Lucene search
K
ImpervablogMost viewed

1025 matches found

Imperva Blog
Imperva Blog
added 2019/02/05 4:0 p.m.104 views

A Cybersecurity and Cloud Innovator – and a Great Partner

Imperva has long been a cybersecurity leader, recognized by the likes of Gartner and Forrester Research for the capabilities of our application and data security solutions. For more than 6,000 business customers, we are their champion in the daily fight to secure data and applications. To ensure...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/11/07 4:33 p.m.103 views

Detecting Account Takeover Botnets

A botnet is a network of compromised computers - known as bots - usually controlled by a command and control computer, that work together in coordination for a malicious purpose. In this blog post, we’ll discuss how to detect botnets used for account takeover ATO, an attack used to obtain the val...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/10/18 6:49 p.m.102 views

Adopting a Risk-Based Approach to Cybersecurity in the Financial Services Industry

Today’s financial organizations face many different risks in volatile and uncertain business environments, but the ever-present threat of cyberattacks and data breaches is now impossible to ignore. For this reason, managing these cyber-risks now has to simply be considered one of the many costs o...

Exploits0
Imperva Blog
Imperva Blog
added 2019/04/01 2:5 p.m.100 views

Imperva Wins CRN 5-Star Partner Program 3rd Year in a Row. Here are Some Stats Behind Why.

A lot goes into building a good IT channel program. A truly-effective program should meet the vendor’s needs while also delivering attractive benefits to our partners. A successful channel program should deliver a number of key elements, including: partner profitability partner self-service acces...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/11/12 6:24 p.m.100 views

New Docker-based Dev Pipeline: Microservice Projects Just Got A ‘Speed-Boost’

A bulwark of software engineering projects, the development pipeline is an automated process used to deliver changes from development through to production; enabling near real-time updates. The dev pipeline is a critical time saver as it enables you to: Avoid mistakes and wasted time as a result...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/07/11 9:48 p.m.99 views

A New Chapter in Bot Management Begins Today [Video]

I am excited to share that we have closed the acquisition of Distil Networks, the pioneer and leader in Bot Management. Over the past few weeks, we have been welcoming Distil’s employees into the Imperva family and have started integrating their powerful, analyst-recognized Bot Management solutio...

1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/03/04 3:21 p.m.98 views

Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second

We are only at the beginning of 2022 and it looks like it is going to be an interesting year for the Distributed Denial of Service DDoS landscape. We recently mitigated a ransom DDoS attack on a single website which reached a rate of 2.5 million requests per second Mrps. And while ransom DDoS...

6.4CVSS0.6AI score0.96087EPSS
Exploits23
Imperva Blog
Imperva Blog
added 2019/02/21 8:22 p.m.98 views

No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Company’s Wi-Fi Network

Your Wi-Fi routers and access points all have strong WPA2 passwords, unique SSIDs, the latest firmware updates, and even MAC address filtering. Good job, networking and cybersecurity teams! However, is your network truly protected? TL;DR: NO! In this post, I’ll cover the most common social...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/03/03 6:0 p.m.97 views

Securing Healthcare Data and Applications

The healthcare industry is quickly growing as a sweet spot for hackers to steal large amounts of patient records for profit. The US Department of Health and Human Services breach tool reports over 340 data breaches in 2017 impacting more than 3 million individuals, and 176.5 million individuals...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/03/09 7:39 p.m.95 views

Protecting Your Data from Cyber Extortion: Lessons from the Latest Mega-hack

At the end of last year, enterprise firewall company Accellion was the victim of a two-phase SQL injection attack that resulted in significant sensitive data breaches over the last number of months. This attack is important for several reasons. It underscores the rise in frequency of incidents...

10CVSS0.5AI score0.56686EPSS
Exploits0
Imperva Blog
Imperva Blog
added 2019/06/18 1:15 p.m.95 views

Every Second Counts When You’re Under Attack — Imperva Provides 3 Second DDoS Mitigation, Stops Account Takeovers & Protects your APIs

Let’s be blunt: cybersecurity is a never-ending arms race between bad actors and IT and security teams. Lately, attackers have surged. Armed with powerful, inexpensive hacking tools and deep knowledge gleaned from successful breaches, attackers are organizing sprawling botnets, probing soft targe...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/10/18 3:0 p.m.94 views

