1025 matches found
Challenges of Big Data Security – Whiteboard Wednesday [Video]
Database security best practices are also applicable for big data environments. The question is how to achieve security and compliance for big data environments given the challenges they present. Issues of volume, scale, and multiple layers/technologies/instances make for a uniquely complex...
Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin
A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and allows for SQL injection via the sorting parameter due to insufficient input...
Adobe ColdFusion vulnerabilities mitigated by Imperva
Several vulnerabilities in Adobe ColdFusion have been discovered recently, tracked as CVE-2023-29300, CVE-2023-38205, and CVE-2023-29298. These vulnerabilities, which can be exploited to allow arbitrary code execution and bypass access controls, affect several ColdFusion versions since 2016...
Imperva’s WAF Gateway 14.4 Protects Enterprises for the Post-COVID Era
Whether it’s called the New Normal or Next Normal era, COVID-19 has impacted all businesses worldwide and accelerated their digital transformation initiatives during this new post-pandemic era. Whether it’s from a recent retail trend like omnichannel commerce or a newly defined, post-COVID practi...
The Data Breach ‘Kill Chain’: Early Detection is Key
Today, organizations rely heavily on data, with a big portion of that data made up of sensitive information. As organizations become the custodians of more and more sensitive information, the frequency of data breaches increases accordingly. In some cases, the origin of a data breach is outside o...
Indonesian Hacker Group Cashes In On Blockbuster Movie Titles
When breaking the law isn't a barrier, there’s always a way to make a quick buck. We see it every day, and this time from an Indonesian cybercrime campaign infecting vulnerable websites by luring their visitors to a network of scam websites using blockbuster movies. The attack part I: Recruiting...
Clustering App Attacks with Machine Learning Part 2: Calculating Distance
In our previous post in this series we discussed our motivation to cluster attacks on apps, the data we used and how we enriched it by extracting more meaningful features out of the raw data. We talked about the many features that can be extracted from IP and URL. In this blog post we’ll discuss...
New research shows 75% of ‘open’ Redis servers infected
Since our initial report on the RedisWannaMine attack that propagates through open Redis and Windows servers, we’ve been hearing about more and more attacks on Redis servers. Redis is a great tool, it can serve as in-memory distributed database, cache or a message broker and is widely popular...
How to Protect AWS ECS with SecureSphere WAF
Adoption of container technology is growing widely. More and more workloads are being transferred from traditional EC2 compute instances to container-based services. However, the need for securing the web traffic remains the same regardless of the elected platform. In this post, we’ll deep dive...
Q2 2017 Global DDoS Threat Landscape Report
This week we released our latest Global DDoS Threat Landscape Report, a statistical analysis of more than 15,000 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q2 2017. This quarter, for the fifth one in a row, we saw a decrease in the number of network...
Top Insider Threat Concern? Careless Users. [Survey]
It’s been a busy year thus far in the cybercrime world with the stakes seeming to grow higher every month. Just last month, insider threats were making headlines with a news report that Reality Winner, a contractor for the National Security Association with a top-level security clearance, leaked...
Top five insights from the 2021 CyberEdge Cyberthreat Defense Report
For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is based upon data from 1,200 qualified IT security...
Is It Time to Consider Replacing Your CDN?
Content delivery networks CDNs are the pipelines of the Internet. Working behind the scenes, they are reshaping how information is consumed online, accelerating web traffic, enhancing user experience, and providing every website with the ability to truly go global. As you may imagine, any...
Reprioritizing security requirements for 2021
To say 2020 was a strange year would be an understatement. Among the effects of the global pandemic were major changes in where and how people work and accelerated commitments to organizational digital transformation. Cyber attackers weren’t shy about taking advantage of the blind spots these...
New Imperva Framework: Accelerating the development of large scale solutions with “Stepping”
Handling large amounts of data at scale is a common task in the high-tech industry nowadays. To address this challenge many frameworks have been developed and made publicly available such as distributed messaging queues, distributed databases, lightweight protocols and caching servers, among...
Hey Belfast, Imperva’s Moving Into The Neighborhood
As a local, I’m very excited to be Imperva’s first Belfast hire, in charge of spinning up the operation in our new European location. Imperva provides best-in-class data and application security solutions on premises, in the cloud, and in hybrid environments. As we position ourselves for the next...
Imperva Joins Global Cybersecurity Tech Accord
Imperva is dedicated to the global fight to keep people's data and applications safe from cybercriminals. What this means for our Imperva Threat Research team is that we spend a lot of time researching new cyber attacks, creating mitigations and writing powerful software. We believe that nothing...
