Lucene search
K
ImpervablogMost viewed

1025 matches found

impervablog
impervablog
added 2022/08/23 12:27 p.m.20 views

Imperva Data Security Fabric Wins 2022 SC Media Trust Award for Data Security

SC Media has announced the winners of their 2022 SC Awards, with 38 companies, executives, and security solutions selected by their panel of judges as the best of the year. We are thrilled to report that ​Imperva Data Security Fabric has earned the 2022 SC Media Trust Award for Data Security. For...

0.7AI score
Exploits0
impervablog
impervablog
added 2022/08/22 12:45 p.m.20 views

Enable Security Teams to Leverage Machine Learning Technologies

As on-premises and cloud-hosted data repositories get larger, they are outstripping the ability of traditional data-crunching methods to efficiently analyze the information. As a result, more enterprises have turned to data science and machine learning platforms to create business value. The...

6.8AI score
Exploits0
impervablog
impervablog
added 2022/08/18 4:26 p.m.20 views

The Five Principles of a Zero Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero trust model, every organization should be actively moving in that...

7.2AI score
Exploits0
impervablog
impervablog
added 2022/08/03 12:51 p.m.20 views

The Three Key Competencies that Optimize Data Security Orchestration

One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security incident is just the first part of the...

0.1AI score
Exploits0
impervablog
impervablog
added 2022/07/01 2:44 p.m.20 views

How to Monitor Athena Usage to Understand Your Operations, and Control Security and Costs

Introduction to our data lakes experience Data lakes are great. They are flexible as they allow many object formats and multiple query engines. They are also cost effective - there is no need to manage or pay for resources like disks, cpu and memory. Data is simply stored in an object store and i...

7.5AI score
Exploits0
impervablog
impervablog
added 2022/06/29 12:49 p.m.20 views

ATO Attacks Targeting Financial Services Increased 58 Percent in May. Who Else Needs to Worry?

Account takeover ATO is a form of identity theft that cyber criminals use to get unauthorized access to the accounts of legitimate users through some kind of brute force method such as Credential Stuffing. In 2022, account takeover attacks are on the rise. In June for example, Imperva’s Threat...

0.9AI score
Exploits0
impervablog
impervablog
added 2022/06/24 1:9 p.m.20 views

How the Evolution of Agents has Been Essential for Modern Database Security

In today’s data driven world, every organization’s most important asset is their data. Accordingly and similarly to other protected components like applications, web and peripheral gateways, databases require a dedicated security solution as well. An essential database security solution must...

7AI score
Exploits0
impervablog
impervablog
added 2022/05/16 2:25 p.m.20 views

8 Ways to Avoid CISO Burnout

Times have changed In recent years the job of Chief Information Security Officer CISO has become more and more frenetic and involved. Already stretched CISOs have the added responsibilities of employee management in a time of a global pandemic, staff retention when priorities have changed and...

7.2AI score
Exploits0
impervablog
impervablog
added 2022/04/27 12:28 p.m.20 views

6 Best Data Security Practices You Can Start Today

Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts to shore up their data security. Here are six best practices yo...

0.4AI score
Exploits0
impervablog
impervablog
added 2022/04/06 3:34 p.m.20 views

Ethical Hacking and Penetration Testing. Where to Begin.

Looking at the employment landscape, it’s clear that prospects for landing cybersecurity positions are excellent and on the rise, but what about the commercial viability of that “grey side-gig”, ethical hacking and penetration testing? While the notion of “being bad to help the good people” is...

Exploits0
impervablog
impervablog
added 2022/01/11 2:26 p.m.20 views

What to Include in a Cybersecurity Disaster Recovery Plan

If the unthinkable were to happen to your business, what’s your disaster recovery plan? If bad actors were to inject ransomware into your system, what’s your process for a return to normal working? Google the words “What do I do if I have a cybersecurity breach” and the first twenty results will...

Exploits0
impervablog
impervablog
added 2021/12/01 9:36 p.m.20 views

Scalpers, and their bot armies, swing in to net web-based Spiderman tickets

29 November 2021 was “Spider Monday” and tickets for Marvel’s film Spider-Man: No Way Home went on sale with the sort of marketing fervor for which Disney and the Marvel Cinematic Universe MCU are famous. As tickets to one of the most eagerly anticipated Christmas films featuring one of the most...

