RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits

Recently cryptojacking attacks have been spreading like wildfire. At Imperva we have witnessed it firsthand and even concluded that these attacks hold roughly 90% of all remote code execution attacks in web applications. Having said that, all of the attacks we have seen so far, were somewhat...

2018 Cyberthreat Defense Report: Where IT Security Is Going

What keeps you awake at night? We asked IT security professionals the same question and found that these issues are top of mind: malware and spear phishing, securing mobile devices, employee security awareness and new technologies that detect threats capable of bypassing traditional signature-bas...

Hunting for Insider Threats: Using Activity Modeling to Detect Suspicious Database Commands and Access Patterns

The Widening Gap Data breaches by insiders are very challenging to catch. The gap between the rise of insider threats and speed of hunting them down is increasingly widening. According to 2017 Data Breach Investigation Report by Verizon, a great majority of insider and privileged-misuse breaches ...

Securing Healthcare Data and Applications

The healthcare industry is quickly growing as a sweet spot for hackers to steal large amounts of patient records for profit. The US Department of Health and Human Services breach tool reports over 340 data breaches in 2017 impacting more than 3 million individuals, and 176.5 million individuals...

Inside a New DDoS Amplification Attack Vector via Memcached Servers

We recently saw a new DDoS amplification attack vector via memcached servers that culminated in two massive DDoS amplification attacks on February 28. Both attacks were mitigated successfully. Here’s how memchached servers work and how the attacks unfolded. Memcached servers Unless updated within...

New 10 Second SLA For Rapid DDoS Mitigation

Two months ago, we updated the Imperva Incapsula SLA service level agreement to guarantee network and application layer DDoS attack mitigation in under 10 seconds. This commitment sets a new standard for time to mitigation TTM, made possible by improvements to our DDoS mitigation technology and...

4 Steps to Monitor and Audit Privileged Users of Data Stores

Changing regulatory requirements for protection and privacy of data and increasing numbers of data breaches are driving a greater focus on data protection. Understanding who is accessing critical data, what was accessed and when it was accessed is a critical component of strong security operation...

A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)

An organization’s database servers are frequently the prime target of attackers. We recently started a new research project we named StickyDB to learn more about database hacking, primarily to understand common database attacks, tools and techniques engaged by attackers. To conduct this research,...

NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases

Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...

NetRefer Chooses Imperva Incapsula WAF: A Case Study

Since 2005, companies have been using NetRefer’s performance marketing software to fully automate their affiliate programs. From enrollment through customer relationship management CRM, tracking, finance and rewards management and payments, NetRefer’s Unified Performance Marketing Platform...

New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks

It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code...

Integrate Your Ticketing System into Database Security to Prevent DBA Privilege Abuse

Many of the recent high-profile data security breaches were made by trusted insiders. They are often database administrators DBAs who are highly privileged and trusted insiders with access to sensitive data. In this blog post, I will discuss the inherent risk introduced by highly privileged...

A Deep Dive into Database Attacks [Part I]: SQL Obfuscation

Today, data breaches are a threat to every organization. According to a report from Risk Based Security covering the first half of 2017, over 6 billion records were exposed through 2,227 publicly-disclosed data breaches. The number of exposed records is already higher than the previous all-time...

One GRC Manager’s Practical Approach to GDPR Readiness

With about four months to go before the GDPR becomes effective many companies are still struggling with where to start. You’re not alone. According to this survey, the majority of companies are slow off the mark. On top of that, companies require resources and budget to prepare for and comply wit...

CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS

Yesterday Monday, February 5, 2018, a zero-day vulnerability in WordPress core was disclosed, which allows an attacker to perform a denial of service DoS attack against a vulnerable application. The vulnerability exists in the modules used to load JS and CSS files. These modules were designed to...

GDPR and Breach Detection: How to Ask the Right Questions to Meet the GDPR Breach Notification Rule

It is now less than four months before the General Data Protection Regulation GDPR becomes effective. This new data regulation of the European Union is designed to provide individuals with rights and protections over their personal data collected by business around the world. It aims to unify dat...

2017 OWASP Top 10: The Good, the Bad and the Ugly

Since its founding in 2001, the Open Web Application Security Project OWASP has become a leading resource for online security best practices. In particular, its list of the top 10 “Most Critical Web Application Security Risks” is a de facto application security standard. The recently released 201...