Bo Knows Security – Whiteboard Wednesday [Video]
October is National Cyber Security Awareness Month NCSAM and to address this week's theme of "Cybersecurity in the Workplace is Everyone’s Business" our Whiteboard Wednesday this month features Bo Kim, head of information security at Imperva. When it comes to building a security program, focusing...
Five Key Takeaways from the 2024 Imperva Bad Bot Report
Bad bots continue to affect consumers and organizations across all sectors. For over eleven years, Imperva has been dedicated to helping organizations manage and mitigate the threat of bad bots. We’ve published the 2024 Imperva Bad Bot Report as part of our commitment to helping organizations...
Enhanced Security at the Edge with Imperva DNS Protection
Your website is the gateway to your business and the potential for disruption of your site or damage to your web infrastructure makes DNS security a serious consideration for organizations. The criticality of DNS Services for ensuring network connectivity and website availability make them a hot...
Imperva’s Mobile Security App
How many apps do you currently have on your mobile device? Is this number a total across both your personal and professional devices? Did you know that between Android’s Google Play Store and Apple’s App Store, there are between 2.2 and 2.8 million apps available to download? Did you know that,...
On-Premises API Security on Kubernetes: What It Actually Looks Like in Practice
Let’s Talk About Where Your APIs Actually Run Quick answer: On-premises API security keeps API discovery, detection, and enforcement inside your own perimeter instead of a third-party cloud—the model regulated industries need. Deploying it natively on Kubernetes sidecar sensors → a discovery...
Five Tips to Impress at Your CISO Job Interview
Chief Information Security Officers CISOs are in demand and the lack of experienced candidates, coupled with the evolving required skill set, helped make it the highest paying tech job in 2020. With 100% of large corporations Fortune 500, Global 2000 forecast to have a CISO or equivalent position...
Analysis of 100 Data Breaches: Part 2, What are the root causes of breaches?
As we discussed in Part 1 of this series, Imperva’s Security Labs continuously monitor cyber threat levels around the world and report on them. In the last post, we reported the breakdown of the specific types of data that get stolen and explained what organizations needed to do to mitigate the...
Lessons Learned from 100 Data Breaches: Part 1, What Specific Types of Data Get Stolen?
As part of Imperva’s Security Labs’ ongoing efforts to monitor and report on the current Application and Data Security Threat landscape, we studied and analyzed over 100 of the largest and best-known data breaches of the last decade. Download the full report, Lessons Learned From Analyzing 100 Da...
The Pitfalls of DIY Security for Your AWS RDS Databases
AWS RDS enables easy DIY database provisioning The trend toward using Database as a Service DBaaS is unmistakable. Organizations are leveraging DBaaS flexibility to bring new products and services to market faster, or to save time and money by reducing the cost and complexity of their database...
The Zero Trust Approach to Data Security – 2020 Trend #2
As 2019 comes to an end, our security experts are looking ahead to the new year to predict cybersecurity trends that will shape the landscape in 2020. Imperva CTO Kunal Anand blogged about his “Top 5 Cybersecurity Trends to Prepare for in 2020,” last week. This week, we’re digging deeper into his...
Celebrate Cybersecurity Awareness Month with These Tips From a Survey of 1,200 Security Pros
Held every October, National Cybersecurity Awareness Month NCSAM is a collaborative effort between government and industry meant to raise awareness about the importance of cybersecurity. NCSAM is focused largely on consumer awareness, but for cybersecurity leaders, it is also a great opportunity ...
Sensitive Data Access: Where Traditional UBA Solutions Fall Short – Whiteboard Wednesday [Video]
In today’s global information economy an ever-increasing amount of sensitive data is collected, used, exchanged, analyzed, and retained. And with that comes an ever-increasing number of accidental or intentional data breaches. Identifying inappropriate access to data is paramount in stopping a...
Infographic: Bad Bot Sophistication Levels
All bad bots interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform ...
2020 Ends With A Bang
December 2020 was an eventful month in cyber security. This blog recaps three of the major security events we saw towards the end of last year. December began with FireEye’s breach announcement that included a leak of its red team tools arsenal. Quickly after this announcement, Imperva Threat...
5 Things to Know About Imperva RASP
Imperva Runtime Application Self-Protection RASP is a server-side security solution for applications, providing application security by default. Here are 5 things to know about Imperva RASP: 1. RASP and a WAF are complementary While a cloud-based web application firewall keeps previously known ba...
2019 Global DDoS Threat Landscape Report
Today Imperva Research Labs, made up of senior researchers and industry experts who have been delivering sound and valid advice for over 15 years, is releasing a brand new Global DDoS Threat Landscape Report. The report is a statistical analysis of 3,643 network layer DDoS attacks throughout 2019...
