Don’t Be a Victim of Cyber Extortion

There’s no doubt that cybercrime is on the rise, and bad actors are constantly on the lookout for vulnerabilities. In the first half of 2020 data breaches exposed over 36 billion records. Attacks are becoming more wide-spread and more prolific. Malicious hackers are exploiting zero-day...

Protecting Your Data from Cyber Extortion: Lessons from the Latest Mega-hack

At the end of last year, enterprise firewall company Accellion was the victim of a two-phase SQL injection attack that resulted in significant sensitive data breaches over the last number of months. This attack is important for several reasons. It underscores the rise in frequency of incidents...

Five Ways Bad Bots Are Threatening Financial Services

For years now, the biggest security concerns for businesses in the financial services sector have mainly been related to data security, privacy, compliance and everything in between. Nevertheless, application security is equally as important and complex, as it consists of multiple potential attac...

Imperva recognized as a ‘Leader’ in The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 Report

We are delighted to share that Imperva has been named a leader in The Forrester Wave: DDoS Mitigation Solutions, Q1 2021 report, a trusted source for technology buyers which helps security and risk professionals select the right vendor for their needs. You can download a copy of the report here...

Anatomy of a Security Super Bowl Dynasty, Part 2: The Offense

Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...

Bad Bot Traffic on Healthcare Websites Rises 372% As Vaccines Become Available Globally

Nations around the world are racing to acquire COVID-19 vaccines and assemble digital infrastructure and web applications to enable appointment booking. As they do this, Imperva Research Labs has monitored a staggering 372% increase in bad bot traffic on healthcare websites globally since Septemb...

Two New Account Frauds You Should Be Investigating

Account Takeover is a type of identity theft where a bad actor gains unauthorized access to an account belonging to someone else. Also known as brute force login, dictionary attack, credential stuffing, or credential cracking. If successful, the aftermath entails many unpleasant implications for...

Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense

Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...

What’s Different About Data Security in the Cloud? Almost Everything.

Well before the onset of the pandemic most organizations had a digital transformation plan in place which included migrating workloads to new modern architectures, usually a private, public, or hybrid cloud. As the challenges caused by COVID-19 became more acute, these organizations accelerated...

The Pitfalls of DIY Security for Your AWS RDS Databases

AWS RDS enables easy DIY database provisioning The trend toward using Database as a Service DBaaS is unmistakable. Organizations are leveraging DBaaS flexibility to bring new products and services to market faster, or to save time and money by reducing the cost and complexity of their database...

Despite COVID-19 pandemic, Imperva reports number of vulnerabilities decreased in 2020

Imperva’s report, The State of Vulnerabilities in 2020 has revealed that unlike in previous years, researchers observed a fall in the number of vulnerabilities last year, even as businesses were compelled to accelerate digital transformation processes due to the COVID-19 pandemic. Vulnerabilities...

Cloud Data Security is Now Available in AWS Marketplace

We’re pleased to announce that Imperva Cloud Data Security is now available in the Amazon Web Services Marketplace. Database security shouldn’t be hard, so Imperva has made it simple. Imperva Cloud Data Security CDS is a SaaS solution specifically designed to secure organizations’ data stored in...

The Coronavirus Pandemic Is Widening the Cybersecurity Skills Gap

While there are undoubtedly many major challenges within the world of cybersecurity, one of the principal roadblocks to the implementation of effective data security is the lack of skilled cybersecurity practitioners. In a November 2019 report, the International Information System Security...

Can security and compliance for managed database services be simple?

Actual Tech Media recently released a new entry in its Gorilla Guide series for IT professionals, focused on simplifying security and compliance for Database as a Service DBaaS. The Gorilla Guide To® Securing Database as a Service DBaaS features Imperva Cloud Data Security as a solution to help...

Questions to Ask Your Application Security Provider

There is a great deal to consider when evaluating application security providers. Understanding your goals will help. If your goal is vendor consolidation, then selecting those that offer multiple security capabilities over single products may make more sense. And if your goal is out-of-the-box...

API Security Checks in the Post-Pandemic World

The digital transformation journeys of many enterprises have been accelerated by the COVID-19 pandemic. For 2020, IT resources shifted to support WFH policies with mobile and remote productivity solutions, while simultaneously managing multiple datacenter migration projects to the cloud for scale...

Post-Pandemic world, Shut-downs, and Web Security Connections

As the anniversary of the World Health Organization’s WHO declaration of the COVID-19 pandemic approaches, we, here in Silicon Valley, have great hope for 2021. As the vaccine distribution continues to trickle to Main Street, Californians have recently exited a stay-at-home mandate that has nearl...

