1025 matches found
How to Secure AWS Deployments with SecureSphere WAF
The Imperva SecureSphere Web Application Firewall WAF analyzes all user access to business-critical web applications and protects your applications and data from cyberattacks. SecureSphere WAF dynamically learns an applications’ “normal” behavior and correlates it with crowd-sourced threat...
5 Questions to Ask Your CISO about the GDPR
The European General Data Protection Regulation GDPR comes into force on May 25, 2018, and it will have a huge impact on the way businesses store and collect personal information belonging to those located in the European Union EU. The regulation applies to all businesses that hold and process da...
Get a Single View of WAF Events with the Imperva AppSecurity View App for Splunk Enterprise
Enterprises are adopting a hybrid infrastructure model to take advantage of rapid deployment of cloud-based services and higher computing power. A compilation of analyst predictions by SecureWorks, shows that the cloud continues to gain momentum as organizations embrace and benefit from new ways ...
Shortening Your DCAP Short List: Five Critical Things to Consider for a Data-Centric Audit and Protection Solution
Exponential data growth. You’ve heard it many times before, but it’s still the most accurate way to describe the enormous and growing amount of data that businesses generate and collect today. It’s this growth that is driving today’s enterprises to revisit their strategies for data security and...
Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic
What Is CVE-2026-21962? CVE-2026-21962 is a critical CVSS 10.0 vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP access can exploit this flaw by sending crafted requests to the affected pro...
Early 2025 DDoS Attacks Signal a Dangerous Trend in Cybersecurity
As we enter 2025, the threat landscape continues to evolve, with Distributed Denial of Service DDoS attacks growing in both scale and sophistication. So far this year, we’ve already seen several major DDoS attacks over 5 million Requests Per Second RPS, signaling a concerning trend for...
Security Flaw in CoCalc: One Click and Your Cloud is Ruined
TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user...
Why Cool Dashboards Don’t Equal Effective Security Analytics
Mark Twain once said, “Data is like garbage. You’d better know what you are going to do with it before you collect it.” This statement rings true in todays cybersecurity landscape. Security professionals are inundated with a flood of data, and often, they dont know how to make sense of it. To add...
Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory
Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...
The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection
In the first blog post, we introduced you to the Nike Shoe Bot NSB, one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post, we will take a closer look at the bots source code, and determine what...
Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases
It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...
Misconfigurations of Cloud-Managed Infrastructures Continue to be a Major Challenge to Data Security
In case you missed the memo, cloud-hosted data is here to stay. Recent data shows spending on cloud services reached a total of $178 billion in 2021, a 37 percent increase over the $130 billion spent in 2020 and twice the amount enterprises are spending on their data centers. As more organization...
7 Ways Good Data Security Practices Drive Data Governance
As more organizations continue with digital transformation plans, their ability to be good stewards of the data for which they are responsible becomes more difficult. They are generating more data, more data types, in more repositories, in more and different architectures. Every day, organization...
Three Keys to Securing Shadow Data
What is shadow data? Shadow data is any data contained anywhere in your entire data repository that is not visible to the tools you use to monitor and log data access. Shadow data may include: Customer data that DevOps teams copied into an unknown database to test applications they are developing...
Why the Search for Best-Of-Breed Tooling is Causing Issues for Security Teams
The growing need to consolidate vendor portfolios The adoption of best-of-breed security solutions has led to unforeseen problems for SOCs. Onboarding a new solution increases complexity; it requires configuration, integration with existing tools, fine-tuning policies, and the ability to create...
Calculate Splunk Ingestion Costs Savings when Pre-Processing Data Repository Logs with Imperva DSF
If you use Splunk to ingest all your data for security analytics, you likely recognize it as one of the greatest indexing tools ever created. With Splunk, your security teams get a real-time view of machine data from the network, data center, or IT environments. Many enterprises also use Splunk t...
Three Keys to Turning Data-centric Security Theory into Practice
Most cybersecurity professionals agree that as more organizations move data and applications to cloud-hosted environments, traditional measures focusing on protecting IT infrastructures are not up to the task. In fact, according to Crowd Research Partners, 84 percent of organizations say...
