1025 matches found
Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection
In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get starte...
Are You Ready for PCI DSS 4.0?
The Payment Card Industry Data Security Standard PCI DSS is the global benchmark for ensuring companies that handle credit card information maintain a secure environment. It provides a framework to help organizations protect sensitive cardholder data from theft and secure payment card systems. In...
Is Web Scraping Illegal? Depends on Who You Ask
Web scraping has existed for a long time, and depending on who you ask, it can be loved or hated. But where is the line drawn between extracting data for legitimate business purposes and malicious data extraction that hurts business? The bar is getting blurrier by the day, and the introduction of...
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report
Imperva named an Overall Leader Were thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. Our Leadership excels across the sub-categories of Product, Innovation, and Market Leadership and ...
Database Ransomware: From Attack to Recovery
Introduction In recent years, ransomware attacks have risen sharply, due to their profitability, ease of access with ransomware-as-a-service RaaS tools, and an increasing attack surface. Ransomware is a type of attack in which the attacker locks and encrypts a victim’s data and then demands a...
Imperva Offers New Features to Simplify PCI DSS Compliance
The Silent Threat of Client-Side Attacks As more transactions move online, a silent threat is lurking in the deepest, darkest shadows of websites, threatening to steal your sensitive data. This rapidly evolving threat, known as client-side attacks such as Magecart, formjacking, and online skimmin...
Unraveling an AI Scam with AI
The last year has seen an unprecedented surge in the use of Artificial Intelligence AI and its deployment across a variety of industries and sectors. Unfortunately, this revolutionary technology has not just captivated the good actors– the darker corners of the internet are awash with bad actors...
Buyer Beware! Account Takeover Attacks Surging This Shopping Season
The prevalence of Account Takeover ATO attacks continues to rise, as the threat creeps its way to the top of the list of security concerns for organizations today. Last year, Imperva recorded a staggering 148% increase in Account Takeover attacks, as reported in the 2022 Bad Bot Report. And befor...
Misconfigurations of Cloud-Managed Infrastructures Continue to be a Major Challenge to Data Security
In case you missed the memo, cloud-hosted data is here to stay. Recent data shows spending on cloud services reached a total of $178 billion in 2021, a 37 percent increase over the $130 billion spent in 2020 and twice the amount enterprises are spending on their data centers. As more organization...
Harsher penalties for data breaches in new Australian privacy bill
High-profile breaches mean high-profile action In the aftermath of another crop of high-profile data breaches, the Australian Government also known as the Commonwealth Government has introduced amendments to Australian privacy law which give the regulator new powers and the ability to impose...
Talking to our Team about Cybersecurity Careers, on Ada Lovelace Day
Today’s Ada Lovelace Day, and this is a time to highlight the achievements of women in technology, engineering, science, and mathematics, and to encourage girls and women to pursue careers in STEM. Imperva Enterprise Account Managers, Leanora Weaver and Rebecca Kelly, both members of the Imperva...
PCI DSS Tackles Client-Side Attacks: Everything You Need to Know About Complying With PCI 6.4.3
Client-side attacks often referred to as Magecart attacks have been around since as early as 2015 and dramatically gained in popularity when the global pandemic accelerated digital transformation, by driving more people and data online. Now the fight against these attacks is stepping up a notch...
Why the Search for Best-Of-Breed Tooling is Causing Issues for Security Teams
The growing need to consolidate vendor portfolios The adoption of best-of-breed security solutions has led to unforeseen problems for SOCs. Onboarding a new solution increases complexity; it requires configuration, integration with existing tools, fine-tuning policies, and the ability to create...
“Don’t touch that server. Ralf set that up, and we don’t know what it does.”
Based on a true story… More than a couple of decades ago, I went to work for a network and web company as their customer marketing department. It was a crazy time. Online marketing was all about getting on DMOZ, Lycos was still a puppy, asking Jeeves felt like talking to an AI, and how you laid o...
Three Keys to Turning Data-centric Security Theory into Practice
Most cybersecurity professionals agree that as more organizations move data and applications to cloud-hosted environments, traditional measures focusing on protecting IT infrastructures are not up to the task. In fact, according to Crowd Research Partners, 84 percent of organizations say...
Five Data Security Controls and Processes you Must Bring to Cloud-native Infrastructures
Too frequently, there are significant misunderstandings in organizations with regard to who has the responsibility to protect cloud-hosted data. In Imperva’s recent report, A Data-Centric Cybersecurity Framework for Digital Transformation, IT analyst and author Richard Stiennon explains what...
Research Shows the Annual Cost of API Security-related Breaches is Mind-blowing
Application Programming Interfaces APIs have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has become more widespread, they are a much more prominent part of the cyber threat landscape. API-related hacks and data breache...
