1017 matches found
7 Ways Imperva Solutions Reduce the Cost of Data Security
As we push into Q4, economic uncertainty caused by rising interest rates, as-yet unchecked inflation, and a bear market is driving many enterprises to buck the trend and tighten cyber security budgets for the last three months of 2022. The result is increased pressure to achieve data security whi...
Talking to our Team about Cybersecurity Careers, on Ada Lovelace Day
Today’s Ada Lovelace Day, and this is a time to highlight the achievements of women in technology, engineering, science, and mathematics, and to encourage girls and women to pursue careers in STEM. Imperva Enterprise Account Managers, Leanora Weaver and Rebecca Kelly, both members of the Imperva...
Why a Resilient Content Delivery Network (CDN) is Key to Website Performance
Today’s online users have built-up certain standards of quality when visiting a website. They expect a high performance website with fast page load times and easily accessible, fresh and dynamic content. They also expect to enjoy a seamless and secure experience without downtime or limitations to...
Why we all Need a Password Manager
What is a password manager? A password manager helps users create unique and complex passwords and store them in an encrypted fashion, meaning each website, application, or program that needs login information can use a more secure string of characters, letters, and symbols. Users don’t have to...
Massive Multi-Vector 1.37 Tbps DDoS Attack Mitigated by Imperva DDoS Protection
On July 22, an Imperva customer was targeted by a network DDoS attack that reached a maximum bandwidth of 1.37 trillion bits per second Tbps, making it one of the largest attacks that Imperva has stopped and one of the larger DDoS attacks on record. The attack lasted a little over two hours in...
Imperva DSF Secures Your Data in Amazon Web Services Enterprise Data Lakes
Data lakes serve as a central repository for storing several data types - structured, semi-structured, and unstructured - at scale. One of the ways data lakes are useful is they do not require any upfront work on the data. You can simply integrate and store data as it streams in from multiple...
Attack Analytics Helps You Find the Monsters Under the Bed
Alert fatigue kills data breach detection efforts Is there anything more frightening than missing a cyber attack? For most organizations, the answer is no. However, for many security teams, it’s challenging to tune alerts properly to minimize false positives and still be alerted to potential...
Why Imperva is a Cybersecurity Awareness Month Champion
This is our second consecutive year as a champion of Cybersecurity Awareness Month. Nowadays, IT security is everyone’s responsibility, and that’s something we take very seriously. Cybersecurity Awareness Month raises awareness of the core principles behind cybersecurity and highlights the key...
Microsoft Exchange Server Vulnerabilities CVE-2022-41040 and CVE-2022-41082
On September 29, Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server. The vulnerabilities allow remote code execution RCE when used in tandem. It is important to note that both require authenticated acces...
The 5-Question Test to Assess Your Readiness to Manage Insider Threats
An insider threat is a cyber security risk that originates from within any organization that is being targeted by attackers. Often, insider threats involve a current or former employee, or business associate, who has access to sensitive information or privileged accounts, and who misuses this...
How Scanning Your Projects for Security Issues Can Lead to Remote Code Execution
The Imperva Red Team recently discovered and disclosed CVE-2022-40764, a command injection vulnerability affecting Snyk CLI. Snyk is a security company best known for its dependency vulnerability management software. The disclosed command injection vulnerability affects the Snyk command-line...
For Cost-Conscious Compliance Reporting, Rethink Your Data Retention Capability
Staffing costs required to generate reports for compliance audits are high, but the time required to generate the reports themselves is not necessarily to blame if you have suitable access to your data. Today, the cost to retain data is the real challenge in compliance reporting. In this post,...
At Kong Summit 2022, Imperva Will Demonstrate how to Use Terraform to Onboard Kong-managed Apps and Discover API Endpoints
Imperva and Kong are working together to simplify APIs Imperva is attending Kong’s 2022 Summit on September 28 and 29 in San Francisco. Imperva’s Summit booth will feature both a recorded and live demo built to showcase how Kong and Imperva seamlessly integrate using Terraform. Imperva, a...
SaaS Eliminates Barriers to Applying Security Controls to Your Entire AWS and Azure Data Repository
Businesses today widely regard data as “the new oil,” the most valuable resource on earth. At the same time, we are in the midst of the most dynamic IT landscape in history which is increasing the risk to this most valuable asset. Organizations, without sufficiently skilled staff to effectively...
Six Ways to Have Your eCommerce Site Ready for High-Traffic eShopping Days
The spikes are coming September is nearly over, and Black Friday, Cyber Monday, Thanksgiving, Hanukkah, Halloween, Super Saturday, and the festive season will soon be upon us. With the holidays comes increased sales opportunities, driven by increased traffic. When you’re ready for the spikes, you...
