Imperva is a Leader in the Forrester Wave: Web Application Firewalls, Q1

Web application firewalls continue to be a core technology function for securing critical assets, and for IT professionals, market analyst reports and validation are critical when deciding upon new WAF solutions. That’s why we’re proud to share that Imperva Cloud WAF has recently been recognized ...

New Imperva Framework: Accelerating the development of large scale solutions with “Stepping”

Handling large amounts of data at scale is a common task in the high-tech industry nowadays. To address this challenge many frameworks have been developed and made publicly available such as distributed messaging queues, distributed databases, lightweight protocols and caching servers, among...

NIST Recognizes RASP as Critical to Lowering Risk

The United States Congress ratified the Cybersecurity Framework set forth by the National Institute of Standards and Technology NIST in 2014 to standardize the practices and controls that mitigate constantly evolving cyberthreats. The framework has been adopted by federal and local government...

Imperva Boosts Capacity to Meet Demand in Malaysia

Imperva is enhancing support for its customers in Asia by increasing capacity at its PoP in Kuala Lumpur KL, Malaysia. Home to hundreds of multinational companies, KL’s thriving high-tech economy and strong financial center positions it well as a global hot-spot for business. Imperva is boosting...

Key Findings from the 2020 Cyberthreat Defense Report

The new 2020 Cyberthreat Defense Report CDR released this week. Now in its seventh year, the annual report provides a look at how global cybersecurity professionals perceive threats and plan to defend against them. The CDR enables cybersecurity professionals to benchmark their company’s security...

Surge in online traffic increases risk to businesses

Imperva Research Labs has been monitoring the data across our thousands of customers since the outbreak of COVID-19. In reviewing anonymized data from our CyberThreat Index, we see new risks and several initial security implications from this pandemic for our customers and global businesses. We...

COVID-19 affects everyone: we’re here to help.

A message from our Chief Executive Officer, Pam Murphy: All of us at Imperva wish you good health and safety as the coronavirus COVID-19 outbreak continues to unfold. As we respond to the ongoing crisis, we have established the following core principles to keep us focused on what's important:...

Imperva Wants to Hear From YOU!

Imperva is pleased to announce UserVoice, a new product feedback system that allows YOU to shape the future of Imperva product lines. UserVoice empowers Imperva users to share feedback and ideas in one comprehensive, crowd-sourced place where they can also see and react to the ideas others submit...

Deploy a Cloud WAF & DDoS Solution While Complying with Australian Data Sovereignty

Australia has strict data sovereignty laws in place to ensure that personal customer data remains within the country’s borders. However, we often hear about cloud-based WAF vendors being unable to guarantee that data will not be moved across borders for inspection and data logging purposes. This...

Remote File Inclusion (RFI) – Detecting the Undetectable

Intro Remote File Inclusion RFI is an attack exploiting the functionality in web applications which allows the inclusion of external source code without validating its content or origin. An RFI payload is a link that points to a malicious file that an application will include in its code example:...

Reputation Intelligence At Your Fingertips

How important is a reputation? American entertainer Will Rogers once famously said, “it takes a lifetime to build a good reputation, but you can lose it in a minute.” Our reputations are valuable commodities that establish rapport and clout among our colleagues, partners, and customers. A good...

Lift the DDoS Smokescreen: Investigate Underlying Attacks

"Hold out baits to entice the enemy. Feign disorder, and crush him." Sun Tzu The sophistication of cybercriminals and the attraction of the “Black Hat” cyberspace have grown dramatically over the years. In the past, cyber assaults were carried out mostly by amateurs, motivated by boredom or plain...

Imperva Launches the Cyber Threat Index

Today, we are proud to announce the launch of the Cyber Threat Index, a new online information portal from the minds of our threat researchers at Imperva Research Labs. The current Cyber Threat Index is 776. This is categorized as High and is up 8 percent since December. But what is the Cyber...

The Resurrection of PHPUnit RCE Vulnerability

Once a software patch is released, we tend to believe it means “problem solved”. Most of the time, however, this is not actually the case. Fully solving the problem requires all developers to grab the latest patch version and deploy it in their environment. Since upgrading isn’t an especially...

How we productized our staging environment and survived to tell the tale

Managing the Imperva SaaS infrastructure is like herding cats. There are so many moving parts, new developments, testing, fixing bugs, patching, reducing our SLAs, fighting the bad guys and, most importantly, pushing our latest and greatest to production every week. And it all runs like clockwork...

I know where you rode last summer: Uncovering the security issues of shared scooter services

We recently discovered flaws in the security of shared electric scooter services that have worrying implications for the safety and privacy of their users. Not only is it possible to remotely ring the bells of scooters all over the world, but external parties are able to track the location and...