Survey: 44% of Security Professionals Spend More than 20 Hours a Week Responding to Alerts

As the global cybersecurity climate continues to heat up, so too do the subsequent levels of alert fatigue IT security professionals have to deal with. A recent survey by Imperva reveals that nine percent of UK security teams battle with over five million alerts each week. Five million, just let...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/05/30 6:0 p.m.93 views

Web Security Leader Rapidly Expands by Partnering with AWS and Imperva

Companies try to plan and pace their growth. Those plans go out the window when a merger or acquisition happens, as it did to DigiCert Inc. DigiCert, based in Lehi, Utah, had long been a leading Certificate Authority CA, providing electronic documents that verify and authenticate the identities o...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/07/22 8:11 p.m.92 views

How Account Takeover Botnets Outsmart Traditional Security Controls

Account Takeover ATO describes when an online account is accessed and/ or used by someone other than its legitimate owner, usually for malicious purposes. Account Takeover attacks happen when an attacker is trying to get unauthorized access to an account or when the account has already been...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/10/24 9:4 p.m.91 views

New Imperva Java SDK: Greasing The Wheels for Active Directory Coding Projects

According to StackOverflow’s 2018 Developer Survey, Java remains one of the world’s most popular coding languages, universally liked for its versatility and ease of adoption. Even so, working under the pressures developers often do, a bit of help always goes a long way. To that end, we’ve put...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/12/17 6:44 a.m.89 views

5 Things We’ve Learned About CVE-2021-44228

Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that we’ve learned from analyzing a subset of our overall global network traffic. Attac...

9.3CVSS0.4AI score0.99999EPSS
Exploits351
Imperva Blog
Imperva Blog
added 2021/07/07 6:12 p.m.88 views

Oracle Auditing Part 3: Unified Auditing

This is the third, and last, article on the topic of Oracle auditing. It is relevant to Oracle 12c only. With Unified Auditing, Oracle simplified the task of auditing activities in a modern database environment, and rather than having to learn multiple methods, patterns, and techniques for both...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/09/12 6:54 p.m.88 views

APIs Ease Customer Interaction — and External Attacks. Here’s how to Protect Them.

To deliver seamless service experiences to our customers, businesses now rely heavily on application programming interfaces APIs. These are a non-negotiable aspect of the way we streamline the interactions and conversations we have with our customers, both internal and external. APIs are now so...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/07/24 4:0 p.m.88 views

Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)

Imagine you’re a developer building a new web application. You’ve followed all of the security best practices, hired a reputable penetration testing company before launch, and gone through extensive bug fixing to remove any vulnerabilities. However, would you be confident that your application...

1.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/02/23 4:45 p.m.88 views

NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases

Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...

6.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/11/15 6:29 p.m.87 views

Imperva and Amazon Partner to Help Mitigate Risks Associated With Cloud Migration

Helping our customers reduce the risks associated with migrating to the cloud, and preventing availability and security incidents, has been a major development focus for Imperva over the last several years. Why the partnership matters Although cloud service providers take a host of IT management...

2.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/12/24 2:17 p.m.86 views

Cloud Template Tool – The only way for Imperva On-Premises deployment on AWS

For the last six years, Imperva’s customers have been able to deploy our On-Premises product on AWS and enjoy the many advantages of cloud deployment including flexibility, cost-effectiveness, scalability, accessibility and many others. But using Imperva On-Premises on AWS wasn’t always easy, and...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/10/25 7:13 p.m.85 views

Key Compliance Concepts for Financial Services

The Sarbanes-Oxley Act SOX was introduced following a number of financial scandals involving huge conglomerates and obliges companies to establish internal controls to prevent fraud and abuse, holding senior managers accountable for the accuracy of financial reporting. The financial crisis in 200...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/09/04 3:31 p.m.85 views

Imperva Recognized as a 2018 Gartner Magic Quadrant WAF Leader, Five Years Running

Gartner has named Imperva as a Leader in the 2018 Gartner Magic Quadrant for Web Application Firewalls WAF -- for the fifth year in a row! Our combination of on-premises appliances, cloud WAF, shared threat intelligence and flexible licensing once again cement us as the best choice for companies ...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/12/25 1:30 p.m.84 views

Serverless ETLs? Easy Data Lake Transformations using AWS Athena

In a data lake raw data is added with little or no processing, allowing you to query it straight away. This gives you a great way to learn about your data - whether it represents a quick win or a fast fall. However, there are two disadvantages: performance and costs. If, for example you added CSV...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/04/30 12:0 p.m.83 views

Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.

