1025 matches found
The Data-Centric Approach to Data Privacy
All organizations understand how critical it is to have access to their customers and prospects’ sensitive personal data. This intelligence is essential to helping them create and maintain relationships so they can deliver tailored experiences and recommendations. Having this sensitive personal...
Imperva Champions Data Privacy Week 2022
As a cybersecurity industry leader, Imperva is working with the National Cybersecurity Alliance NCA as a 2022 Data Privacy Week Champion to promote the need for businesses to prioritize data privacy and protection and the importance of individuals and companies to secure their online data. As par...
Build successful data security evaluation criteria with help from your peers
When you evaluate data security products it is imperative to have the end goal in sight. If you look forward 365 days from now, what is the best way to predict how your team will use the product so that you can communicate the value that it will provide? One approach is to examine operational...
New reforms will enhance the security and resilience of Australia’s critical infrastructure
Improving the security of critical infrastructure has become the focus of many governments around the world, including Australia. This is because a failure or disruption in one area of critical infrastructure can have flow on effects that affect a nation’s security, economy and sovereignty. In th...
The role of runtime protection in eCommerce security
What is e-commerce security? E-commerce security is the set of guidelines that are designed to allow safe transactions on the web. These guidelines include steps and protocols that help protect the sale and purchase of goods and services online. Appropriate e-commerce security measures boost...
Wake up and smell the Javascript – website supply chain puts online retail at risk
There are more than 1.8 billion websites online today, and almost 98% of them are powered by JavaScript. There’s a good reason for this: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But what happens when that same functionality...
Your inbox is mine. How attackers could gain continuous access to your email
Although new messaging apps like WhatsApp, Telegram, and Messenger have taken a large chunk of our day to day communications, email remains one of the most popular ways we communicate. In this post we’ll talk about the post exploitation of a vulnerability we recently disclosed to one of the most...
When data privacy and protection are rights, don’t get it wrong
Twenty-one years ago, Latanya Sweeney showed that it’s possible to uniquely identify 87% of Americans with just three pieces of personal data: gender, ZIP code and full date of birth. Long before anyone had heard the words ‘data lake’, ‘cloud storage’ or ‘big data’, nevermind ‘social media’, it w...
The Advantages and Risks of Serverless Computing
Organizations are increasingly embracing serverless computing for its convenience and cost-effectiveness. But many IT teams are blindly embracing this innovation in cloud technology without consulting their security peers. As a result, we can expect to see a growing number of cyber-attacks in thi...
The Threat of DDoS Attacks Creates A Recipe for Election Chaos
Four years ago, we published a blog on the ways a Distributed Denial of Service DDoS attack could disrupt the U.S. Presidential election. Unfortunately, the same risk persists in 2020. In fact, given the historic influx of mail-in ballot voting for the November 3 election, a targeted DDoS attack...
Life post-acquisition: A people-centric plan to get you total data security a lot faster
Getting acquired can be an emotional rodeo. Some days are crazy excitement and others are heartache over the unknowns ahead. It’s natural – we’re human. I remember years ago sitting in a doctor’s office staring at a poster about the “10 most stressful life events” and “starting a new job” was 4...
The Forrester Wave Ranks Imperva as a Leader for DDoS Mitigation Providers
Imperva has tracked the DDoS threat for some time now. Back in 2014 we saw the rise of DDoS botnets. In 2015, we revealed one of the first IoT-based DDoS attacks. Last year, we predicted and then documented one of the largest botnet-based DDoS attacks. DDoS mitigation, as it turns out, is the...
Q3 2017 Global DDoS Threat Landscape Report
Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,765 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q3 2017. Before diving into the report’s highlights, it should be mentioned that this quarter was marked...
Understanding the Capacity Management Challenges of Database Monitoring Solutions
Database monitoring requires hardware resources such as storage space and processing power that can withstand the volume of database usage in your organization. A higher usage volume will require more resources. So how can you optimize the resources used by your database monitoring solution? Do y...
React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff
Executive Summary In this article, we disclose a new high severity unauthenticated remote denial‑of‑service vulnerability we identified and reported in React Server Components that we’ve dubbed “React2DoS”. In this blog, we’ll analyze its impact and place it in the broader context of recently fou...
Cloud Based WAF Upload Scan and Control: The New Standard for File Upload Security
We're excited to announce the launch of Upload Scan and Control, an essential new feature for Imperva Cloud WAF. This add-on tackles one of the most critical vulnerabilities facing web applications today—insecure file uploads—offering protection with scalability, simplicity, and enterprise-grade...