0.1AI score
Exploits0
impervablog
impervablog
added 2020/09/15 2:28 p.m.20 views

When The Going Gets Tough – R&D Calls With Customers – Doing It Right!

Several years ago, I joined the development team of a new product within Imperva. I discovered that direct interaction between us developers and our customers was much more frequent than on more mature products - customer calls are an invaluable tool when developing from scratch. However, these...

6.9AI score
Exploits0
impervablog
impervablog
added 2018/03/07 3:0 p.m.20 views

2018 Cyberthreat Defense Report: Where IT Security Is Going

What keeps you awake at night? We asked IT security professionals the same question and found that these issues are top of mind: malware and spear phishing, securing mobile devices, employee security awareness and new technologies that detect threats capable of bypassing traditional signature-bas...

6.8AI score
Exploits0
impervablog
impervablog
added 2017/07/27 4:53 p.m.20 views

How to Secure AWS Deployments with SecureSphere WAF

The Imperva SecureSphere Web Application Firewall WAF analyzes all user access to business-critical web applications and protects your applications and data from cyberattacks. SecureSphere WAF dynamically learns an applications’ “normal” behavior and correlates it with crowd-sourced threat...

6.7AI score
Exploits0
impervablog
impervablog
added 2017/04/24 4:30 p.m.20 views

Get a Single View of WAF Events with the Imperva AppSecurity View App for Splunk Enterprise

Enterprises are adopting a hybrid infrastructure model to take advantage of rapid deployment of cloud-based services and higher computing power. A compilation of analyst predictions by SecureWorks, shows that the cloud continues to gain momentum as organizations embrace and benefit from new ways ...

7AI score
Exploits0
impervablog
impervablog
added 2017/04/20 3:30 p.m.20 views

Shortening Your DCAP Short List: Five Critical Things to Consider for a Data-Centric Audit and Protection Solution

Exponential data growth. You’ve heard it many times before, but it’s still the most accurate way to describe the enormous and growing amount of data that businesses generate and collect today. It’s this growth that is driving today’s enterprises to revisit their strategies for data security and...

6.6AI score
Exploits0
impervablog
impervablog
added 2017/04/11 3:30 p.m.20 views

Hot on the Credential Theft Trail: Tracking a Hacker from a Dropbox Phishing Campaign

We the Imperva Defense Center research team frequently investigate cases of credential theft to gain a deeper understanding of methods and tools used by cyber criminals—in particular, to learn how accounts are taken over once credentials are compromised through phishing campaigns. We recently cho...

7AI score
Exploits0
impervablog
impervablog
added 2026/01/26 7:28 p.m.19 views

Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic

What Is CVE-2026-21962? CVE-2026-21962 is a critical CVSS 10.0 vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP access can exploit this flaw by sending crafted requests to the affected pro...

10CVSS6AI score0.42658EPSS
Exploits4
impervablog
impervablog
added 2025/05/07 6:22 p.m.19 views

Early 2025 DDoS Attacks Signal a Dangerous Trend in Cybersecurity

As we enter 2025, the threat landscape continues to evolve, with Distributed Denial of Service DDoS attacks growing in both scale and sophistication. So far this year, we’ve already seen several major DDoS attacks over 5 million Requests Per Second RPS, signaling a concerning trend for...

7AI score
Exploits0
impervablog
impervablog
added 2024/02/13 12:36 p.m.19 views

Security Flaw in CoCalc: One Click and Your Cloud is Ruined

TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user...

6.1AI score
Exploits0
impervablog
impervablog
added 2023/12/05 7:50 p.m.19 views

Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report

Imperva named an Overall Leader Were thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. Our Leadership excels across the sub-categories of Product, Innovation, and Market Leadership and ...

7.3AI score
Exploits0
impervablog
impervablog
added 2023/05/08 12:24 p.m.19 views

The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection

In the first blog post, we introduced you to the Nike Shoe Bot NSB, one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post, we will take a closer look at the bots source code, and determine what...

6.9AI score
Exploits0
impervablog
impervablog
added 2023/03/08 11:35 p.m.19 views

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...

1.1AI score
Exploits0
impervablog
impervablog
added 2022/09/13 11:26 a.m.19 views

Three Keys to Securing Shadow Data

What is shadow data? Shadow data is any data contained anywhere in your entire data repository that is not visible to the tools you use to monitor and log data access. Shadow data may include: Customer data that DevOps teams copied into an unknown database to test applications they are developing...

