1017 matches found
Imperva Snapshot™ Scan: What You Can Find in the Report
Imperva Snapshot is a free AWS RDS security assessment tool. You can use this tool to gain in-depth visibility into your data and get a deep understanding about what data resides in your RDS and where your RDS database security gaps are. Acquiring this intelligence is a key element and critical...
Relay races, batons, and techniques: How to improve your cloud security posture
In 2008, the US 4x100m relay team was the favorite to win the gold medal at the Beijing Olympics. Not a massive surprise, considering that team included the second fastest athlete in history, Tyson Gay. It was a great shock though when the team blundered on the last exchange, dropping the baton,...
5 Things We’ve Learned About CVE-2021-44228
Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that we’ve learned from analyzing a subset of our overall global network traffic. Attac...
Ransom DDoS Enters its Fourth Wave
Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...
Build successful data security evaluation criteria with help from your peers
When you evaluate data security products it is imperative to have the end goal in sight. If you look forward 365 days from now, what is the best way to predict how your team will use the product so that you can communicate the value that it will provide? One approach is to examine operational...
Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions
Since it was disclosed on Friday, December 11, I have spoken with many customers about CVE-2021-44228 and the ways Imperva is working to ensure that they are protected. Countless others have contacted us with questions about ways to mitigate the impact from the Log4j vulnerability. In the spirit ...
New research reveals that one third of all log-in attempts on eCommerce sites are malicious
What do humans and bots have in common? A love for visiting online shopping sites: more than half 57% of all attacks on retail websites in 2021 were carried out by bots, compared to 33% for all other industries. It gets worse: a third of all log-in attempts on retail eCommerce websites are accoun...
How We’re Protecting Customers & Staying Ahead of CVE-2021-44228
CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, the team at LunaSec has an excellent...
Grinchbots strike again this holiday shopping season as bot traffic spikes 73%
The days are getting chilly, holiday drinks are back on the menu at your favorite café and family gatherings are planned. In an almost pavlovian response, Grinchbots have also returned in record levels to ruin your online holiday shopping experience. In the State of Security Within eCommerce in...
7 data privacy solution features your organization needs to have
The worldwide data privacy regulation landscape is changing National laws and state/provincial laws continue to be enacted and strengthened to ensure their citizens’ data is protected and give individuals more control over how personal data is collected, used, and shared. No matter what industry...
New reforms will enhance the security and resilience of Australia’s critical infrastructure
Improving the security of critical infrastructure has become the focus of many governments around the world, including Australia. This is because a failure or disruption in one area of critical infrastructure can have flow on effects that affect a nation’s security, economy and sovereignty. In th...
The cost of data security – it’s not just about the numbers
Organizations striving to improve their security posture often find this a multi-faceted challenge. In addition to the security product evaluation itself, security budgets are tight and justification is a necessary step. Financial language, however, is not everyone’s forte - and fiscal presentati...
Scalpers, and their bot armies, swing in to net web-based Spiderman tickets
29 November 2021 was “Spider Monday” and tickets for Marvel’s film Spider-Man: No Way Home went on sale with the sort of marketing fervor for which Disney and the Marvel Cinematic Universe MCU are famous. As tickets to one of the most eagerly anticipated Christmas films featuring one of the most...
Annual Imperva Hackathon Inspires 2022 Product Roadmap
Bold ideas, diverse thought and challenging the status quo sum up the Imperva state-of-mind. We’re always looking to inspire the next big innovation that can transform the future of the cybersecurity industry. But if there’s anything the past year and a half has taught us, it’s that transformativ...
The role of runtime protection in eCommerce security
What is e-commerce security? E-commerce security is the set of guidelines that are designed to allow safe transactions on the web. These guidelines include steps and protocols that help protect the sale and purchase of goods and services online. Appropriate e-commerce security measures boost...
Holiday “to-do list” for cybersecurity professionals working in eCommerce
The period from mid-November to the end of the year is always particularly stressful for cybersecurity professionals in the eCommerce space. It seems like every hacker and cyber criminal on earth is trying even harder to steal customers’ data or stop digital business operations. And the reason it...
By the Numbers: The State of Security in eCommerce
The ongoing global pandemic has accelerated eCommerce growth and pushed more consumers online. More consumers mean a larger threat landscape and ensure that cybersecurity issues remain a significant, ongoing challenge for the retail industry. Based on a 12-month analysis by Imperva Research Labs,...
How Imperva Leverages AWS to Help Customers Prevent Attacks
At Imperva, we’re passionate about being a trusted security partner for our customers, so we continually invest in the availability, resiliency, and scalability of our global network. We’ve made significant investments over the past year to expand our cloud footprint, including rebuilding and...