Survey: APIs a Growing Cybersecurity Risk

Like a lot of people, your mobile phone number is probably easily accessible to anyone with a bit of searching. Imagine if someone could take this number and your name and gain access to your mobile phone account including billing, email address and phone IMSI. Or maybe someone hacked into one of...

Cloud Migration Checklist for Application and Data Security

In the final post of our series on cloud migration, we’ve put together a list of strategic and immediate considerations as you plan to migrate your business to the cloud. From a high-altitude viewpoint, cloud security is based on a model of “shared responsibility” in which the concern for securit...

Improve the ROI of Your Database Protection Investment

When an organization considers switching a mission-critical compliance or security system from one vendor’s solution to another it’s a very big decision. There is expense involved in acquiring the new solution, it will take time and money to deploy and retrain staff, and it will take careful...

Deserialization Attacks Surge Motivated by Illegal Crypto-mining

Imperva’s research group is constantly monitoring new web application vulnerabilities. In doing so, we’ve noticed at least four major insecure deserialization vulnerabilities that were published in the past year. Our analysis shows that, in the past three months, the number of deserialization...

Cloud Migration: Technical and Business Considerations

If you’re like many businesses, you’re moving applications into public and private cloud infrastructures. You’ve seen how the cloud’s agility, resiliency, and scalability drives business growth. Fortunately, rolling out new apps in the cloud is easy when you have containers, microservices, and...

Security Strategies for DevOps, APIs, Containers and Microservices

More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing trend towards speeding up application developmen...

Five Cloud Migration Strategies for Applications

Regardless of your current IT environment or your vision for migrating to the cloud, numerous strategies exist that can accommodate your cloud-migration approach. Fortunately, this range of options allows you to proceed with caution while making progress toward your ultimate objective. Always kee...

Cloud Database Migration Peer Insights [Study]

Not long ago, for security, compliance or other reasons, it was unthinkable for many regulated organizations to move sensitive data into the cloud. It’s striking how things have changed. Maybe it was inevitable that services like email were cloud migration candidates. People trust Microsoft, and...

Cloud Migration Fundamentals

The advantages offered by a cloud-based environment make it an easy decision for most companies to make. Still, there are numerous critical choices to be made that can transform the complexities of the migration process into a relatively smooth transition—especially regarding application and data...

Our Analysis of 1,019 Phishing Kits

In recent years phishing activity has grown rapidly, with thousands of phishing sites popping for a virtual moment that last weeks, days or even hours, before becoming ineffective—either getting blacklisted by security providers, or brought down by internet providers and authorities, or in most...

Three Reasons Why GDPR Encourages Pseudonymization

The General Data Protection Regulation GDPR is the European Union’s new data regulation designed to provide individuals with rights and protections over their personal data that is collected or created by businesses or government entities. It unifies data protection regulation across all member...

The State of Web Application Vulnerabilities in 2017

As a web application firewall provider, part of our job at Imperva is constantly monitoring new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newsletters, forums, social media and more, integrate...

Women in Tech and Career Spotlight: Jerusalem Bicha

We conclude our series featuring women in tech at Imperva with an interview with Jerusalem Bicha, network operations team lead at Imperva. We talked about her path to a career in cybersecurity. Tell us how you got into cybersecurity. JB: I actually don’t have a degree. My career in cybersecurity...

Top Five Trends IT Security Pros Need to Think About Going into 2018

It’s that time of the year when we look back at the tech trends of 2017 to provide us with a hint of things to come. Accordingly, let’s engage in our favorite end-of-year pastime: predictions about the coming year. Equipped with Imperva’s own research, interactions with our customers, and a wealt...

Women in Tech and Career Spotlight: Inna Shalom

The latest in our series featuring women in tech at Imperva is my interview with Inna Shalom, the data insight team lead at Imperva. She spoke about her professional journey and experience working in the cybersecurity industry. Tell us how you got into cybersecurity. IS: I spent the first six yea...

Imperva’s Top 10 Blogs of 2017

I recently took a step back to review all the content we shared in 2017 on the Imperva blog. We covered a broad range of topics including data security, cloud migration, application and API security, AI and machine learning, cybersecurity research, GDPR, insider threats and more. We were busy!...

Botnets, Breaches, and the End of Defense in Depth: Our 2017 Cybersecurity Predictions in Review

As 2016 closed out, Imperva once again peered into its crystal ball. As usual, there was much to foretell regarding the ever-changing cybersecurity realm in 2017. We’ll be doing the same soon as we look ahead into 2018. But before we do, we like to assess how accurate we were against the...