The Three Key Competencies that Optimize Data Security Orchestration
One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security incident is just the first part of the...
What is Steganography, and how can we Avoid it?
What is steganography? Steganography is, broadly, a type of covert communication involving the use of any medium to hide messages. Steganography is a relatively old technique of hiding ‘secret’ data in plain sight to avoid detection. Seeing a resurgence of late, bad actors are taking advantage of...
How to Monitor Athena Usage to Understand Your Operations, and Control Security and Costs
Introduction to our data lakes experience Data lakes are great. They are flexible as they allow many object formats and multiple query engines. They are also cost effective - there is no need to manage or pay for resources like disks, cpu and memory. Data is simply stored in an object store and i...
Five Ways the Gaming & Gambling Industry is Targeted by Bad Bots
Let’s play a game of chance: What are the odds that your gaming website is being targeted by bad bots? Imperva research suggests they’re higher than you may think. Imperva’s 2022 Bad Bot Report reveals that 53.9 percent of traffic to gaming and gambling websites comes from bad bots. With the...
How to Develop Machine Learning Skills for Every Employee in Your Company
Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...
API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot
Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features you need within solutions to protect your APIs. When a bad actor makes a completely val...
Imperva Mitigates Massive Bot Attack of 400 Million Requests
Imperva Advanced Bot Protection detected and stopped the largest bot attack in Imperva history. The web scraping attack targeted a global job listing site with operations in six countries. The attacker used a large-scale botnet, generating no less than 400 million bot requests from nearly 400,000...
What to Include in a Cybersecurity Disaster Recovery Plan
If the unthinkable were to happen to your business, what’s your disaster recovery plan? If bad actors were to inject ransomware into your system, what’s your process for a return to normal working? Google the words “What do I do if I have a cybersecurity breach” and the first twenty results will...
Ransom DDoS Enters its Fourth Wave
Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...
The FP Paradox on the battlefield against COVID-19 and cyber threats
Lets consider for a moment the “next” communicable virus. You show no symptoms but you try a home testing kit anyway, expecting the result to be negative. To your great surprise, the result is positive! The information enclosed in the testing kit package explained that the test results are nearly...
The ad blocker that injects ads
Deceptive ad injection is a growing concern on the internet today, affecting many people browsing the web. And while the concept isn’t new Google stated it was the most common complaint amongst Chrome users back in 2015, just like with other online threats, bad actors are constantly refining thei...
A security architect’s POV on a mature data-centric security program, Part 1
In this three-part series, you’ll hear first-hand from security architects on the front lines about what it takes to move organizations from a compliance-centric to a mature data-centric database security model. You’ll gain insight into the challenges associated with retaining, accessing and...
Mitigating attacks in serverless environments
Serverless computing has become the fastest-growing segment in the cloud services market. The benefits are clear and significant: cost savings and lower operational overhead, giving development teams full control over code and flexibility in the infrastructure. This also means that, in terms of...
When The Going Gets Tough – R&D Calls With Customers – Doing It Right!
Several years ago, I joined the development team of a new product within Imperva. I discovered that direct interaction between us developers and our customers was much more frequent than on more mature products - customer calls are an invaluable tool when developing from scratch. However, these...
WAF and RASP: Best Practice for Defense in Depth
Why do you need a RASP solution if WAFs layer of defense is so powerful? The simple answer is that no single security product can provide protection for all threat vectors. A comprehensive IT security strategy includes risk-appropriate controls implemented where they can provide maximum efficacy,...
The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques
A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s...
Detecting Data Breaches: Why Understanding Database Types Matters
Different data characteristics and access patterns found in different database systems lead to different ways of detecting suspicious data access, which are indicators of potential data breaches. To accurately detect data access abuse we need to classify the database processing type. Is it a...
Hot on the Credential Theft Trail: Tracking a Hacker from a Dropbox Phishing Campaign
We the Imperva Defense Center research team frequently investigate cases of credential theft to gain a deeper understanding of methods and tools used by cyber criminals—in particular, to learn how accounts are taken over once credentials are compromised through phishing campaigns. We recently cho...