6.2AI score
Exploits0
impervablog
impervablog
added 2022/08/15 2:22 p.m.19 views

Three Keys to Turning Data-centric Security Theory into Practice

Most cybersecurity professionals agree that as more organizations move data and applications to cloud-hosted environments, traditional measures focusing on protecting IT infrastructures are not up to the task. In fact, according to Crowd Research Partners, 84 percent of organizations say...

0.9AI score
Exploits0
impervablog
impervablog
added 2022/08/04 12:52 p.m.19 views

Research Shows the Annual Cost of API Security-related Breaches is Mind-blowing

Application Programming Interfaces APIs have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has become more widespread, they are a much more prominent part of the cyber threat landscape. API-related hacks and data breache...

0.4AI score
Exploits0
impervablog
impervablog
added 2022/08/01 1:23 p.m.19 views

What is Dark Data, and how can we find it?

What is “dark data”? The term “dark data” refers to “any information assets that organizations collect, process, and store during regular business activities but generally fail to use for other purposes” Gartner. Often retained for compliance reasons, this data can also include past employee...

0.3AI score
Exploits0
impervablog
impervablog
added 2022/07/28 1:39 p.m.19 views

How Organizations Manage to Understand Millions of Unstructured Data Files at Scale

For an ever-growing segment of organizations, making sense of unstructured data is fast becoming imperative. It is also far more challenging. Unlike structured data that’s stored in rows and columns, text-based, and easy to search in relational databases and data warehouses, there is no defined...

1.3AI score
Exploits0
impervablog
impervablog
added 2022/07/25 1:38 p.m.19 views

Four Main Reasons Shoppers Abandon eCommerce Carts

More than just window shopping eCommerce shopping cart abandonment causes brands a sobering USD 18 Billion in annual revenue Forrester Research. While rates differ by device, with mobile and tablet device users most likely to leave before completing their order, nearly 70 percent of shoppers dese...

7AI score
Exploits0
impervablog
impervablog
added 2022/07/15 1:48 p.m.19 views

What is Steganography, and how can we Avoid it?

What is steganography? Steganography is, broadly, a type of covert communication involving the use of any medium to hide messages. Steganography is a relatively old technique of hiding ‘secret’ data in plain sight to avoid detection. Seeing a resurgence of late, bad actors are taking advantage of...

0.2AI score
Exploits0
impervablog
impervablog
added 2022/06/27 12:49 p.m.19 views

Five Ways the Gaming & Gambling Industry is Targeted by Bad Bots

Let’s play a game of chance: What are the odds that your gaming website is being targeted by bad bots? Imperva research suggests they’re higher than you may think. Imperva’s 2022 Bad Bot Report reveals that 53.9 percent of traffic to gaming and gambling websites comes from bad bots. With the...

0.4AI score
Exploits0
impervablog
impervablog
added 2022/05/24 1:34 p.m.19 views

How to Develop Machine Learning Skills for Every Employee in Your Company

Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...

7.5AI score
Exploits0
impervablog
impervablog
added 2022/04/28 12:48 p.m.19 views

API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot

Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features you need within solutions to protect your APIs. When a bad actor makes a completely val...

0.3AI score
Exploits0
impervablog
impervablog
added 2022/02/16 11:47 a.m.19 views

Imperva Mitigates Massive Bot Attack of 400 Million Requests

Imperva Advanced Bot Protection detected and stopped the largest bot attack in Imperva history. The web scraping attack targeted a global job listing site with operations in six countries. The attacker used a large-scale botnet, generating no less than 400 million bot requests from nearly 400,000...

6.8AI score
Exploits0
impervablog
impervablog
added 2021/12/16 7:8 p.m.19 views

Ransom DDoS Enters its Fourth Wave

Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...

0.3AI score
Exploits0
impervablog
impervablog
added 2021/10/21 2:2 p.m.19 views

The FP Paradox on the battlefield against COVID-19 and cyber threats

Lets consider for a moment the “next” communicable virus. You show no symptoms but you try a home testing kit anyway, expecting the result to be negative. To your great surprise, the result is positive! The information enclosed in the testing kit package explained that the test results are nearly...