DevOps in the Cloud: How Data Masking Helps Speed Development, Securely

Many articles have discussed the benefits of DevOps in the cloud. For example, the centralization of cloud computing provides DevOps automation with a standard platform for testing and development; the tight integration between DevOps tools and cloud platforms lowers the cost associated with...

Women in Tech and Career Spotlight: Shiri Margel

This month we’ll be closing out our series featuring women in tech at Imperva. While I work closely with many of the women we’ve spotlighted, I’ve found learning more about their backgrounds so interesting—I hope you have too! Continuing in the series, I spoke with Shiri Margel, team lead in the...

The Forrester Wave Ranks Imperva as a Leader for DDoS Mitigation Providers

Imperva has tracked the DDoS threat for some time now. Back in 2014 we saw the rise of DDoS botnets. In 2015, we revealed one of the first IoT-based DDoS attacks. Last year, we predicted and then documented one of the largest botnet-based DDoS attacks. DDoS mitigation, as it turns out, is the...

Data Masking 101 – Whiteboard Wednesday [Video]

Data masking is an effective way to protect a large majority of your organization’s data. It replaces original data with realistic, but fictional data—reducing production data sprawl and your attack surface footprint, while maintaining the data's use for things like development, analytics modelin...

Q3 2017 Global DDoS Threat Landscape Report

Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,765 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q3 2017. Before diving into the report’s highlights, it should be mentioned that this quarter was marked...

Database Security at Cloud Scale

The biggest challenge to data security is the sheer volume and pace of data growth. More so even than the shift from relational data to unstructured or the migration of data to the cloud. “Cloud scale” is usually used to refer to technical items like data center size and operations or networks an...

Build-Your-Own Data Masking. Yes or No?

A lot of organizations are taking great strides to protect their sensitive data with a multi-layered strategy—one that includes data masking. We’ve even seen many tackling this critical data security component in DIY fashion, often tasking one resource with developing and implementing scripts to...

Six Ways to Secure APIs

API usage in application development has become the trend of the year. Adoption of micro-services and server-less architectures have only accelerated this trend. Based on conversations with analysts and customers, we expect APIs to become the majority of web application front ends in next couple ...

Good Bots In. Bad Bots Out.

More than half of Internet traffic today comes from bots. These non-human visitors crawl the web constantly, their numbers are increasing, and they are getting smarter and more human-like by the minute. Imperva has been tracking these trends for more than five years, in an ongoing statistical stu...

Women in Tech and Career Spotlight: Shu White

Up next in our series featuring women in technology at Imperva is a spotlight on Shu White, the company’s vice president and deputy general counsel. Hailing from a legal background, I found her perspective particularly unique. Read below for Shu’s take on the cybersecurity industry, the inspiring...

Will AI Change the Role of Cybersecurity?

Mention artificial intelligence AI and security and a lot of people think of Skynet from The Terminator movies. Sure enough, at a recent Bay Area Cyber Security Meetup group panel on AI and machine learning, it was moderator Alan Zeichick – technology analyst, journalist and speaker – who first...

How Reputation Intelligence Improves Application Security

Reputation intelligence is information about cyber entities known for specific activity, whether malicious or benign, which can be fed to and actioned on by a web application firewall WAF. It provides an additional application security layer by effectively identifying and blocking threats from...

Women in Tech and Career Spotlight: Luda Lazar

For National Cyber Security Awareness Month my colleague Joy Ma kicked off the first in of a series of articles where we’ll be spotlighting some of the women who work at Imperva. Continuing in the series, I spoke with Luda Lazar, security research engineer for the Imperva Defense Center, to get h...

Can a License Solve Your Cloud Migration Problem?

No, but it can certainly reduce friction. Cloud adoption is no longer an if, but a when. Even Gartner says there’s no such thing as a ‘no cloud policy.’ The winds of technology change are blowing, but no enterprise is talking about 100% cloud adoption in the near term. Hybrid IT environments are...

Cloud WAF Versus On-Premises WAF

“The Times They Are a Changin’”, Bob Dylan knew it in 1964 and what was true then is even move true today. There continues to be ongoing debate on web application firewalls WAFs, specifically which is better for the enterprise—on-premises solutions or those in the ever-changing cloud. When...

Machine Learning: Identify the Unpredictable – Whiteboard Wednesday [Video]

When it comes to identifying insider threats, the fundamental challenge is how to determine when data access appears out of the ordinary for a typical user or system, and of those instances, which ones are dangerous versus merely unusual. A lot of solutions today serve up so many policy violation...