1025 matches found
Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense
Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...
72 Hours: Understanding the GDPR Data Breach Reporting Timeline
We're down to the wire with respect to the General Data Protection Regulation GDPR compliance deadline of May 25, 2018. Organizations that fail to comply could face fines of up to €20M roughly $22M or 4 percent of their annual global turnover from the prior year and we’ll soon see just how EU...
Imperva Python SDK – We’re All Consenting SecOps Here
Managing your WAF can be a complicated task. Custom policies, signatures, application profiles, gateway plugins… there’s a good reason ours is considered the best in the world. Back when security teams were in charge of just a handful of WAF stacks and a few dozen applications, things were...
Women in Tech and Career Spotlight: Michal Pal
We continue our articles focusing on the themes of National Cyber Security Awareness Month with the first of a series of articles spotlighting some of the women who work at Imperva. I spoke to Michal Pal, automation group manager for the Imperva Incapsula product line and got to know about what...
Imperva Protects Against Critical Apache OFBiz Vulnerability (CVE-2024-45195)
Recently, a critical vulnerability in the widely used Apache OFBiz framework was disclosed, designated CVE-2024-45195. This vulnerability allows for unauthenticated remote code execution RCE, making it an especially dangerous flaw for organizations using OFBiz in their business operations. An...
Imperva defends customers against CVE-2024-22024 in Ivanti products
Ivanti recently published an urgent warning about an authentication bypass in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, tracked as CVE-2024-22024. The bug, which carries a severity score of 8.3, was discovered during an internal review. Since its announcement on February 8,...
Shifting from reCAPTCHA to hCaptcha
We are adding another CAPTCHA vendor and helping our customers migrate from Googles reCAPTCHA to hCaptcha. Why We Are Making This Change We continuously evaluate our security measures to ensure they align with the evolving landscape of threats. After carefully evaluating several different CAPTCHA...
Six paths to a job in cybersecurity
Like many high-tech businesses, the cybersecurity industry is facing a widening skills gap. One of the main reasons why many companies do not have effective data security practices is the lack of actual skilled cybersecurity practitioners. In a November 2019 report, the International Information...
How to mitigate security vulnerabilities automatically with RASP
In a world where DevOps is oiling the wheels of accelerated software development, it’s hardly surprising that automation, code re-use and third-party libraries are integral parts of our high-speed app development cycle. But what happens when the pace of development outstrips security? Or when the...
Shorter, sharper DDoS attacks are on the rise – and attackers are sidestepping traditional mitigation approaches
Imagine that your network is under attack. A couple of minutes ago, you detected a large burst of traffic, out of nowhere. Now it’s in excess of 60 Gbps, and overwhelming your network. Your mitigation service hasn’t picked up the attack yet, and you’re just about to take a closer look when it sto...
Four features your data-centric security strategy must provide
Each year, the number of data breaches grows by 30%, underscoring the need for organizations to make data-centric security a business priority. Following the big data movement around the beginning of the 21st century, technological innovations have enabled companies to manage, store and process...
Imperva® Opens the first dedicated DDoS scrubbing center in Santiago, Chile
Imperva is excited to be further expanding our presence in Latin America by launching a new Point of Presence PoP in Santiago, Chile, in partnership with leading Chilean Telecommunications provider Entel Corporations. Located within Entel’s gold-standard Ciudad de Los Valles datacenter, which has...
Can security and compliance for managed database services be simple?
Actual Tech Media recently released a new entry in its Gorilla Guide series for IT professionals, focused on simplifying security and compliance for Database as a Service DBaaS. The Gorilla Guide To® Securing Database as a Service DBaaS features Imperva Cloud Data Security as a solution to help...
How bad bots are targeting the healthcare sector
Credential cracking, or password spraying, is one of the most effective ways for cybercriminals to get access to user accounts. It refers to the brute-force automated cracking, or pairing of usernames and passwords by using sophisticated high-speed bots. According to a National Cyber Awareness...
Attack Analytics Multi-Sensor Integrations Provide Unmatched Visibility
Since debuting Attack Analytics back in 2018, this groundbreaking security analytics functionality has come a long way. Time and again our customers have told us how powerful they find the tool and how much time it saves them. Attack Analytics better positions Imperva’s customers to focus on what...
Imperva Cloud WAF Customers Can Easily Integrate Advanced Bot Protection for Increased Security
Almost 25% of web traffic is bad bots, and only growing both in volume and sophistication. This information and more is available in Imperva’s annual Bad Bot Report 2020. What are bad bots? They are not benign. Bad bots plague websites, mobile applications, and APIs with the goal of high-speed an...
Botnet-led DDoS Attacks Are Hitting Record Intensities. Imperva is Mitigating All of Them.
