Category: Blog

Businesses today widely regard data as “the new oil,” the most valuable resource on earth. At the same time, we are in the midst of the most dynamic IT landscape in history which is increasing the risk to this most…

Read more →

The call is coming from inside the house It’s no secret that companies need to be vigilant about application security. However, frequently the source of application vulnerabilities may come as a surprise to security teams. While zero-day exploits are a…

Read more →

The spikes are coming September is nearly over, and Black Friday, Cyber Monday, Thanksgiving, Hanukkah, Halloween, Super Saturday, and the festive season will soon be upon us. With the holidays comes increased sales opportunities, driven by increased traffic. When you’re…

Read more →

On June 27, 2022, Imperva mitigated a single attack with over 25.3 billion requests, setting a new record for Imperva’s application DDoS mitigation solution. While attacks with over one million requests per second (RPS) aren’t new, we’ve previously only seen…

Read more →

The call is coming from inside the house It’s no secret that companies need to be vigilant about application security. However, frequently the source of application vulnerabilities may come as a surprise to security teams. While zero-day exploits are a…

Read more →

On June 27, 2022, Imperva mitigated a single attack with over 25.3 billion requests, setting a new record for Imperva’s application DDoS mitigation solution. While attacks with over one million requests per second (RPS) aren’t new, we’ve previously only seen…

Read more →

Every month in this space, we will post the State of the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks become more frequent, varied, and sophisticated, it is critical that we regularly…

Read more →

As more organizations continue with digital transformation plans, their ability to be good stewards of the data for which they are responsible becomes more difficult. They are generating more data, more data types, in more repositories, in more and different…

Read more →

Client-side attacks (often referred to as Magecart attacks) have been around since as early as 2015 and dramatically gained in popularity when the global pandemic accelerated digital transformation, by driving more people and data online. Now the fight against these…

Read more →

What is shadow data? Shadow data is any data contained anywhere in your entire data repository that is not visible to the tools you use to monitor and log data access. Shadow data may include: Customer data that DevOps teams…

Read more →

Client-side attacks (often referred to as Magecart attacks) have been around since as early as 2015 and dramatically gained in popularity when the global pandemic accelerated digital transformation, by driving more people and data online. Now the fight against these…

Read more →

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.…

Read more →

The growing need to consolidate vendor portfolios The adoption of best-of-breed security solutions has led to unforeseen problems for SOCs. Onboarding a new solution increases complexity; it requires configuration, integration with existing tools, fine-tuning policies, and the ability to create…

Read more →

With the summer coming to a close we are now entering into “Magic Quadrant” season for the application security market and this means the latest edition of the 2022 Gartner® Magic Quadrant™ for Web and API Protection. Well, we are…

Read more →

We are delighted to announce the addition of a new Imperva Point of Presence (PoP) in the Asia Pacific region with the opening of our new data center in Manila, Philippines. The new location brings our total number of PoPs…

Read more →

In the last few years, most organizations had to accelerate their digital transformation to continue operations during the pandemic. However, as more software, applications, and data architectures were added to the technology stack, the number of tools implemented to secure…

Read more →

Key signs to look for in today’s complex data threat landscape Introduction The most vulnerable data repositories are the ones deep in your organization’s infrastructure. Everyone assumes they are safe, but as with your home, organizations must invest in security…

Read more →

Understanding other people’s problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly…

Read more →

If you use Splunk to ingest all your data for security analytics, you likely recognize it as one of the greatest indexing tools ever created. With Splunk, your security teams get a real-time view of machine data from the network,…

Read more →

SC Media has announced the winners of their 2022 SC Awards, with 38 companies, executives, and security solutions selected by their panel of judges as the best of the year. We are thrilled to report that ​Imperva Data Security Fabric…

Read more →

As on-premises and cloud-hosted data repositories get larger, they are outstripping the ability of traditional data-crunching methods to efficiently analyze the information. As a result, more enterprises have turned to data science and machine learning platforms to create business value.…

