1025 matches found
A Cybersecurity and Cloud Innovator – and a Great Partner
Imperva has long been a cybersecurity leader, recognized by the likes of Gartner and Forrester Research for the capabilities of our application and data security solutions. For more than 6,000 business customers, we are their champion in the daily fight to secure data and applications. To ensure...
Detecting Account Takeover Botnets
A botnet is a network of compromised computers - known as bots - usually controlled by a command and control computer, that work together in coordination for a malicious purpose. In this blog post, we’ll discuss how to detect botnets used for account takeover ATO, an attack used to obtain the val...
Adopting a Risk-Based Approach to Cybersecurity in the Financial Services Industry
Today’s financial organizations face many different risks in volatile and uncertain business environments, but the ever-present threat of cyberattacks and data breaches is now impossible to ignore. For this reason, managing these cyber-risks now has to simply be considered one of the many costs o...
Imperva Wins CRN 5-Star Partner Program 3rd Year in a Row. Here are Some Stats Behind Why.
A lot goes into building a good IT channel program. A truly-effective program should meet the vendor’s needs while also delivering attractive benefits to our partners. A successful channel program should deliver a number of key elements, including: partner profitability partner self-service acces...
New Docker-based Dev Pipeline: Microservice Projects Just Got A ‘Speed-Boost’
A bulwark of software engineering projects, the development pipeline is an automated process used to deliver changes from development through to production; enabling near real-time updates. The dev pipeline is a critical time saver as it enables you to: Avoid mistakes and wasted time as a result...
A New Chapter in Bot Management Begins Today [Video]
I am excited to share that we have closed the acquisition of Distil Networks, the pioneer and leader in Bot Management. Over the past few weeks, we have been welcoming Distil’s employees into the Imperva family and have started integrating their powerful, analyst-recognized Bot Management solutio...
Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second
We are only at the beginning of 2022 and it looks like it is going to be an interesting year for the Distributed Denial of Service DDoS landscape. We recently mitigated a ransom DDoS attack on a single website which reached a rate of 2.5 million requests per second Mrps. And while ransom DDoS...
No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Company’s Wi-Fi Network
Your Wi-Fi routers and access points all have strong WPA2 passwords, unique SSIDs, the latest firmware updates, and even MAC address filtering. Good job, networking and cybersecurity teams! However, is your network truly protected? TL;DR: NO! In this post, I’ll cover the most common social...
Securing Healthcare Data and Applications
The healthcare industry is quickly growing as a sweet spot for hackers to steal large amounts of patient records for profit. The US Department of Health and Human Services breach tool reports over 340 data breaches in 2017 impacting more than 3 million individuals, and 176.5 million individuals...
Protecting Your Data from Cyber Extortion: Lessons from the Latest Mega-hack
At the end of last year, enterprise firewall company Accellion was the victim of a two-phase SQL injection attack that resulted in significant sensitive data breaches over the last number of months. This attack is important for several reasons. It underscores the rise in frequency of incidents...
Every Second Counts When You’re Under Attack — Imperva Provides 3 Second DDoS Mitigation, Stops Account Takeovers & Protects your APIs
Let’s be blunt: cybersecurity is a never-ending arms race between bad actors and IT and security teams. Lately, attackers have surged. Armed with powerful, inexpensive hacking tools and deep knowledge gleaned from successful breaches, attackers are organizing sprawling botnets, probing soft targe...
Survey: 44% of Security Professionals Spend More than 20 Hours a Week Responding to Alerts
As the global cybersecurity climate continues to heat up, so too do the subsequent levels of alert fatigue IT security professionals have to deal with. A recent survey by Imperva reveals that nine percent of UK security teams battle with over five million alerts each week. Five million, just let...
Web Security Leader Rapidly Expands by Partnering with AWS and Imperva
Companies try to plan and pace their growth. Those plans go out the window when a merger or acquisition happens, as it did to DigiCert Inc. DigiCert, based in Lehi, Utah, had long been a leading Certificate Authority CA, providing electronic documents that verify and authenticate the identities o...
How Account Takeover Botnets Outsmart Traditional Security Controls
Account Takeover ATO describes when an online account is accessed and/ or used by someone other than its legitimate owner, usually for malicious purposes. Account Takeover attacks happen when an attacker is trying to get unauthorized access to an account or when the account has already been...
New Imperva Java SDK: Greasing The Wheels for Active Directory Coding Projects
According to StackOverflow’s 2018 Developer Survey, Java remains one of the world’s most popular coding languages, universally liked for its versatility and ease of adoption. Even so, working under the pressures developers often do, a bit of help always goes a long way. To that end, we’ve put...
5 Things We’ve Learned About CVE-2021-44228
Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that we’ve learned from analyzing a subset of our overall global network traffic. Attac...