Unveiling the 2024 Imperva DDoS Threat Landscape Report
In the ever-changing landscape of cybersecurity, Distributed Denial of Service DDoS attacks continue to be a significant threat. To help organizations stay ahead, were excited to introduce the 2024 Imperva DDoS Threat Landscape Report. This comprehensive report offers a deep dive into DDoS attack...
The CISO’s Top Priority: Elevating Data-Centric Security
The shift to cloud computing has enhanced the resilience and security of most organizations. In this era of unparalleled agility and scalability, data-centric security can offer transformational opportunities for Chief Information Security Officers CISOs to improve data protection, compliance, an...
Optimizing Data Lakes: Streamlining Storage with Effective Object Management
Data lakes are a popular solution for data storage, and for good reason. Data lakes are flexible and cost effective, as they allow multiple query engines and many object formats without the need to manage resources like disks, CPUs, and memory. In a data lake, data is simply stored in an object...
Augmented Software Engineering in an AI Era
Artificial Intelligence AI has been making waves in many industries, and software engineering is no exception. AI has the potential to revolutionize the way software is developed, tested, and maintained, bringing a new level of automation and efficiency to the field. However, with this...
The Global DDoS Threat Landscape – November 2022
Every month in this space, we will post the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks continue to pose a significant risk to businesses, it is critical that we regularly communicate our Threat Research team’s findings to help the cybersecurit...
The 5-Question Test to Assess Your Readiness to Manage Insider Threats
An insider threat is a cyber security risk that originates from within any organization that is being targeted by attackers. Often, insider threats involve a current or former employee, or business associate, who has access to sensitive information or privileged accounts, and who misuses this...
Four Reasons why you Should Consider Contingency DDoS Protection
The experts agree that Imperva is solidly positioned as a leader in Distributed Denial of Service DDoS mitigation. Over our many years as leaders in this space, we have determined that no matter how reliable your current DDoS protection is, there is always a chance that your network infrastructur...
The Benefits of Including Static Data Masking in Your Security Arsenal
Static data masking SDM is defined as, “The act of permanently replacing sensitive data at rest with a realistic fictional equivalent for the purpose of protecting data from unwanted disclosure.” Industry analysts characterize SDM as a must-have data protection layer capable of protecting large...
7 Facts About Insider Threats That Should Make you Rethink Data Security
In the report, Insider Threats Drive Data Protection Improvements, Forrester Research asserts that most organizations are making positive steps toward protecting the sensitive data they are migrating to the cloud. However, Forrester suggests that many have not devised a comprehensive plan that...
How to Reduce the Risk of Buy Now, Pay Later Fraud
According to a recent FinTech trends report, 2022 is expected to be a big year for Buy Now, Pay Later BNPL. Apple’s recent announcement of its entry into BNPL with Apple Pay Later represents a seismic boom for a sector which is projected to top $1 trillion in annual gross merchandise volume by...
Q1 2022 Global DDoS Threat Landscape Report Findings Summary
Last week, Imperva released the Q1 2022 Global DDoS Threat Landscape Report. To produce the report’s findings, Imperva performs detailed statistical analysis of all DDoS activity that our Threat Research Labs monitored from our global network of PoPs during the first three months of 2022. In...
Three Reasons Why Unification Drives Modern Data Security Strategy
Today, the necessities of business innovation compel most organizations to have several teams with diverse priorities managing dozens of data sources, all with different structures. This makes it impossible to secure complete data repositories successfully using traditional methods. This post wil...
Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy
In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service DDoS attacks against a number of websites including the United Nations UN, The Organization for Security and Cooperation OSCE an organization founded in Finland, and oth...
Forrester Report Reveals the 5 Benefits IT Teams Really Need from API Security Tools
An Application Programming Interface API is a software intermediary that allows applications to communicate with one another. APIs provide routines, protocols, and tools for developers to facilitate and accelerate the creation of software applications. They enable applications to easily access an...
Building on Your Existing DAM Instance is Smart Budget Planning
For organizations that use it, Imperva’s DAM Gateway is the workhorse of data auditing and security. Today, the explosion of data and data repositories that organizations need to manage - both on-premises and in cloud environments - requires a more flexible, higher-capacity technology platform to...
Data Protection as the Foundation of Trust: Celebrating Privacy Awareness Week in APAC
As part of our mission to help organisations protect their data and all paths to it, Imperva is supporting Privacy Awareness Week in Australia and Singapore, with the aim of educating individuals and organisations about the importance of data privacy and protection. In today’s digital economy, da...
API Gateway or not, You Need API Security
To build and deploy apps in a fast-paced, iterative process, cloud-native developers in organizations on the digital transformation journey rely on APIs for communication. With at least 90% of developers using APIs in cloud-native web application development, organizations are reviewing their API...
