Gartner report recommends a smart approach to enterprises needing to incorporate data privacy capabilities to manage evolving regulatory guidelines

In a recent Gartner report The State of Privacy and Personal Data Protection, 2020-2022, the authors assume that “through 2022, privacy-driven spending on compliance tooling will increase to more than US$8 billion worldwide. By 2023, 65 percent of the world’s population will have its personal...

Infographic: Bad Bot Sophistication Levels

All bad bots interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform ...

Top five insights from the 2021 CyberEdge Cyberthreat Defense Report

For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is based upon data from 1,200 qualified IT security...

Know your enemy! The four types of cyber attackers trying to breach your security today

As business needs compel organizations to manage an ever-increasing number of database types, both on-premise and in the cloud, the threat surface has also become larger and far more difficult to manage effectively. The bad actors out there know this, too. They are constantly probing, testing, an...

How to Create a Simulated Phishing Attack Across Your Company

Email is one of the many weapons at the disposal of bad actors on the Internet, and your employees are in the firing line. Attackers try to hide behind a trusted entity, sometimes even masquerading as a known vendor or even as a representative of a group within your own organization, like HR or I...

Infographic: How Do You Stop Bad Bots?

According to Imperva’s Bad Bot Report 2021, bad bot traffic has maintained its upwards trend, amounting to 25.6 percent of all traffic in 2020, an all-time high. Combined with good bot traffic, 40.8 percent of internet traffic in 2020 wasn’t human, as human traffic decreased by 5.7 percent to 59....

Lessons Learned from 100 Data Breaches: Part 4, Trends in Average Volumes of Stolen Records

Imperva research shows an increase in the volume of data stolen every year. In 2020, we started to see more and more breaches that exfiltrate records in billions. Based on the analysis of thousands of data breach details published on dbdigest, we made calculations on the raw data and found some...

Imperva delivers mile high performance and protection with new PoPs in Denver and Dublin

We are very pleased to announce that we are extending our global coverage with the addition of two new PoPs points of presence in Denver in the US and Dublin, Ireland. The new PoPs will enhance Imperva’s existing network to provide enhanced protection against distributed denial of service DDoS...

Lessons Learned from 100 Data Breaches: Part 3, Securing Public Cloud Services

In the first two parts of this series, we gained insight into what specific types of data get stolen and what the root causes of breaches are, based on data breach information that Imperva’s Security Labs’ gathered, studied, and analyzed over the last ten years. You can get the full report, Lesso...

Infographic: What Are Bad Bots Doing?

By now, anyone with even a passing interest in how the Web functions has heard of bots. Most people understand that there are good and bad bots. Legitimate bots like Googlebot, an application used by Google to crawl the Internet and index it for search, and others like it represent tremendous...

Analysis of 100 Data Breaches: Part 2, What are the root causes of breaches?

As we discussed in Part 1 of this series, Imperva’s Security Labs continuously monitor cyber threat levels around the world and report on them. In the last post, we reported the breakdown of the specific types of data that get stolen and explained what organizations needed to do to mitigate the...

Bad bots continue to evolve. Your mitigation strategy should, too.

With the global pandemic continuing to catalyze digitalization, we’ve seen two years worth of digital transformation take place in a mere two months, according to Microsoft CEO Satya Nadella. Clearly, bad actors are capitalizing on the opportunities that digital transformation creates, as more da...

Lessons Learned from 100 Data Breaches: Part 1, What Specific Types of Data Get Stolen?

As part of Imperva’s Security Labs’ ongoing efforts to monitor and report on the current Application and Data Security Threat landscape, we studied and analyzed over 100 of the largest and best-known data breaches of the last decade. Download the full report, Lessons Learned From Analyzing 100 Da...

Making Diversity and Inclusion a Business Imperative at Imperva

To create meaningful change, you need to be the difference you wish to see in the world. At Imperva, we’re taking meaningful action and investing to create a workplace that brings together all voices, experiences and identities. We recognize that true innovation requires diversity of thought,...

Is It Time to Consider Replacing Your CDN?

Content delivery networks CDNs are the pipelines of the Internet. Working behind the scenes, they are reshaping how information is consumed online, accelerating web traffic, enhancing user experience, and providing every website with the ability to truly go global. As you may imagine, any...

Infographic: How Are Bad Bots Hurting Your Business?

Bad bots are software applications which run automated tasks with malicious intent over the internet. They scrape data from sites without permission in order to reuse it and gain a competitive edge e.g. pricing, inventory levels, proprietary content, etc.. They are used for scalping, the act of...

Gaining Insights Is Fundamental for API Security

As enterprises continue their digital transformation journey in this Post-COVID era, applications are the engine that drives their business growth. Whether it’s a digital-first enterprise or one that is accelerating its digital transformation initiatives, APIs are not only opening up systems so...

