1025 matches found
How to Predict Customer Churn Using SQL Pattern Detection
Introduction to SQLs MATCHRECOGNIZE Clause SQL is a great way to perform analysis on your data. It is very common and supported by many database engines including big data solutions. SQL is used in many cases to analyze data in our data lake. However, when it comes to pattern detection, SQL...
Massive Multi-Vector 1.37 Tbps DDoS Attack Mitigated by Imperva DDoS Protection
On July 22, an Imperva customer was targeted by a network DDoS attack that reached a maximum bandwidth of 1.37 trillion bits per second Tbps, making it one of the largest attacks that Imperva has stopped and one of the larger DDoS attacks on record. The attack lasted a little over two hours in...
The Global DDoS Threat Landscape – September 2022
Every month in this space, we will post the State of the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks become more frequent, varied, and sophisticated, it is critical that we regularly communicate the Imperva Threat Research team’s findings and...
Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program
A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed. There are...
Is it Illegal to Scrape a Website for Content?
Web scraping is the process of using bots to extract information from a website. In recent years, the debate over web scraping is growing more complex as business intelligence and data privacy issues arise. The practice of web scraping has gone on for nearly as long as there have been websites. T...
By the Numbers: The Cost of Insider Data Breach vs The Cost of Protection
The global business data security landscape has become dramatically more challenging over the last few years. One of the main reasons for this is insider threats, as reported in the 2022 Cost of Insider Threats Global Report, independently conducted by The Ponemon Institute. Several factors have...
Why ATO Attacks Are Attacks on Your Customers
Motivated by the continual surge in eCommerce, which according to UNCTAD has seen unprecedented growth during the COVID-19 pandemic, retailers are scrambling to adapt to a shift in consumer demand and create unique customer experiences that set them apart from the competition. The rise in online...
The Tripod Foundation of a Database Analytics Solution for Today’s Threat Landscape
In the first and second posts in this series, we explained why traditional approaches are no longer viable to take on today’s threat landscape and showed why internally-generated attacks are so difficult to stop. In this post, we’ll identify the critical elements of a highly effective database...
Five Data Privacy Tips for Consumers
As a consumer, you must assume that your personal information is not 100% safe online. Hackers cause data breaches every single day, exposing our email addresses, passwords, credit card numbers, social security numbers and other sensitive personal data in the process. Most people don’t think abou...
5 Myths About Interning in Cybersecurity
Dear future interns and intern employers, Everyone says, “do what you love”; but when the world is your oyster, where do you start? We are Arianna De Leon and Kaylin Hiatt and last summer we started our careers as marketing interns at Imperva. We come from very different backgrounds and had very...
Imperva Snapshot™ Scan: What You Can Find in the Report
Imperva Snapshot is a free AWS RDS security assessment tool. You can use this tool to gain in-depth visibility into your data and get a deep understanding about what data resides in your RDS and where your RDS database security gaps are. Acquiring this intelligence is a key element and critical...
Grinchbots strike again this holiday shopping season as bot traffic spikes 73%
The days are getting chilly, holiday drinks are back on the menu at your favorite café and family gatherings are planned. In an almost pavlovian response, Grinchbots have also returned in record levels to ruin your online holiday shopping experience. In the State of Security Within eCommerce in...
Infographic: What is the economic impact of a data security platform?
Data security is important regardless of how your organization approaches cybersecurity. Whether it’s a protection-first approach, detection and remediation, or somewhere in between, data security enables organizations to inform on risk posture, protect against unauthorized data access and may...
A Deep Dive into Database Attacks [Part I]: SQL Obfuscation
Today, data breaches are a threat to every organization. According to a report from Risk Based Security covering the first half of 2017, over 6 billion records were exposed through 2,227 publicly-disclosed data breaches. The number of exposed records is already higher than the previous all-time...
Database Security at Cloud Scale
The biggest challenge to data security is the sheer volume and pace of data growth. More so even than the shift from relational data to unstructured or the migration of data to the cloud. “Cloud scale” is usually used to refer to technical items like data center size and operations or networks an...
Building a Security Risk Management Program
The frequency of data breaches today highlights the need to peel back the onion on security programs and identify a laser-focused mission and ultimate goal. As a compliance manager, I know the horror stories first hand. Let’s take a deeper dive into security and risk management basics to enable...
Do’s and Don’ts of Capacity Estimation for Database Monitoring Tools
When deploying a database monitoring tool, one of the first things you need to do is to determine the size of your deployment. So, where do you start? In a previous blog post I described the various aspects that can have an impact on the capacity requirements needed for a database monitoring...