GDPR Series, Part 4: The Penalties for Non-Compliance
In the first three parts of this series, we covered the GDPR basics: who is subject to the GDPR requirements, what rules require data protection technology, and how you can start preparing your organization for the regulation. In this final installment, we will cover what happens when you are not...
Critical Flaws in Base44 Exposed Sensitive Data and Allowed Account Takeovers
Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site scripting XSS, insecure authentication design,...
Imperva Adaptive Threshold for Layer 7 DDoS Attacks Reduces Risk of Business Disruption
Today’s fast-paced digital landscape demands an optimized user experience that is always available to engage end users. However, businesses are constantly under threat from a variety of attacks that seek to disrupt that experience, including DDoS attacks. And the risk is growing. According to the...
Lessons Learned From Exposing Unusual XSS Vulnerabilities
Misunderstood browser APIs are often at the core of many web security issues. With the rapid expansion of web APIs, keeping up with security best practices can be challenging. In this post, we’ll explore a few common mistakes developers make that lead to modern XSS Cross-Site Scripting...
Compromising Bank Customer Trust: The Price of Inadequate Data Protection
Banks hold not just money, but also emotions and aspirations. Countless stories unfold within bank walls, reflecting the intimate connection between money and emotion. Beyond the numbers and transactions, every dollar represents individuals’ hopes, dreams, and livelihoods. As the trusted custodia...
Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware
As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used by developers to add color and style to their text in terminal outputs...
Do Any HTTP Clients Not Support SNI?
In this blog post, we’ll share the results of an internal research project we conducted on our CDN customers focused on websites that are getting non-Server Name Indication SNI traffic. The goal of our research was to answer the following questions: How much non-SNI traffic is seen? What is the...
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report
Imperva named an Overall Leader Were thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. Our Leadership excels across the sub-categories of Product, Innovation, and Market Leadership and ...
The World Cup: Prime Time for Sports Fans and Cybercriminals
From November 20 to December 18, fans from all over the world are tuned into the World Cup tournament in Qatar. While this is a major event for sports fans, it’s also prime time for bad actors. Large sporting events lead to increased levels of activity across sports and gambling sites, along with...
What is Dark Data, and how can we find it?
What is “dark data”? The term “dark data” refers to “any information assets that organizations collect, process, and store during regular business activities but generally fail to use for other purposes” Gartner. Often retained for compliance reasons, this data can also include past employee...
How Organizations Manage to Understand Millions of Unstructured Data Files at Scale
For an ever-growing segment of organizations, making sense of unstructured data is fast becoming imperative. It is also far more challenging. Unlike structured data that’s stored in rows and columns, text-based, and easy to search in relational databases and data warehouses, there is no defined...
Four Main Reasons Shoppers Abandon eCommerce Carts
More than just window shopping eCommerce shopping cart abandonment causes brands a sobering USD 18 Billion in annual revenue Forrester Research. While rates differ by device, with mobile and tablet device users most likely to leave before completing their order, nearly 70 percent of shoppers dese...
How CISOs can Find and Retain Security Staff During the Great Resignation
The rising demand for cybersecurity professionals As if the skill shortfall in cybersecurity wasn’t bad enough, the employment landscape is shifting rapidly. This shift is due, in part, to historically low unemployment claims, unrivaled quit rates, and swathes of baby boomers and older Gen X...
Evasive Bots Drive Online Fraud – 2022 Imperva Bad Bot Report
The 2022 Imperva Bad Bot Report is now available. The report is the ninth annual in-depth analysis of bot traffic, created with data collected from Impervas global network throughout the past year by the Imperva Threat Research Team. Bad bots are software applications that run automated tasks wit...
APIs Are Here to Stay, so Get in Front of Securing Them
A recent IDC survey reported that 38 percent of organizations identified cybersecurity threats and regulations as the factor having the greatest impact on their technology investment planning over the next two years. The survey also revealed that for organizations taking a digital-first business...