Concern over Coronavirus Leading to Global Spread of Fake Pharmacy Spam

High levels of concern around the Coronavirus are currently being used to increase the online popularity of spam campaigns designed to spread fake news and drive unsuspecting users to dubious online drug stores. Given the level of anxiety that currently exists globally around the spread of the...

2019 Global DDoS Threat Landscape Report

Today Imperva Research Labs, made up of senior researchers and industry experts who have been delivering sound and valid advice for over 15 years, is releasing a brand new Global DDoS Threat Landscape Report. The report is a statistical analysis of 3,643 network layer DDoS attacks throughout 2019...

Imperva Received Top Scores in Gartner’s “Critical Capabilities for Cloud Web Application Firewalls”

The web application landscape is constantly changing, and the tools needed for the best application security protection need to change with the landscape. With Imperva’s recent improvements in API Security, Bot Management, DDoS and Cloud WAF, it’s easy to see why we are among the highest-scored...

Automating API Security in the Cloud

These days, the most common way for services to communicate and transfer data is by using APIs. However, broken, exposed, or hacked APIs are the cause of some of the latest major data breaches, as they have the potential to expose sensitive data for public consumption. Securing your APIs is...

The State of Vulnerabilities in 2019

As a web application firewall provider, part of our job at Imperva is to continually monitor for new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newsletters, forums, social media and more,...

Imperva Mitigates Exploits of Citrix Vulnerability – Right Out of the Box

On December 17, Citrix issued a Security Bulletin on an unauthenticated remote code execution vulnerability CVE-2019-19781 affecting its Citrix Application Delivery Controller ADC - formerly known as NetScaler ADC - and its Citrix Gateway - formerly known as NetScaler Gateway. At the time of the...

Imperva Launches New Data Center in Argentina

Imperva’s New Expansion We are happy to announce that Imperva has launched our new Buenos Aires data center. We’re thrilled to bring our leadership in cybersecurity plus enhanced performance and decreased latency to Argentina and the surrounding countries in the region. Our new data center is now...

Businesses Will Buy Down Risk With Defense-in-Depth – 2020 Trend #5

As 2019 came to an end, Imperva CTO Kunal Anand began working with our global research team, Imperva Labs, to put together a list of the most important cybersecurity issues security leaders should be prepared for in 2020. He published his list in the blog, “Top 5 Cybersecurity Trends to Prepare f...

Working for a Winning Company

My interest in Imperva was indirectly created two years ago through an introduction to the Thoma Bravo TB team. After meeting a number of the key players at TB, I made a mental note that given the opportunity, this was a group I would love to work for someday. Two years later that opportunity...

Why I joined Imperva

I’ve been in the cybersecurity industry for a couple of decades now, and the tech industry even longer. If there’s one thing I’ve learned across all my roles, it’s the value of focusing on customer experience. It sounds intuitive, right? I’m sure many of you are nodding your heads or giving me th...

Adding Some Salt to Our Network – Part 2

How our configuration management actually works Following a previous post which explained why we needed a configuration management system, this post explores how we built and implemented our configuration management using SaltStack. It describes the structure of our configuration and the toolset ...

Making Compliance and Risk Part of DevOps – 2020 Trend #4

In our 2020 Trends blog, Imperva CTO Kunal Anand predicts that fully automated processes will make compliance more rapid and less expensive. As businesses incorporate security into software development lifecycles SDLC, continuous integration-continuous deployment CICD processes will reduce risk a...

Automated Attacks Call for Automated Protection – 2020 Trend #3

In our blog series on security trends, we’ve been diving deeper into the five security predictions for 2020 made by our CTO Kunal Anand during his fireside chat with Imperva CMO David Gee. Watch it here. As I'll discuss in my upcoming blog on defense-in-depth and reducing risk, being “connected”...

Thrilled to Join Imperva

Today marks my first day at Imperva and I could not be more thrilled to join the outstanding team behind the impressive products that keep our customers safe every day. I’ve been asked to share why I joined Imperva, and candidly there are a number of reasons: First, timing: I think that security ...

Serverless ETLs? Easy Data Lake Transformations using AWS Athena

In a data lake raw data is added with little or no processing, allowing you to query it straight away. This gives you a great way to learn about your data - whether it represents a quick win or a fast fall. However, there are two disadvantages: performance and costs. If, for example you added CSV...

Cloud Template Tool – The only way for Imperva On-Premises deployment on AWS

For the last six years, Imperva’s customers have been able to deploy our On-Premises product on AWS and enjoy the many advantages of cloud deployment including flexibility, cost-effectiveness, scalability, accessibility and many others. But using Imperva On-Premises on AWS wasn’t always easy, and...

The Zero Trust Approach to Data Security – 2020 Trend #2

As 2019 comes to an end, our security experts are looking ahead to the new year to predict cybersecurity trends that will shape the landscape in 2020. Imperva CTO Kunal Anand blogged about his “Top 5 Cybersecurity Trends to Prepare for in 2020,” last week. This week, we’re digging deeper into his...