Imperva’s WAF Gateway 14.4 Protects Enterprises for the Post-COVID Era

Whether it’s called the New Normal or Next Normal era, COVID-19 has impacted all businesses worldwide and accelerated their digital transformation initiatives during this new post-pandemic era. Whether it’s from a recent retail trend like omnichannel commerce or a newly defined, post-COVID practi...

Why adopt a data-centric solution for data privacy?

Enterprises understand the importance of having access to their consumers personal information. This data enables them to more easily build personal relationships with their audiences, using what they know about that audience to provide tailored experiences and recommendations. The internet has...

Top Four Reasons for Data Loss from Databases (and what to do about it)

The need for data loss prevention DLP is well understood by IT security practitioners. As organizations embrace cloud-based managed database services such as Amazon RDS and Amazon Redshift, these risks don’t go away, and in many ways become more serious. Although AWS takes the security of their...

Why Geek Pride Day is Something to be Proud Of

It’s fair to say that the majority of us who work in cybersecurity are ‘of a certain mindset’. There’s something that comes with the culture and tradition of personal computing, coding, and data that fosters an interest in elements of geek counter culture. Happy to wear our fandoms, obsessions, a...

Imperva® Offers Free Serverless Protection for AWS Lambda

Just as other instant computing infrastructures have done in the past, Function-as-a-Service FaaS now enables DevOps teams to deploy applications more efficiently at a fraction of the cost. AWS Lambda, Amazon Web Services’ AWS serverless approach to infrastructure, enables companies to go-to-mark...

Web Scraping: The Fine Line Between Business Intelligence and Data Privacy Violation. Is it Legal?

Web Scraping is the use of automated software also known as bots to extract content and data from a website. It is also classified by the OWASP as an automated threat OAT-011. Web Scraping differs from Screen Scraping in that it can extract underlying HTML code and data that is stored in database...

Fast, Effective N-grams Extraction and Analysis with SQL

Features extraction is expensive, especially when dealing with big data. That’s why it’s great when you have the ability to preprocess close to the database - the data stays in the DB and doesn’t have to move out, unless necessary. One common approach for text data representation is N-grams...

JavaScript Fraud: More Than Just Magecart and Skimming

The global pandemic has driven a sharp rise in online traffic that provides fertile ground for attackers to execute a growing number of more sophisticated client-side attacks. For example, Magecart-style attacks are used to steal sensitive information by skimming data either through a first-party...

Sun Life Financial Turns to Imperva to Stop Vulnerabilities and Zero-Day Threats In Application Development Environments

Canadian financial services company saves time and money by relying on Imperva Runtime Protection RASP Sun Life Financial, a Canadian financial services company, discovered a critical vulnerability in nearly 600 of their WebLogic servers in production. With so much at risk, the financial firm...

From the Data Scientist’s Desk: How to Tune a Model Using Simple Analytics on the Feature Contribution Data

My story: My model looked good. It was as accurate as I wanted it to be and I was happy with it from one experiment to another. When I decided to change the test data set a bit, everything fell apart. Accuracy dropped and I had no clue why. I had to run the test again. And again. Ten tests later,...

How a DDoS Attack on an Internet Service Provider Can Paralyze Critical Infrastructure

The motivation behind Distributed Denial of Service DDoS attacks is often unknown. In some cases it might be cyber-vandalism, causing disruption for disruption’s sake. In other cases it might be down to hactivism, reaction to a cause or an event. And while DDoS attacks on business enterprises can...

Imperva® Opens the first dedicated DDoS scrubbing center in Santiago, Chile

Imperva is excited to be further expanding our presence in Latin America by launching a new Point of Presence PoP in Santiago, Chile, in partnership with leading Chilean Telecommunications provider Entel Corporations. Located within Entel’s gold-standard Ciudad de Los Valles datacenter, which has...

Why now is the time to make database security a priority

Today, fast-growing organizations are generating data at a breakneck pace, and building up diverse database environments in order to store and share data more effectively. While these activities are the sign of a thriving business, governing and securing all this data rarely meets the pace of new...

Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications

Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...

Imperva to acquire CloudVector: Prioritizing API Protection for Modern Environments

I am excited to announce Imperva has entered into an agreement to acquire CloudVector to advance our mission to protect data and all paths to it. Together, we believe we can change what organizations expect from Web Application and API Protection solutions. There are multiple reasons APIs are at...

5 Ways Your Software Supply Chain is Out to Get You, Part 5: Hostile Takeover

We have come to the fifth and last part of this blog series on software supply chain attacks. Previously, we discussed four notorious supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, Exploit Open Source Libraries, and Dependency Confusion and provided insight into...

Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML

The reason behind buying a market-leading Web Application Firewall WAF is to protect your website and web applications from malicious attacks, plus complying with industry or regional data and privacy standards. In addition to the typical OWASP Top 10 vulnerabilities, WAFs need to address a litan...

