Category: Blog

This article has been indexed from Blog Vulnerability Overview On August 25, 2021 a security advisory was released for a vulnerability identified in Confluence Server titled “CVE-2021-26084: Atlassian Confluence OGNL Injection”. The vulnerability allows an unauthenticated attacker to perform remote…

Read more →

This article has been indexed from Blog Imagine that your network is under attack. A couple of minutes ago, you detected a large burst of traffic, out of nowhere. Now it’s in excess of 60 Gbps, and overwhelming your network.…

Read more →

This article has been indexed from Blog At the Imperva Research Labs we have the chance to scrutinize various security situations. In this blog, we will take a closer look at database security on SQL Server. One routine approach that…

Read more →

This article has been indexed from Blog As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server. One standard method that security practitioners…

Read more →

This article has been indexed from Blog Relying on your Internet Service Provider (ISP) for DDoS protection is like going to a restaurant known for the freshest, tastiest seafood and ordering beef. Sure, they have it on the menu and…

Read more →

This article has been indexed from Blog Distributed Denial of Service (DDoS) attacks capable of crippling network resources and websites can be rented online for as little as $5 an hour. With an average financial impact of $100k for just…

Read more →

This article has been indexed from Blog According to the 2021 Global DDoS Threat Landscape Report, Ransom DDoS (RDoS) threats are on the rise. Imperva researchers have been monitoring threats against several of our customers where extortionists have demanded payment…

Read more →

This article has been indexed from Blog Distributed denial of service (DDoS) attacks are malicious attempts to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. Data revealed in the…

Read more →

This article has been indexed from Blog Distributed denial of service (DDoS) attacks have been a significant feature of the cyber threat landscape over the past two decades. The 2021 Imperva DDoS Landscape Report reveals that attacks today are constantly…

Read more →

This article has been indexed from Blog Organizations in the financial services sector are high-value targets for cybercriminals. In recent years, more sophisticated botnets and other bad bot attack methods have enabled malicious hackers to ratchet up the speed of…

Read more →

This article has been indexed from Blog The phrase “time is money”, originally attributed to Benjamin Franklin, reprimands the slothful for wasting their working hours. As one of the founding fathers of the United States, Benjamin Franklin clearly never worked…

Read more →

This article has been indexed from Blog During his career in the middle of the last century, professional bank robber Willie Sutton made off with an estimated $2 million in stolen money. Urban legend has it that when a journalist…

Read more →

This article has been indexed from Blog More than ever, financial institutions depend on web applications to maintain operations and partner with other enterprises to provide services to customers, but the significant rise in the number of cyber attacks targeted…

Read more →

This article has been indexed from Blog The E-commerce market has seen tremendous revenue growth during the pandemic. Along with that good news for E-business, there has been an increase in fraudulent activities online that may cost retailers over $20…

Read more →

This article has been indexed from Blog Fans around the world clamored online, and even in-person, over the past several weeks to enjoy the thrill of competition. From the Tour De France and EURO 2020 tournament in June to the…

Read more →

This article has been indexed from Blog At the TimeMachine* company there are two special old friends Bob** and Alice**. Bob, as a team manager, usually has a very busy schedule filled with meetings all day long. You can even…

Read more →

This article has been indexed from Blog The Open Web Application Security Project (OWASP) is a non-profit organization that helps security experts protect web applications from cyber attacks. OWASP counts 32,000 volunteers worldwide who perform security assessments and conduct research…

Read more →

This article has been indexed from Blog You might be here because the unthinkable has happened so let’s get straight into this, step by step: Immediate containment. Inform stakeholders. Inform law enforcement. Implement your disaster recovery plan. Analyze and future…

Read more →

This article has been indexed from Blog When Sir Tim Berners-Lee wrote his proposal for the World Wide Web (WWW) in 1989, he probably didn’t predict just how much his ideas would change the way we communicate. With about 1.83…

Read more →

This article has been indexed from Blog You might be here because the unthinkable has happened so let’s get straight into this, step by step: Immediate containment. Inform stakeholders. Inform law enforcement. Implement your disaster recovery plan. Analyze and future…