Fundamental Security Concepts and Best Practices Every Game Developer Should Know
Gaming is now the world’s favorite form of entertainment, with Newzoo reporting that by 2023 there will be more than three billion gamers across the planet. With the growth of multiplayer games, however, the number of cheaters has also increased. A study by The New York Times found that almost 50...
The Role of the Cybersecurity Leader in 2022
Who does the modern CISO need to be? According to the 2021 Gartner, Inc. Market Guide for Managed Detection and Response Services, the role of the chief information security officer CISO has to change in 2022 to combat the ever-evolving modern threat landscape. Eighty-eight percent of company...
Determining “Need to share vs. Need to know” is a Cornerstone of a Data Protection Strategy
There is a paradox that lies at the heart of data security. Data itself only has real value if an organization can share it with stakeholders that need it to perform their roles. However, the more widely an organization shares data the greater the risks of the data being compromised. Data securit...
Getting to Know Cybersecurity Awareness Month Champion: Imperva
As a cybersecurity industry leader, it is both our responsibility and our pleasure to work with the National Cyber Security Alliance NCSA and the Cybersecurity and Infrastructure Agency CISA of the U.S. Department of Homeland Security as a 2021 Cybersecurity Awareness Month Champion and to join...
Imperva Cloud Data Security adds Azure SQL support to build on extensive DBaaS coverage
It’s kind of mind boggling to see just how fast the market is adopting cloud managed database services also referred to as DBaaS. According to market research firm Imarc Group, In 2020, the overall market size was $12.8 billion, and within five years it’s expected to reach over $31 billion. That’...
Imperva delivers mile high performance and protection with new PoPs in Denver and Dublin
We are very pleased to announce that we are extending our global coverage with the addition of two new PoPs points of presence in Denver in the US and Dublin, Ireland. The new PoPs will enhance Imperva’s existing network to provide enhanced protection against distributed denial of service DDoS...
What is NYDFS?
NYDFS Cybersecurity Regulation, 23 NYCRR 500 On March 1, 2017, the New York State Department of Financial Services NYDFS introduced new cybersecurity regulations for financial services companies that address the growing threat posed by cyber-criminality to financial firms. They are intended to...
Integrate Your Ticketing System into Database Security to Prevent DBA Privilege Abuse
Many of the recent high-profile data security breaches were made by trusted insiders. They are often database administrators DBAs who are highly privileged and trusted insiders with access to sensitive data. In this blog post, I will discuss the inherent risk introduced by highly privileged...
Women in Tech and Career Spotlight: Inna Shalom
The latest in our series featuring women in tech at Imperva is my interview with Inna Shalom, the data insight team lead at Imperva. She spoke about her professional journey and experience working in the cybersecurity industry. Tell us how you got into cybersecurity. IS: I spent the first six yea...
Today’s File Security is So ’80s, Part 3: Dynamic Peer Groups – 3 Examples from Customer Data
In the first two parts of this series, we discussed why permissions management, the traditional approach to file security, no longer works and introduced a new approach to file security that leverages machine learning to build dynamic peer groups based on how users actually access files. In this...
3 Steps to Protecting Sensitive Data
Cyber criminals, compromised insiders, malicious users, hacktivists. It seems like everyone is getting in on the threat game. In fact, despite efforts to prevent them, last year the U.S. experienced a 40% increase in data breaches according to a report by the Identity Theft Resource Center and...
Critical Flaws in Base44 Exposed Sensitive Data and Allowed Account Takeovers
Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site scripting XSS, insecure authentication design,...
GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia
Since 1974, gambling has been officially illegal in Indonesia. However, the digital revolution of the 2000s introduced a new challenge: the rapid growth of online gambling platforms. This technological shift has created enforcement gaps, compelling the Indonesian government to intensify its effor...
Meet Andy Zollo, SVP of APJ Sales
Andy Zollo, who led the Imperva business in EMEA, relocated to Singapore in October to be Senior Vice President of Sales for the combined Imperva and Thales CPL businesses in the APJ region. With a wealth of experience in sales leadership and business transformation, Andy is set to play a vital...
Agentless is a DAM Better Option for Securing Cloud Data
When it comes to on-premises database activity monitoring DAM, security teams have consistently relied on agents to seamlessly track all incoming requests and outgoing responses within the databases. The agent-based approach effectively ensures independent monitoring of database activity,...
Online Retailers: Five Threats Targeting Your Business This Holiday Shopping Season
As the holiday season approaches, a palpable sense of joy and anticipation fills the air. Twinkling lights adorn homes, the aroma of freshly baked cookies wafts through the kitchen, and the sound of laughter and carolers melodies resonate on frosty evenings. Its a time when families come together...