Oracle Auditing Part 3: Unified Auditing
This is the third, and last, article on the topic of Oracle auditing. It is relevant to Oracle 12c only. With Unified Auditing, Oracle simplified the task of auditing activities in a modern database environment, and rather than having to learn multiple methods, patterns, and techniques for both...
APIs Ease Customer Interaction — and External Attacks. Here’s how to Protect Them.
To deliver seamless service experiences to our customers, businesses now rely heavily on application programming interfaces APIs. These are a non-negotiable aspect of the way we streamline the interactions and conversations we have with our customers, both internal and external. APIs are now so...
Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)
Imagine you’re a developer building a new web application. You’ve followed all of the security best practices, hired a reputable penetration testing company before launch, and gone through extensive bug fixing to remove any vulnerabilities. However, would you be confident that your application...
NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases
Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...
Imperva and Amazon Partner to Help Mitigate Risks Associated With Cloud Migration
Helping our customers reduce the risks associated with migrating to the cloud, and preventing availability and security incidents, has been a major development focus for Imperva over the last several years. Why the partnership matters Although cloud service providers take a host of IT management...
Cloud Template Tool – The only way for Imperva On-Premises deployment on AWS
For the last six years, Imperva’s customers have been able to deploy our On-Premises product on AWS and enjoy the many advantages of cloud deployment including flexibility, cost-effectiveness, scalability, accessibility and many others. But using Imperva On-Premises on AWS wasn’t always easy, and...
Key Compliance Concepts for Financial Services
The Sarbanes-Oxley Act SOX was introduced following a number of financial scandals involving huge conglomerates and obliges companies to establish internal controls to prevent fraud and abuse, holding senior managers accountable for the accuracy of financial reporting. The financial crisis in 200...
Imperva Recognized as a 2018 Gartner Magic Quadrant WAF Leader, Five Years Running
Gartner has named Imperva as a Leader in the 2018 Gartner Magic Quadrant for Web Application Firewalls WAF -- for the fifth year in a row! Our combination of on-premises appliances, cloud WAF, shared threat intelligence and flexible licensing once again cement us as the best choice for companies ...
Serverless ETLs? Easy Data Lake Transformations using AWS Athena
In a data lake raw data is added with little or no processing, allowing you to query it straight away. This gives you a great way to learn about your data - whether it represents a quick win or a fast fall. However, there are two disadvantages: performance and costs. If, for example you added CSV...
Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.
Updated April 30, 2019 with new data from an even larger attack. Skip directly to the bottom to learn more. DDoS attacks are usually measured by the amount of bandwidth involved, such as the 1.35 Terabits per second maximum attack directed at GitHub last year, the largest DDoS attack ever at the...
The Evolution of Bad Bots from Grinchbots to Parasitic Bots-as-a-Service
The doomsday pandemic prediction is that you wont be able to buy toilet paper because bad bots will have hoarded all the inventory and are offering it to the highest bidder on secondary markets at an exorbitant mark-up. The Gaming Console War The use of scalping bots was once the domain of ticket...
New 3-Second DDoS Mitigation SLA is 3x Faster and the Industry’s Best
Back in 2018, we made waves with a groundbreaking DDoS Mitigation SLA service level agreement for our DDoS Protection service that guaranteed to mitigate DDoS attacks in under 10 seconds. Now, we’ve upped the ante to ensure DDoS attack mitigation with a new, industry-best three seconds-or-less...
Imperva Increases Self-Service Capability Fourfold with Custom Security Rules
Back in 2014, we introduced Rules previously IncapRules to give our customers advanced control over their application security. Today we’re putting even more of this custom tuning power in the hands of our customers by quadrupling the number of filters available via self-service. Rules Basics Rul...
Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attack CVE pending
We recently discovered that the latest version of Scapy, a powerful packet manipulation tool used by cybersecurity researchers and network engineers, is susceptible to a Denial of Service DoS vulnerability. Ironically, we found this vulnerability while researching ways to better detect and fight...
Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware
Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...
Why Attackers Target the Gaming Industry
Key Takeaways: The gaming industry is a common target for cyberattacks due to its financial success and vast user base. Volumetric DDoS attacks can disrupt service, distract from more serious attacks, and cause financial damage, especially on sites that offer online multiplayer games or real-time...
How to Maximize Your WAF
Whenever new WAF clients are brought aboard, there’s a procedure they must follow in order to properly configure their servers to work behind the WAF protection. You can find an example of the Imperva Cloud WAF onboarding procedure here. Sometimes, however, customers can miss important procedures...