Read more →

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero trust model, every organization should be…

Read more →

Based on a true story… More than a couple of decades ago, I went to work for a network and web company as their customer marketing department. It was a crazy time. Online marketing was all about getting on DMOZ,…

Read more →

A distributed denial of service (DDoS) attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. A DDoS attack is launched from numerous compromised devices,…

Read more →

Most cybersecurity professionals agree that as more organizations move data and applications to cloud-hosted environments, traditional measures focusing on protecting IT infrastructures are not up to the task. In fact, according to Crowd Research Partners, 84 percent of organizations say…

Read more →

The customer cares Customers regularly see news about privacy and hacking, and they want to know that it’s safe for them to give over their personal data. A lack of trust in an eCommerce site is a leading reason why…

Read more →

Takeaways: VMWare Workspace ONE vulnerabilities CVE-2022-31656 and CVE-2022-31659 work in tandem to allow a remote attacker with network access to conduct remote code execution on the server. Imperva Threat Research has seen a sharp rise in attacks since a POC…

Read more →

Web scraping is the process of using bots to extract information from a website. In recent years, the debate over web scraping is growing more complex as business intelligence and data privacy issues arise. The practice of web scraping has…

Read more →

What is an ESG? Environmental, social, and corporate governance (ESG) documentation is a way to visualize and evaluate how an organization is working for the betterment of social goals and how that organization is responding to the cry for greener,…

Read more →

Too frequently, there are significant misunderstandings in organizations with regard to who has the responsibility to protect cloud-hosted data. In Imperva’s recent report, A Cybersecurity Framework for Securing Cloud Data for Digital Transformation, author Richard Steinnon explains what vendors of…

Read more →

Application Programming Interfaces (APIs) have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has become more widespread, they are a much more prominent part of the cyber threat landscape. API-related…

Read more →

One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security…

Read more →

Bad bot attacks are often the first indicator of fraudulent activity targeting your website. This activity may be over-the-top, like validating stolen user credentials and credit card information to later be sold on the dark web or scraping proprietary data…

Read more →

What is “dark data”? The term “dark data” refers to “any information assets that organizations collect, process, and store during regular business activities but generally fail to use for other purposes” [Gartner]. Often retained for compliance reasons, this data can…

Read more →

For an ever-growing segment of organizations, making sense of unstructured data is fast becoming imperative. It is also far more challenging. Unlike structured data that’s stored in rows and columns, text-based, and easy to search in relational databases and data…

Read more →

Imperva is reaching new heights as we expand our global network of data centers with new points of presence (PoPs) in Rio de Janeiro, Brazil and Cape Town, South Africa. The two cities, often compared to each other for their…

Read more →

The Cyber Defense Awards in conjunction with Cyber Defense Magazine recently announced the winners of their prestigious annual Global Infosec Awards for 2022. We are proud to say that Imperva earned three Global Infosec Awards; as Most Innovative for Application…

Read more →

More than just window shopping eCommerce shopping cart abandonment causes brands a sobering USD 18 Billion in annual revenue [Forrester Research]. While rates differ by device, with mobile and tablet device users most likely to leave before completing their order,…

Read more →

Bot operators are perpetually devising innovative techniques to sneak past security as they go about their dubious, often downright illegal business. Emulating human behavior and traffic patterns are key elements of their strategy. One of the many layers comprising this…

Read more →

In his white paper A Cybersecurity Framework for Securing Cloud Data for Digital Transformation, analyst Richard Steinnon of IT Harvest explains that while cloud vendors supply a resilient and secure infrastructure, organizations who put data into the cloud are ultimately…

Read more →

In June, the Business Intelligence Group announced that three Imperva products have earned the 2022 Fortress Cyber Security Awards. The mission of this prestigious award program is to identify and reward leading companies and products globally that are successfully keeping…

