1025 matches found
Imperva Data Security Fabric Wins 2022 SC Media Trust Award for Data Security
SC Media has announced the winners of their 2022 SC Awards, with 38 companies, executives, and security solutions selected by their panel of judges as the best of the year. We are thrilled to report that Imperva Data Security Fabric has earned the 2022 SC Media Trust Award for Data Security. For...
Enable Security Teams to Leverage Machine Learning Technologies
As on-premises and cloud-hosted data repositories get larger, they are outstripping the ability of traditional data-crunching methods to efficiently analyze the information. As a result, more enterprises have turned to data science and machine learning platforms to create business value. The...
The Five Principles of a Zero Trust Cybersecurity Model
When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero trust model, every organization should be actively moving in that...
The Three Key Competencies that Optimize Data Security Orchestration
One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security incident is just the first part of the...
How to Monitor Athena Usage to Understand Your Operations, and Control Security and Costs
Introduction to our data lakes experience Data lakes are great. They are flexible as they allow many object formats and multiple query engines. They are also cost effective - there is no need to manage or pay for resources like disks, cpu and memory. Data is simply stored in an object store and i...
ATO Attacks Targeting Financial Services Increased 58 Percent in May. Who Else Needs to Worry?
Account takeover ATO is a form of identity theft that cyber criminals use to get unauthorized access to the accounts of legitimate users through some kind of brute force method such as Credential Stuffing. In 2022, account takeover attacks are on the rise. In June for example, Imperva’s Threat...
How the Evolution of Agents has Been Essential for Modern Database Security
In today’s data driven world, every organization’s most important asset is their data. Accordingly and similarly to other protected components like applications, web and peripheral gateways, databases require a dedicated security solution as well. An essential database security solution must...
8 Ways to Avoid CISO Burnout
Times have changed In recent years the job of Chief Information Security Officer CISO has become more and more frenetic and involved. Already stretched CISOs have the added responsibilities of employee management in a time of a global pandemic, staff retention when priorities have changed and...
6 Best Data Security Practices You Can Start Today
Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts to shore up their data security. Here are six best practices yo...
Ethical Hacking and Penetration Testing. Where to Begin.
Looking at the employment landscape, it’s clear that prospects for landing cybersecurity positions are excellent and on the rise, but what about the commercial viability of that “grey side-gig”, ethical hacking and penetration testing? While the notion of “being bad to help the good people” is...
What to Include in a Cybersecurity Disaster Recovery Plan
If the unthinkable were to happen to your business, what’s your disaster recovery plan? If bad actors were to inject ransomware into your system, what’s your process for a return to normal working? Google the words “What do I do if I have a cybersecurity breach” and the first twenty results will...
Scalpers, and their bot armies, swing in to net web-based Spiderman tickets
29 November 2021 was “Spider Monday” and tickets for Marvel’s film Spider-Man: No Way Home went on sale with the sort of marketing fervor for which Disney and the Marvel Cinematic Universe MCU are famous. As tickets to one of the most eagerly anticipated Christmas films featuring one of the most...
When The Going Gets Tough – R&D Calls With Customers – Doing It Right!
Several years ago, I joined the development team of a new product within Imperva. I discovered that direct interaction between us developers and our customers was much more frequent than on more mature products - customer calls are an invaluable tool when developing from scratch. However, these...
2018 Cyberthreat Defense Report: Where IT Security Is Going
What keeps you awake at night? We asked IT security professionals the same question and found that these issues are top of mind: malware and spear phishing, securing mobile devices, employee security awareness and new technologies that detect threats capable of bypassing traditional signature-bas...
How to Secure AWS Deployments with SecureSphere WAF
The Imperva SecureSphere Web Application Firewall WAF analyzes all user access to business-critical web applications and protects your applications and data from cyberattacks. SecureSphere WAF dynamically learns an applications’ “normal” behavior and correlates it with crowd-sourced threat...
