous strategies exist that can accommodate your cloud-migration approach. Fortunately, this range of options allows you to proceed with caution while making progress toward your ultimate objective. Always kee...
Women in Tech and Career Spotlight: Jerusalem Bicha
We conclude our series featuring women in tech at Imperva with an interview with Jerusalem Bicha, network operations team lead at Imperva. We talked about her path to a career in cybersecurity. Tell us how you got into cybersecurity. JB: I actually don’t have a degree. My career in cybersecurity...
Protect Against WannaCry with Deception-Based Ransomware Detection
The WannaCry ransomware attack caught the world off guard—and may have even literally left some crying. The attack infected more than 230,000 computers in 150 countries by encrypting data on networked machines and demanding payments in Bitcoin. According to Malwarebytes researchers, the attack...
Why You Need a Database Audit Trail
Your ability to answer very detailed questions about what’s going on in your organization’s databases can make or break a compliance audit or security investigation. Aside from the obvious need for this information in the event of a breach, it’s also important because government, financial, and...
Best WAAP Solutions for Enterprise Application Security: How to Choose the Right Platform in 2026
Key Takeaways The major enterprise WAAP solutions evaluated in this guide are Akamai, Cloudflare, F5, Fastly, Fortinet, Imperva, and Radware. In the most recent independent benchmarks, Akamai, Cloudflare, and Imperva were named Leaders in the Forrester Wave: Web Application Firewall Solutions, Q1...
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack
The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become the epicenter of a significant website supply...
With Imperva’s DRA and ServiceNow, you can avoid burning out your cyber security employees
In todays world, CIOs and CISOs are facing a tough reality when it comes to the security staff shortage situation. With the deflating economy, nationalism, cybercrime, and nation-led adversaries, the demand for security personnel has increased, making it challenging for organizations to find and...
Two-Week ATO Attack Mitigated by Imperva
Beginning on February 7, an Imperva-protected account was targeted by an ongoing account takeover ATO attack that lasted for two weeks. On average, attacks last a few hours or a couple days at most, so the length of this attack was an anomaly and underscores the persistence of the attackers. As a...
How can we Prevent an Internet of Compromised Things?
The shape of things to come An increasing array of physical household and business objects now come with a plethora of sensors, software, and processing abilities, connecting to like-minded devices and swapping data with additional systems via the internet or across networks. These objects and...
Natural Language Processing and “Mindful” AI Drive More Sophisticated Bad Bot Attacks
The evolution from human to bot attacks Over the last several years of my career in cyber security, I have been fortunate to work with professionals who researched and developed new cyber security detection and prevention solutions that block high-end cyber attacks. Initially, these attacks were...
Holiday “to-do list” for cybersecurity professionals working in eCommerce
The period from mid-November to the end of the year is always particularly stressful for cybersecurity professionals in the eCommerce space. It seems like every hacker and cyber criminal on earth is trying even harder to steal customers’ data or stop digital business operations. And the reason it...
Serverless protection for execution environments made easy
Serverless computing is transforming the way we build, ship, automate, and scale applications. With no infrastructure to manage, organizations can move from ideation to market faster, with virtually no operational overhead. Consequently, these enterprises can now focus on just the code that serve...
Top 5 Most Vicious Bad Bots
Classified by The Open Web Application Security Project OWASP as ‘automated threats’, bad bots can be used to perform a plethora of actions on the application layer, from basic requests to elaborate sessions with sophisticated requests. Some of these bots are more malicious than others. This make...
What’s Different About Data Security in the Cloud? Almost Everything.
Well before the onset of the pandemic most organizations had a digital transformation plan in place which included migrating workloads to new modern architectures, usually a private, public, or hybrid cloud. As the challenges caused by COVID-19 became more acute, these organizations accelerated...
Ensuring Security and Compliance in AWS RDS with CDS
If you use AWS RDS, your organization is part of a worldwide trend. Forward-thinking companies everywhere are embracing database-as-a-service DBaaS to help bring new applications and services to market faster, or to reduce the cost and complexity of their database operations. What isn’t changing...
Shifting from Network Security to Data Security
The world-wide events of 2020 have meant that organisations have had to simply react and adapt. More data is being moved to the cloud, applications are built in cloud environments, and more and more databases are being used to support the shift in the way we work. 59% of enterprises believe their...
Automation & Development – Why It’s Worth Investing in This Relationship
Good relationships will be stable whenever something goes wrong. But, if you don’t invest in your relationships, they won’t last long. Let’s take, for example, a little crisis that could happen - a bug is found in the field! … by a customer! “How did we miss it?” will be the question asked all...
Open Banking Around the World
Open Banking, the practice of sharing financial data with competitors and third parties via open APIs, offers many benefits for consumers who not only have more control over their data, but who can now manage their finances much more efficiently. What started with the European Union Payment...
Imperva is a Leader in the Forrester Wave: Web Application Firewalls, Q1
Web application firewalls continue to be a core technology function for securing critical assets, and for IT professionals, market analyst reports and validation are critical when deciding upon new WAF solutions. That’s why we’re proud to share that Imperva Cloud WAF has recently been recognized ...
HTTP Desync Attacks in the Wild and How to Defend Against Them
Inspired by an article by Watchfire from 2005, we recently explored an old attack technique named HTTP Request Smuggling and checked it against our WAF protection. By coincidence, it turned out someone else was also exploring this technique at the same time. Given the hype it received as a result...
Seven Must-Dos to Secure MySQL 8.0
Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database version brings security upgrades. Use them...
Security Strategies for DevOps, APIs, Containers and Microservices
More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing trend towards speeding up application developmen...
Machine Learning: Identify the Unpredictable – Whiteboard Wednesday [Video]
When it comes to identifying insider threats, the fundamental challenge is how to determine when data access appears out of the ordinary for a typical user or system, and of those instances, which ones are dangerous versus merely unusual. A lot of solutions today serve up so many policy violation...
What’s Next for Ransomware: Data Corruption, Exfiltration and Disruption
Ransomware’s popularity continues to skyrocket, due to its successful business model and the significant profit paid by its victims. Unlike other malware business models – where attackers steal data and then sell it on the darknet; hackers who utilize ransomware as their attack vector receive...
From Cloudflare Bypass to Credit Card Theft
Introduction On July 6, 2025, a suspicious Python package called 'cloudscrapersafe' was uploaded to the Python Package Index PyPI. Marketed as a utility to evade Cloudflare’s anti-bot protections, this package was a modified version of a widely used 'cloudscraper' library, which is used to automa...