1025 matches found
Critical Actions to Finalize Your GDPR Compliance Program
Starting May 25, 2018, enforcement begins for the new EU General Data Protection Regulation GDPR and its heightened principles and requirements regarding data privacy, data processing, and data security. The newly revised regulation applies to organizations doing business in the European Union or...
A Leader for Four Consecutive Years in the Gartner Magic Quadrant for WAFs
Gartner has published their 2017 Magic Quadrant for Web Application Firewalls WAF and Imperva has again been named a WAF leader—now for four consecutive years. Attacks remain same, but infrastructure is changing According to 2017 Verizon Data Breach Investigations Report, web app attacks remain t...
Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet
On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...
Two New Trends Make Early Breach Detection and Prevention a Security Imperative
Key signs to look for in today’s complex data threat landscape Introduction The most vulnerable data repositories are the ones deep in your organization’s infrastructure. Everyone assumes they are safe, but as with your home, organizations must invest in security at entry points. Otherwise, the...
Providing Security and Acceleration of Single Page Applications
HTTP/2 + gRPC and protobuf Today many digital transformation and DevOps teams have been tasked with building applications that will enhance their customer’s digital experience. The goal, to make the user experience smoother, faster and less impeded by transactional and security controls, is a cor...
How Imperva Advanced Mesh Topology Keeps Canadian Data In-Country
The Personal Information Protection and Electronic Documents Act PIPEDA is a Canadian federal law that sets out how organizations can collect, use and disclose personal information in the course of commercial activity. While PIPEDA does not prohibit the transfer of personal information outside of...
COVID-19 affects everyone: we’re here to help.
A message from our Chief Executive Officer, Pam Murphy: All of us at Imperva wish you good health and safety as the coronavirus COVID-19 outbreak continues to unfold. As we respond to the ongoing crisis, we have established the following core principles to keep us focused on what's important:...
Deployment Isn’t the Final Step – Monitoring Machine Learning Models in Production
Unless you’ve been living in a cave for the last decade, you’ve probably heard of the concept of a machine learning system at least once in your life. Whether it’s auto-translation, auto-completion, face or voice recognition, recommendation systems or autonomous driving, AI-based systems can be...
Mitigate then Investigate: Watch a Live DDoS Attack
Recently Andy Shoemaker, founder of NimbusDDOS, and our own David Elmaleh shared their knowledge about DDoS attacks and what it means to have industry-best protection capabilities including fast time to mitigation. They also offered insights into the critical investigation activities that must...
A Leader in the 2019 Gartner Magic Quadrant for WAF, Six Years Running
Gartner has published its 2019 Gartner Magic Quadrant for Web Application Firewalls WAF and Imperva has been named a Leader for the sixth consecutive year! Along with our WAF Gateways and easy-to-deploy Cloud WAF we recently added API Security, RASP, Account Takeover Protection, Bot Management, a...
Hunting for Insider Threats: Using Activity Modeling to Detect Suspicious Database Commands and Access Patterns
The Widening Gap Data breaches by insiders are very challenging to catch. The gap between the rise of insider threats and speed of hunting them down is increasingly widening. According to 2017 Data Breach Investigation Report by Verizon, a great majority of insider and privileged-misuse breaches ...
CVE-2023-29552: Abusing the SLP Protocol to Launch Massive DDoS Amplification Attacks
On April 25, 2023, researchers at Bitsight and Curesec jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol SLP, a legacy Internet protocol. What is SLP protocol? Service Location Protocol SLP is a network protocol designed to simplify th...
What Are Red Team Exercises and Why Are They Important?
Pick a side. It’s game time, and nothing is off the table. -- For most organizations, a true defense-in-depth strategy includes the proactive testing of company cyber defenses. A Red Team Exercise is designed to reveal vulnerabilities in a companys security through hands-on testing, uncovering...
Imperva to acquire CloudVector: Prioritizing API Protection for Modern Environments
I am excited to announce Imperva has entered into an agreement to acquire CloudVector to advance our mission to protect data and all paths to it. Together, we believe we can change what organizations expect from Web Application and API Protection solutions. There are multiple reasons APIs are at...
Advanced Bot Protection integrated into Imperva’s Cloud Application Security
Today, Imperva announced the general availability of Advanced Bot Protection that now fully integrates the industry-leading bot protection technology into its Cloud Application Security platform. By integrating Advanced Bot Protection this enables true defense-in-depth security by delivering bot...
From Thousands of Security Alerts to a Handful of Insights
Understanding an attacker’s workflow and how Attack Analytics hunts them down In recent years we’ve seen a significant increase in the number and complexity of cyber-attacks. The accessibility of public tools and their automation capabilities, as well as distributed and anonymization features tha...
