Multiple Imperva Products Earn 2022 Fortress Cyber Security Awards

In June, the Business Intelligence Group announced that three Imperva products have earned the 2022 Fortress Cyber Security Awards. The mission of this prestigious award program is to identify and reward leading companies and products globally that are successfully keeping data and electronic...

How to ‘Win’ a Red Team Exercise

What is a red team exercise? Organizations that conduct red team exercises use penetration testing tactics to assess vulnerabilities and discover weak points in their cybersecurity preparation. Usually, this involves two teams - one red the protagonists and one blue the incident responders who mu...

What is Steganography, and how can we Avoid it?

What is steganography? Steganography is, broadly, a type of covert communication involving the use of any medium to hide messages. Steganography is a relatively old technique of hiding ‘secret’ data in plain sight to avoid detection. Seeing a resurgence of late, bad actors are taking advantage of...

Top Challenges to Implementing Data Privacy: Nailing Down Discovery and Classification First is Key

Why Discover and Classify is so critical Ice hockey goal-scoring great Wayne Gretzky is reported to have said, “You miss 100 percent of the shots you don’t take.” The data security version of this quip is “you protect zero percent of the data you can’t see” and the data privacy version is “if you...

Four Reasons why you Should Consider Contingency DDoS Protection

The experts agree that Imperva is solidly positioned as a leader in Distributed Denial of Service DDoS mitigation. Over our many years as leaders in this space, we have determined that no matter how reliable your current DDoS protection is, there is always a chance that your network infrastructur...

How to do Feature Selection Using Feature Contribution Data

Feature contribution is a method to give a weight to each feature that reflects its impact on the model’s prediction. Feature contribution can be calculated on an entire dataset or a single data point. In our previous blog post, we showed how to visualize feature contributions to make it easy to...

Anomaly Detection at Scale Using SQL and Facebook’s Prophet Forecasting Algorithm

Anomaly detection is a very important task. At Imperva we use it for threat hunting, risk analysis, risk mitigation, trends detection and more. In a previous post we showed how it can be done in a simple method by SQL. This time we wanted to use Prophet, which is an algorithm for forecasting time...

Fundamental Security Concepts and Best Practices Every Game Developer Should Know

Gaming is now the world’s favorite form of entertainment, with Newzoo reporting that by 2023 there will be more than three billion gamers across the planet. With the growth of multiplayer games, however, the number of cheaters has also increased. A study by The New York Times found that almost 50...

The Benefits of Including Static Data Masking in Your Security Arsenal

Static data masking SDM is defined as, “The act of permanently replacing sensitive data at rest with a realistic fictional equivalent for the purpose of protecting data from unwanted disclosure.” Industry analysts characterize SDM as a must-have data protection layer capable of protecting large...

New Waiting Room Solution Ensures Best Peak User Experience

New Imperva Waiting Room Enables Organizations to Deliver Consistent Optimal Website User Experiences During Peak Traffic Periods Organizations benchmark website success by the volume of legitimate traffic and online sales it generates. Website architects want to drive as many visitors as possibl...

The Role of the Cybersecurity Leader in 2022

Who does the modern CISO need to be? According to the 2021 Gartner, Inc. Market Guide for Managed Detection and Response Services, the role of the chief information security officer CISO has to change in 2022 to combat the ever-evolving modern threat landscape. Eighty-eight percent of company...

How to Monitor Athena Usage to Understand Your Operations, and Control Security and Costs

Introduction to our data lakes experience Data lakes are great. They are flexible as they allow many object formats and multiple query engines. They are also cost effective - there is no need to manage or pay for resources like disks, cpu and memory. Data is simply stored in an object store and i...

How to Find Extra Cybersecurity Budget

Risk is up and budgets are down Organizational cybersecurity is a business issue, one could even say a finance issue, not just an IT issue. Gone are the days when cybersecurity was a luxury investment. Worldwide attacks are growing daily in frequency and complexity, regardless of the business siz...

ATO Attacks Targeting Financial Services Increased 58 Percent in May. Who Else Needs to Worry?

Account takeover ATO is a form of identity theft that cyber criminals use to get unauthorized access to the accounts of legitimate users through some kind of brute force method such as Credential Stuffing. In 2022, account takeover attacks are on the rise. In June for example, Imperva’s Threat...

Why a “Lift-and-shift” Cloud Migration Strategy Doesn’t Support Data Security

The classic 1982 Steven Spielberg horror film “Poltergeist” chronicles disturbing, unexplained paranormal activity happening in a suburban family’s idyllic home. As the activity becomes more sinister and terrifying, the family learns that their neighborhood was built on an old burial ground. It...