Read more →

What is a red team exercise? Organizations that conduct red team exercises use penetration testing tactics to assess vulnerabilities and discover weak points in their cybersecurity preparation. Usually, this involves two teams – one red (the protagonists) and one blue…

Read more →

What is steganography? Steganography is, broadly, a type of covert communication involving the use of any medium to hide messages. Steganography is a relatively old technique of hiding ‘secret’ data in plain sight to avoid detection. Seeing a resurgence of…

Read more →

Why Discover and Classify is so critical Ice hockey goal-scoring great Wayne Gretzky is reported to have said, “You miss 100 percent of the shots you don’t take.” The data security version of this quip is “you protect zero percent…

Read more →

The experts agree that Imperva is solidly positioned as a leader in Distributed Denial of Service (DDoS) mitigation. Over our many years as leaders in this space, we have determined that no matter how reliable your current DDoS protection is,…

Read more →

Feature contribution is a method to give a weight to each feature that reflects its impact on the model’s prediction. Feature contribution can be calculated on an entire dataset or a single data point. In our previous blog post, we…

Read more →

Anomaly detection is a very important task. At Imperva we use it for threat hunting, risk analysis, risk mitigation, trends detection and more. In a previous post we showed how it can be done in a simple method by SQL.…

Read more →

Gaming is now the world’s favorite form of entertainment, with Newzoo reporting that by 2023 there will be more than three billion gamers across the planet. With the growth of multiplayer games, however, the number of cheaters has also increased.…

Read more →

Static data masking (SDM) is defined as, “The act of permanently replacing sensitive data at rest with a realistic fictional equivalent for the purpose of protecting data from unwanted disclosure.” Industry analysts characterize SDM as a must-have data protection layer…

Read more →

New Imperva Waiting Room Enables Organizations to Deliver Consistent Optimal Website User Experiences During Peak Traffic Periods Organizations benchmark website success by the volume of legitimate traffic and online sales it generates. Website architects want to drive as many visitors…

Read more →

Who does the modern CISO need to be? According to the 2021 Gartner, Inc. Market Guide for Managed Detection and Response Services, the role of the chief information security officer (CISO) has to change in 2022 to combat the ever-evolving…

Read more →

Introduction to our data lakes experience Data lakes are great. They are flexible as they allow many object formats and multiple query engines. They are also cost effective – there is no need to manage or pay for resources like…

Read more →

Risk is up and budgets are down Organizational cybersecurity is a business issue, one could even say a finance issue, not just an IT issue. Gone are the days when cybersecurity was a luxury investment. Worldwide attacks are growing daily…

Read more →

Account takeover (ATO) is a form of identity theft that cyber criminals use to get unauthorized access to the accounts of legitimate users through some kind of brute force method such as Credential Stuffing. In 2022, account takeover attacks are…

Read more →

The classic 1982 Steven Spielberg horror film “Poltergeist” chronicles disturbing, unexplained paranormal activity happening in a suburban family’s idyllic home. As the activity becomes more sinister and terrifying, the family learns that their neighborhood was built on an old burial…

Read more →

Let’s play a game of chance: What are the odds that your gaming website is being targeted by bad bots? Imperva research suggests they’re higher than you may think. Imperva’s 2022 Bad Bot Report reveals that 53.9 percent of traffic…

Read more →

In today’s data driven world, every organization’s most important asset is their data. Accordingly and similarly to other protected components like applications, web and peripheral gateways, databases require a dedicated security solution as well. An essential database security solution must…

Read more →

There is a paradox that lies at the heart of data security. Data itself only has real value if an organization can share it with stakeholders that need it to perform their roles. However, the more widely an organization shares…

Read more →

The evolution from human to bot attacks Over the last several years of my career in cyber security, I have been fortunate to work with professionals who researched and developed new cyber security detection and prevention solutions that block high-end…

Read more →

What is cybercrime insurance? Business cybersecurity protection (cybercrime insurance) safeguards organizations from any financial losses relating to damage to (or loss of) information from, networks and IT systems. This may include reputation loss, the cost of business interruption, infringement of…