Breaking the Chain of Data Access: The Importance of Separating Human and Application Users
Data, the lifeblood of any organization, relies on the database as its beating heart. As a result, businesses invest heavily in designing and monitoring all access to it. In traditional literature, there are two types of users: administrative users, who manage the entire lifecycle of a database...
Understanding and Mitigating the MOVEit Incidents
Over the last several weeks, attackers have taken advantage of vulnerabilities in MOVEit, a popular file transfer application developed by Progress. Cyber attackers have successfully performed ransomware and exfiltrated data by uploading web shells into vulnerable MOVEit instances deployed...
The importance of combined user and data behavior analysis in anomaly detection
Muqeet Khan, Head of Sales Engineering Australia and New Zealand For decades security teams have understood the importance of tracking user behavior to identify potential cybersecurity threats. Behavior analysis systems first appeared in the early 2000s, and in 2015 Gartner officially defined Use...
What is Quantum Computing, and Why Should Security Professionals Care?
Quantum computing basics Quantum computing embraces the laws of quantum mechanics to solve those problems that are currently too challenging for even the most high-performance modern computers. Across the board, it is a fundamental shift in computing with the potential to alter the way business i...
Attack Analytics Helps You Find the Monsters Under the Bed
Alert fatigue kills data breach detection efforts Is there anything more frightening than missing a cyber attack? For most organizations, the answer is no. However, for many security teams, it’s challenging to tune alerts properly to minimize false positives and still be alerted to potential...
Why Imperva is a Cybersecurity Awareness Month Champion
This is our second consecutive year as a champion of Cybersecurity Awareness Month. Nowadays, IT security is everyone’s responsibility, and that’s something we take very seriously. Cybersecurity Awareness Month raises awareness of the core principles behind cybersecurity and highlights the key...
Bots Hide Behind User Privacy – Should You Be Concerned?
Bot operators are perpetually devising innovative techniques to sneak past security as they go about their dubious, often downright illegal business. Emulating human behavior and traffic patterns are key elements of their strategy. One of the many layers comprising this strategy is reporting thei...
New Waiting Room Solution Ensures Best Peak User Experience
New Imperva Waiting Room Enables Organizations to Deliver Consistent Optimal Website User Experiences During Peak Traffic Periods Organizations benchmark website success by the volume of legitimate traffic and online sales it generates. Website architects want to drive as many visitors as possibl...
Imperva Introduces New Features to Help Prevent Online Fraud
As we move more of our daily activities and the services we consume online, the threat of fraud grows, and the risks become greater. Data suggests the majority of organizations are already detecting a rise in online fraud. In a recent survey of senior risk executives, 67 percent said that their...
Bad Bots and the Commoditization of Online Fraud
Fraudsters will stop at nothing to exploit your websites and customers, and with the accelerated shift to digital payments, online fraud has never been more profitable. This shift, catalyzed by the pandemic, really gained traction in 2021 as the popularity of digital payments exploded. In fact,...
How to Stop New Employees from Becoming Insider Threats
In the midst of a booming tech economy and a concurrent Great Resignation, recruitment and hiring are all-seasons imperatives. As new people constantly join the organization, how can busy security teams guarantee they will adhere to established data security practices from their onboarding and...
Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had
Identifying and taking action to stop policy-violating behavior is hard enough when you have complete insight into the risks affecting your data repositories. It is virtually impossible to achieve security, however, when you cannot even see these risks to your data repositories. Unfortunately, to...
Preparing for Heightened Attacks in the Current Geopolitical Environment
The current geopolitical environment has raised many concerns about security postures and readiness to respond to a cyberattack. Today, Imperva customers are protected by our world-class network, application, and data security products. Alongside that, Imperva Threat Research is closely monitorin...
5 Ways to Determine if you do Cybersecurity or Cybersecurity Theater
For a sentient species, humans, in general, have curious ideas when it comes to reckoning and responding to risk. For example, studies show using seat belts when driving in automobiles save lives. Studies also show when cyclists use helmets more cyclists’ lives are saved. This research drives...
The Data-Centric Approach to Data Privacy
All organizations understand how critical it is to have access to their customers and prospects’ sensitive personal data. This intelligence is essential to helping them create and maintain relationships so they can deliver tailored experiences and recommendations. Having this sensitive personal...
Imperva Champions Data Privacy Week 2022
As a cybersecurity industry leader, Imperva is working with the National Cybersecurity Alliance NCA as a 2022 Data Privacy Week Champion to promote the need for businesses to prioritize data privacy and protection and the importance of individuals and companies to secure their online data. As par...
Build successful data security evaluation criteria with help from your peers
When you evaluate data security products it is imperative to have the end goal in sight. If you look forward 365 days from now, what is the best way to predict how your team will use the product so that you can communicate the value that it will provide? One approach is to examine operational...