Get a Single View of WAF Events with the Imperva AppSecurity View App for Splunk Enterprise
Enterprises are adopting a hybrid infrastructure model to take advantage of rapid deployment of cloud-based services and higher computing power. A compilation of analyst predictions by SecureWorks, shows that the cloud continues to gain momentum as organizations embrace and benefit from new ways ...
Shortening Your DCAP Short List: Five Critical Things to Consider for a Data-Centric Audit and Protection Solution
Exponential data growth. You’ve heard it many times before, but it’s still the most accurate way to describe the enormous and growing amount of data that businesses generate and collect today. It’s this growth that is driving today’s enterprises to revisit their strategies for data security and...
Hot on the Credential Theft Trail: Tracking a Hacker from a Dropbox Phishing Campaign
We the Imperva Defense Center research team frequently investigate cases of credential theft to gain a deeper understanding of methods and tools used by cyber criminals—in particular, to learn how accounts are taken over once credentials are compromised through phishing campaigns. We recently cho...
Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic
What Is CVE-2026-21962? CVE-2026-21962 is a critical CVSS 10.0 vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP access can exploit this flaw by sending crafted requests to the affected pro...
Early 2025 DDoS Attacks Signal a Dangerous Trend in Cybersecurity
As we enter 2025, the threat landscape continues to evolve, with Distributed Denial of Service DDoS attacks growing in both scale and sophistication. So far this year, we’ve already seen several major DDoS attacks over 5 million Requests Per Second RPS, signaling a concerning trend for...
Security Flaw in CoCalc: One Click and Your Cloud is Ruined
TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user...
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report
Imperva named an Overall Leader Were thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. Our Leadership excels across the sub-categories of Product, Innovation, and Market Leadership and ...
The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection
In the first blog post, we introduced you to the Nike Shoe Bot NSB, one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post, we will take a closer look at the bots source code, and determine what...
Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases
It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...
Three Keys to Securing Shadow Data
What is shadow data? Shadow data is any data contained anywhere in your entire data repository that is not visible to the tools you use to monitor and log data access. Shadow data may include: Customer data that DevOps teams copied into an unknown database to test applications they are developing...
Three Keys to Turning Data-centric Security Theory into Practice
Most cybersecurity professionals agree that as more organizations move data and applications to cloud-hosted environments, traditional measures focusing on protecting IT infrastructures are not up to the task. In fact, according to Crowd Research Partners, 84 percent of organizations say...
Research Shows the Annual Cost of API Security-related Breaches is Mind-blowing
Application Programming Interfaces APIs have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has become more widespread, they are a much more prominent part of the cyber threat landscape. API-related hacks and data breache...
What is Dark Data, and how can we find it?
What is “dark data”? The term “dark data” refers to “any information assets that organizations collect, process, and store during regular business activities but generally fail to use for other purposes” Gartner. Often retained for compliance reasons, this data can also include past employee...
How Organizations Manage to Understand Millions of Unstructured Data Files at Scale
For an ever-growing segment of organizations, making sense of unstructured data is fast becoming imperative. It is also far more challenging. Unlike structured data that’s stored in rows and columns, text-based, and easy to search in relational databases and data warehouses, there is no defined...
Four Main Reasons Shoppers Abandon eCommerce Carts
More than just window shopping eCommerce shopping cart abandonment causes brands a sobering USD 18 Billion in annual revenue Forrester Research. While rates differ by device, with mobile and tablet device users most likely to leave before completing their order, nearly 70 percent of shoppers dese...
What is Steganography, and how can we Avoid it?
What is steganography? Steganography is, broadly, a type of covert communication involving the use of any medium to hide messages. Steganography is a relatively old technique of hiding ‘secret’ data in plain sight to avoid detection. Seeing a resurgence of late, bad actors are taking advantage of...
