1017 matches found
Key Compliance Concepts for Financial Services
The Sarbanes-Oxley Act SOX was introduced following a number of financial scandals involving huge conglomerates and obliges companies to establish internal controls to prevent fraud and abuse, holding senior managers accountable for the accuracy of financial reporting. The financial crisis in 200...
Attack Analytics Now Include Actionable Insights
The number and sophistication of attacks on enterprise networks, applications, and APIs has increased as intruders gain technical acumen and advanced tool kits. Many attackers are now able to maintain and sustain determined efforts to steal data and disrupt business. With such a high number of...
Imperva RASP Now Supports .NET Core Apps for Security by Default
We at Imperva are proud to announce that we now support the .NET Core development platform, securing apps written in .NET Core with our industry-leading RASP solution. Support for .NET Core expands our market-leading, full-stack application security solution to apps at the heart of digital...
Celebrate Cybersecurity Awareness Month with These Tips From a Survey of 1,200 Security Pros
Held every October, National Cybersecurity Awareness Month NCSAM is a collaborative effort between government and industry meant to raise awareness about the importance of cybersecurity. NCSAM is focused largely on consumer awareness, but for cybersecurity leaders, it is also a great opportunity ...
Adopting a Risk-Based Approach to Cybersecurity in the Financial Services Industry
Today’s financial organizations face many different risks in volatile and uncertain business environments, but the ever-present threat of cyberattacks and data breaches is now impossible to ignore. For this reason, managing these cyber-risks now has to simply be considered one of the many costs o...
Imperva Security Update
Hi everyone, Please find below a detailed update on the security incident from Kunal Anand, our Chief Technology Officer. From the moment we discovered this incident, we established and have held ourselves to the following key principles: To do the right thing for all of our constituents, To be...
The Importance of the Customer’s Feedback in Product Design
We have learned over time that we develop products not for us the company, but for you, the customer, to help resolve your problems. But just resolving a customer's problem is not enough - the product should also be intuitive and easy to use. It’s clear that the best people to provide feedback...
New Research From Imperva Bot Management Tracks Gift Card Abuse
Researchers at Imperva Bot Management formerly Distil Networks have been tracking online bots that target the e-commerce gift card systems of major online retailers. The threat actors they’ve studied show remarkable resourcefulness and adaptability. In a recent podcast, Imperva Bot Management’s...
Attackers Are Quick to Exploit vBulletin’s Latest 0-day Remote Code Execution Vulnerability
Imperva’s Cloud WAF has identified instances of a new 0-day vulnerability being exploited within a matter of hours of the exploit being published. On Monday 23rd September 2019, an exploit was published for a vulnerability found within vBulletin versions 5.0.0 to 5.5.4, allowing malicious attacke...
A Leader in the 2019 Gartner Magic Quadrant for WAF, Six Years Running
Gartner has published its 2019 Gartner Magic Quadrant for Web Application Firewalls WAF and Imperva has been named a Leader for the sixth consecutive year! Along with our WAF Gateways and easy-to-deploy Cloud WAF we recently added API Security, RASP, Account Takeover Protection, Bot Management, a...
E-commerce: Bad bots are ready for the holidays. Are you?
The busiest time for online retailers is almost upon us—the holiday season. Each business is looking at ways to take advantage of cyber week when a significant portion of annual sales are made. At this time, preparation is well underway for Black Friday and Cyber Monday promotions. But another...
APIs Ease Customer Interaction — and External Attacks. Here’s how to Protect Them.
To deliver seamless service experiences to our customers, businesses now rely heavily on application programming interfaces APIs. These are a non-negotiable aspect of the way we streamline the interactions and conversations we have with our customers, both internal and external. APIs are now so...
Your Business is Compliant with Data Security Regulations. It’s Still not Safe.
There has been plenty of discussion about the impact of global data regulations on data security practices. Particularly with the implementation of the EU’s GDPR last year, organizations in every industry have been scrambling to develop new security practices to avoid fines and the associated bad...
Clear Message Sent: Don’t Roll the Dice on Data Privacy Compliance
Last month, two leading companies each received what were then record-setting fines for data breach violations: £183 million for British Airways and then, just two weeks later, $5 billion for Facebook. Regulators sent a clear message to organizations around the world — if you don't treat your...
From E-Commerce to Enterprise Employee: How I Overcame my Fears and Doubts
By Efrat Silberhaft One year ago, I was working as the sole designer in a small e-commerce startup. When the company shut down, I had to start looking for a new job. I decided to leave the startup world. What I didn't know is that my next step would turn out to be in a different field —...
Stronger Together, Red Hat 3scale Integration
Most enterprises today rely on customers accessing their applications to conduct daily business. These enterprises know by now that application programming interfaces APIs are becoming more common than ever before to enable communication between applications and end users. Even though they are...
Enabling Faster DDoS Mitigation for Cloud Assets
The cloud journey was considered a visionary approach less than a decade ago. Today, more than half of organizations rely on a cloud provider, and are planning to expand their portfolios across multiple cloud platforms, as part of their ongoing digital transformation. Is the so-called cloud promi...
Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)
Imagine you’re a developer building a new web application. You’ve followed all of the security best practices, hired a reputable penetration testing company before launch, and gone through extensive bug fixing to remove any vulnerabilities. However, would you be confident that your application...
New 3-Second DDoS Mitigation SLA is 3x Faster and the Industry’s Best
Back in 2018, we made waves with a groundbreaking DDoS Mitigation SLA service level agreement for our DDoS Protection service that guaranteed to mitigate DDoS attacks in under 10 seconds. Now, we’ve upped the ante to ensure DDoS attack mitigation with a new, industry-best three seconds-or-less...
How Account Takeover Botnets Outsmart Traditional Security Controls
Account Takeover ATO describes when an online account is accessed and/ or used by someone other than its legitimate owner, usually for malicious purposes. Account Takeover attacks happen when an attacker is trying to get unauthorized access to an account or when the account has already been...
A New Chapter in Bot Management Begins Today [Video]
I am excited to share that we have closed the acquisition of Distil Networks, the pioneer and leader in Bot Management. Over the past few weeks, we have been welcoming Distil’s employees into the Imperva family and have started integrating their powerful, analyst-recognized Bot Management solutio...
Personalized Customer Support that Garners a Personalized Thank You
In my two-plus years as a Technical Support Engineer at Imperva, I’ve handled a wide variety of customer cases. And I’ve had the satisfaction of helping resolve them quickly and successfully. But never before have I received a handwritten thank you note from an effusive customer. Let me start at...
UK’s Largest Mobile Carrier Relies on AWS and Imperva FlexProtect for Web Delivery and 360-Degree Application Protection
In today’s highly-competitive telecommunications market, the website is integral to successful and fast customer service. Downtime due to intrusion, data breach, or DDoS attack is intolerable. It’s why ten of the largest global telecommunications providers have chosen Imperva, including BT mobile...
Every Second Counts When You’re Under Attack — Imperva Provides 3 Second DDoS Mitigation, Stops Account Takeovers & Protects your APIs
Let’s be blunt: cybersecurity is a never-ending arms race between bad actors and IT and security teams. Lately, attackers have surged. Armed with powerful, inexpensive hacking tools and deep knowledge gleaned from successful breaches, attackers are organizing sprawling botnets, probing soft targe...
SQL Injection Attacks: So Old, but Still So Relevant. Here’s Why (Charts)
We’re living in the Golden Age of data. Some companies analyze it to better themselves, others trade it for profit, none give it up freely due to its value — for their business, and for criminals, as well. SQL Structured Query Language is an extremely popular way to communicate with databases...
The Struggle is Real
We’ve all heard the phrase, “We live in a male dominated world.” This phrase is most often delivered with a negative connotation when someone perceives that they’re getting an unfair chance, at the mercy of men. What if we could live in a world where everyone’s unique contributions were equally...
Imperva to Acquire Distil Networks, the Leader in Bot Management
As an established leader in cybersecurity, Imperva provides our customers the most comprehensive, analyst-recognized application security solution on the market. We are a five-time leader in Gartner’s 2018 Magic Quadrant for Web Application Firewalls WAF. Our DDoS Protection continues to...
Web Security Leader Rapidly Expands by Partnering with AWS and Imperva
Companies try to plan and pace their growth. Those plans go out the window when a merger or acquisition happens, as it did to DigiCert Inc. DigiCert, based in Lehi, Utah, had long been a leading Certificate Authority CA, providing electronic documents that verify and authenticate the identities o...
Infonomics-based Model Teaches CISOs how to Assess their Data’s Financial Risk, Invest Properly in Data Security
Here’s what I consider the biggest contradiction in cybersecurity: the most-financially-damaging, reputation-destroying security incidents almost always involves the theft of millions of database records. Yet, data security is one of the smallest line items in a security budget. Consider that tot...
Build Bikes and Go Fast: Why Building Bikes is Critical to Imperva’s Success
In May 2019, seventy members of Imperva’s global leadership team gathered in one location to share insights, to develop and commit to our future strategy, and to build bikes. That’s right, to build bikes. Of course, that bit about developing and committing to our future strategy is undeniably...
Modern Database Security Buys Down More Risks for Enterprises
Pop quiz: how many data records are lost or stolen on an average day? 1 million? 3 million? 6 million? If you answered 6 million, you’re correct, according to the Breach Level Index. According to the Index, 14.7 billion records have been lost or stolen since 2013, or more than 2.2 billion per yea...
Cloud WAAPs Are the Future of Application Security. But What Does That Mean?
Millions of Verizon FIOS broadband users vulnerable to hackers controlling and surveilling their home networks. Thousands of GPS watches whose maps were open to attackers tracking and eavesdropping on children and elderly users. A zero-day hole in Microsoft’s Edge and Internet Explorer browsers...