“Oops, I insecurely coded again!”
The call is coming from inside the house It’s no secret that companies need to be vigilant about application security. However, frequently the source of application vulnerabilities may come as a surprise to security teams. While zero-day exploits are a principal focus of vulnerability mitigation...
Record 25.3 Billion Request Multiplexing DDoS Attack Mitigated by Imperva
On June 27, 2022, Imperva mitigated a single attack with over 25.3 billion requests, setting a new record for Imperva’s application DDoS mitigation solution. While attacks with over one million requests per second RPS aren’t new, we’ve previously only seen them last for several seconds to a few...
The Global DDoS Threat Landscape – September 2022
Every month in this space, we will post the State of the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks become more frequent, varied, and sophisticated, it is critical that we regularly communicate the Imperva Threat Research team’s findings and...
7 Ways Good Data Security Practices Drive Data Governance
As more organizations continue with digital transformation plans, their ability to be good stewards of the data for which they are responsible becomes more difficult. They are generating more data, more data types, in more repositories, in more and different architectures. Every day, organization...
Three Keys to Securing Shadow Data
What is shadow data? Shadow data is any data contained anywhere in your entire data repository that is not visible to the tools you use to monitor and log data access. Shadow data may include: Customer data that DevOps teams copied into an unknown database to test applications they are developing...
PCI DSS Tackles Client-Side Attacks: Everything You Need to Know About Complying With PCI 6.4.3
Client-side attacks often referred to as Magecart attacks have been around since as early as 2015 and dramatically gained in popularity when the global pandemic accelerated digital transformation, by driving more people and data online. Now the fight against these attacks is stepping up a notch...
Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program
A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed. There are...
Why the Search for Best-Of-Breed Tooling is Causing Issues for Security Teams
The growing need to consolidate vendor portfolios The adoption of best-of-breed security solutions has led to unforeseen problems for SOCs. Onboarding a new solution increases complexity; it requires configuration, integration with existing tools, fine-tuning policies, and the ability to create...
Imperva Is a Magic Quadrant Leader for Web Application and API Protection (again)
With the summer coming to a close we are now entering into “Magic Quadrant” season for the application security market and this means the latest edition of the 2022 Gartner® Magic Quadrant for Web and API Protection. Well, we are pleased with the result because once again Imperva has been...
Imperva Boosts Connectivity with New PoP in Manila
We are delighted to announce the addition of a new Imperva Point of Presence PoP in the Asia Pacific region with the opening of our new data center in Manila, Philippines. The new location brings our total number of PoPs in Asia to 15, significantly boosting our presence in the region and providi...
Are you getting the most out of your security platform investment?
In the last few years, most organizations had to accelerate their digital transformation to continue operations during the pandemic. However, as more software, applications, and data architectures were added to the technology stack, the number of tools implemented to secure these assets became...
Two New Trends Make Early Breach Detection and Prevention a Security Imperative
Key signs to look for in today’s complex data threat landscape Introduction The most vulnerable data repositories are the ones deep in your organization’s infrastructure. Everyone assumes they are safe, but as with your home, organizations must invest in security at entry points. Otherwise, the...
How to Support Agile Development Through Cybersecurity Best Practices
Understanding other peoples problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly and easily to stay ahead of their competition...
Calculate Splunk Ingestion Costs Savings when Pre-Processing Data Repository Logs with Imperva DSF
If you use Splunk to ingest all your data for security analytics, you likely recognize it as one of the greatest indexing tools ever created. With Splunk, your security teams get a real-time view of machine data from the network, data center, or IT environments. Many enterprises also use Splunk t...
Imperva Data Security Fabric Wins 2022 SC Media Trust Award for Data Security
SC Media has announced the winners of their 2022 SC Awards, with 38 companies, executives, and security solutions selected by their panel of judges as the best of the year. We are thrilled to report that Imperva Data Security Fabric has earned the 2022 SC Media Trust Award for Data Security. For...
Enable Security Teams to Leverage Machine Learning Technologies
As on-premises and cloud-hosted data repositories get larger, they are outstripping the ability of traditional data-crunching methods to efficiently analyze the information. As a result, more enterprises have turned to data science and machine learning platforms to create business value. The...
The Five Principles of a Zero Trust Cybersecurity Model
When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero trust model, every organization should be actively moving in that...
“Don’t touch that server. Ralf set that up, and we don’t know what it does.”
Based on a true story… More than a couple of decades ago, I went to work for a network and web company as their customer marketing department. It was a crazy time. Online marketing was all about getting on DMOZ, Lycos was still a puppy, asking Jeeves felt like talking to an AI, and how you laid o...