How Web Applications Are Attacked Through APIs
Happy Pi Day, everyone! As a technician, pi is a number that represents a constant. This constant reflects the ongoing cyberthreats that put enterprise assets at continuous risk as digital transformation and the resultant attack surface grow in parallel. Whether it’s a simple identity theft hack...
Imperva Suspends Operations in Russia and Belarus
We are heartbroken by the escalation of events in Ukraine, and the tragic loss of life, displacement of people, culture and history. The safety of our global team remains a priority, and we’re in constant communication with Impervians in Ukraine to ensure their well-being and that of their...
The Tripod Foundation of a Database Analytics Solution for Today’s Threat Landscape
In the first and second posts in this series, we explained why traditional approaches are no longer viable to take on today’s threat landscape and showed why internally-generated attacks are so difficult to stop. In this post, we’ll identify the critical elements of a highly effective database...
7 data privacy solution features your organization needs to have
The worldwide data privacy regulation landscape is changing National laws and state/provincial laws continue to be enacted and strengthened to ensure their citizens’ data is protected and give individuals more control over how personal data is collected, used, and shared. No matter what industry...
Annual Imperva Hackathon Inspires 2022 Product Roadmap
Bold ideas, diverse thought and challenging the status quo sum up the Imperva state-of-mind. We’re always looking to inspire the next big innovation that can transform the future of the cybersecurity industry. But if there’s anything the past year and a half has taught us, it’s that transformativ...
Imperva Recognized as a Best Place to Work in Israel
It is not easy and takes many things to create a winning workplace, including and certainly not limited to: a vibrant culture, a balanced approach to professional and personal life, career advancement opportunities and, most importantly, a group of talented, world-class professionals who care abo...
New Imperva Java SDK: Greasing The Wheels for Active Directory Coding Projects
words and research by Gabriel Beyo. According to StackOverflow’s 2018 Developer Survey, Java remains one of the world’s most popular coding languages, universally liked for its versatility and ease of adoption. Even so, working under the pressures developers often do, a bit of help always goes a...
44% of Security Professionals Spend More than 20 Hours a Week Responding to Alerts
As the global cybersecurity climate continues to heat up, so too do the subsequent levels of alert fatigue IT security professionals have to deal with. A recent survey by Imperva reveals that nine percent of UK security teams battle with over five million alerts each week. Five million, just let...
GDPR Requirements: Get Started with Classifier
The GDPR requires that organizations exhibit commitment to individuals’ data privacy by implementing a data protection by design and by default approach, meaning organizations need to build privacy and protection into their products, services, and applications. GDPR also mandates that organizatio...
Building a Security Risk Management Program
The frequency of data breaches today highlights the need to peel back the onion on security programs and identify a laser-focused mission and ultimate goal. As a compliance manager, I know the horror stories first hand. Let’s take a deeper dive into security and risk management basics to enable...
The Successful CISO: Tips for Paving the Way to Job Security
Seasoned CISOs know that failure to plan past a two-year window is dangerous—to both their company and their job security. But it’s all too common for many security strategies to look only two years out. Imperva CISO Shahar Ben-Hador has been with Imperva for eight-and-a-half years—the last...
Get Going on Your GDPR Plan [Infographic]
General Data Protection Regulation GDPR enforcement begins May 2018. Are you ready? While enforcement may seem a way off, you don’t want to get derailed by last-minute planning efforts. Organizations should revisit their security and compliance strategies today to ensure they’re prepared to meet...
CVE-2025-54068 Laravel Livewire Credential Theft Campaign: 6,000+ Applications Compromised
Introduction On May 24, 2026, Imperva observed exploitation attempts against Laravel Livewire applications, blocked by the Imperva Cloud WAF. What initially appeared to be unremarkable deserialization attack traffic turned out to be part of a large-scale credential theft operation exploiting...
Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS
TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...
Imperva API Security: Authentication Risk Report—Key Findings & Fixes
An in-depth analysis of common JSON Web Token JWT mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs . Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and IoT. That scale and utility also make them pri...
QUIC-LEAK (CVE-2025-54939): New High-Risk Pre-Handshake Remote Denial of Service in LSQUIC QUIC Implementation
Imperva Offensive team discovered that threat actors could smuggle malformed packets to exhaust memory and crash QUIC servers even before a connection handshake is established, therefore, bypassing QUIC connection-level safeguards. Executive Summary QUIC-LEAK CVE-2025-54939 is a newly discovered...
The Database Kill Chain
Cyber Threat Modeling Frameworks Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modelin...