Imperva Cloud Security Now Available Through UK Government’s GCloud 10 Digital Marketplace
Building on the success of Imperva listing our market-leading, single stack Incapsula cloud platform for DDOS protection; CDN; load balancing and WAF on the GCloud 9 framework, Imperva has now added more products to the GCloud 10 portfolio. As the UK pushes for even greater digital adoption on a...
Zero to Account Takeover: How I ‘Impersonated’ Someone Else Using Auth0
Since the publication of this blog, attempts have been made to discredit our findings, methodology and accuracy. Imperva stands by our research. Our findings were reported to Auth0 as part of their own bug bounty program, following their official process. Auth0 was kept informed of our findings a...
Top Five Trends IT Security Pros Need to Think About Going into 2018
It’s that time of the year when we look back at the tech trends of 2017 to provide us with a hint of things to come. Accordingly, let’s engage in our favorite end-of-year pastime: predictions about the coming year. Equipped with Imperva’s own research, interactions with our customers, and a wealt...
Critical Infrastructure and Cyber Security
Before the recent natural disasters, I could describe to you how we as a community might recover after a cyberattack to our critical infrastructure, but it would be hard to imagine. Some may argue that it would be too extreme of a scenario to consider and that we would never get to the point wher...
Uncover Sensitive Data with the Classifier Tool
Understanding what sensitive data resides in your enterprise database is a critical step in securing your data. Imperva offers Classifier, a free data classification tool that allows you to quickly uncover sensitive data in your database. Classifier contains over 250 search rules for popular...
Why Care About Data-Centric Security?
It’s no surprise that data breaches are evolving and becoming increasingly more complex. According to the Verizon 2017 Data Breach Investigation Report, data breaches are “complex affairs often involving some combination of human factors, hardware devices, exploited configurations or malicious...
Python’s Poisoned Package: Another ‘Blank Grabber’ Malware in PyPI
Python Package Index PyPI is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform’s repository aimed at delivering malware to steal the victims information, or more frequently, to...
How to build a security-first culture with remote teams
If recent world events have driven an increase in the number of remote workers in your organization, you are now confronted by even more security challenges for already stretched security teams and busy IT departments. Sixty-one percent of CISOs are more concerned about security risks targeting...
Top Four Reasons for Data Loss from Databases (and what to do about it)
The need for data loss prevention DLP is well understood by IT security practitioners. As organizations embrace cloud-based managed database services such as Amazon RDS and Amazon Redshift, these risks don’t go away, and in many ways become more serious. Although AWS takes the security of their...
Implementing Privacy in a Real World Application
Background Whenever Personally Identifiable Information PII is involved, it is wise to encrypt it from the get go. Strong encryption coupled with need-to-know access is key to gaining the trust of your customers and protecting their privacy. And it’s often required by ever-evolving data privacy...
NIST Recognizes RASP as Critical to Lowering Risk
The United States Congress ratified the Cybersecurity Framework set forth by the National Institute of Standards and Technology NIST in 2014 to standardize the practices and controls that mitigate constantly evolving cyberthreats. The framework has been adopted by federal and local government...
Key Findings from the 2020 Cyberthreat Defense Report
The new 2020 Cyberthreat Defense Report CDR released this week. Now in its seventh year, the annual report provides a look at how global cybersecurity professionals perceive threats and plan to defend against them. The CDR enables cybersecurity professionals to benchmark their company’s security...
Cloud Migration Fundamentals
The advantages offered by a cloud-based environment make it an easy decision for most companies to make. Still, there are numerous critical choices to be made that can transform the complexities of the migration process into a relatively smooth transition—especially regarding application and data...
Encryption: Pros and Cons
The expression “when you are a hammer, everything is a nail” has a curious background. The concept belongs to a generalized law of the instrument which is a cognitive bias that occurs by being overly familiar with certain tools, and the likelihood of force-fitting problems to the tools at hand. A...
Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024
The State of API Security in 2024 Report highlights how APIs and their increased usage are significantly changing the threat landscape. In 2023, the number of API-targeted attacks rose significantly. Attacks targeting the business logic of APIs constituted 27% of attacks in 2023, a growth of 10%...
How to Create a Simulated Phishing Attack Across Your Company
Email is one of the many weapons at the disposal of bad actors on the Internet, and your employees are in the firing line. Attackers try to hide behind a trusted entity, sometimes even masquerading as a known vendor or even as a representative of a group within your own organization, like HR or I...
Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications
Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...