Imperva Wins Awards for Best Database Security, Coolest Cloud Security Vendor
SC Magazine has long been one of the most respected names in cybersecurity journalism, and one that has written about Imperva’s security research and solutions many times. So we’re proud to announce that we’ve won the 2019 SC Award for Best Database Security solution at SC’s awards ceremony on...
Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why
Google Chrome is the most popular web browser and has been so for almost a decade. Each new version of Chrome brings new usability, security and performance features. This article focuses on the “headless mode” feature that Google released more than a year ago; and, since day one has become very...
Building an Effective API Security Strategy: Easy If You Have the Right Tools
In their approach to application programming interface API security, organizations exposing web APIs must balance ease of access with control. Like the bank robber attacking banks because "that's where the money is," the use of APIs to provide access to applications and to business-critical data...
Cloud Migration Fundamentals: Overcoming Barriers to App Security [Infographic]
As more organizations move to the cloud, the line of responsibility in securing applications can become rather blurred. The concept of control has historically rested in physical location and ownership. With the move to the cloud, however, the idea of security by proxy is changing and so should o...
Women in Tech and Career Spotlight: Shu White
Up next in our series featuring women in technology at Imperva is a spotlight on Shu White, the company’s vice president and deputy general counsel. Hailing from a legal background, I found her perspective particularly unique. Read below for Shu’s take on the cybersecurity industry, the inspiring...
ManageEngine Vulnerability CVE-2022-47966
Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus and ServiceDesk Plus. This vulnerability stems from the products’ use of an outdated Apache...
Gaining Insights Is Fundamental for API Security
As enterprises continue their digital transformation journey in this Post-COVID era, applications are the engine that drives their business growth. Whether it’s a digital-first enterprise or one that is accelerating its digital transformation initiatives, APIs are not only opening up systems so...
Adding Some Salt to Our Network – Part 1
Why configuration management system was a must for our network, and how we chose SaltStack When we planned and designed the network automation at Imperva Cloud, we split our automation systems into three different systems, where each of the systems has a different set of requirements: 1...
Facebook, GDPR and the Right to Privacy: Three’s a Crowd?
Back in 2016 the European Union voted to pass the mother of all security laws, aimed at further extending the rights of its citizens to control how their data is used. The General Data Protection Regulation GDPR guards users against having their information shared without their explicit consent,...
Ransomware Attacks on MySQL and MongoDB
Ransomware is arguably one of the most vicious types of attack cyber security experts are dealing with today. The impact ransomware attacks can have on an organization is huge and costly. A ransomware payment alone does not reflect the total expense of an attack—the more significant costs come fr...
Imperva Detects Undocumented 8220 Gang Activities
Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux web servers with cryptojacking malware. In...
The Account Takeover Threat: A By-the-Numbers Breakdown
Identity theft has come a long way in the age of technology. The more data is available online, the greater the threat. In this blog we will dive into the different characteristics and statistics of real world Account Takeover attacks as recorded and mitigated by Imperva’s Advanced Bot Protection...
Bad Bot Traffic on Healthcare Websites Rises 372% As Vaccines Become Available Globally
Nations around the world are racing to acquire COVID-19 vaccines and assemble digital infrastructure and web applications to enable appointment booking. As they do this, Imperva Research Labs has monitored a staggering 372% increase in bad bot traffic on healthcare websites globally since Septemb...
Cloud Data Security is Now Available in AWS Marketplace
We’re pleased to announce that Imperva Cloud Data Security is now available in the Amazon Web Services Marketplace. Database security shouldn’t be hard, so Imperva has made it simple. Imperva Cloud Data Security CDS is a SaaS solution specifically designed to secure organizations’ data stored in...
Hybrid DDoS Protection is Like a Faulty Airbag
We know that some businesses are the target of constant DDoS attacks, while others face attacks less frequently. If your company falls on the side of less-frequent attacks or having never been attacked at all, you might be wondering, “does the threat still exist?” And “does it exist to the level ...
5 Key Factors to Consider When Comparing Cloud Security Solutions [Video]
Migrating to the cloud can be a challenge, and so can securing your platform once you’re there. It means having a security solution that is quick, adaptable and equipped to handle a wider breadth of attacks. Whether you’re in the market for a new security product, or you’re looking to switch, the...
4 Steps to Monitor and Audit Privileged Users of Data Stores
Changing regulatory requirements for protection and privacy of data and increasing numbers of data breaches are driving a greater focus on data protection. Understanding who is accessing critical data, what was accessed and when it was accessed is a critical component of strong security operation...
New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks
It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code...