Anthropic Mythos: Separating Signal from Hype
The recent buzz around Anthropic’s Mythos model has been intense, and for good reason. Early reports suggest a model that significantly advances automated reasoning over large codebases, vulnerability discovery, and exploit generation. Some are already calling it a “game changer” for offensive...
Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks
It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post, I’ll walk you through how old data leaks, lazy telecom verification, and a...
Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025
APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering$2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional...
Behind the Booking: How Bots Are Undermining Airline Revenue
The airline industry is under constant attack from malicious bots. Bad actors use automation to scrape fares, hoard inventory, commit fraud, and compromise customer accounts. While every airline faces its own unique challenges, the business impacts are remarkably consistent—lost revenue, inflated...
Hijacking Ollama’s Signed Installer for Code Execution
This blog post is part of an ongoing series exploring how AI related tools aimed at developers can be exploited to compromise their machines. As these tools increasingly integrate deep system access, they also expand the attack surface available to threat actors. In our first post, we outlined a...
The Rise of Agentic AI: From Chatbots to Web Agents
Disclaimer: This post isn’t our usual security-focused content – today we’re taking a quick detour to explore the fascinating world of AI agents with the focus of AI web agents. Enjoy this educational dive as a warm-up before we get into the juicy details of AI web agents in our follow-up post...
Redefining Application Security: Imperva’s Vision for the Future
It’s no secret that web applications have undergone a significant transformation over the past few years. The widespread adoption of containerization, serverless computing, low-code development, APIs, and microservices has redefined how applications are built, deployed, and scaled. According to...
From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities
Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three...
Business Logic Attacks Target Election-Related Sites on Election Day
As U.S. citizens headed to the polls, cyber threat activity against election-related websites was unusually high. One of the most prominent attack types observed this Election Day was business logic attacks —a complex threat that manipulates the intended workflow of applications, often without...
How Cyberthreats Could Disrupt the Olympics
Introduction Cybersecurity experts are on high alert, as the 2024 Olympic Games continue over the coming weeks. Historically, the Olympics have been a prime target for cybercriminals, state-sponsored actors, and hacktivists. The convergence of global attention, vast amounts of sensitive data, and...
Deploy API Security On-Premises with New Imperva API Security Anywhere Self-Managed Option
API Security Anywhere Self-Managed Option Imperva continues to deliver solutions that help customers protect their applications and APIs, whether in the Cloud, on-premises, or in a hybrid environment. Imperva API Security includes a SaaS-based and an on-premises solution, both managed in the...
Are HTTP Content-Security-Policy (CSP) Headers Sufficient to Secure Your Client Side?
Modern web frameworks have shifted business logic from the server side to the client side web browser, enhancing performance, flexibility, and user experience. However, this move introduces security and privacy concerns, as exposing sensitive logic and data can lead to vulnerabilities like code...
Five Takeaways from Black Friday & Cyber Monday Cyber Attacks
The online retail industry is one of the prime targets for cybercrime, as detailed in our annual analysis of the cybersecurity threats targeting eCommerce websites and applications. As the 2023 holiday shopping season continues, Imperva Threat Research is closely monitoring how cybercriminals are...
Behind the Scenes of a Tailor-Made Massive Phishing Campaign
A global phishing campaign caught our attention after one of our colleagues was targeted by, and nearly fell victim, to a social engineering attack. The campaign involved more than 800 different scam domains and impersonated around 340 legitimate companies all over the world – including well-know...
How Ticket Scalping Impacts Asia’s Live Entertainment Industry
Asia’s booming live entertainment industry has recently been plagued by a growing problem of ticket scalping. The term refers to the act of purchasing live event tickets in bulk by individuals, often through the use of automation aka bots, to later resell them at exorbitant prices. The issue isn’...
Zero Reasons not to Move to Zero Trust with RASP
What is Zero Trust? Zero Trust is a security methodology that enterprises are rapidly adopting to enhance data protection by reducing the sole reliance on traditional perimeter-based protections. Traditionally, cybersecurity strategies have relied on a hardened perimeter with security tools like...
From Online Fraud to DDoS and API Abuse: The State of Security Within eCommerce in 2022
What are the biggest cybersecurity threats affecting online retailers today? The State of Security Within eCommerce in 2022 Report from Imperva is now available and answers that question. For this report, Imperva’s cybersecurity experts analyzed 12 months of data, collected from our global networ...