Updated April 30, 2019 with new data from an even larger attack. Skip directly to the bottom to learn more. DDoS attacks are usually measured by the amount of bandwidth involved, such as the 1.35 Terabits per second maximum attack directed at GitHub last year, the largest DDoS attack ever at the...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/01/05 5:43 p.m.82 views

The Evolution of Bad Bots from Grinchbots to Parasitic Bots-as-a-Service

The doomsday pandemic prediction is that you wont be able to buy toilet paper because bad bots will have hoarded all the inventory and are offering it to the highest bidder on secondary markets at an exorbitant mark-up. The Gaming Console War The use of scalping bots was once the domain of ticket...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/07/23 4:24 p.m.82 views

New 3-Second DDoS Mitigation SLA is 3x Faster and the Industry’s Best

Back in 2018, we made waves with a groundbreaking DDoS Mitigation SLA service level agreement for our DDoS Protection service that guaranteed to mitigate DDoS attacks in under 10 seconds. Now, we’ve upped the ante to ensure DDoS attack mitigation with a new, industry-best three seconds-or-less...

1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/01/14 10:37 p.m.82 views

Imperva Increases Self-Service Capability Fourfold with Custom Security Rules

Back in 2014, we introduced Rules previously IncapRules to give our customers advanced control over their application security. Today we’re putting even more of this custom tuning power in the hands of our customers by quadrupling the number of filters available via self-service. Rules Basics Rul...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/01/08 9:37 p.m.82 views

Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attack CVE pending

We recently discovered that the latest version of Scapy, a powerful packet manipulation tool used by cybersecurity researchers and network engineers, is susceptible to a Denial of Service DoS vulnerability. Ironically, we found this vulnerability while researching ways to better detect and fight...

0.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/06/10 6:5 p.m.81 views

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

10CVSS8AI score0.99999EPSS
Exploits442
Imperva Blog
Imperva Blog
added 2023/05/30 11:47 a.m.80 views

Why Attackers Target the Gaming Industry

Key Takeaways: The gaming industry is a common target for cyberattacks due to its financial success and vast user base. Volumetric DDoS attacks can disrupt service, distract from more serious attacks, and cause financial damage, especially on sites that offer online multiplayer games or real-time...

9.3CVSS10AI score0.99999EPSS
Exploits353
Imperva Blog
Imperva Blog
added 2019/11/27 4:58 p.m.80 views

How to Maximize Your WAF

Whenever new WAF clients are brought aboard, there’s a procedure they must follow in order to properly configure their servers to work behind the WAF protection. You can find an example of the Imperva Cloud WAF onboarding procedure here. Sometimes, however, customers can miss important procedures...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/05/28 4:1 p.m.80 views

Infonomics-based Model Teaches CISOs how to Assess their Data’s Financial Risk, Invest Properly in Data Security

Here’s what I consider the biggest contradiction in cybersecurity: the most-financially-damaging, reputation-destroying security incidents almost always involves the theft of millions of database records. Yet, data security is one of the smallest line items in a security budget. Consider that tot...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/10/02 3:30 p.m.80 views

Practical Tips for Personal Online Security

As a cybersecurity professional I write about enterprise security on a daily basis. But with the start of National Cyber Security Awareness Month NCSAM I was inspired to switch gears and write about personal security given this week’s theme of simple steps to online safety for consumers. So, with...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/07/10 3:30 p.m.80 views

Static Versus Dynamic Data Masking

Most participants in the trench warfare of IT security agree that the best way to protect data is to apply a layered approach to security. Data masking is a security and privacy enhancing technology recommended by industry analysts as a must-have data protection layer. While terminology varies...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/04/15 2:56 p.m.79 views

2025 Imperva Bad Bot Report: How AI is Supercharging the Bot Threat

Bad bots continue to target organizations across every industry and geography, but the rise of Artificial Intelligence AI is fueling bot attacks, making them more intelligent and more evasive than ever before. For over twelve years, Imperva has been dedicated to helping organizations manage and...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/05/24 4:0 p.m.79 views

Build Bikes and Go Fast: Why Building Bikes is Critical to Imperva’s Success

In May 2019, seventy members of Imperva’s global leadership team gathered in one location to share insights, to develop and commit to our future strategy, and to build bikes. That’s right, to build bikes. Of course, that bit about developing and committing to our future strategy is undeniably...