2019 Hackathon Challenges Imperva to Solve Problems Together

The smell of pizza –150 boxes to be exact – filled our global offices last week as more than 220 Impervians technical and non-technical rolled up their sleeves to participate in Imperva’s annual company-wide hackathon. As chair of the event this year, I was determined to host a hackathon that...

Cloud Transformation – 2020 Trend #1

The Imperva team is closing out 2019 with a series on the cybersecurity trends we predict will shape the landscape in 2020. Last week, Imperva CTO Kunal Anand mined insights from our global customer base and our research team, Imperva Research Labs, to come up with his top five list of...

SQL Server 2019 Security Tool Inadvertently Reveals Where Sensitive Data is Stored

The first step in protecting your data and ensuring your database is compliant with security benchmarks and privacy regulations such as SOX, PCI, HIPAA, and GDPR is to understand what sensitive information resides in that database. Microsoft’s SQL Server 2019 introduces a new tool SQL Data...

Top 5 Cybersecurity Trends to Prepare for in 2020

I don’t need a crystal ball to predict that in 2020 cybersecurity attacks will accelerate and the tactics will evolve. We’ll continue to be hounded by greater volumes of the attacks that have threatened us for years and, as businesses adopt new innovations, new vulnerabilities to threats will...

Adding Some Salt to Our Network – Part 1

Why configuration management system was a must for our network, and how we chose SaltStack When we planned and designed the network automation at Imperva Cloud, we split our automation systems into three different systems, where each of the systems has a different set of requirements: 1...

How to Maximize Your WAF

Whenever new WAF clients are brought aboard, there’s a procedure they must follow in order to properly configure their servers to work behind the WAF protection. You can find an example of the Imperva Cloud WAF onboarding procedure here. Sometimes, however, customers can miss important procedures...

How to Protect Holiday Shoppers from Bots and Scammers

It’s the most wonderful time of year for gift card scammers. With Black Friday, Cyber Monday and the holidays just around the corner, consumers will spend billions on gift cards for hard-to-shop-for friends, family, and colleagues. Imperva VP Tiffany Olson Kleemann was interviewed on Good Morning...

Deployment Isn’t the Final Step – Monitoring Machine Learning Models in Production

Unless you’ve been living in a cave for the last decade, you’ve probably heard of the concept of a machine learning system at least once in your life. Whether it’s auto-translation, auto-completion, face or voice recognition, recommendation systems or autonomous driving, AI-based systems can be...

From Thousands of Security Alerts to a Handful of Insights

Understanding an attacker’s workflow and how Attack Analytics hunts them down In recent years we’ve seen a significant increase in the number and complexity of cyber-attacks. The accessibility of public tools and their automation capabilities, as well as distributed and anonymization features tha...

Secure Your Digital Transformation

Digital transformation DX is on the mind, IT budget sheet, and board meeting agenda for the majority of enterprise-level organizations. The term digital transformation is becoming ubiquitous, but its definition can be ambiguous. Within the context of this blog, DX refers to how organizations...

How Machine Learning is Changing the Face of Financial Services

Artificial intelligence AI has become integrated into our everyday lives. It powers what we see in our social media newsfeeds, activates facial recognition to unlock our smartphones, and even suggests music for us to listen to. Machine learning, a subset of AI, is progressively integrating into o...

Detecting Account Takeover Botnets

A botnet is a network of compromised computers - known as bots - usually controlled by a command and control computer, that work together in coordination for a malicious purpose. In this blog post, we’ll discuss how to detect botnets used for account takeover ATO, an attack used to obtain the val...

Don’t Skip Data Discovery During Your Compliance Program

If your business collects customer data of any kind, it’s safe to assume you’re also aware of the multitude of new privacy and security mandates. While these regulations are an ideal driver of investment for bolstering your security programs, it’s important not to forget about one of the most...

A Web-Driven World Needs Better Web Security

Web interfaces are everywhere. From social media sites to online shopping portals to your CRM, the humble web interface is now used to access much of the online world. So, it isn’t difficult to see why web applications are a prime target for cybercriminals. Because they’re used by customers and...

Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events

On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM the FastCGI Process Manager running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC proof-of-concept f...

What is NYDFS?

NYDFS Cybersecurity Regulation, 23 NYCRR 500 On March 1, 2017, the New York State Department of Financial Services NYDFS introduced new cybersecurity regulations for financial services companies that address the growing threat posed by cyber-criminality to financial firms. They are intended to...

HTTP Desync Attacks in the Wild and How to Defend Against Them

Inspired by an article by Watchfire from 2005, we recently explored an old attack technique named HTTP Request Smuggling and checked it against our WAF protection. By coincidence, it turned out someone else was also exploring this technique at the same time. Given the hype it received as a result...