Researchers Hack Web Application Firewalls May 13, 2009
Mark Kraynak, vice president of marketing for Imperva, says Henrique and Gauci's research is not all that new, including their work on signature evasion, which Imperva has researched. "A lot of what they are saying is not new," he says. "Part of the founding premise of why you need a WAF versus a signature engine...is that you can evade a weak signature engine." Products that use only signatures -- without other features like normalization and encoding/decoding -- are not true WAFs, he says. "Signature-only WAFs are not going to do it," he says.
Back to Top
UC Berkley Says Hackers Breached Database May 11, 2009
Officials at the University of California at Berkeley on Friday began notifying students and the public that hackers had breached a healthcare database at the school, potentially gaining access to the personal information of up to 160,000 students dating back to 1999.
Administrators need specific database security tools, according to Brian Contos, chief security strategist for data security vendor Imperva. "You need purpose built tools designed specifically for securing sensitive data these days," Contos said in an e-mail to InternetNews.com. Trying to secure applications and databases with network-centric solutions is like bringing a knife to a gun fight."
Back to Top
Puerto Rico sites redirected in DNS attack April 27, 2009
An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on Sunday to sites that were defaced, according to security firm Imperva.
A group calling itself the "Peace Crew" claimed that they used a SQL injection attack to break into the Puerto Rico registrar's management system said Amichai Shulman, chief technology officer at Imperva. "We're seeing more and more of these DNS-related attacks and seeing them scale up," he added
Back to Top
Cloud security stokes concerns at RSA April 23, 2009
Two words — cloud security — dominated discussion and drove the action this week at RSA Conference 2009… Network services provider Savvis launched a Web application firewall service based on a choice of Imperva WAF appliances or virtual instances of its software that reside between the Internet and its network. Savvis said it thinks customers comfortable with its software-as-a-service offerings will also embrace cloud-based security.
Back to Top
Savvis Launches Web Firewall Service April 22, 2009
Security service provider Savvis this week launched a new managed Web application firewall (WAF) service that runs on its Cloud Compute offering. The Savvis service, which is built around Imperva's SecureSphere product line, allows enterprises to get WAF hardware and maintenance without having to install or maintain it themselves. It lets enterprises detect and block malicious Web requests, combining a dynamic white list policy model with up-to-date application signatures and session tracking, the company says.
Back to Top
SecureSphere Earns Common Criteria Approval April 21, 2009
After thorough testing conducted by the Science Applications International Corporation, data security provider Imperva (www.imperva.com) has proven its web application firewall and database monitoring solution SecureSphere v6.0 has achieved Common Criteria Certification, a worldwide standard for assessing the reliability, quality, and trustworthiness of IT products.
Back to Top
The challenge of enterprise security April 17, 2009
Security continues to be a prominent challenge for enterprises – especially in the face of shrinking IT budgets. Many companies struggle to balance their business objectives with the need to protect and comply. OnWindows spoke with Douglas Leland, general manager of Microsoft’s Identity and Security Business Group, to find out how the company intends to face such challenges.
Today we are also announcing a broad group of companies supporting and extending the capabilities of Forefront Stirling including Brocade, Guardium, Imperva, Juniper Networks, Kaspersky, Q1 Labs, StillSecure, Sourcefire, Tipping Point and RSA.
Back to Top
Microsoft Partners with Network Security Vendors for “Stirling” April 16, 2009
The Forefront Stirling security suite basically integrates the security of desktops, servers, applications, and network devices with a common interface that lets each Forefront security product under Microsoft's Stirling line -- Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Forefront Threat Management -- share and use security information with one another to automatically mediate threats. The new Stirling partner ecosystem extends that capability to partners' security tools, as well.
Back to Top
Oracle patches for high-security flaws April 15, 2009
“The products affected include the Oracle Database, Application Server, E-Business Suite, PeopleSoft and JD Edwards Suite, as well as its BEA Products Suite. Of the database vulnerabilities, most of them were SQL injection vulnerabilities,” Amichai Shulman, CTO of security firm Imperva, told SCMagazineUS.com on Wednesday. “A couple were related to the underlying network protocols.”
Back to Top
Imperva adds risk management tool to its database protection April 10, 2009
The new SecureSphere Discovery and Assessment Server finds all database servers in the network, classifies data according to its sensitivity as defined by the customer and points out vulnerabilities on the servers involved. This automated process saves time over doing it manually so customers can take quicker action to better protect that data found to be at risk. The assessment results detail the vulnerabilities found, such as unpatched systems or default passwords that have been left unchanged. Imperva competes against Guardian and Lumigent Technologies among other vendors.
Back to Top
Imperva integriert Risikoeinschätzung für Datenbanken und Daten (German) April 8, 2009
Imperva hat seine erste integrierte Risk-Management-Plattform vorgestellt, die als Teil seiner Lösung SecureSphere 7 Datenbanken, Daten und darauf zugreifende Applikationen absichern soll. Sie soll die Bewertung von Risiken sowie deren Visualisierung für Datenbanken und Daten ermöglichen.