DDoS attacks are usually ranked by the amount of bandwidth involved, such as the 2018 GitHub attack that peaked at 1.35 Terabits per second and is often cited as the largest DDoS attack ever. From Imperva’s long history of successfully mitigating DDoS attacks, we know that the TRUE measure of...
Will AI Change the Role of Cybersecurity?
Mention artificial intelligence AI and security and a lot of people think of Skynet from The Terminator movies. Sure enough, at a recent Bay Area Cyber Security Meetup group panel on AI and machine learning, it was moderator Alan Zeichick – technology analyst, journalist and speaker – who first...
Three Ways to Use Data Classification Scan Results
In July we launched Classifier, a free data classification tool that allows you to quickly and easily uncover sensitive data in your databases. Since its launch, the tool has been widely used around the globe, which comes as no surprise given the heightened focus on data protection. Furthermore,...
Addressing Data Across Borders for the GDPR
Most enterprises today do business across the globe, have databases in multiple countries and DBAs or users in different regions who have access to those databases. With GDPR mandating privacy requirements for personal data of European Union EU residents and visitors, it is important for an...
Challenges of Insider Threat Detection – Whiteboard Wednesday [Video]
Insider threat detection and containment of insider threats requires an expert understanding of both users and how they use and access enterprise data. In our first Whiteboard Wednesday, Drew Schuil, Vice President of Global Product Strategy at Imperva, talks about the challenges of insider threa...
Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report
In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...
Frida-JIT-unPacker: An Imperva Contribution to the Security Research Community, Presented at Black Hat Asia 2024
In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...
6 ways cybersecurity teams can save time and money
The phrase “time is money”, originally attributed to Benjamin Franklin, reprimands the slothful for wasting their working hours. As one of the founding fathers of the United States, Benjamin Franklin clearly never worked a day in cybersecurity. This is an area where fresh blood is hard to find to...
Imperva mitigated its largest attack as a provider of DDoS protection
In July, Imperva mitigated its largest attack as a provider of DDoS protection, and one of the largest DDoS attacks so far in 2021. The attack lasted for 40 minutes and generated a massive throughput of 1.02 terabytes per second Tbps and 155 million packets per second Mpps. Imperva also mitigated...
How to Empower Employees to be Secure and Productive
How can CISOs make cybersecurity positive, productive, inclusive, and maintain best practices across the enterprise? -- Do your staff feel valued and important in their roles? More than 65 percent of employees report they do not feel recognized at work, and 31 percent say theyre "engaged but feel...
Imperva® Offers Free Serverless Protection for AWS Lambda
Just as other instant computing infrastructures have done in the past, Function-as-a-Service FaaS now enables DevOps teams to deploy applications more efficiently at a fraction of the cost. AWS Lambda, Amazon Web Services’ AWS serverless approach to infrastructure, enables companies to go-to-mark...
How a DDoS Attack on an Internet Service Provider Can Paralyze Critical Infrastructure
The motivation behind Distributed Denial of Service DDoS attacks is often unknown. In some cases it might be cyber-vandalism, causing disruption for disruption’s sake. In other cases it might be down to hactivism, reaction to a cause or an event. And while DDoS attacks on business enterprises can...
The Coronavirus Pandemic Is Widening the Cybersecurity Skills Gap
While there are undoubtedly many major challenges within the world of cybersecurity, one of the principal roadblocks to the implementation of effective data security is the lack of skilled cybersecurity practitioners. In a November 2019 report, the International Information System Security...
Surge in online traffic increases risk to businesses
Imperva Research Labs has been monitoring the data across our thousands of customers since the outbreak of COVID-19. In reviewing anonymized data from our CyberThreat Index, we see new risks and several initial security implications from this pandemic for our customers and global businesses. We...
Why I joined Imperva
I’ve been in the cybersecurity industry for a couple of decades now, and the tech industry even longer. If there’s one thing I’ve learned across all my roles, it’s the value of focusing on customer experience. It sounds intuitive, right? I’m sure many of you are nodding your heads or giving me th...
Cloud Transformation – 2020 Trend #1
The Imperva team is closing out 2019 with a series on the cybersecurity trends we predict will shape the landscape in 2020. Last week, Imperva CTO Kunal Anand mined insights from our global customer base and our research team, Imperva Research Labs, to come up with his top five list of...
Imperva Defends Against Targeted Exploits Used By APT29 Hackers
Recently, U.S. and U.K. cyber agencies have warned of a renewed wave of attacks led by Russian APT29 hackers. These sophisticated threat actors have been actively exploiting vulnerabilities in Zimbra Collaboration Suite and JetBrains TeamCity, specifically CVE-2022-27924 and CVE-2023-42793, to...