Five Ways the Gaming & Gambling Industry is Targeted by Bad Bots
Let’s play a game of chance: What are the odds that your gaming website is being targeted by bad bots? Imperva research suggests they’re higher than you may think. Imperva’s 2022 Bad Bot Report reveals that 53.9 percent of traffic to gaming and gambling websites comes from bad bots. With the...
How to Develop Machine Learning Skills for Every Employee in Your Company
Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...
API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot
Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features you need within solutions to protect your APIs. When a bad actor makes a completely val...
Imperva Mitigates Massive Bot Attack of 400 Million Requests
Imperva Advanced Bot Protection detected and stopped the largest bot attack in Imperva history. The web scraping attack targeted a global job listing site with operations in six countries. The attacker used a large-scale botnet, generating no less than 400 million bot requests from nearly 400,000...
Ransom DDoS Enters its Fourth Wave
Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...
The FP Paradox on the battlefield against COVID-19 and cyber threats
Lets consider for a moment the “next” communicable virus. You show no symptoms but you try a home testing kit anyway, expecting the result to be negative. To your great surprise, the result is positive! The information enclosed in the testing kit package explained that the test results are nearly...
The ad blocker that injects ads
Deceptive ad injection is a growing concern on the internet today, affecting many people browsing the web. And while the concept isn’t new Google stated it was the most common complaint amongst Chrome users back in 2015, just like with other online threats, bad actors are constantly refining thei...
A security architect’s POV on a mature data-centric security program, Part 1
In this three-part series, you’ll hear first-hand from security architects on the front lines about what it takes to move organizations from a compliance-centric to a mature data-centric database security model. You’ll gain insight into the challenges associated with retaining, accessing and...
Mitigating attacks in serverless environments
Serverless computing has become the fastest-growing segment in the cloud services market. The benefits are clear and significant: cost savings and lower operational overhead, giving development teams full control over code and flexibility in the infrastructure. This also means that, in terms of...
WAF and RASP: Best Practice for Defense in Depth
Why do you need a RASP solution if WAFs layer of defense is so powerful? The simple answer is that no single security product can provide protection for all threat vectors. A comprehensive IT security strategy includes risk-appropriate controls implemented where they can provide maximum efficacy,...
The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques
A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s...
Detecting Data Breaches: Why Understanding Database Types Matters
Different data characteristics and access patterns found in different database systems lead to different ways of detecting suspicious data access, which are indicators of potential data breaches. To accurately detect data access abuse we need to classify the database processing type. Is it a...
GDPR Series, Part 4: The Penalties for Non-Compliance
In the first three parts of this series, we covered the GDPR basics: who is subject to the GDPR requirements, what rules require data protection technology, and how you can start preparing your organization for the regulation. In this final installment, we will cover what happens when you are not...
Imperva Adaptive Threshold for Layer 7 DDoS Attacks Reduces Risk of Business Disruption
Today’s fast-paced digital landscape demands an optimized user experience that is always available to engage end users. However, businesses are constantly under threat from a variety of attacks that seek to disrupt that experience, including DDoS attacks. And the risk is growing. According to the...
Lessons Learned From Exposing Unusual XSS Vulnerabilities
Misunderstood browser APIs are often at the core of many web security issues. With the rapid expansion of web APIs, keeping up with security best practices can be challenging. In this post, we’ll explore a few common mistakes developers make that lead to modern XSS Cross-Site Scripting...
Compromising Bank Customer Trust: The Price of Inadequate Data Protection
Banks hold not just money, but also emotions and aspirations. Countless stories unfold within bank walls, reflecting the intimate connection between money and emotion. Beyond the numbers and transactions, every dollar represents individuals’ hopes, dreams, and livelihoods. As the trusted custodia...
Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0
On February 26, 2024, NIST released version 2.0 of the Cybersecurity Framework. This blog reviews the fundamental changes introduced in CSF 2.0 and data-centric security considerations that should be made when aligning with the new framework. As cybercriminals become more sophisticated, efficient...
Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection
In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get starte...
Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware
As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used by developers to add color and style to their text in terminal outputs...