Back to Top
Imperva assigns security risk levels to databases April 6, 2009
Database security vendor Imperva Inc. is adding automated risk scoring and visualization of databases to its activity monitoring platform in an update that industry analysts say would be welcomed by companies seeking ways to get a better handle on data located in multiple systems.
Back to Top
Imperva revamps product offering and introduces integrated risk management platform April 6, 2009
Imperva has launched an integrated risk management platform and has revamped its database gateway offering. The new capabilities are part of version seven of SecureSphere, and combine risk scoring and visualisation for databases and data. Also introduced into the range is the Discovery and Assessment Server automated solution that identifies sensitive data and vulnerabilities in databases.
Back to Top
VeriSign launches web application firewall management service March 30, 2009
VeriSign Enterprise Security Services has launched its web application firewall management service, enabled through a strategic agreement with Imperva, a provider of application and database security technology. VeriSign said that the service enables it to provide customers worldwide with a premium service that includes deployment, management and monitoring of the SecureSphere web application firewall.
Back to Top
Is Your Information Really Safe? March 20, 2009
Organizations need a way to monitor who has access to information stored in databases and what these employees do with the data. Many enterprises are using database monitoring and security tools to accomplish this task. We have some legacy applications [for which], because of performance reasons, the actual database logs were not turned on,” says McPhedran of Aegon. The company uses a product called Imperva SecureSphere to monitor database activity, look for anomalies in use patterns and flag flagrant policy violations.
Back to Top
Imperva Enhances Database Activity Monitoring with Analytics to Piece Together Security and Audit Risks March 18, 2009
Imperva has announced a new version of its SecureSphere database activity monitoring (DAM) solution that adds analytics intelligence to automate forensic and audit investigations. SecureSphere now provides near real time multidimensional views of audit data, collects native audit logs from new platforms, and bridges the gap between obscure SAP audit data trails and their associated business transactions. To back up its claim that SecureSphere is the best DAM solution on the market, the company is offering qualified organizations a $1,000 money-back guarantee if they evaluate the product for 30 days and do not come to the same conclusion.
Back to Top
Scuba - Cross-platform Database Assessment Tool March 16, 2009
Scuba is a Database Vulnerability Scanner... that scans Oracle, DB2, MS-SQL, and Sybase databases for known vulnerabilities and configuration flaws. Based on its data security assessment results, Scuba creates clear, informative reports with detailed test descriptions.
Back to Top
Imperva bietet Schutz und Auditing für IBM-Mainframe-Datenbanken (German) March 12, 2009
Imperva stellt das Securesphere Database Gateway für z/OS (DGZ) vor. Securesphere DGZ bietet Monitoring, Auditing und Schutz für DB2-Datenbanken auf z/OS-Mainframes. Das Produkt überwacht lokale und netzwerkbasierte Aktivitäten von privilegierten und nicht-privilegierten Anwendern sowie Applikationen, um Datenverluste und Betrugsversuche zu verhindern. Es dienst außerdem zur automatischen Erstellung von Compliance-Berichten.
Back to Top
Most Oracle database shops don’t mandate use of security patches, survey says February 26, 2009
Amichai Shulman, chief technology officer at database security vendor Imperva Inc. in Redwood Shores, Calif., also expressed surprise about the lack of Oracle patching policies at some companies. "It's one thing to have a policy saying you don't have to patch each and every database," he noted. "It's a different thing to have no policy at all."
Back to Top
Imperva Releases DB2 Security and Auditing Product February 26, 2009
Imperva recently released a new product designed to help administrators protect and audit IBM DB2 databases that run on z/OS. SecureSphere DGZ checks all traffic coming from and going to the DB2 database for malicious activity. It monitors and audits network-based activity such as queries and application responses. Meanwhile, all local activity (from administrators and privileged users) is inspected by the native IBM Audit Management Expert tool.
Back to Top
New tech start-ups can rise from the economy’s ashes February 17, 20009
Tech firms with services that help corporations reduce operational costs, such as videoconferencing and clean tech, are in vogue. Cisco, for example, says it will save $400 million this year in travel expenses through its use of videoconferencing.
Computer-security firm Imperva, which monitors the digital traffic in and out of a company's database to prevent breaches, landed a contract with SuccessFactors, a software service for human resources departments, last week. Imperva's customers include 62 of the Fortune 1,000 — half of which joined in the last year.
Back to Top
SuccessFactors deploys Imperva’s SecureSphere to protect HR data February 10, 2009
SuccessFactors, a provider of on-demand performance and talent management solutions, has deployed Imperva's SecureSphere to protect its software as a service application and human resources or HR data it processes.