5 Ways Your Software Supply Chain is Out to Get You, Part 4: Dependency Confusion

Previously, we discussed how three kinds of supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, and Exploit Open Source Libraries are threatening software supply chains, passing risk downstream to the organizations and users that trust and depend on them. In this...

5 Ways Your Software Supply Chain is Out to Get You, Part 3: Exploit Open Source Libraries

In previous posts, we explained how two kinds of supply chain attack methods, Vendor Compromise and Exploit Third Party Applications, are threatening software supply chains, transferring an extraordinary amount of risk downstream to the organizations and users that trust and depend on them. In th...

The Account Takeover Threat: A By-the-Numbers Breakdown

Identity theft has come a long way in the age of technology. The more data is available online, the greater the threat. In this blog we will dive into the different characteristics and statistics of real world Account Takeover attacks as recorded and mitigated by Imperva’s Advanced Bot Protection...

5 Ways Your Software Supply Chain is Out to Get You, Part 2: Exploit Third Party Applications

In Part 1 of this series, we explained how and why our software supply chain transfers an extraordinary amount of risk downstream to the organizations and users that trust and depend on it. We also presented evidence suggesting that 2021 may well be the year of the Software Supply Chain attack...

Bad Bot Traffic Breaks Records in 2020

Bad bots have long been a major illness plaguing the internet. As internet traffic reached new heights throughout the global pandemic, unfortunately so did bot traffic. In 2020, 40.8 percent of internet traffic wasn’t human, and 25.6 percent originated from bad bots. What have these bad bots been...

5 Ways Your Software Supply Chain is Out to Get You, Part 1: Vendor Compromise

Is 2021 the year of the software supply chain attack? In late 2020, an incredible story broke: US government agencies, including Commerce, Treasury, and Homeland Security, had been severely compromised through a malicious backdoor surreptitiously implanted into network management software supplie...

Top 5 Most Vicious Bad Bots

Classified by The Open Web Application Security Project OWASP as ‘automated threats’, bad bots can be used to perform a plethora of actions on the application layer, from basic requests to elaborate sessions with sophisticated requests. Some of these bots are more malicious than others. This make...

Bad Bot Report 2021: The Pandemic of the Internet

The 8th Annual Bad Bot Report is now available from Imperva. Created using data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad bot landscape and the impact that this malicious traffic has across multiple industries. Bad bot traffic amounted to 25.6 percent of all...

Imperva’s Comprehensive Data Security Platform for Cloud, Explained

Imperva recently introduced the industry’s first database-agnostic security platform specifically built for cloud. The Data Security solution unifies security management for organizations’ entire data environment, supporting databases wherever they’re hosted, including managed database services...

A Few Hours After the Publication: Dozens of Scanning Attempts for Vulnerable PHP Servers

On March 28th the official PHP Git repository was compromised in order to open a backdoor into many web servers. The attackers were able to gain access to the PHP official main Git server, uploading two malicious commits, including a backdoor. The malicious commits were discovered a few hours...

Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures

Introduction On 2 March 2021, Microsoft and Veloxity produced disclosures outlining the discovery of four zero day vulnerabilities affecting multiple versions of Microsoft Exchange Server. Each of the vulnerabilities have been attributed a severity rating from high to critical, however the most...

Why Banks Are Still A Top Target For DDoS Attacks

The financial services sector is still a prime target for cyber criminals and it has been widely reported that in 2020 financial institutions came under attack more than ever before. According to Boston Consulting Group research, financial service firms are up to 300 times more likely to experien...

Attacks Spike Following The Disclosure Of CVE-2021-22986: F5 Networks BIG-IP iControl Remote Command Execution Vulnerability

On March 10th F5 published a security advisory containing twenty one CVEs, the most critical one CVE-2021-22986 can be exploited for unauthenticated remote code execution attacks. In the past week, several security researchers have reverse engineered the Java software patch published by BIG-IP an...

Web Application Firewalls Instrumental in Digital-First Banking

Like many industries, the banking and insurance sectors have shifted their resources to be digital-first, all the more so since the start of the global pandemic. For today’s customers, who increasingly begin their banking experiences using digital channels, whether online or mobile, a digital-fir...

A Tip For Easy SQL-based Big Data Analysis: Use a Temporary Dataset

Every once in a while we’re required to analyze big data on a wide time range. Here’s a common example: “Can you analyze what happened during 2020? And don’t forget to compare it to 2019”. Questions like this are hard to answer in the big data world: Queries may take a long time to process - and...

Anatomy of a Security Super Bowl Dynasty, Part 3: Special Teams and Coaching

Imperva Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled, Creating a Security Super Bowl Dynasty. In this presentation, they illustrated the ways American football teams create consistent, sustainable...