Five Ways the Gaming & Gambling Industry is Targeted by Bad Bots

Let’s play a game of chance: What are the odds that your gaming website is being targeted by bad bots? Imperva research suggests they’re higher than you may think. Imperva’s 2022 Bad Bot Report reveals that 53.9 percent of traffic to gaming and gambling websites comes from bad bots. With the...

How the Evolution of Agents has Been Essential for Modern Database Security

In today’s data driven world, every organization’s most important asset is their data. Accordingly and similarly to other protected components like applications, web and peripheral gateways, databases require a dedicated security solution as well. An essential database security solution must...

Determining “Need to share vs. Need to know” is a Cornerstone of a Data Protection Strategy

There is a paradox that lies at the heart of data security. Data itself only has real value if an organization can share it with stakeholders that need it to perform their roles. However, the more widely an organization shares data the greater the risks of the data being compromised. Data securit...

Natural Language Processing and “Mindful” AI Drive More Sophisticated Bad Bot Attacks

The evolution from human to bot attacks Over the last several years of my career in cyber security, I have been fortunate to work with professionals who researched and developed new cyber security detection and prevention solutions that block high-end cyber attacks. Initially, these attacks were...

Can Business Cybersecurity Protection Outlay Offset Cybercrime Insurance?

What is cybercrime insurance? Business cybersecurity protection cybercrime insurance safeguards organizations from any financial losses relating to damage to or loss of information from, networks and IT systems. This may include reputation loss, the cost of business interruption, infringement of...

Four Key Findings from the 2022 Cyberthreat Defense Report

For the ninth year, Imperva is proud to sponsor CyberEdge Group’s annual Cyberthreat Defense Report. In this report, CyberEdge Group delivers a detailed accounting of how IT security professionals perceive cyberthreats today and reveals actionable insights into how they plan to defend their...

7 Facts About Insider Threats That Should Make you Rethink Data Security

In the report, Insider Threats Drive Data Protection Improvements, Forrester Research asserts that most organizations are making positive steps toward protecting the sensitive data they are migrating to the cloud. However, Forrester suggests that many have not devised a comprehensive plan that...

Imperva Introduces New Features to Help Prevent Online Fraud

As we move more of our daily activities and the services we consume online, the threat of fraud grows, and the risks become greater. Data suggests the majority of organizations are already detecting a rise in online fraud. In a recent survey of senior risk executives, 67 percent said that their...

Gone Ape? How to Protect NFTs from Theft

What are NFTs? Non-fungible tokens NFTs are unique and irreplaceable digital assets that, by their nature, have an intrinsic value. These could be digital art, photography, GIFs, avatars, memes, 3D objects, domain names, trading cards, virtual land, music, or other digitally tradable tokens. Each...

How to Reduce the Risk of Buy Now, Pay Later Fraud

According to a recent FinTech trends report, 2022 is expected to be a big year for Buy Now, Pay Later BNPL. Apple’s recent announcement of its entry into BNPL with Apple Pay Later represents a seismic boom for a sector which is projected to top $1 trillion in annual gross merchandise volume by...

How CISOs can Find and Retain Security Staff During the Great Resignation

The rising demand for cybersecurity professionals As if the skill shortfall in cybersecurity wasn’t bad enough, the employment landscape is shifting rapidly. This shift is due, in part, to historically low unemployment claims, unrivaled quit rates, and swathes of baby boomers and older Gen X...

Q1 2022 Global DDoS Threat Landscape Report Findings Summary

Last week, Imperva released the Q1 2022 Global DDoS Threat Landscape Report. To produce the report’s findings, Imperva performs detailed statistical analysis of all DDoS activity that our Threat Research Labs monitored from our global network of PoPs during the first three months of 2022. In...

Five Ways Cyber Attackers Leverage Bad Bots to Commit Automated Fraud

The accelerated shift to digital payments has made online fraud more prevalent than ever, as losses from it are expected to exceed $206 billion over the next five years, driven by identity fraud, fake accounts, and payment fraud. Catalyzed by the pandemic, the shift gained substantial traction in...

Three Reasons Why Unification Drives Modern Data Security Strategy

Today, the necessities of business innovation compel most organizations to have several teams with diverse priorities managing dozens of data sources, all with different structures. This makes it impossible to secure complete data repositories successfully using traditional methods. This post wil...

Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater than 1.3.0. The advisory details a critical severity unauthenticated remote code execution...

Enhance Network Resiliency with Contingency DDoS Protection

Recent digital market outages have proven the fragility of network infrastructure. When your primary service provider experiences an unexpected outage, your infrastructure is left unprotected and vulnerable to a DDoS attack. The downtime you face waiting for your DDoS mitigation to start working...

