Azure SQL Database Security: 9 Features You Should Know

Databases are where organizations hold their “crown jewels” – their data. If you’re running or looking to run SQL on Azure, Azure provides security for the physical, logical, and data layers of services. Basic Azure SQL database security can be enabled using a variety of native security features...

Why You’re Not Making the Leap from Compliance to a Database Security Strategy

Gartner strongly recommends that the concept of “big data strategy” should be replaced with “making big data part of our everyday strategy.” Technology has created a database activity explosion for most enterprises and made traditional agent-based data logging, monitoring, and auditing far too...

jSonar to Begin a New Chapter in Collaboration

A message from JSonar co-founder and CTO, Ron Bennatan. My wife complains that I’m a boring person. I’ve been doing the same thing for 25 years now – databases, then security, then database security, then data security and then some data lake security. But by that account Tom Brady is a boring...

Five Tips to Impress at Your CISO Job Interview

Chief Information Security Officers CISOs are in demand and the lack of experienced candidates, coupled with the evolving required skill set, helped make it the highest paying tech job in 2020. With 100% of large corporations Fortune 500, Global 2000 forecast to have a CISO or equivalent position...

Mitigating attacks in serverless environments

Serverless computing has become the fastest-growing segment in the cloud services market. The benefits are clear and significant: cost savings and lower operational overhead, giving development teams full control over code and flexibility in the infrastructure. This also means that, in terms of...

Do CAPTCHAs work and what’s the alternative?

We know youre busy, so the answer is “No”. Users want less friction, and a good bot detection and mitigation solution will do the job MUCH better. The first lesson on the first day of UI school is that users want the path of least resistance. While the gamification of cybersecurity does have a...

Gartner report recommends a smart approach to enterprises needing to incorporate data privacy capabilities to manage evolving regulatory guidelines

In a recent Gartner report The State of Privacy and Personal Data Protection, 2020-2022, the authors assume that “through 2022, privacy-driven spending on compliance tooling will increase to more than US$8 billion worldwide. By 2023, 65 percent of the world’s population will have its personal...

Infographic: Bad Bot Sophistication Levels

All bad bots interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform ...

Top five insights from the 2021 CyberEdge Cyberthreat Defense Report

For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is based upon data from 1,200 qualified IT security...

Know your enemy! The four types of cyber attackers trying to breach your security today

As business needs compel organizations to manage an ever-increasing number of database types, both on-premise and in the cloud, the threat surface has also become larger and far more difficult to manage effectively. The bad actors out there know this, too. They are constantly probing, testing, an...

How to Create a Simulated Phishing Attack Across Your Company

Email is one of the many weapons at the disposal of bad actors on the Internet, and your employees are in the firing line. Attackers try to hide behind a trusted entity, sometimes even masquerading as a known vendor or even as a representative of a group within your own organization, like HR or I...

Infographic: How Do You Stop Bad Bots?

According to Imperva’s Bad Bot Report 2021, bad bot traffic has maintained its upwards trend, amounting to 25.6 percent of all traffic in 2020, an all-time high. Combined with good bot traffic, 40.8 percent of internet traffic in 2020 wasn’t human, as human traffic decreased by 5.7 percent to 59....

Lessons Learned from 100 Data Breaches: Part 4, Trends in Average Volumes of Stolen Records

Imperva research shows an increase in the volume of data stolen every year. In 2020, we started to see more and more breaches that exfiltrate records in billions. Based on the analysis of thousands of data breach details published on dbdigest, we made calculations on the raw data and found some...

Imperva delivers mile high performance and protection with new PoPs in Denver and Dublin

We are very pleased to announce that we are extending our global coverage with the addition of two new PoPs points of presence in Denver in the US and Dublin, Ireland. The new PoPs will enhance Imperva’s existing network to provide enhanced protection against distributed denial of service DDoS...

Lessons Learned from 100 Data Breaches: Part 3, Securing Public Cloud Services

In the first two parts of this series, we gained insight into what specific types of data get stolen and what the root causes of breaches are, based on data breach information that Imperva’s Security Labs’ gathered, studied, and analyzed over the last ten years. You can get the full report, Lesso...

Infographic: What Are Bad Bots Doing?

By now, anyone with even a passing interest in how the Web functions has heard of bots. Most people understand that there are good and bad bots. Legitimate bots like Googlebot, an application used by Google to crawl the Internet and index it for search, and others like it represent tremendous...

Analysis of 100 Data Breaches: Part 2, What are the root causes of breaches?

As we discussed in Part 1 of this series, Imperva’s Security Labs continuously monitor cyber threat levels around the world and report on them. In the last post, we reported the breakdown of the specific types of data that get stolen and explained what organizations needed to do to mitigate the...

Bad bots continue to evolve. Your mitigation strategy should, too.