Protecting today’s web applications requires more than a firewall
The way organizations build web applications has changed dramatically over the last several years. As a result, many organizations are considering additional security strategies to augment the Web Application Firewall WAF on which they have relied to protect critical digital business operations...
Wake up and smell the Javascript – website supply chain puts online retail at risk
There are more than 1.8 billion websites online today, and almost 98% of them are powered by JavaScript. There’s a good reason for this: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But what happens when that same functionality...
With SLAs for DDoS Mitigation, the devil is in the details
When it comes to choosing the right DDoS protection there are many factors to consider including Network Capacity, Reliability, Service, Price and Time to Mitigation TTM. In a recent survey, we asked participants what factor they considered most critical when choosing a DDoS protection solution...
Why you need to rethink your data security strategy and go beyond DLP
The increasing frequency and scale of data breaches has highlighted the need for organizations to rethink their approach to data security. Data Loss Prevention DLP technologies have been around for decades and formed a large part of many organizations’ data protection strategies. However, there i...
Best practices in WAF gateways to meet the demands of digital transformation
Every day, digital transformation is changing every organization’s threat landscape. As a result, they are facing a dilemma about where and how to deploy their application security solution. One of the most common approaches that organizations take is to deploy a reverse proxy security solution i...
Infographic: What is the economic impact of a data security platform?
Data security is important regardless of how your organization approaches cybersecurity. Whether it’s a protection-first approach, detection and remediation, or somewhere in between, data security enables organizations to inform on risk posture, protect against unauthorized data access and may...
Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021
The eCommerce industry has gone through years worth of changes in a matter of just a mere couple of months as the global pandemic emerged back in March of 2020. These changes have led to skyrocketing growth for the industry, with sales predicted to hit $4.921 trillion by the end of this year. And...
Lead a Cross-Organization Test Automation Project Fearlessly!
Last year, Imperva initiated a cross-organizational software project focused on creating a new management console and I had the privilege to lead its test automation effort. In this blog, I will explain the challenges we faced as technical leaders in executing the project and reveal the solutions...
Imperva Recognized as a Best Place to Work in Israel
It is not easy and takes many things to create a winning workplace, including and certainly not limited to: a vibrant culture, a balanced approach to professional and personal life, career advancement opportunities and, most importantly, a group of talented, world-class professionals who care abo...
Your inbox is mine. How attackers could gain continuous access to your email
Although new messaging apps like WhatsApp, Telegram, and Messenger have taken a large chunk of our day to day communications, email remains one of the most popular ways we communicate. In this post we’ll talk about the post exploitation of a vulnerability we recently disclosed to one of the most...
Caveat Cyber Emptor: 3 Ways to Protect Sensitive Personal Data this Online Shopping Season
The phrase caveat emptor, Latin for “let the buyer beware”, has long been a warning to carefully scrutinize the quality and suitability of goods before making a purchase. In the world of eCommerce, caveat emptor has a whole new meaning. After meticulously researching any number of crowdsourcing...
Recent NPM package hack is an alarming reminder of the risks of website supply-chain fraud
There are over 1.8 billion websites online today. Almost 98% of them are powered by JavaScript, and for a good reason: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But when that same functionality becomes a significant vector for...
5 elements to include in a cybersecurity strategy for any size business
Whether you obsess about cybersecurity every day or you are completely new to the process, there are certain things that you should consider to make your company’s cybersecurity strategy successful. In this post, we’ll reveal five elements you should include in your strategy, regardless of whethe...
How RASP Protects Apache Servers from zero-day Path Traversal Attacks (CVE-2021-41773)
In late September of 2021, a path traversal and file disclosure vulnerability was disclosed and reported as CVE-2021-41773 in Apache HTTP Server version 2.4.29. Both Windows and Linux servers are affected. This vulnerability, which occurs via remote code execution RCE, exposes a path traversal bu...
The FP Paradox on the battlefield against COVID-19 and cyber threats
Lets consider for a moment the “next” communicable virus. You show no symptoms but you try a home testing kit anyway, expecting the result to be negative. To your great surprise, the result is positive! The information enclosed in the testing kit package explained that the test results are nearly...
Six paths to a job in cybersecurity
Like many high-tech businesses, the cybersecurity industry is facing a widening skills gap. One of the main reasons why many companies do not have effective data security practices is the lack of actual skilled cybersecurity practitioners. In a November 2019 report, the International Information...