Five Steps to Prepare Data for a Zero-Trust Security Model

The outmoding of traditional network security Traditional network security was based on the concept of a guarded network perimeter, which is difficult to access from the outside but implicitly trusts everyone on the inside. The problem with this approach is that once an attacker has access to the...

The 3 Biggest DDoS Attacks Imperva Has Mitigated

Imperva has just released the DDoS Threat Landscape Report Q1 2022. Download it now to familiarize yourself with new threats and get detailed information about current DDoS attack patterns and their potential impact on your business. So far, 2022 has been a brutal year for DDoS attacks and we see...

Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy

In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service DDoS attacks against a number of websites including the United Nations UN, The Organization for Security and Cooperation OSCE an organization founded in Finland, and oth...

Bad Bots and the Commoditization of Online Fraud

Fraudsters will stop at nothing to exploit your websites and customers, and with the accelerated shift to digital payments, online fraud has never been more profitable. This shift, catalyzed by the pandemic, really gained traction in 2021 as the popularity of digital payments exploded. In fact,...

How to Develop Machine Learning Skills for Every Employee in Your Company

Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...

3 Recommendations to Ensure Your API Security Solution can Drive Data Visibility and Quality

Today at least 90% of developers are using APIs in cloud-native web application development. According to new data collected by Forrester Research and presented in their report, Improve API Performance with a Sound API Security Strategy, 62 percent of IT decision makers believe the value they gai...

Evasive Bots Drive Online Fraud – 2022 Imperva Bad Bot Report

The 2022 Imperva Bad Bot Report is now available. The report is the ninth annual in-depth analysis of bot traffic, created with data collected from Impervas global network throughout the past year by the Imperva Threat Research Team. Bad bots are software applications that run automated tasks wit...

8 Ways to Avoid CISO Burnout

Times have changed In recent years the job of Chief Information Security Officer CISO has become more and more frenetic and involved. Already stretched CISOs have the added responsibilities of employee management in a time of a global pandemic, staff retention when priorities have changed and...

How Imperva Data Security Fabric Reduces Splunk Ingestion Costs and Accelerates Incident Management

They say the devil is in the details. This is especially true for security professionals that use Splunk as their organization’s primary security analytics engine. Splunk analytics gives security teams a real-time view of machine data from networks, data centers, or IT environments. Organizations...

Help Employees and Consumers Avoid Self-inflicted Cybersecurity Mistakes

It shouldn’t be news to anyone that people sharing information online are concerned about the safety of their data. Imperva recently conducted a study with YouGov plc regarding consumers’ attitudes towards data, whether they feel in control of their personal data, and if they trust the...

The Business Case for Modernizing On-Premises and Cloud-Based Database Security

Nobody ever says, “We don’t need better security for the data we manage.” There is, however, a balancing act that security professionals perform every day to get the most security value from their solutions at the lowest possible cost. As they move more workloads into cloud-native environments an...

Forrester Report Reveals the 5 Benefits IT Teams Really Need from API Security Tools

An Application Programming Interface API is a software intermediary that allows applications to communicate with one another. APIs provide routines, protocols, and tools for developers to facilitate and accelerate the creation of software applications. They enable applications to easily access an...

Building on Your Existing DAM Instance is Smart Budget Planning

For organizations that use it, Imperva’s DAM Gateway is the workhorse of data auditing and security. Today, the explosion of data and data repositories that organizations need to manage - both on-premises and in cloud environments - requires a more flexible, higher-capacity technology platform to...

Data Protection as the Foundation of Trust: Celebrating Privacy Awareness Week in APAC

As part of our mission to help organisations protect their data and all paths to it, Imperva is supporting Privacy Awareness Week in Australia and Singapore, with the aim of educating individuals and organisations about the importance of data privacy and protection. In today’s digital economy, da...

API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot

Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features you need within solutions to protect your APIs. When a bad actor makes a completely val...

6 Best Data Security Practices You Can Start Today

Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts to shore up their data security. Here are six best practices yo...

Four Benefits of Software as a Service (SaaS) for Cybersecurity Teams

Software as a service, or SaaS as it’s more commonly known, is more than just a license delivery model and a way for cybersecurity teams to pay for critical cybersecurity software - it has real benefits for the customer. In a SaaS distribution model, the software is hosted by the software service...

How to Stop New Employees from Becoming Insider Threats

In the midst of a booming tech economy and a concurrent Great Resignation, recruitment and hiring are all-seasons imperatives. As new people constantly join the organization, how can busy security teams guarantee they will adhere to established data security practices from their onboarding and...

Reading the API Security Tea Leaves for 2022

Just as the global pandemic persists in redefining the new norm, so has enterprises’ growing investments in digital transformation initiatives to keep one step ahead of their competitors. APIs are the engine that are helping drive these digital transformations from the innovation of new services...