4 Bad Bots Likely to Cause Problems for the Remainder of 2022

A short primer on internet bots An Internet bot bot, for short is a software application that runs automated tasks over the internet. Bots typically run simple tasks which they can perform at a dramatically greater rate than any human. Beneficial or anodyne bots are characterized as legitimate, o...

APIs Are Here to Stay, so Get in Front of Securing Them

A recent IDC survey reported that 38 percent of organizations identified cybersecurity threats and regulations as the factor having the greatest impact on their technology investment planning over the next two years. The survey also revealed that for organizations taking a digital-first business...

Reduce Risk from Insider Threats Using Imperva Data Security Fabric

The definition of insider threats is as broad as the risks it represents. While insider threats may originate from negligent or malicious employees, they can also be external cybercriminals who bypassed perimeter controls using a compromised user account. No matter the source, or motivation,...

Imperva is named a Leader in The Forrester Wave™: Bot Management, Q2 2022

We are thrilled to announce that Imperva has been named a Leader in The Forrester Wave: Bot Management, Q2 2022 report – a trusted source for technology buyers that helps security and risk professionals select the right vendor for their needs in a technology marketplace. The report offers a...

Why Customers Asked us for a Data Security Fabric (Even When They Didn’t Know to ask for it by Name)

Our journey to the data security fabric started a while back when we built the industry’s first data security platform based on what customers said they needed and working with customers as design partners. The concept of a software platform has been around for a long time. Like all platforms, we...

Ethical Hacking and Penetration Testing. Where to Begin.

Looking at the employment landscape, it’s clear that prospects for landing cybersecurity positions are excellent and on the rise, but what about the commercial viability of that “grey side-gig”, ethical hacking and penetration testing? While the notion of “being bad to help the good people” is...

Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had

Identifying and taking action to stop policy-violating behavior is hard enough when you have complete insight into the risks affecting your data repositories. It is virtually impossible to achieve security, however, when you cannot even see these risks to your data repositories. Unfortunately, to...

Imperva Protects from New Spring Framework Zero-Day Vulnerabilities

New zero-day Remote Code Execution RCE vulnerabilities were discovered in Spring Framework, an application development framework and inversion of control container for the Java platform. The vulnerability potentially leaves millions of applications at risk of compromise. In two separate...

Agents and Agentless: Better Together

In your effort to collect data access information from your data repositories in order to apply security controls, you don’t have to make the black and white choice to go with agents or an agentless approach. It is important, however, that the tool you choose is right for the job you are doing. I...

API Security Explained

As enterprises continue on their digital journeys, security teams are preparing for the good, the bad, and the ugly of APIs. We’ll explain in plain language what APIs do, how they are attacked, and how API security works either as a stand-alone solution or with Web Application Firewalls and DDoS...

API Gateway or not, You Need API Security

To build and deploy apps in a fast-paced, iterative process, cloud-native developers in organizations on the digital transformation journey rely on APIs for communication. With at least 90% of developers using APIs in cloud-native web application development, organizations are reviewing their API...

CISA Warns CISOs to Brace for Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA, a United States federal agency under the oversight of the Department of Homeland Security, is urging business leaders and those responsible for digital security to prepare for attacks and adapt their digital security posture. This is...

A Search for API Security in the Operator’s Tool Box

Much has been written about modern application security tools and solutions from the provider’s perspective about their functionality and security features. When I was asked to write a blog about API Gateways and API Security, I felt it may be more useful to think about the subject from the user’...

How to use the Gartner® 2022 Strategic Roadmap for Data Security Platform Convergence

“It is not the strongest species that survive, nor the most intelligent, but the ones most responsive to change.” – Charles Darwin Evolution and innovation form the basis of most modern business mission statements. However, the same organizations pursuing growth and change often do not put...

By the Numbers: The Cost of Insider Data Breach vs The Cost of Protection

The global business data security landscape has become dramatically more challenging over the last few years. One of the main reasons for this is insider threats, as reported in the 2022 Cost of Insider Threats Global Report, independently conducted by The Ponemon Institute. Several factors have...

How Web Applications Are Attacked Through APIs

Happy Pi Day, everyone! As a technician, pi is a number that represents a constant. This constant reflects the ongoing cyberthreats that put enterprise assets at continuous risk as digital transformation and the resultant attack surface grow in parallel. Whether it’s a simple identity theft hack...

3 Steps to Putting a Modern Database Security Solution into Practice

As a Senior Security Solution Engineer, experience has shown me that there are no magic bullets when it comes to stopping data breaches. They are going to happen. What makes a data security solution most effective is the capacity to perform the reconnaissance activities necessary to identify...