6.7AI score
Exploits0
impervablog
impervablog
added 2021/10/13 5:19 p.m.19 views

The ad blocker that injects ads

Deceptive ad injection is a growing concern on the internet today, affecting many people browsing the web. And while the concept isn’t new Google stated it was the most common complaint amongst Chrome users back in 2015, just like with other online threats, bad actors are constantly refining thei...

0.4AI score
Exploits0
impervablog
impervablog
added 2021/09/16 1:27 p.m.19 views

A security architect’s POV on a mature data-centric security program, Part 1

In this three-part series, you’ll hear first-hand from security architects on the front lines about what it takes to move organizations from a compliance-centric to a mature data-centric database security model. You’ll gain insight into the challenges associated with retaining, accessing and...

7AI score
Exploits0
impervablog
impervablog
added 2021/06/30 2:6 p.m.19 views

Mitigating attacks in serverless environments

Serverless computing has become the fastest-growing segment in the cloud services market. The benefits are clear and significant: cost savings and lower operational overhead, giving development teams full control over code and flexibility in the infrastructure. This also means that, in terms of...

0.2AI score
Exploits0
impervablog
impervablog
added 2020/08/25 1:30 p.m.19 views

WAF and RASP: Best Practice for Defense in Depth

Why do you need a RASP solution if WAFs layer of defense is so powerful? The simple answer is that no single security product can provide protection for all threat vectors. A comprehensive IT security strategy includes risk-appropriate controls implemented where they can provide maximum efficacy,...

8AI score
Exploits0
impervablog
impervablog
added 2018/07/11 9:36 p.m.19 views

The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques

A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s...

0.3AI score
Exploits0
impervablog
impervablog
added 2017/10/25 3:30 p.m.19 views

Detecting Data Breaches: Why Understanding Database Types Matters

Different data characteristics and access patterns found in different database systems lead to different ways of detecting suspicious data access, which are indicators of potential data breaches. To accurately detect data access abuse we need to classify the database processing type. Is it a...

6.9AI score
Exploits0
impervablog
impervablog
added 2017/03/14 4:7 p.m.19 views

GDPR Series, Part 4: The Penalties for Non-Compliance

In the first three parts of this series, we covered the GDPR basics: who is subject to the GDPR requirements, what rules require data protection technology, and how you can start preparing your organization for the regulation. In this final installment, we will cover what happens when you are not...

6.8AI score
Exploits0
impervablog
impervablog
added 2024/10/09 9:5 p.m.18 views

Imperva Adaptive Threshold for Layer 7 DDoS Attacks Reduces Risk of Business Disruption

Today’s fast-paced digital landscape demands an optimized user experience that is always available to engage end users. However, businesses are constantly under threat from a variety of attacks that seek to disrupt that experience, including DDoS attacks. And the risk is growing. According to the...

7.1AI score
Exploits0
impervablog
impervablog
added 2024/07/10 3:52 a.m.18 views

Lessons Learned From Exposing Unusual XSS Vulnerabilities

Misunderstood browser APIs are often at the core of many web security issues. With the rapid expansion of web APIs, keeping up with security best practices can be challenging. In this post, we’ll explore a few common mistakes developers make that lead to modern XSS Cross-Site Scripting...

7AI score
Exploits0
impervablog
impervablog
added 2024/04/02 12:0 p.m.18 views

Compromising Bank Customer Trust: The Price of Inadequate Data Protection

Banks hold not just money, but also emotions and aspirations. Countless stories unfold within bank walls, reflecting the intimate connection between money and emotion. Beyond the numbers and transactions, every dollar represents individuals’ hopes, dreams, and livelihoods. As the trusted custodia...

7.5AI score
Exploits0
impervablog
impervablog
added 2024/03/11 1:28 p.m.18 views

Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0

On February 26, 2024, NIST released version 2.0 of the Cybersecurity Framework. This blog reviews the fundamental changes introduced in CSF 2.0 and data-centric security considerations that should be made when aligning with the new framework. As cybercriminals become more sophisticated, efficient...

7.2AI score
Exploits0
impervablog
impervablog
added 2024/02/26 8:40 a.m.18 views

Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection

In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get starte...

7.3AI score
Exploits0
impervablog
impervablog
added 2024/02/13 3:47 p.m.18 views

Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware

As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used by developers to add color and style to their text in terminal outputs...

7.3AI score
Exploits0
Total number of security vulnerabilities1025