Read more →

This article has been indexed from Blog In July, Imperva mitigated its largest attack as a provider of DDoS protection, and one of the largest DDoS attacks so far in 2021. The attack lasted for 40 minutes and generated a…

Read more →

This article has been indexed from Blog If you’re not sure what a System Administrator (SysAdmin) does, this is the person in your company (or possibly an external contractor) who fearlessly oversees the maintenance, care, configuration, and stable operation of…

Read more →

This article has been indexed from Blog In one software development project after another, it has been proven that testing saves time. Does this hold true for machine learning projects? Should data scientists write tests? Will it make their work…

Read more →

This article has been indexed from Blog Our RASP product At Imperva our team builds a product called RASP which stands for Runtime Application Self Protection. As indicated by the name, it is a security product which plugs directly into…

Read more →

This article has been indexed from Blog If recent world events have driven an increase in the number of remote workers in your organization, you are now confronted by even more security challenges for already stretched security teams and busy…

Read more →

This article has been indexed from Blog Each year, the number of data breaches grows by 30%, underscoring the need for organizations to make data-centric security a business priority. Following the big data movement around the beginning of the 21st…

Read more →

This article has been indexed from Blog Across Europe, the EURO 2020 tournament captivated fans over the past month, with Italy ultimately defeating England to take home the cup on July 11. As fans eagerly watched the matches, Imperva Research…

Read more →

This article has been indexed from Blog As post-pandemic economic recovery continues to drive rapid acceleration in digital transformation, documented data breaches and service disruptions caused by cybercriminal activity have become an unwelcome part of our daily news feed. In…

Read more →

This article has been indexed from Blog As post-pandemic economic recovery continues to drive rapid acceleration in digital transformation, documented data breaches and service disruptions caused by cybercriminal activity have become an unwelcome part of our daily news feed. In…

Read more →

This article has been indexed from Blog Across Europe, the EURO 2020 tournament captivated fans over the past month, with Italy ultimately defeating England to take home the cup on July 11. As fans eagerly watched the matches, Imperva Research…

Read more →

This article has been indexed from Blog You’re just about to take out a long-time rival, claim Victory Royale or round out a royal flush when your ping spikes or you’re DCed. Chances are you, or the You’re just about…

Read more →

This article has been indexed from Blog Serverless computing is transforming the way organizations build, ship, automate and scale applications. With no need to worry about infrastructure or who’s going to manage it, developers are free to focus on application…

Read more →

This article has been indexed from Blog How can CISOs make cybersecurity positive, productive, inclusive, and maintain best practices across the enterprise? — Do your staff feel valued and important in their roles? More than 65 percent of employees report…

Read more →

This article has been indexed from Blog This is the second of three articles on the topic of Oracle auditing. It is relevant to Oracle 10g, 11g, and 12c, although Unified Auditing in 12c makes some of this content irrelevant…

Read more →

This article has been indexed from Blog Did you know that 86% of organizations surveyed in CyberEdge’s Cyberthreat Defense Report this year were compromised by cyberattacks? Since the first known incident in 1989, ransom DoS attacks have become increasingly sophisticated…

Read more →

This article has been indexed from Blog This is the first of three articles on the topic of Oracle auditing. It is relevant to Oracle 10g, 11g, and 12c, although Unified Auditing in 12c makes some of this content irrelevant…

Read more →

This article has been indexed from Blog This is the third, and last, article on the topic of Oracle auditing. It is relevant to Oracle 12c only. With Unified Auditing, Oracle simplified the task of auditing activities in a modern…

Read more →

This article has been indexed from Blog Pick a side. It’s game time, and nothing is off the table. — For most organizations, a true defense-in-depth strategy includes the proactive testing of company cyber defenses. A Red Team Exercise is…

Read more →

This article has been indexed from Blog There is a large body of knowledge on what activities are required in order to secure databases and in order to comply with regulations and requirements. We’ve gathered the top 8 best practices…