Ensuring Security and Compliance in AWS RDS with CDS

If you use AWS RDS, your organization is part of a worldwide trend. Forward-thinking companies everywhere are embracing database-as-a-service DBaaS to help bring new applications and services to market faster, or to reduce the cost and complexity of their database operations. What isn’t changing...

Simple Trend and Anomaly Detection with SQL

Introduction Have you ever wondered if you can detect highlights based on your data using only your database engine? Well, the answer is yes. Simple trend detection and anomaly detection can be done with SQL. In fact, in many cases it may be enough for your needs, and save you the trouble of usin...

How Grinch Buying Bots Took the Gaming Hardware Market Hostage

In video games jargon, the phrase “Console Wars" refers to the fierce competition between hardware manufacturers for market share. It turns out, however, that the only war going on at the moment is for acquiring a console. And thus far, Grinch Bots are winning. Video Games’ Popularity Is Peaking...

2021 KuppingerCole Leadership Compass names Imperva an overall leader for Database and Big Data Security

It is my pleasure to report that in their 2021 overview of the market for Database and Big Data Security solutions, leading technology analyst KuppingerCole has identified Imperva as an Overall Leader for the first time. Imperva scored five out of five for product security, functionality,...

Enhanced Security at the Edge with Imperva DNS Protection

Your website is the gateway to your business and the potential for disruption of your site or damage to your web infrastructure makes DNS security a serious consideration for organizations. The criticality of DNS Services for ensuring network connectivity and website availability make them a hot...

Why Data Security and Privacy in the digital age are crucial

Privacy is considered a basic human right but, with so much of our personal data now ‘out there’ in cyberspace, how private can it really be? Data is everywhere, and with rising internet usage, an increase in cloud technologies, and our growing reliance on IoT devices, it continues to grow...

Connect, Share, and Learn at Imperva Amplify 2021

On the heels of high-profile breaches, attacks e.g., Sunburst, Raindrop and COVID-19, rapid digital transformation places even more pressure on security. We’re seizing the opportunity to launch our first virtual user conference -- Imperva Amplify -- to share our knowledge so together, we can bett...

Online fraud at an all-time high amidst the global pandemic

Client-side attacks have become significantly more prominent in recent years, gaining popularity since 2015. As online activity rises due to the global pandemic, 2020 has been no exception, with the most susceptible target, e-commerce, becoming more lucrative than ever. The Client-Side Problem...

Python Cryptominer Botnet Quickly Adopts Latest Vulnerabilities

Over the last few days, Imperva researchers have monitored the emergence of a new botnet, one whose primary activity is performing different DDoS attacks and mining cryptocurrency. It also acts as a worm trying to extend its reach by scanning specific subnets and ports and using different remote...

Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration

Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...

Web Application Attacks on Healthcare Spike 51% As COVID-19 Vaccines are Introduced

As the first vials of COVID-19 vaccines were disseminated in December, Imperva Research Labs monitored an astounding 51% increase in web application attacks on healthcare targets. The activity concludes an unprecedented year of cybersecurity activity. Imperva data shows the healthcare industry...

Reprioritizing security requirements for 2021

To say 2020 was a strange year would be an understatement. Among the effects of the global pandemic were major changes in where and how people work and accelerated commitments to organizational digital transformation. Cyber attackers weren’t shy about taking advantage of the blind spots these...

Prepare for more sophisticated security threats in 2021

As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...

Software Supply Chain Attacks: From Formjacking to Third Party Code Changes

2020 wasn’t the first year in which software supply chain attacks caused major damage, but it certainly brought them to the general public. Much has been said about the headline-grabbing nation state examples, but there is a wide spectrum of these attacks and some are commoditized. Protecting...

The Evolution of Bad Bots from Grinchbots to Parasitic Bots-as-a-Service

The doomsday pandemic prediction is that you wont be able to buy toilet paper because bad bots will have hoarded all the inventory and are offering it to the highest bidder on secondary markets at an exorbitant mark-up. The Gaming Console War The use of scalping bots was once the domain of ticket...

2020 Ends With A Bang

December 2020 was an eventful month in cyber security. This blog recaps three of the major security events we saw towards the end of last year. December began with FireEye’s breach announcement that included a leak of its red team tools arsenal. Quickly after this announcement, Imperva Threat...

The Advantages and Risks of Serverless Computing

Organizations are increasingly embracing serverless computing for its convenience and cost-effectiveness. But many IT teams are blindly embracing this innovation in cloud technology without consulting their security peers. As a result, we can expect to see a growing number of cyber-attacks in thi...

Data Privacy – Now’s the Time for the US to Catch Up

The recent Netflix documentary, The Social Dilemma, may have highlighted to many Americans just what happens to the wealth of personal information they regularly - and willingly - share online. It may be especially concerning, then, to know that companies in the United States aren’t required by...