Exploits0
Imperva Blog
Imperva Blog
added 2019/02/28 4:0 p.m.78 views

Don’t Let Security Needs Halt Your Digital Transformation. Imperva FlexProtect Offers Agile Security for any Enterprise.

Is your enterprise in the midst of a digital transformation? Of course it is. Doing business in today’s global marketplace is more competitive than ever. Automating your business processes and infusing them with always-on, real-time applications and other cutting-edge technology is key to keeping...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/11/16 5:35 p.m.78 views

With The NASDAQ Bell Ceremony, We Kick Off The Next Leg of Imperva’s Incredible Journey

On Friday morning our CEO Chris Hylen and company execs rung the NASDAQ opening bell in New York, welcoming another day of trading for the world’s second-largest stock exchange; and taking full advantage of the opportunity to celebrate recent corporate milestones for Imperva. “I’m honored to be...

1.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/11/20 5:35 p.m.78 views

Six Ways to Secure APIs

API usage in application development has become the trend of the year. Adoption of micro-services and server-less architectures have only accelerated this trend. Based on conversations with analysts and customers, we expect APIs to become the majority of web application front ends in next couple ...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/06/04 3:33 p.m.77 views

Imperva to Acquire Distil Networks, the Leader in Bot Management

As an established leader in cybersecurity, Imperva provides our customers the most comprehensive, analyst-recognized application security solution on the market. We are a five-time leader in Gartner’s 2018 Magic Quadrant for Web Application Firewalls WAF. Our DDoS Protection continues to...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/02/21 9:28 a.m.76 views

Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate...

9.3CVSS9.5AI score0.99999EPSS
Exploits493
Imperva Blog
Imperva Blog
added 2018/12/12 9:26 p.m.76 views

Read: New Attack Analytics Dashboard Streamlines Security Investigations

Attack Analytics, launched this May, aimed to crush the maddening pace of alerts that security teams were receiving. For security analysts unable to triage this avalanche of alerts, Attack Analytics condenses thousands upon thousands of alerts into a handful of relevant, investigable incidents...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/03/13 4:0 p.m.76 views

A Deep Dive into Database Attacks [Part III]: Why Scarlett Johansson’s Picture Got My Postgres Database to Start Mining Monero

As part of Imperva’s efforts to protect our customers’ data, we have an ongoing research project focused on analyzing and sharing different attack methods on databases. If you aren’t familiar with this project, which we call StickyDB, please read Part I and Part II. There we explain this database...

8.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/12/17 10:6 p.m.75 views

Lessons learned building supervised machine learning into DDoS Protection

Imperva’s Data Scientists trained a machine-learning model to auto-configure DDoS security policies and this blog shares some of the lessons learned along the way. Data scientists consider labeled data the gold standard and, despite having to filter out anomalies, there is an overall tendency to...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/07/29 5:21 p.m.75 views

Enabling Faster DDoS Mitigation for Cloud Assets

The cloud journey was considered a visionary approach less than a decade ago. Today, more than half of organizations rely on a cloud provider, and are planning to expand their portfolios across multiple cloud platforms, as part of their ongoing digital transformation. Is the so-called cloud promi...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/02/01 5:0 p.m.75 views

2017 OWASP Top 10: The Good, the Bad and the Ugly

Since its founding in 2001, the Open Web Application Security Project OWASP has become a leading resource for online security best practices. In particular, its list of the top 10 “Most Critical Web Application Security Risks” is a de facto application security standard. The recently released 201...

8.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/10/14 2:47 p.m.74 views

Never Leave Your Cloud Database Publicly Accessible

Introduction In cybersecurity, we often hear about best practices, one of the most important of which is never to open services that should be for internal use to public access. These are best practices for a good reason - when you don’t follow them, you might be hacked! Research we conducted in...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/10/18 3:30 p.m.74 views

Tuning Capacity Tips for SecureSphere Database Activity Monitoring

You have Imperva SecureSphere Database Activity Monitoring DAM up and running. You’ve deployed the system and configured your business audit policies. So, what’s next? In a previous post I discussed the capacity management challenges of database monitoring solutions, in this post I’ll elaborate o...

6.8AI score
Exploits0
Total number of security vulnerabilities1025