With the global pandemic continuing to catalyze digitalization, we’ve seen two years worth of digital transformation take place in a mere two months, according to Microsoft CEO Satya Nadella. Clearly, bad actors are capitalizing on the opportunities that digital transformation creates, as more da...

Lessons Learned from 100 Data Breaches: Part 1, What Specific Types of Data Get Stolen?

As part of Imperva’s Security Labs’ ongoing efforts to monitor and report on the current Application and Data Security Threat landscape, we studied and analyzed over 100 of the largest and best-known data breaches of the last decade. Download the full report, Lessons Learned From Analyzing 100 Da...

Making Diversity and Inclusion a Business Imperative at Imperva

To create meaningful change, you need to be the difference you wish to see in the world. At Imperva, we’re taking meaningful action and investing to create a workplace that brings together all voices, experiences and identities. We recognize that true innovation requires diversity of thought,...

Is It Time to Consider Replacing Your CDN?

Content delivery networks CDNs are the pipelines of the Internet. Working behind the scenes, they are reshaping how information is consumed online, accelerating web traffic, enhancing user experience, and providing every website with the ability to truly go global. As you may imagine, any...

Infographic: How Are Bad Bots Hurting Your Business?

Bad bots are software applications which run automated tasks with malicious intent over the internet. They scrape data from sites without permission in order to reuse it and gain a competitive edge e.g. pricing, inventory levels, proprietary content, etc.. They are used for scalping, the act of...

Gaining Insights Is Fundamental for API Security

As enterprises continue their digital transformation journey in this Post-COVID era, applications are the engine that drives their business growth. Whether it’s a digital-first enterprise or one that is accelerating its digital transformation initiatives, APIs are not only opening up systems so...

Imperva’s WAF Gateway 14.4 Protects Enterprises for the Post-COVID Era

Whether it’s called the New Normal or Next Normal era, COVID-19 has impacted all businesses worldwide and accelerated their digital transformation initiatives during this new post-pandemic era. Whether it’s from a recent retail trend like omnichannel commerce or a newly defined, post-COVID practi...

Why adopt a data-centric solution for data privacy?

Enterprises understand the importance of having access to their consumers personal information. This data enables them to more easily build personal relationships with their audiences, using what they know about that audience to provide tailored experiences and recommendations. The internet has...

Top Four Reasons for Data Loss from Databases (and what to do about it)

The need for data loss prevention DLP is well understood by IT security practitioners. As organizations embrace cloud-based managed database services such as Amazon RDS and Amazon Redshift, these risks don’t go away, and in many ways become more serious. Although AWS takes the security of their...

Why Geek Pride Day is Something to be Proud Of

It’s fair to say that the majority of us who work in cybersecurity are ‘of a certain mindset’. There’s something that comes with the culture and tradition of personal computing, coding, and data that fosters an interest in elements of geek counter culture. Happy to wear our fandoms, obsessions, a...

Imperva® Offers Free Serverless Protection for AWS Lambda

Just as other instant computing infrastructures have done in the past, Function-as-a-Service FaaS now enables DevOps teams to deploy applications more efficiently at a fraction of the cost. AWS Lambda, Amazon Web Services’ AWS serverless approach to infrastructure, enables companies to go-to-mark...

Web Scraping: The Fine Line Between Business Intelligence and Data Privacy Violation. Is it Legal?

Web Scraping is the use of automated software also known as bots to extract content and data from a website. It is also classified by the OWASP as an automated threat OAT-011. Web Scraping differs from Screen Scraping in that it can extract underlying HTML code and data that is stored in database...

Fast, Effective N-grams Extraction and Analysis with SQL

Features extraction is expensive, especially when dealing with big data. That’s why it’s great when you have the ability to preprocess close to the database - the data stays in the DB and doesn’t have to move out, unless necessary. One common approach for text data representation is N-grams...

JavaScript Fraud: More Than Just Magecart and Skimming

The global pandemic has driven a sharp rise in online traffic that provides fertile ground for attackers to execute a growing number of more sophisticated client-side attacks. For example, Magecart-style attacks are used to steal sensitive information by skimming data either through a first-party...

Sun Life Financial Turns to Imperva to Stop Vulnerabilities and Zero-Day Threats In Application Development Environments

Canadian financial services company saves time and money by relying on Imperva Runtime Protection RASP Sun Life Financial, a Canadian financial services company, discovered a critical vulnerability in nearly 600 of their WebLogic servers in production. With so much at risk, the financial firm...

From the Data Scientist’s Desk: How to Tune a Model Using Simple Analytics on the Feature Contribution Data

My story: My model looked good. It was as accurate as I wanted it to be and I was happy with it from one experiment to another. When I decided to change the test data set a bit, everything fell apart. Accuracy dropped and I had no clue why. I had to run the test again. And again. Ten tests later,...