New Vulnerability in Popular Widget Shows Risks of Third-Party Code
UPDATE: Snyk has recently addressed 2 additional vulnerabilities we have reported to them, CVE-2022-24441 and CVE-2022-22984, affecting versions of Snyk CLI before XXX, which leads to arbitrary code execution when scanning untrusted Maven or Gradle projects. Similar to CVE-2022-40764 these...
Secure Your Digital Transformation
Digital transformation DX is on the mind, IT budget sheet, and board meeting agenda for the majority of enterprise-level organizations. The term digital transformation is becoming ubiquitous, but its definition can be ambiguous. Within the context of this blog, DX refers to how organizations...
Today’s Predictions for Tomorrow’s Internet
This weekend I realized just how much the future of securing the Internet of Things IoT will become a critical component to maintain our lifestyle. CyberPatriot is the National Youth Cyber Education Program created by the Air Force Association to encourage careers in STEM. Each year the program...
Dynamic Application Profiling: What It Is and Why You Want Your WAF to Have It
Because web applications are unique, they have distinct structures and dynamics, and – unfortunately – different vulnerabilities. A web application security device, therefore, must understand the structure and usage of the protected applications. Depending on the complexity of the protected...
Imperva customers are protected against CVE-2023-22518 in Confluence Data Center and Server
Atlassian released patches for the recently released vulnerability CVE-2023-22518 in their Confluence Data Center and Confluence Server products. This is a critical vulnerability, allowing attackers to bypass the authentication mechanism to potentially gain unauthorized access to sensitive...
Imperva Customers are Protected Against the Latest F5 BIG-IP Vulnerability
Imperva is tracking the recent critical security vulnerability impacting F5’s BIG-IP solution. The vulnerability, CVE-2023-46747, could allow an attacker to bypass authentication and potentially compromise the system via request smuggling. Imperva Threat Research has been actively monitoring this...
Moving to AWS Lambda? Here’s what you need to know.
Serverless computing is transforming the way organizations build, ship, automate and scale applications. With no need to worry about infrastructure or who’s going to manage it, developers are free to focus on application development and innovation. The payoffs can be significant: Faster time to...
Top 8 Database Security Best Practices
There is a large body of knowledge on what activities are required in order to secure databases and in order to comply with regulations and requirements. We’ve gathered the top 8 best practices for ensuring database security. Databases are arguably the most important and, unfortunately, also the...
Bad Bot Traffic Breaks Records in 2020
Bad bots have long been a major illness plaguing the internet. As internet traffic reached new heights throughout the global pandemic, unfortunately so did bot traffic. In 2020, 40.8 percent of internet traffic wasn’t human, and 25.6 percent originated from bad bots. What have these bad bots been...
Major Global Ransom Denial of Service Campaign Continues Rising Trend in Global DDoS Attacks
Extortionists Claim Connection to Notorious Threat Actor Groups In recent weeks Imperva has become aware of a considerable increase in the number of serious Ransom Denial of Service RDoS threats, with extortion campaigns targeting thousands of large commercial organizations globally, not least th...
Imperva RASP Now Supports .NET Core Apps for Security by Default
We at Imperva are proud to announce that we now support the .NET Core development platform, securing apps written in .NET Core with our industry-leading RASP solution. Support for .NET Core expands our market-leading, full-stack application security solution to apps at the heart of digital...
From E-Commerce to Enterprise Employee: How I Overcame my Fears and Doubts
By Efrat Silberhaft One year ago, I was working as the sole designer in a small e-commerce startup. When the company shut down, I had to start looking for a new job. I decided to leave the startup world. What I didn't know is that my next step would turn out to be in a different field —...
Making Our Security Portfolio Simpler — and Better
Since its inception in 2009, Incapsula has been a proud part of Imperva, the analyst-recognized cybersecurity leader. However, cybersecurity needs are evolving, and so are we. On April 7th, we will officially retire Incapsula.com. All of the great Incapsula web site content that wasn’t already...
The Gartner CISO Playbook: Leveraging Effective Control in the Cloud
For as long as we can remember, the concept of control has rested comfortably in physical location and ownership. It’s simple, if you could see something or you knew exactly where it was, it would be easier to assume that you’d have some measure of control over its security. With the move to the...
Monitoring Data & Data Access to Support Ongoing GDPR Compliance – Part III: Tools
The new European Union EU-wide General Data Protection Regulation GDPR was signed into law in late April 2016, and the compliance deadline came into effect on May 25, 2018. The Regulation is expansive and covers a variety of subject areas, provisions, and actions in the form of documented Article...
DevOps-Ready WAF: Scaling Security for a More Agile Environment
With the maturation of DevOps, the growing concern around the security and compliance of more agile application development systems has made 2018 the year for DevSecOps. According to a study by Gartner, over 80% of development teams will have embedded DevSecOps by 2021. When evaluating how a WAF...