Take these Five Steps to Really Mitigate your Data Breach Risks
Data breaches are a CSO/CISO’s worst nightmare. And they’re getting bigger and more damaging all the time. It’s no longer just hundreds of millions of users whose personal data is stolen at a time, but billions of users. That’s translating into ever-growing financial repercussions. The irony,...
Botnet-led DDoS Attacks Are Hitting Record Intensities. Imperva is Mitigating All of Them.
DDoS attacks are usually ranked by the amount of bandwidth involved, such as the 2018 GitHub attack that peaked at 1.35 Terabits per second and is often cited as the largest DDoS attack ever. From Imperva’s long history of successfully mitigating DDoS attacks, we know that the TRUE measure of...
Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.
Updated April 30, 2019 with new data from an even larger attack. Skip directly to the bottom to learn more. DDoS attacks are usually measured by the amount of bandwidth involved, such as the 1.35 Terabits per second maximum attack directed at GitHub last year, the largest DDoS attack ever at the...
Developers Versus Automation Engineers: How We Ended the Fighting with the Right CI Process
Hey developers and DevOps professionals: what if I told you that how you wrap and execute your automation tests could be the key to making your development process faster, more professional and stable, and stop the bickering between your developers and automation teams? This post will describe ho...
Maintaining Privacy in the Cloud [Podcast Discussion]
Not long ago I joined Brian Contos, CISO and VP of Product Innovation at Verodin, for one of his Verodin Cybersecurity Effectiveness Podcasts. It’s been about 10 years since I worked with Brian at Imperva when he was the Chief Security Strategist. Back then, he was the one traveling the world,...
Casino Goes All In and Wins Big with Imperva Security
There’s no good time to be hit by ransom-seeking DDoS attackers. For one casino-entertainment provider, the timing was particularly bad — right before one of its largest online poker events in 2016. The casino, which generates multiple billions in revenue per year, leveraged Imperva’s emergency...
The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack
DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently...
Making Our Security Portfolio Simpler — and Better
Since its inception in 2009, Incapsula has been a proud part of Imperva, the analyst-recognized cybersecurity leader. However, cybersecurity needs are evolving, and so are we. On April 7th, we will officially retire Incapsula.com. All of the great Incapsula web site content that wasn’t already...
Not just for Processing: How Kafka Streams as a Distributed Database Boosted our Reliability and Reduced Maintenance
The Apache Kafka Streams library is used by enterprises around the world to perform distributed stream processing on top of Apache Kafka. One aspect of this framework that is less talked about is its ability to store local state, derived from stream processing. In this blog post we describe how w...
Imperva Wins CRN 5-Star Partner Program 3rd Year in a Row. Here are Some Stats Behind Why.
A lot goes into building a good IT channel program. A truly-effective program should meet the vendor’s needs while also delivering attractive benefits to our partners. A successful channel program should deliver a number of key elements, including: partner profitability partner self-service acces...
Enhance Imperva Cloud WAF with a New Management Tool in the Imperva GitHub
Imperva recently launched the Imperva GitHub where our global community can access tools, code repositories and other neat resources that aid collaboration and streamline development. The nice thing about these tools is that you can clone them and customize them with whatever functionality you...
The Five Most Startling Statistics from this 2019 Global Survey of 1,200 Cybersecurity Pros [Infographic]
For those of us in the security industry, the annual Cyberthreat Defense Report is a gold mine of insights into the minds of IT security professionals, including what threats keep them up at night, and how they plan to defend against them. The 6th edition of the report from the CyberEdge Group wa...
Imperva Cloud WAF and Graylog, Part II: How to Collect and Ingest SIEM Logs
This guide gives step-by-step guidance on how to collect and parse Imperva Cloud Web Application Firewall WAF, formerly Incapsula logs into the Graylog SIEM tool. Read Part I to learn how to set up a Graylog server in AWS and integrate with Imperva Cloud WAF. This guide assumes: You have a clean...
Now-Patched Google Photos Vulnerability Let Hackers Track Your Friends and Location History
A now-patched vulnerability in the web version of Google Photos allowed malicious websites to expose where, when, and with whom your photos were taken. Background One trillion photos were taken in 2018. With image quality and file size increasing, it’s obvious why more and more people choose to...
How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs
Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...
How to Deploy a Graylog SIEM Server in AWS and Integrate with Imperva Cloud WAF
Security Information and Event Management SIEM products provide real-time analysis of security alerts generated by security solutions such as Imperva Cloud Web Application Firewall WAF. Many organizations implement a SIEM solution to bring visibility of all security events from various solutions...
Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack
A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location history, and other metadata could have been extracted from your Facebook account using a side-channel...
Imperva Wins Awards for Best Database Security, Coolest Cloud Security Vendor
SC Magazine has long been one of the most respected names in cybersecurity journalism, and one that has written about Imperva’s security research and solutions many times. So we’re proud to announce that we’ve won the 2019 SC Award for Best Database Security solution at SC’s awards ceremony on...