How a DDoS Attack on an Internet Service Provider Can Paralyze Critical Infrastructure

The motivation behind Distributed Denial of Service DDoS attacks is often unknown. In some cases it might be cyber-vandalism, causing disruption for disruption’s sake. In other cases it might be down to hactivism, reaction to a cause or an event. And while DDoS attacks on business enterprises can...

Imperva® Opens the first dedicated DDoS scrubbing center in Santiago, Chile

Imperva is excited to be further expanding our presence in Latin America by launching a new Point of Presence PoP in Santiago, Chile, in partnership with leading Chilean Telecommunications provider Entel Corporations. Located within Entel’s gold-standard Ciudad de Los Valles datacenter, which has...

Why now is the time to make database security a priority

Today, fast-growing organizations are generating data at a breakneck pace, and building up diverse database environments in order to store and share data more effectively. While these activities are the sign of a thriving business, governing and securing all this data rarely meets the pace of new...

Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications

Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...

Imperva to acquire CloudVector: Prioritizing API Protection for Modern Environments

I am excited to announce Imperva has entered into an agreement to acquire CloudVector to advance our mission to protect data and all paths to it. Together, we believe we can change what organizations expect from Web Application and API Protection solutions. There are multiple reasons APIs are at...

5 Ways Your Software Supply Chain is Out to Get You, Part 5: Hostile Takeover

We have come to the fifth and last part of this blog series on software supply chain attacks. Previously, we discussed four notorious supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, Exploit Open Source Libraries, and Dependency Confusion and provided insight into...

Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML

The reason behind buying a market-leading Web Application Firewall WAF is to protect your website and web applications from malicious attacks, plus complying with industry or regional data and privacy standards. In addition to the typical OWASP Top 10 vulnerabilities, WAFs need to address a litan...

5 Ways Your Software Supply Chain is Out to Get You, Part 4: Dependency Confusion

Previously, we discussed how three kinds of supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, and Exploit Open Source Libraries are threatening software supply chains, passing risk downstream to the organizations and users that trust and depend on them. In this...

5 Ways Your Software Supply Chain is Out to Get You, Part 3: Exploit Open Source Libraries

In previous posts, we explained how two kinds of supply chain attack methods, Vendor Compromise and Exploit Third Party Applications, are threatening software supply chains, transferring an extraordinary amount of risk downstream to the organizations and users that trust and depend on them. In th...

The Account Takeover Threat: A By-the-Numbers Breakdown

Identity theft has come a long way in the age of technology. The more data is available online, the greater the threat. In this blog we will dive into the different characteristics and statistics of real world Account Takeover attacks as recorded and mitigated by Imperva’s Advanced Bot Protection...

5 Ways Your Software Supply Chain is Out to Get You, Part 2: Exploit Third Party Applications

In Part 1 of this series, we explained how and why our software supply chain transfers an extraordinary amount of risk downstream to the organizations and users that trust and depend on it. We also presented evidence suggesting that 2021 may well be the year of the Software Supply Chain attack...

Bad Bot Traffic Breaks Records in 2020

Bad bots have long been a major illness plaguing the internet. As internet traffic reached new heights throughout the global pandemic, unfortunately so did bot traffic. In 2020, 40.8 percent of internet traffic wasn’t human, and 25.6 percent originated from bad bots. What have these bad bots been...

5 Ways Your Software Supply Chain is Out to Get You, Part 1: Vendor Compromise

Is 2021 the year of the software supply chain attack? In late 2020, an incredible story broke: US government agencies, including Commerce, Treasury, and Homeland Security, had been severely compromised through a malicious backdoor surreptitiously implanted into network management software supplie...

Top 5 Most Vicious Bad Bots

Classified by The Open Web Application Security Project OWASP as ‘automated threats’, bad bots can be used to perform a plethora of actions on the application layer, from basic requests to elaborate sessions with sophisticated requests. Some of these bots are more malicious than others. This make...

Bad Bot Report 2021: The Pandemic of the Internet

The 8th Annual Bad Bot Report is now available from Imperva. Created using data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad bot landscape and the impact that this malicious traffic has across multiple industries. Bad bot traffic amounted to 25.6 percent of all...

Imperva’s Comprehensive Data Security Platform for Cloud, Explained

Imperva recently introduced the industry’s first database-agnostic security platform specifically built for cloud. The Data Security solution unifies security management for organizations’ entire data environment, supporting databases wherever they’re hosted, including managed database services...

A Few Hours After the Publication: Dozens of Scanning Attempts for Vulnerable PHP Servers

On March 28th the official PHP Git repository was compromised in order to open a backdoor into many web servers. The attackers were able to gain access to the PHP official main Git server, uploading two malicious commits, including a backdoor. The malicious commits were discovered a few hours...