Forrester report suggests Imperva Data Protection delivers high value and rapid ROI
In mid-2021, Imperva commissioned Forrester Research to interview five current Imperva enterprise customers - two in the financial services industry and three in the insurance industry. The goal of the exercise was to gain insight into the economic impact of deploying the Imperva data security...
Why Now Is the Time to Jump into Cybersecurity and Join Imperva
Throughout history, periods of disruption are followed by eras of progress and transformation. While we are living through an unprecedented time, I believe we are on the cusp of another chapter of innovation — and I expect cybersecurity will be at the center of it. Cybersecurity Awareness Month, ...
DDoS attacks on VoIP and the urgent need for DDoS protection
VoIP companies have recently been the target of a series of ransom Distributed Denial of Service DDoS attacks around the globe with UK-based VoIP providers including VoIP Unlimited, and Quebec-based company VoIP.ms being hit by aggressive and sustained attacks destabilizing their infrastructure a...
Four Essential Features for a Database Security Strategy to Take on a Growing Threat Landscape
For a considerable time, many organizations have used three to five on-premise databases to manage their workloads, and many teams have tried to funnel every application into using those databases. Today, as the pressure to innovate while keeping costs low intensifies, organizations have started...
The ad blocker that injects ads
Deceptive ad injection is a growing concern on the internet today, affecting many people browsing the web. And while the concept isn’t new Google stated it was the most common complaint amongst Chrome users back in 2015, just like with other online threats, bad actors are constantly refining thei...
10 Phishing Stats That’ll Make Your C-Suite Think
Wanting to run a phishing simulation is one thing, but persuading colleagues of the importance of doing so is another. You need to keep your organization safe, not just satisfy basic compliance requirements. You need to improve security awareness and colleague behaviors, throughout your...
Learning how MTU and MSS work is key to using DDoS Protection as a Service
Maximum Transmit Unit MTU and Maximum Segment Size MSS are two important terms you should be familiar with when venturing into the world of networking, especially if you are working with GRE and IPSEC tunnels. And if you are looking to use DDoS Protection as a service, you will need to know how M...
A security architect’s POV on a mature data-centric security program, Part 3
In part one of this series, you learned about the challenges associated with accessing, and searching long-term retained database activity logs and identifying sensitive customer data to comply with stricter compliance regulations. In part two, you gained insight into how security professionals c...
Serverless protection for execution environments made easy
Serverless computing is transforming the way we build, ship, automate, and scale applications. With no infrastructure to manage, organizations can move from ideation to market faster, with virtually no operational overhead. Consequently, these enterprises can now focus on just the code that serve...
How to help your DevOps teams become integral to your cybersecurity strategy
What happens when an unstoppable force meets an immovable object? It’s a classic paradox, but anyone who has witnessed the relationship between SecOps and DevOps teams in any enterprise may have an inkling of how that might unfold. There is nothing new about the contentious relationship between...
Getting to Know Cybersecurity Awareness Month Champion: Imperva
As a cybersecurity industry leader, it is both our responsibility and our pleasure to work with the National Cyber Security Alliance NCSA and the Cybersecurity and Infrastructure Agency CISA of the U.S. Department of Homeland Security as a 2021 Cybersecurity Awareness Month Champion and to join...
A security architect’s POV on a mature data-centric security program, Part 2
In part one of this series, we explored the challenges associated with accessing and searching long-term retained database activity logs, and identifying sensitive customer data to comply with stricter compliance regulations. In this post, you’ll see through a security architect’s eyes the...
Imperva Cloud Data Security adds Azure SQL support to build on extensive DBaaS coverage
It’s kind of mind boggling to see just how fast the market is adopting cloud managed database services also referred to as DBaaS. According to market research firm Imarc Group, In 2020, the overall market size was $12.8 billion, and within five years it’s expected to reach over $31 billion. That’...
Fostering the Next Generation of Female Technologists at Imperva
Today marks the start of the 2021 Grace Hopper Celebration, the largest gathering of female technology leaders in the world. Last year, over 40,000 women from 117 different countries attended virtually, bringing together their research and career interests to help inform and inspire others. As...
Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection
2021 has seen a lot of change. Billionaires now go where only governments and Red Bull gimmicks could go before. The 2020 Olympics didn’t take place in 2020. Tom Brady won his 7th Super Bowl for a completely new franchise those of you in the US get this reference. Similar change in application...
How to mitigate security vulnerabilities automatically with RASP
In a world where DevOps is oiling the wheels of accelerated software development, it’s hardly surprising that automation, code re-use and third-party libraries are integral parts of our high-speed app development cycle. But what happens when the pace of development outstrips security? Or when the...