Read more →

For the ninth year, Imperva is proud to sponsor CyberEdge Group’s annual Cyberthreat Defense Report. In this report, CyberEdge Group delivers a detailed accounting of how IT security professionals perceive cyberthreats today and reveals actionable insights into how they plan…

Read more →

This article has been indexed from Blog In the report, Insider Threats Drive Data Protection Improvements, Forrester Research asserts that most organizations are making positive steps toward protecting the sensitive data they are migrating to the cloud. However, Forrester suggests…

Read more →

This article has been indexed from Blog As we move more of our daily activities and the services we consume online, the threat of fraud grows, and the risks become greater. Data suggests the majority of organizations are already detecting…

Read more →

This article has been indexed from Blog What are NFTs? Non-fungible tokens (NFTs) are unique and irreplaceable digital assets that, by their nature, have an intrinsic value. These could be digital art, photography, GIFs, avatars, memes, 3D objects, domain names,…

Read more →

This article has been indexed from Blog According to a recent FinTech trends report, 2022 is expected to be a big year for Buy Now, Pay Later (BNPL). Apple’s recent announcement of its entry into BNPL with Apple Pay Later…

Read more →

This article has been indexed from Blog The rising demand for cybersecurity professionals As if the skill shortfall in cybersecurity wasn’t bad enough, the employment landscape is shifting rapidly. This shift is due, in part, to historically low unemployment claims,…

Read more →

This article has been indexed from Blog Last week, Imperva released the Q1 2022 Global DDoS Threat Landscape Report. To produce the report’s findings, Imperva performs detailed statistical analysis of all DDoS activity that our Threat Research Labs monitored from…

Read more →

This article has been indexed from Blog The accelerated shift to digital payments has made online fraud more prevalent than ever, as losses from it are expected to exceed $206 billion over the next five years, driven by identity fraud,…

Read more →

This article has been indexed from Blog Today, the necessities of business innovation compel most organizations to have several teams with diverse priorities managing dozens of data sources, all with different structures. This makes it impossible to secure complete data…

Read more →

This article has been indexed from Blog This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater than…

Read more →

This article has been indexed from Blog Recent digital market outages have proven the fragility of network infrastructure. When your primary service provider experiences an unexpected outage, your infrastructure is left unprotected and vulnerable to a DDoS attack. The downtime…

Read more →

This article has been indexed from Blog The outmoding of traditional network security Traditional network security was based on the concept of a guarded network perimeter, which is difficult to access from the outside but implicitly trusts everyone on the…

Read more →

This article has been indexed from Blog Imperva has just released the DDoS Threat Landscape Report Q1 2022. Download it now to familiarize yourself with new threats and get detailed information about current DDoS attack patterns and their potential impact…

Read more →

This article has been indexed from Blog In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service (DDoS) attacks against a number of websites including the United Nations (UN), The…

Read more →

This article has been indexed from Blog Fraudsters will stop at nothing to exploit your websites and customers, and with the accelerated shift to digital payments, online fraud has never been more profitable. This shift, catalyzed by the pandemic, really…

Read more →

This article has been indexed from Blog Everyone loves Artificial Intelligence (AI) and Data Science (DS), and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data…

Read more →

This article has been indexed from Blog Today at least 90% of developers are using APIs in cloud-native web application development. According to new data collected by Forrester Research and presented in their report, Improve API Performance with a Sound…

Read more →

This article has been indexed from Blog The 2022 Imperva Bad Bot Report is now available. The report is the ninth annual in-depth analysis of bot traffic, created with data collected from Imperva’s global network throughout the past year by…

Read more →

This article has been indexed from Blog Times have changed In recent years the job of Chief Information Security Officer (CISO) has become more and more frenetic and involved. Already stretched CISOs have the added responsibilities of employee management in…