Read more →

This article has been indexed from Blog We’ll show you how to set up basic monitoring of AWS Redshift using their native security features, including how to set up a Redshift instance, creating S3 buckets, and shipping the audit logs…

Read more →

This article has been indexed from Blog MongoDB is a document-oriented NoSQL database that provides high performance, high availability, and easy scalability. To many, it is the leader in the NoSQL space. MongoDB Atlas was launched in June of 2016…

Read more →

This article has been indexed from Blog Here we’ll talk about securely managing entitlements of S3 resources including managing access control to S3 objects and utilizing audit logging to keep track of the usage of shared resources. Amazon’s AWS services…

Read more →

This article has been indexed from Blog In the age of the data era, where data storage is increasing at an exponential rate and access to information is getting easier and faster, data security is a major concern. There are…

Read more →

This article has been indexed from Blog A message from JSonar co-founder and CTO, Ron Bennatan. My wife complains that I’m a boring person. I’ve been doing the same thing for 25 years now – databases, then security, then database…

Read more →

This article has been indexed from Blog Gartner strongly recommends that the concept of “big data strategy” should be replaced with “making big data part of our everyday strategy.” Technology has created a database activity explosion for most enterprises and…

Read more →

This article has been indexed from Blog Databases are where organizations hold their “crown jewels” – their data. If you’re running or looking to run SQL on Azure, Azure provides security for the physical, logical, and data layers of services. Basic Azure…

Read more →

This article has been indexed from Blog Chief Information Security Officers (CISOs) are in demand and the lack of experienced candidates, coupled with the evolving required skill set, helped make it the highest paying tech job in 2020. With 100%…

Read more →

This article has been indexed from Blog Serverless computing has become the fastest-growing segment in the cloud services market. The benefits are clear and significant: cost savings and lower operational overhead, giving development teams full control over code and flexibility…

Read more →

This article has been indexed from Blog We know you’re busy, so the answer is “No”. Users want less friction, and a good bot detection and mitigation solution will do the job MUCH better. The first lesson on the first…

Read more →

This article has been indexed from Blog In a recent Gartner report The State of Privacy and Personal Data Protection, 2020-2022, the authors assume that “through 2022, privacy-driven spending on compliance tooling will increase to more than US$8 billion worldwide.…

Read more →

This article has been indexed from Blog All bad bots interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps,…

Read more →

This article has been indexed from Blog For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is…

Read more →

This article has been indexed from Blog As business needs compel organizations to manage an ever-increasing number of database types, both on-premise and in the cloud, the threat surface has also become larger and far more difficult to manage effectively.…

Read more →

This article has been indexed from Blog Email is one of the many weapons at the disposal of bad actors on the Internet, and your employees are in the firing line. Attackers try to hide behind a trusted entity, sometimes…

Read more →

This article has been indexed from Blog In the first two parts of this series, we gained insight into what specific types of data get stolen and what the root causes of breaches are, based on data breach information that…

Read more →

This article has been indexed from Blog By now, anyone with even a passing interest in how the Web functions has heard of bots. Most people understand that there are good and bad bots. Legitimate bots like Googlebot, an application…

Read more →

This article has been indexed from Blog As we discussed in Part 1 of this series, Imperva’s Security Labs continuously monitor cyber threat levels around the world and report on them. In the last post, we reported the breakdown of…

Read more →

This article has been indexed from Blog With the global pandemic continuing to catalyze digitalization, we’ve seen two years worth of digital transformation take place in a mere two months, according to Microsoft CEO Satya Nadella. Clearly, bad actors are…

Read more →

This article has been indexed from Blog As part of Imperva’s Security Labs’ ongoing efforts to monitor and report on the current Application and Data Security Threat landscape, we studied and analyzed over 100 of the largest and best-known data…

Read more →

This article has been indexed from Blog To create meaningful change, you need to be the difference you wish to see in the world. At Imperva, we’re taking meaningful action and investing to create a workplace that brings together all…

Read more →

This article has been indexed from Blog Content delivery networks (CDNs) are the pipelines of the Internet. Working behind the scenes, they are reshaping how information is consumed online, accelerating web traffic, enhancing user experience, and providing every website with…