In the Fight Against DDoS Attacks, not all PoPs are Created Equal
A distributed denial of service DDoS attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. A DDoS attack is launched from numerous compromised devices, often distributed globally in what ...
Three Keys to Turning Data-centric Security Theory into Practice
Most cybersecurity professionals agree that as more organizations move data and applications to cloud-hosted environments, traditional measures focusing on protecting IT infrastructures are not up to the task. In fact, according to Crowd Research Partners, 84 percent of organizations say...
Cybersecurity and PR: Making Data Protection Public
The customer cares Customers regularly see news about privacy and hacking, and they want to know that it’s safe for them to give over their personal data. A lack of trust in an eCommerce site is a leading reason why potential customers abandon their shopping carts. Consumers have no shortage of...
What we know about VMWare CVE-2022–31656 and CVE-2022–31659
Takeaways: VMWare Workspace ONE vulnerabilities CVE-2022-31656 and CVE-2022-31659 work in tandem to allow a remote attacker with network access to conduct remote code execution on the server. Imperva Threat Research has seen a sharp rise in attacks since a POC was published on August 9, mostly...
Is it Illegal to Scrape a Website for Content?
Web scraping is the process of using bots to extract information from a website. In recent years, the debate over web scraping is growing more complex as business intelligence and data privacy issues arise. The practice of web scraping has gone on for nearly as long as there have been websites. T...
Why Cybersecurity Needs to be a Part of Your ESG
What is an ESG? Environmental, social, and corporate governance ESG documentation is a way to visualize and evaluate how an organization is working for the betterment of social goals and how that organization is responding to the cry for greener, more aware, and more responsible, sustainable...
Five Data Security Controls and Processes you Must Bring to Cloud-native Infrastructures
Too frequently, there are significant misunderstandings in organizations with regard to who has the responsibility to protect cloud-hosted data. In Imperva’s recent report, A Data-Centric Cybersecurity Framework for Digital Transformation, IT analyst and author Richard Stiennon explains what...
Research Shows the Annual Cost of API Security-related Breaches is Mind-blowing
Application Programming Interfaces APIs have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has become more widespread, they are a much more prominent part of the cyber threat landscape. API-related hacks and data breache...
The Three Key Competencies that Optimize Data Security Orchestration
One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security incident is just the first part of the...
US Websites Targeted by 40% of the Bad Bot Traffic Worldwide
Bad bot attacks are often the first indicator of fraudulent activity targeting your website. This activity may be over-the-top, like validating stolen user credentials and credit card information to later be sold on the dark web or scraping proprietary data to gain a competitive advantage. Bot...
What is Dark Data, and how can we find it?
What is “dark data”? The term “dark data” refers to “any information assets that organizations collect, process, and store during regular business activities but generally fail to use for other purposes” Gartner. Often retained for compliance reasons, this data can also include past employee...
How Organizations Manage to Understand Millions of Unstructured Data Files at Scale
For an ever-growing segment of organizations, making sense of unstructured data is fast becoming imperative. It is also far more challenging. Unlike structured data that’s stored in rows and columns, text-based, and easy to search in relational databases and data warehouses, there is no defined...
Imperva Reaches New Heights as it Opens PoPs in Cape Town and Rio
Imperva is reaching new heights as we expand our global network of data centers with new points of presence PoPs in Rio de Janeiro, Brazil and Cape Town, South Africa. The two cities, often compared to each other for their many similarities including their breathtaking coastlines, white sandy...
Imperva Earns Three Cyber Defense Global InfoSec Awards for 2022
The Cyber Defense Awards in conjunction with Cyber Defense Magazine recently announced the winners of their prestigious annual Global Infosec Awards for 2022. We are proud to say that Imperva earned three Global Infosec Awards; as Most Innovative for Application Security, Cutting Edge for Cloud...
Four Main Reasons Shoppers Abandon eCommerce Carts
More than just window shopping eCommerce shopping cart abandonment causes brands a sobering USD 18 Billion in annual revenue Forrester Research. While rates differ by device, with mobile and tablet device users most likely to leave before completing their order, nearly 70 percent of shoppers dese...
Bots Hide Behind User Privacy – Should You Be Concerned?
Bot operators are perpetually devising innovative techniques to sneak past security as they go about their dubious, often downright illegal business. Emulating human behavior and traffic patterns are key elements of their strategy. One of the many layers comprising this strategy is reporting thei...
A Data-Centric Cybersecurity Framework for Digital Transformation
In this white paper A Cybersecurity Framework for Securing Cloud Data for Digital Transformation, analyst Richard Steinnon of IT Harvest explains that while cloud vendors supply a resilient and secure infrastructure, organizations who put data into the cloud are ultimately responsible for...