Read more →

This article has been indexed from Blog They say the devil is in the details. This is especially true for security professionals that use Splunk as their organization’s primary security analytics engine. Splunk analytics gives security teams a real-time view…

Read more →

This article has been indexed from Blog They say the devil is in the details. This is especially true for security professionals that use Splunk as their organization’s primary security analytics engine. Splunk analytics gives security teams a real-time view…

Read more →

This article has been indexed from Blog It shouldn’t be news to anyone that people sharing information online are concerned about the safety of their data. Imperva recently conducted a study with YouGov plc regarding consumers’ attitudes towards data, whether…

Read more →

This article has been indexed from Blog Nobody ever says, “We don’t need better security for the data we manage.” There is, however, a balancing act that security professionals perform every day to get the most security value from their…

Read more →

This article has been indexed from Blog An Application Programming Interface (API) is a software intermediary that allows applications to communicate with one another. APIs provide routines, protocols, and tools for developers to facilitate and accelerate the creation of software…

Read more →

This article has been indexed from Blog For organizations that use it, Imperva’s DAM Gateway is the workhorse of data auditing and security. Today, the explosion of data and data repositories that organizations need to manage – both on-premises and…

Read more →

This article has been indexed from Blog As part of our mission to help organisations protect their data and all paths to it, Imperva is supporting Privacy Awareness Week in Australia and Singapore, with the aim of educating individuals and…

Read more →

This article has been indexed from Blog Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features…

Read more →

This article has been indexed from Blog Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts…

Read more →

This article has been indexed from Blog Software as a service, or SaaS as it’s more commonly known, is more than just a license delivery model and a way for cybersecurity teams to pay for critical cybersecurity software – it…

Read more →

This article has been indexed from Blog In the midst of a booming tech economy and a concurrent Great Resignation, recruitment and hiring are all-seasons imperatives. As new people constantly join the organization, how can busy security teams guarantee they…

Read more →

This article has been indexed from Blog A short primer on internet bots An Internet bot (bot, for short) is a software application that runs automated tasks over the internet. Bots typically run simple tasks which they can perform at…

Read more →

This article has been indexed from Blog Just as the global pandemic persists in redefining the new norm, so has enterprises’ growing investments in digital transformation initiatives to keep one step ahead of their competitors. APIs are the engine that…

Read more →

This article has been indexed from Blog Looking at the employment landscape, it’s clear that prospects for landing cybersecurity positions are excellent and on the rise, but what about the commercial viability of that “grey side-gig”, ethical hacking and penetration…

Read more →

This article has been indexed from Blog Identifying and taking action to stop policy-violating behavior is hard enough when you have complete insight into the risks affecting your data repositories. It is virtually impossible to achieve security, however, when you…

Read more →

This article has been indexed from Blog New zero-day Remote Code Execution (RCE) vulnerabilities were discovered in Spring Framework, an application development framework and inversion of control container for the Java platform. The vulnerability potentially leaves millions of applications at…

Read more →

This article has been indexed from Blog In your effort to collect data access information from your data repositories in order to apply security controls, you don’t have to make the black and white choice to go with agents or…

Read more →

This article has been indexed from Blog As enterprises continue on their digital journeys, security teams are preparing for the good, the bad, and the ugly of APIs. We’ll explain in plain language what APIs do, how they are attacked,…

Read more →

This article has been indexed from Blog To build and deploy apps in a fast-paced, iterative process, cloud-native developers in organizations on the digital transformation journey rely on APIs for communication. With at least 90% of developers using APIs in…

Read more →

This article has been indexed from Blog The U.S. Cybersecurity and Infrastructure Security Agency (CISA), a United States federal agency under the oversight of the Department of Homeland Security, is urging business leaders and those responsible for digital security to…

Read more →

This article has been indexed from Blog Much has been written about modern application security tools and solutions from the provider’s perspective about their functionality and security features. When I was asked to write a blog about API Gateways and…

Read more →