Why Agentless DAM is a Better Option for Securing Cloud Data
In the context of on-premises database activity monitoring DAM, security teams use agents to enable them to see all requests coming into the databases as well as all responses going out of the databases. In other words, the agent-based approach enables database activity monitoring independent of...
Why Cybersecurity Awareness Month is Every Month
Cybersecurity is a year-round issue Cybersecurity awareness is important year-round for the security of our businesses and customers. We’re proud to be a supporter of Cybersecurity Awareness Month. It has been invaluable in raising awareness of digital safety issues for a broad cross-section of...
Four Big Reasons to Update Your Software
ABP To shamelessly paraphrase the 1992 crime drama Glengarry Glen Ross, “Always be patching.” Any home computer needs to be updated regularly. Drives and software updates are critical to the smooth running of the average home PC, and can often be overlooked. Business and professional computers ar...
SaaS Eliminates Barriers to Applying Security Controls to Your Entire AWS and Azure Data Repository
Businesses today widely regard data as “the new oil,” the most valuable resource on earth. At the same time, we are in the midst of the most dynamic IT landscape in history which is increasing the risk to this most valuable asset. Organizations, without sufficiently skilled staff to effectively...
Are you getting the most out of your security platform investment?
In the last few years, most organizations had to accelerate their digital transformation to continue operations during the pandemic. However, as more software, applications, and data architectures were added to the technology stack, the number of tools implemented to secure these assets became...
How to ‘Win’ a Red Team Exercise
What is a red team exercise? Organizations that conduct red team exercises use penetration testing tactics to assess vulnerabilities and discover weak points in their cybersecurity preparation. Usually, this involves two teams - one red the protagonists and one blue the incident responders who mu...
Five Ways Cyber Attackers Leverage Bad Bots to Commit Automated Fraud
The accelerated shift to digital payments has made online fraud more prevalent than ever, as losses from it are expected to exceed $206 billion over the next five years, driven by identity fraud, fake accounts, and payment fraud. Catalyzed by the pandemic, the shift gained substantial traction in...
Enhance Network Resiliency with Contingency DDoS Protection
Recent digital market outages have proven the fragility of network infrastructure. When your primary service provider experiences an unexpected outage, your infrastructure is left unprotected and vulnerable to a DDoS attack. The downtime you face waiting for your DDoS mitigation to start working...
Help Employees and Consumers Avoid Self-inflicted Cybersecurity Mistakes
It shouldn’t be news to anyone that people sharing information online are concerned about the safety of their data. Imperva recently conducted a study with YouGov plc regarding consumers’ attitudes towards data, whether they feel in control of their personal data, and if they trust the...
4 Bad Bots Likely to Cause Problems for the Remainder of 2022
A short primer on internet bots An Internet bot bot, for short is a software application that runs automated tasks over the internet. Bots typically run simple tasks which they can perform at a dramatically greater rate than any human. Beneficial or anodyne bots are characterized as legitimate, o...
How Insider Threats Drive Better Data Protection Strategies
Fifty-eight percent of sensitive data security incidents are caused by insider threats, according to a recent study by Forrester Research. Insider threats originate from inappropriate use of legitimate authorized user accounts. These accounts - assigned to internal employees and business associat...
What COVID Reminded Me About Compliance
It was another late-December morning a few days after Christmas and the weather was unseasonably cold where I live in New Jersey, in the northeast of the US. My daughters were a few days into their winter break and already getting into the routine of “waking-up-late-cereal-watching Netflix”. In m...
Online fraud at an all-time high amidst the global pandemic
Client-side attacks have become significantly more prominent in recent years, gaining popularity since 2015. As online activity rises due to the global pandemic, 2020 has been no exception, with the most susceptible target, e-commerce, becoming more lucrative than ever. The Client-Side Problem...
From Layers to Microunits
The evolution of “Code Cohesion” and “Separation of Concerns” The software industry has recognized the values of “Separation of Concerns” and “Code Cohesion” for more than two decades. Many articles, books and software-thinkers have contributed methodologies to implement these important values. I...
Casino Goes All In and Wins Big with Imperva Security
There’s no good time to be hit by ransom-seeking DDoS attackers. For one casino-entertainment provider, the timing was particularly bad — right before one of its largest online poker events in 2016. The casino, which generates multiple billions in revenue per year, leveraged Imperva’s emergency...
Configuring Imperva SecureSphere for GDPR Compliance: Part One
Time is running out. 23 days until GDPR enforcement The GDPR effective date is less than a month away and, given the significant risk and potential costs associated with a failure to comply, organizational readiness efforts continue to mount. GDPR non-compliance penalties can be severe up to 79...