HTTP/2 CONTINUATION Flood Vulnerability
HTTP/2, a widely adopted web communication protocol, organizes data transmission through a binary framing layer, wherein all communication is divided into smaller messages called frames, each identified by a specific type, such as headers, data, and continuation frames. HTTP/2 HEADER frames...
Imperva defends customers against recent vulnerabilities in Apache OFBiz
On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery SSRF by bypassing the program’s authentication. This...
The Haunted House of IoT: When Everyday Devices Turn Against You
In todays interconnected world, the Internet of Things IoT promises convenience and innovation. From smart fridges that tell you when youre out of milk to connected light bulbs that adjust to your mood, the future seems to be right at our fingertips. What happens when these devices, designed to...
Gartner report recommends a smart approach to enterprises needing to incorporate data privacy capabilities to manage evolving regulatory guidelines
In a recent Gartner report The State of Privacy and Personal Data Protection, 2020-2022, the authors assume that “through 2022, privacy-driven spending on compliance tooling will increase to more than US$8 billion worldwide. By 2023, 65 percent of the world’s population will have its personal...
Web Scraping: The Fine Line Between Business Intelligence and Data Privacy Violation. Is it Legal?
Web Scraping is the use of automated software also known as bots to extract content and data from a website. It is also classified by the OWASP as an automated threat OAT-011. Web Scraping differs from Screen Scraping in that it can extract underlying HTML code and data that is stored in database...
Questions to Ask Your Application Security Provider
There is a great deal to consider when evaluating application security providers. Understanding your goals will help. If your goal is vendor consolidation, then selecting those that offer multiple security capabilities over single products may make more sense. And if your goal is out-of-the-box...
Holidays Are Coming – the State of Security for E-commerce in 2020
With the Coronavirus pandemic driving consumers online, a new report from Imperva reveals how this year’s holiday shopping season will present online retailers with a level of traffic - and cyber-attack threats - like they’ve never seen before. Among the many effects of COVID-19 has been a huge...
Auditing Your Database – Is It Enough For Your Data Security Needs?
Audit trails have been a feature of databases for a long time, but are they still compatible with todays data security demands? What do you need to do, as a security officer, to get the most information about what’s happening to your company’s data? Are audit trail features impregnable to possibl...
How to Protect Holiday Shoppers from Bots and Scammers
It’s the most wonderful time of year for gift card scammers. With Black Friday, Cyber Monday and the holidays just around the corner, consumers will spend billions on gift cards for hard-to-shop-for friends, family, and colleagues. Imperva VP Tiffany Olson Kleemann was interviewed on Good Morning...
Stronger Together, Red Hat 3scale Integration
Most enterprises today rely on customers accessing their applications to conduct daily business. These enterprises know by now that application programming interfaces APIs are becoming more common than ever before to enable communication between applications and end users. Even though they are...
Fortnite Scammers Approaching $1m in Annual Takings
When something seems too good to be true, it probably is. It’s a hard lesson to learn and, in this case, one that’s being taught by scammers. The perpetrators are abusing the fact that online players of Battle Royale games may be very eager to get free in-game currency and items, and are willing ...
Botnets, Breaches, and the End of Defense in Depth: Our 2017 Cybersecurity Predictions in Review
As 2016 closed out, Imperva once again peered into its crystal ball. As usual, there was much to foretell regarding the ever-changing cybersecurity realm in 2017. We’ll be doing the same soon as we look ahead into 2018. But before we do, we like to assess how accurate we were against the...
Protecting Xero’s Cloud-Based Accounting Platform from Cyber Attacks
Meeting with customers is always insightful, and recently I got a chance to sit down with Aaron McKeown, head of security engineering and architecture at Xero, to talk about how they use Imperva SecureSphere for their cloud-hosted applications. Founded in 2006, Xero provides cloud accounting...
Imperva customers are protected against the recent GoAnywhere MFT vulnerability CVE-2024-0204
Recently, Fortra released a security advisory for CVE-2024-0204, a GoAnywhere MFT authentication bypass vulnerability. This bug allows an unauthenticated attacker to create an administrative user by exploiting an InitialAccountSetup.xhtml endpoint–accessible via path traversal–to initiate the...
How Cache Purge Helps Keep Your Website Content Fresh and Responsive
Content Delivery Networks CDNs accelerate web traffic across the internet through servers residing in strategic locations known as points of presence or PoPs across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...
How to Protect Against Data Lake Hacking
Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...
How to Secure All Your APIs Through Multiple Deployment Options
Imperva has invested in strengthening our API Security offering to meet the needs of customers since the acquisition of CloudVector in 2021. Since then, the product’s capabilities have expanded, positioning it as a leader in the growing API Security market. What makes Imperva API Security unique ...