Imperva Suspends Operations in Russia and Belarus

We are heartbroken by the escalation of events in Ukraine, and the tragic loss of life, displacement of people, culture and history. The safety of our global team remains a priority, and we’re in constant communication with Impervians in Ukraine to ensure their well-being and that of their...

Imperva Ships API Security Providing Continuous API Discovery and Data Classification with Two Deployment Models

Every day, organizations are challenged to bring products to market faster and out innovate their competition. At the heart of many digital transformation initiatives are development teams looking for ways to achieve initiatives and deliver on new product goals. Many of these teams openly embrace...

RASP: The World Cup’s Last Line of Cyber Defense

No greater sporting event exists that brings the peoples of the world together more effectively than the FIFA World Cup, with the first match kickoff set for Monday, 21 November 2022, in Doha, Qatar, at the Al Bayt stadium in Al Khor. Football fans from all across the globe will pour into the Gul...

Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second

We are only at the beginning of 2022 and it looks like it is going to be an interesting year for the Distributed Denial of Service DDoS landscape. We recently mitigated a ransom DDoS attack on a single website which reached a rate of 2.5 million requests per second Mrps. And while ransom DDoS...

Preparing for Heightened Attacks in the Current Geopolitical Environment

The current geopolitical environment has raised many concerns about security postures and readiness to respond to a cyberattack. Today, Imperva customers are protected by our world-class network, application, and data security products. Alongside that, Imperva Threat Research is closely monitorin...

5 Ways to Determine if you do Cybersecurity or Cybersecurity Theater

For a sentient species, humans, in general, have curious ideas when it comes to reckoning and responding to risk. For example, studies show using seat belts when driving in automobiles save lives. Studies also show when cyclists use helmets more cyclists’ lives are saved. This research drives...

How Insider Threats Drive Better Data Protection Strategies

Fifty-eight percent of sensitive data security incidents are caused by insider threats, according to a recent study by Forrester Research. Insider threats originate from inappropriate use of legitimate authorized user accounts. These accounts - assigned to internal employees and business associat...

Let’s Get Under the Hood of Imperva Snapshot

A stress-free guide for the prudent cloud operator With minimal setup, Imperva Snapshot enables you to immediately start your in-depth Amazon Web Services AWS RDS database assessment. With no prior training required, cloud operators can use this useful tool to pinpoint deficiencies in their...

Imperva Adds Active Attack Detection to its Data Security Platform

Protecting the data perimeter Organizations are in constant pursuit of technology that provides rapid insight into threats. Early visibility, in combination with context-rich alerting and efficient incident response workflows, streamline threat containment and remediation efforts. Identifying...

Why ATO Attacks Are Attacks on Your Customers

Motivated by the continual surge in eCommerce, which according to UNCTAD has seen unprecedented growth during the COVID-19 pandemic, retailers are scrambling to adapt to a shift in consumer demand and create unique customer experiences that set them apart from the competition. The rise in online...

The Tripod Foundation of a Database Analytics Solution for Today’s Threat Landscape

In the first and second posts in this series, we explained why traditional approaches are no longer viable to take on today’s threat landscape and showed why internally-generated attacks are so difficult to stop. In this post, we’ll identify the critical elements of a highly effective database...

Imperva Mitigates Massive Bot Attack of 400 Million Requests

Imperva Advanced Bot Protection detected and stopped the largest bot attack in Imperva history. The web scraping attack targeted a global job listing site with operations in six countries. The attacker used a large-scale botnet, generating no less than 400 million bot requests from nearly 400,000...

Why Insisting on Complicated Passwords can be a Dangerous Security Practice

According to the Forester Insider Threat report, commissioned by Imperva in 2021, 50% of the companies surveyed plan to increase security awareness among their employees over the next 12 months. Many are already doing so and have solid practices in place. According to the 2022 Ponemon Report on t...

Is it Easier to Turn Cloud Professionals into Security Practitioners or Vice Versa?

Insights into the cybersecurity skills gap In a poll taken at a recent Imperva webinar, What’s New in ‘22? Cybersecurity Trends and Predictions, participants said it’s easier to turn security practitioners into cloud professionals by a margin of 65-35. Three Directors in Imperva’s Office of the C...

What is Shift-Left Testing and What are the Benefits?

Back in the infancy of software creation, certainly up until the mid-90s when we still used more traditional software development practices, most testing was conducted at the end of the production cycle on a graph, this would be to the right on the development timeline. Shift-left takes this...

Five Takeaways from FlexBooker’s Data Breach

A few weeks ago, an appointment scheduling solution, FlexBooker notified its customers that it had been breached. Imperva has no specific insider knowledge into how the breach unfolded, but we can learn a lot from FlexBooker’s data breach notification as well as additional related sources. In thi...

What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?