Opportunities and Threats – IoT and the Rise of 5G

The Internet of Things IoT is expanding rapidly. The number of connected devices in homes, businesses, and vehicles across the world is expected to increase from around 8 billion today to over 24 billion within the next decade, with much of this growth enabled by the introduction of 5G. This...

Lessons learned building supervised machine learning into DDoS Protection

Imperva’s Data Scientists trained a machine-learning model to auto-configure DDoS security policies and this blog shares some of the lessons learned along the way. Data scientists consider labeled data the gold standard and, despite having to filter out anomalies, there is an overall tendency to...

Shifting from Network Security to Data Security

The world-wide events of 2020 have meant that organisations have had to simply react and adapt. More data is being moved to the cloud, applications are built in cloud environments, and more and more databases are being used to support the shift in the way we work. 59% of enterprises believe their...

Virtual Hackathon Generates Next Generation of Imperva Innovation

“How do we run a global hackathon amid a global pandemic?” That was my first thought when I began planning the 2020 Imperva Hackathon earlier this year. While the event is designed to foster innovation and uncover new ideas, in a global company like ours it’s also about making new friends and...

Holidays Are Coming – the State of Security for E-commerce in 2020

With the Coronavirus pandemic driving consumers online, a new report from Imperva reveals how this year’s holiday shopping season will present online retailers with a level of traffic - and cyber-attack threats - like they’ve never seen before. Among the many effects of COVID-19 has been a huge...

Advanced Bot Protection Handling More Traffic Than Ever

It’s been six months since we launched the Advanced Bot Protection solution as fully integrated into Imperva’s Application Security platform. Previously, the Advanced Bot Protection solution lived on a separate platform, known as the ‘Distil’ platform, from our acquisition of Distil Networks...

Imperva SD-SOC: How Using AI and Time Series Traffic Improves DDoS Mitigation

Much has changed since we first started providing protection against DDoS attacks. Attacks which were once considered huge are now mitigated on a daily basis, attackers are becoming more sophisticated by the day, and mitigation takes a matter of seconds, as opposed to minutes, to kick in. But one...

Bug hunting for a quick buck using WebLogic vulnerability (CVE-2020–14882)

Introduction Popular within the commercial sphere, Oracle WebLogic Server is a scalable enterprise Java platform application server for Java-based web applications. When a vulnerability is discovered in WebLogic, hackers will try to exploit it ASAP. And it’s not only hackers - bug hunters also wa...

The Threat of DDoS Attacks Creates A Recipe for Election Chaos

Four years ago, we published a blog on the ways a Distributed Denial of Service DDoS attack could disrupt the U.S. Presidential election. Unfortunately, the same risk persists in 2020. In fact, given the historic influx of mail-in ballot voting for the November 3 election, a targeted DDoS attack...

CrimeOps of the KashmirBlack Botnet – Part II

Introduction The previous blog - “CrimeOps of the KasmirBlack Botnet - Part I” - described the DevOps behind the botnet. It showed how its well-designed infrastructure makes it easy to expand and add new exploits or payloads without much effort,and explained the evolution and version deployment o...

CrimeOps of the KashmirBlack Botnet – Part I

Introduction Being in a research team exposes us to a variety of attacks on different platforms, of different types, scope, and volume. It also gives us the opportunity to select particularly interesting attacks that target our customers and to analyze them. This blog will give you a taste of the...

Imperva A Seven-Time Magic Quadrant Leader and Named Highest for Completeness of Vision for WAF

Gartner has published its 2020 Gartner Magic Quadrant for Web Application Firewalls WAF and Imperva has been named a Leader for the seventh consecutive year! It’s rare to be a part of defining a market and even less common to lead that market through a fundamental shift. Leading the market throug...

Life post-acquisition: A people-centric plan to get you total data security a lot faster

Getting acquired can be an emotional rodeo. Some days are crazy excitement and others are heartache over the unknowns ahead. It’s natural – we’re human. I remember years ago sitting in a doctor’s office staring at a poster about the “10 most stressful life events” and “starting a new job” was 4...

Never Leave Your Cloud Database Publicly Accessible

Introduction In cybersecurity, we often hear about best practices, one of the most important of which is never to open services that should be for internal use to public access. These are best practices for a good reason - when you don’t follow them, you might be hacked! Research we conducted in...

Imperva’s Mobile Security App

How many apps do you currently have on your mobile device? Is this number a total across both your personal and professional devices? Did you know that between Android’s Google Play Store and Apple’s App Store, there are between 2.2 and 2.8 million apps available to download? Did you know that,...