Read more →

This article has been indexed from Blog Bad bots are software applications which run automated tasks with malicious intent over the internet. They scrape data from sites without permission in order to reuse it and gain a competitive edge (e.g.…

Read more →

This article has been indexed from Blog Enterprises understand the importance of having access to their consumers’ personal information. This data enables them to more easily build personal relationships with their audiences, using what they know about that audience to…

Read more →

This article has been indexed from Blog The need for data loss prevention (DLP) is well understood by IT security practitioners. As organizations embrace cloud-based managed database services such as Amazon RDS and Amazon Redshift, these risks don’t go away,…

Read more →

This article has been indexed from Blog It’s fair to say that the majority of us who work in cybersecurity are ‘of a certain mindset’. There’s something that comes with the culture and tradition of personal computing, coding, and data…

Read more →

This article has been indexed from Blog Web Scraping is the use of automated software (also known as bots) to extract content and data from a website. It is also classified by the OWASP as an automated threat (OAT-011). Web…

Read more →

This article has been indexed from Blog Web Scraping is the use of automated software (also known as bots) to extract content and data from a website. It is also classified by the OWASP as an automated threat (OAT-011). Web…

Read more →

This article has been indexed from Blog Features extraction is expensive, especially when dealing with big data. That’s why it’s great when you have the ability to preprocess close to the database – the data stays in the DB and…

Read more →

This article has been indexed from Blog The global pandemic has driven a sharp rise in online traffic that provides fertile ground for attackers to execute a growing number of more sophisticated client-side attacks. For example, Magecart-style attacks are used…

Read more →

This article has been indexed from Blog Canadian financial services company saves time and money by relying on Imperva Runtime Protection (RASP) Sun Life Financial, a Canadian financial services company, discovered a critical vulnerability in nearly 600 of their WebLogic…

Read more →

This article has been indexed from Blog My story: My model looked good. It was as accurate as I wanted it to be and I was happy with it from one experiment to another. When I decided to change the…

Read more →

Imperva is excited to be further expanding our presence in Latin America by launching a new Point of Presence (PoP) in Santiago, Chile, in partnership with leading Chilean Telecommunications provider Entel Corporations. Located within Entel’s gold-standard Ciudad de Los Valles…

Read more →

The motivation behind Distributed Denial of Service (DDoS) attacks is often unknown. In some cases it might be cyber-vandalism, causing disruption for disruption’s sake. In other cases it might be down to hactivism, reaction to a cause or an event.…

Read more →

Today, fast-growing organizations are generating data at a breakneck pace, and building up diverse database environments in order to store and share data more effectively. While these activities are the sign of a thriving business, governing and securing all this…

Read more →

Read the original article: Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software…

Read more →

Read the original article: 5 Ways Your Software Supply Chain is Out to Get You, Part 5: Hostile Takeover We have come to the fifth and last part of this blog series on software supply chain attacks. Previously, we discussed…

Read more →

Read the original article: Imperva to acquire CloudVector: Prioritizing API Protection for Modern Environments I am excited to announce Imperva has entered into an agreement to acquire CloudVector to advance our mission to protect data and all paths to it.…

Read more →

Read the original article: Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML The reason behind buying a market-leading Web Application Firewall (WAF) is to protect your website and web applications from malicious attacks, plus complying with industry…

Read more →

Read the original article: 5 Ways Your Software Supply Chain is Out to Get You, Part 4: Dependency Confusion Previously, we discussed how three kinds of supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, and Exploit Open Source…

Read more →

Read the original article: 5 Ways Your Software Supply Chain is Out to Get You, Part 3: Exploit Open Source Libraries In previous posts, we explained how two kinds of supply chain attack methods, Vendor Compromise and Exploit Third Party…

Read more →

Read the original article: The Account Takeover Threat: A By-the-Numbers Breakdown Identity theft has come a long way in the age of technology. The more data is available online, the greater the threat. In this blog we will dive into…