In my last blog, I explained why taking the approach of setting up perimeter defenses, restricting data access, patching vulnerabilities, applying sensors to data movement, and encrypting data is no longer solely effective at stopping data breaches in today’s threat landscape. I also discussed th...

What You Need to Do Today to Protect Against Account Takeover Attacks

Historically, account takeover ATO has been recognized as an attack in which cybercriminals take ownership of online accounts using stolen passwords and usernames. Cybercriminals purchase a list of account credentials from the dark web that are usually compiled by hackers through social...

Imperva is on Top of the World as it Announces New PoP in Bogotá

Imperva is on top of the world to announce the opening of our newest and highest data center yet in Bogotá, Colombia. This latest move represents our commitment as an organization to improve performance, security and connectivity for our customers in the Colombian market. In the very center of th...

Five Data Privacy Tips for Consumers

As a consumer, you must assume that your personal information is not 100% safe online. Hackers cause data breaches every single day, exposing our email addresses, passwords, credit card numbers, social security numbers and other sensitive personal data in the process. Most people don’t think abou...

The Data-Centric Approach to Data Privacy

All organizations understand how critical it is to have access to their customers and prospects’ sensitive personal data. This intelligence is essential to helping them create and maintain relationships so they can deliver tailored experiences and recommendations. Having this sensitive personal...

Imperva Champions Data Privacy Week 2022

As a cybersecurity industry leader, Imperva is working with the National Cybersecurity Alliance NCA as a 2022 Data Privacy Week Champion to promote the need for businesses to prioritize data privacy and protection and the importance of individuals and companies to secure their online data. As par...

What COVID Reminded Me About Compliance

It was another late-December morning a few days after Christmas and the weather was unseasonably cold where I live in New Jersey, in the northeast of the US. My daughters were a few days into their winter break and already getting into the routine of “waking-up-late-cereal-watching Netflix”. In m...

5 Myths About Interning in Cybersecurity

Dear future interns and intern employers, Everyone says, “do what you love”; but when the world is your oyster, where do you start? We are Arianna De Leon and Kaylin Hiatt and last summer we started our careers as marketing interns at Imperva. We come from very different backgrounds and had very...

3 Data Source Coverage Capabilities You Need from Your Database Security Solution

When Henry Ford, the de-facto inventor of mass production, was asked during a production meeting in 1909 in which colors his Model T automobile would be available to consumers, Ford - a notorious stickler for keeping costs to the bare minimum - offered almost no optional extras and that included...

Analytics Are Essential for Effective Database Security

We have all heard the saying, “early detection is critical.” This is true in most aspects of our daily lives; in everything from medical diagnosis, automobile issues, a leaky roof, credit card fraud, etc. It should come as no surprise that this is especially true in the context of data security...

How to Make API Security an Integral Part of Your Application Security Strategy

The farther your organization travels down the digital transformation path, the more critical API protection is to your overall security posture. Every day, your development teams are innovating; they rely more on microservices to save time and money as they automate business-to-business processe...

What to Include in a Cybersecurity Disaster Recovery Plan

If the unthinkable were to happen to your business, what’s your disaster recovery plan? If bad actors were to inject ransomware into your system, what’s your process for a return to normal working? Google the words “What do I do if I have a cybersecurity breach” and the first twenty results will...

Log4Shell log4j Remote Code Execution – The COVID of the Internet

The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed over 102M exploitation attempts across thousands of sites protected by Imperva Cloud Web Application Firewall...

2021 in Review, Part 4: 5 Cybersecurity Topics to Watch in 2022

One of the core principles of cybersecurity is not letting things “slip through the cracks”. An effective security posture depends on visibility. The more visibility you have into the environments where your data is, the more successful you will be in applying your organization’s security protoco...

2021 in Review, Part 3: 5 Things Security Professionals Were Discussing this Year

Today, everyone is talking about CVE-2021-44228, and with good reason. But before that, here were five of the issues that dominated virtual “water cooler talk” in 2021: 5. Data security in the cloud Champion heavyweight boxer Mike Tyson said, “Everyone has a plan until they get punched in the...

2021 in Review, Part 2: 5 Top Cybersecurity Stories

Ransomware may have dominated headlines in 2021, but it’s only one of many threats security teams must protect against. We’re taking a look back at 5 top cybersecurity stories of 2021 that practitioners wanted to learn more about. 5. The State of Security in eCommerce Why you should learn more...

2021 in Review, Part 1: 5 Cybersecurity Topics that Made News

Its been another chaotic year in cybersecurity, as protecting web applications and stopping sensitive data breaches remain top-of-mind issues and continue to generate headline news. As 2021 comes to a close, cybersecurity and all the industries it serves is dealing with an unprecedented zero-day...