Infonomics-based Model Teaches CISOs how to Assess their Data’s Financial Risk, Invest Properly in Data Security
Here’s what I consider the biggest contradiction in cybersecurity: the most-financially-damaging, reputation-destroying security incidents almost always involves the theft of millions of database records. Yet, data security is one of the smallest line items in a security budget. Consider that tot...
Practical Tips for Personal Online Security
As a cybersecurity professional I write about enterprise security on a daily basis. But with the start of National Cyber Security Awareness Month NCSAM I was inspired to switch gears and write about personal security given this week’s theme of simple steps to online safety for consumers. So, with...
Static Versus Dynamic Data Masking
Most participants in the trench warfare of IT security agree that the best way to protect data is to apply a layered approach to security. Data masking is a security and privacy enhancing technology recommended by industry analysts as a must-have data protection layer. While terminology varies...
2025 Imperva Bad Bot Report: How AI is Supercharging the Bot Threat
Bad bots continue to target organizations across every industry and geography, but the rise of Artificial Intelligence AI is fueling bot attacks, making them more intelligent and more evasive than ever before. For over twelve years, Imperva has been dedicated to helping organizations manage and...
Build Bikes and Go Fast: Why Building Bikes is Critical to Imperva’s Success
In May 2019, seventy members of Imperva’s global leadership team gathered in one location to share insights, to develop and commit to our future strategy, and to build bikes. That’s right, to build bikes. Of course, that bit about developing and committing to our future strategy is undeniably...
Don’t Let Security Needs Halt Your Digital Transformation. Imperva FlexProtect Offers Agile Security for any Enterprise.
Is your enterprise in the midst of a digital transformation? Of course it is. Doing business in today’s global marketplace is more competitive than ever. Automating your business processes and infusing them with always-on, real-time applications and other cutting-edge technology is key to keeping...
With The NASDAQ Bell Ceremony, We Kick Off The Next Leg of Imperva’s Incredible Journey
On Friday morning our CEO Chris Hylen and company execs rung the NASDAQ opening bell in New York, welcoming another day of trading for the world’s second-largest stock exchange; and taking full advantage of the opportunity to celebrate recent corporate milestones for Imperva. “I’m honored to be...
Six Ways to Secure APIs
API usage in application development has become the trend of the year. Adoption of micro-services and server-less architectures have only accelerated this trend. Based on conversations with analysts and customers, we expect APIs to become the majority of web application front ends in next couple ...
Imperva to Acquire Distil Networks, the Leader in Bot Management
As an established leader in cybersecurity, Imperva provides our customers the most comprehensive, analyst-recognized application security solution on the market. We are a five-time leader in Gartner’s 2018 Magic Quadrant for Web Application Firewalls WAF. Our DDoS Protection continues to...
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate...
Read: New Attack Analytics Dashboard Streamlines Security Investigations
Attack Analytics, launched this May, aimed to crush the maddening pace of alerts that security teams were receiving. For security analysts unable to triage this avalanche of alerts, Attack Analytics condenses thousands upon thousands of alerts into a handful of relevant, investigable incidents...
A Deep Dive into Database Attacks [Part III]: Why Scarlett Johansson’s Picture Got My Postgres Database to Start Mining Monero
As part of Imperva’s efforts to protect our customers’ data, we have an ongoing research project focused on analyzing and sharing different attack methods on databases. If you aren’t familiar with this project, which we call StickyDB, please read Part I and Part II. There we explain this database...
Lessons learned building supervised machine learning into DDoS Protection
Imperva’s Data Scientists trained a machine-learning model to auto-configure DDoS security policies and this blog shares some of the lessons learned along the way. Data scientists consider labeled data the gold standard and, despite having to filter out anomalies, there is an overall tendency to...
Enabling Faster DDoS Mitigation for Cloud Assets
The cloud journey was considered a visionary approach less than a decade ago. Today, more than half of organizations rely on a cloud provider, and are planning to expand their portfolios across multiple cloud platforms, as part of their ongoing digital transformation. Is the so-called cloud promi...
2017 OWASP Top 10: The Good, the Bad and the Ugly
Since its founding in 2001, the Open Web Application Security Project OWASP has become a leading resource for online security best practices. In particular, its list of the top 10 “Most Critical Web Application Security Risks” is a de facto application security standard. The recently released 201...
Never Leave Your Cloud Database Publicly Accessible
Introduction In cybersecurity, we often hear about best practices, one of the most important of which is never to open services that should be for internal use to public access. These are best practices for a good reason - when you don’t follow them, you might be hacked! Research we conducted in...
Tuning Capacity Tips for SecureSphere Database Activity Monitoring
You have Imperva SecureSphere Database Activity Monitoring DAM up and running. You’ve deployed the system and configured your business audit policies. So, what’s next? In a previous post I discussed the capacity management challenges of database monitoring solutions, in this post I’ll elaborate o...