Read more →

Read the original article: 5 Ways Your Software Supply Chain is Out to Get You, Part 2: Exploit Third Party Applications In Part 1 of this series, we explained how and why our software supply chain transfers an extraordinary amount…

Read more →

Read the original article: Bad Bot Traffic Breaks Records in 2020 Bad bots have long been a major illness plaguing the internet. As internet traffic reached new heights throughout the global pandemic, unfortunately so did bot traffic. In 2020, 40.8…

Read more →

Read the original article: 5 Ways Your Software Supply Chain is Out to Get You, Part 1: Vendor Compromise Is 2021 the year of the software supply chain attack? In late 2020, an incredible story broke: US government agencies, including…

Read more →

Read the original article: Top 5 Most Vicious Bad Bots Classified by The Open Web Application Security Project (OWASP) as ‘automated threats’, bad bots can be used to perform a plethora of actions on the application layer, from basic requests…

Read more →

Read the original article: Bad Bot Report 2021: The Pandemic of the Internet The 8th Annual Bad Bot Report is now available from Imperva. Created using data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad…

Read more →

Read the original article: Imperva’s Comprehensive Data Security Platform for Cloud, Explained Imperva recently introduced the industry’s first database-agnostic security platform specifically built for cloud. The Data Security solution unifies security management for organizations’ entire data environment, supporting databases wherever…

Read more →

Read the original article: Imperva’s Comprehensive Data Security Platform for Cloud, Explained Imperva recently introduced the industry’s first database-agnostic security platform specifically built for cloud. The Data Security solution unifies security management for organizations’ entire data environment, supporting databases wherever…

Read more →

Read the original article: A Few Hours After the Publication: Dozens of Scanning Attempts for Vulnerable PHP Servers On March 28th the official PHP Git repository was compromised in order to open a backdoor into many web servers. The attackers…

Read more →

Read the original article: Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures Introduction On 2 March 2021, Microsoft and Veloxity produced disclosures outlining the discovery of four zero day vulnerabilities affecting multiple versions of Microsoft Exchange Server. Each…

Read more →

Read the original article: Attacks Spike Following The Disclosure Of CVE-2021-22986: F5 Networks BIG-IP iControl Remote Command Execution Vulnerability On March 10th F5 published a security advisory containing twenty one CVEs, the most critical one (CVE-2021-22986) can be exploited for…

Read more →

Read the original article: Why Banks Are Still A Top Target For DDoS Attacks The financial services sector is still a prime target for cyber criminals and it has been widely reported that in 2020 financial institutions came under attack…

Read more →

Read the original article: Web Application Firewalls Instrumental in Digital-First Banking Like many industries, the banking and insurance sectors have shifted their resources to be digital-first, all the more so since the start of the global pandemic. For today’s customers,…

Read more →

Read the original article: A Tip For Easy SQL-based Big Data Analysis: Use a Temporary Dataset Every once in a while we’re required to analyze big data on a wide time range. Here’s a common example: “Can you analyze what…

Read more →

Read the original article: Anatomy of a Security Super Bowl Dynasty, Part 3: Special Teams and Coaching Imperva Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled, Creating…

Read more →

Read the original article: Don’t Be a Victim of Cyber Extortion There’s no doubt that cybercrime is on the rise, and bad actors are constantly on the lookout for vulnerabilities. In the first half of 2020 data breaches exposed over…

Read more →

Read the original article: Protecting Your Data from Cyber Extortion: Lessons from the Latest Mega-hack At the end of last year, enterprise firewall company Accellion was the victim of a two-phase SQL injection attack that resulted in significant sensitive data…

Read more →

Read the original article: Five Ways Bad Bots Are Threatening Financial Services For years now, the biggest security concerns for businesses in the financial services sector have mainly been related to data security, privacy, compliance and everything in between. Nevertheless,…

Read more →

Read the original article: Imperva recognized for Performance in The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 Report Distributed Denial of Service (DDoS) attacks continue to be a major threat to organizations due to their potential to bring down operations,…

Read more →

Read the original article: Anatomy of a Security Super Bowl Dynasty, Part 2: The Offense Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security…

Read more →