What Every CEO Should Know About Advanced Persistent Threats and Industrialized Hacking
By Amichai Shulman, CTO of Imperva
The world of hacking has evolved into two major varieties: industrialized attacks and advanced persistent threats (APT). There has been a lot of discussion around the validity of APT recently, but the threat is real. In this article learn the difference between APT and industrialized hacking, and how should you respond.
Six factors to consider when evaluating WAFs
By Noa Bar-Yosef, Security Researcher, Imperva ADC
WAFs provide a continuous line of defense against known and unknown vulnerabilities, verifying all data entering and exiting the application to block attacks. The WAF can enforce security rules on HTTP message structures, application form fields and cookies, and target URLs to protect applications against attacks such as SQL injection, cross-site scripting and parameter tampering. The following criteria provide a useful benchmark for evaluating different WAF products.
Database Crime Scene Prevention
By Amichai Shulman, CTO, Imperva
This article examines known attacks, methods, and tools used by criminals, as well as emerging exploit categories used to break into a database, establish control, compromise the system, steal the data, cover up the tracks. Then it will cover best practices for protecting databases against these attack methods.
What to Expect from PCI DSS: the American Lesson
By Amichai Shulman, CTO, Imperva
Imperva is the leader in PCI compliance with many customers around the world that have certified using its products. As such, Imperva’s widespread experience in the evolution of PCI - from its beginnings in North America to its spread across the globe - provides valuable insights for enterprises into what to expect as the major card brands redouble their enforcement efforts in the UK.
Two Sides of the Same Coin: The Convergence of Security and Compliance
By Shlomo Kramer, CFO, Imperva
Security and compliance issues will continue to dominate IT initiatives as long as valuable data on customers, employees, patients and business financials is exchanged and stored.
PCI's False Dilemma: Code Review or Application Firewall?
For organizations attempting to secure their Web applications to meet compliance standards, PCI regulations present a choice of two options: Perform a code review or install a WAF. This, however, is a false choice. The best course of action is to do both.
Shlomo Kramer: PCI Lessons from America (French)
Shlomo Kramer talks about what the French market can expect regarding PCI enforcement based on experience with Imperva customers in the United States.
Chicken, Egg or Omelette?
Now that compliance and security seem inexorably linked, the benefits of one solution over another are no longer just how much it can save your customers’ time, and your customers’ money. Now it’s about saving your customers’ neck. Resellers need to demystify the convergence of security and compliance, and explore winning strategies that will enable them capitalise on a market worth hundreds of millions of pounds.
Data security, compliance needs "holistic approach"
I feel very strongly that a new layer of visibility and security is needed in addition to the network and infrastructure layers commonly in place in today’s organizations.
The Dirty Little Audit Secret
– Shlomo Kramer, President and CEO, Imperva
As businesses undergo compliance audits, they are discovering a "dirty little secret" within their IT security infrastructure that prevents them from passing the audit. It can leave data unprotected and when a breach occurs, the secret prevents the business and the authorities from locating the suspect. Get in on the secret now – Read this article.
Is Compliance the Tail Wagging the Dog
PCI, SOX, HIPAA, and other mandates are narrowing the gap between security and compliance. The PCI Data Security Standard 1.1 released in September 2006 requires businesses to implement specific tools to protect and control sensitive data. Compliance is becoming less a matter of passive auditing and reporting and more an exercise in data security.
Ten Ways to Counterattack
Enterprise database infrastructures, which often contain the crown jewels of an organization, are subject to a wide range of attacks. This article discusses the most critical vulnerabilities and recommends approaches to mitigating the risk of each.
Risky Business - The Self Auditing Database
The increasing frequency of database attacks is driving federal and state legislation that requires virtually every organization to deploy more robust audit mechanisms to protect sensitive data. To meet this requirement, some organizations attempt to use the built-in auditing tools supplied with database software platforms. This practice of setting up a "self-auditing" database is based upon several false assumptions and violates the fundamental audit requirement for independence.
Key Operational Issues to Consider for Application Firewalls
"A key challenge in evaluating alternative solutions is estimating the cost and time to deploy and manage them… what key deployment and operational questions you should ask your vendor and your project team to help anticipate the issues that might emerge only in a broad deployment, but which affect the ultimate success of your application firewall project."