Back to Top
Database security: Protecting the crown jewels February 5, 2009
Universities, banks, SMBs and large brands alike are waking up to the fact that their databases are no longer safe inside their perimeter firewalls, intrusion prevention systems and other edge protections.
Database security awareness has reached the point where some sort of database logging and auditing now occurs at 83 percent of organizations, based on a survey of 260 IT professionals sponsored by encryption vendor, Vormetric, released in October.
Back to Top
Monster Breach Shows Security Needs Rethinking January 28, 2009
For some security experts, the recent data breach at job site Monster.com comes as no surprise, and they say enterprises need to reconsider their approach to security.
"When most organizations talk about security, they're talking about network security, which is five years out of date," Brian Contos, chief security strategist at database and Web application security vendor Imperva, told InternetNews.com. "Attackers are focusing on data, not the technology."
Back to Top
Imperva Names Chief Security Strategist January 21, 2009
Application data security provider Imperva (www.imperva.com) announced on Tuesday that it has appointed Brian Contos as its chief security strategist.
Imperva’s announcement describes Contos as “a noted information security speaker and author with over a decade of experience.” He previously worked as chief security officer at ArcSight (www.arcsight.com), a provider of security and compliance management solutions. At ArcSight, Contos advised government organizations on security strategy, and helped position the company for a successful 2008 IPO.
Back to Top
Vendors Tie Database Monitoring, Security Event Management January 14, 2009
More and more vendors are tying together database activity monitoring and security information management, a move that could benefit enterprise data protection efforts. Imperva and ArcSight announced interoperability between their products in December 2008.
Back to Top
Oracle patches dangerous WebLogic, Secure Backup vulnerabilities January 14, 2009
Amichai Shulman, chief technology officer of database and application security and reporting and audit vendor at Imperva Inc., said the BEA WebLogic Server is at a greater threat to attack since it is perimeter facing.
"[Oracle] will continue to have their hands full with this product because I think that this is a matter of a culture of releasing vulnerabilities in Web servers before a vendor can respond," Shulman said. "I think during a certain period of time some people at WebLogic were not as responsive to security issues and some researchers grew frustrated."
Back to Top
Oracle Releases Critical Patch Update with 41 Fixes January 13, 2009
Amichai Shulman, CTO of Imperva, said the lack of technical details provided by Oracle—particularly for the vulnerabilities rated 10—makes it difficult for customers to assess their exposure.
"What we know is the vulnerabilities rated 10 for Secure Backup are important because they allow an attacker to take control of the databases being backed up," Shulman said. "Also, the WebLogic vulnerability rated 10 allows an attacker to take over a Web application without authentication. These are both serious flaws."
Back to Top
False Intrusion Alerts Cost Time, Money December 17, 2008
With data breaches hitting the headlines regularly and reports that regulatory compliance will be tightened up considerably in 2009, monitoring database activity to maintain security is becoming more important than ever. However, most monitoring tools give rise to false positives, costing companies time and money as IT chases down these false alerts.
Imperva uses a technology called Dynamic Profiling in its SecureSphere that uses the behavioral approach which it has had for about six years, Vice President of Marketing Mark Kraynak told InternetNews.com.
Back to Top
Fear the database admin, says security report December 15, 2008
One of the best ways to improve database security is to carefully monitor the very people entrusted to manage them, database administrators (DBAs), a report has concluded. Perhaps not surprisingly, the Aberdeen Group study of 120 mostly large companies around the globe found a correlation between adopting a range of database security practices and frequency of data breaches.
"This Aberdeen report establishes and quantifies the risk organisations are taking by not monitoring the actions of privileged insiders, as well as the payback for companies that implement database activity monitoring," said Mark Kraynak of database security company, Imperva, one of the report's three co-sponsors.
Back to Top
Mature Imperva opts for two tiers November 27, 2008
Application data security vendor Imperva has moved to a two-tier model across Europe after claiming it has reached a "maturation phase" in its development.
Roland Hamann, channel director at Imperva, said the change in model was necessary to cope with increased end-user demand. "When we started we had to find opportunities. Now the opportunities are coming to us," he said. "The need for compliance is growing."
Rob Swainson, managing director of Imperva partner Blue Cube, said: "This is a good indication that the market has grown and that we have backed the right horse. And Exclusive seems keen and hungry."
Back to Top
Web 2.0 Security: Getting Collaborative Peace of Mind November 26, 2008
Imperva stresses the importance of having security measures in place on the server side when explaining its security solutions to customers. "What we talk to customers about is the need to apply security on the server side because that's where you have control," says Mark Kraynak, Imperva's director of strategic marketing. Still, with this approach, the goal is to prevent future problems. "We can show how the applications are working and we use the model to prevent attacks," explains Kraynak. Imperva's SecureSphere monitors the activity in its customers' applications and databases to prevent vulnerabilities. By using dynamic profiling, Imperva creates profiles of applications and databases, so changes and possible malicious activity can be more easily noticed.
Back to Top
Security Analyst Warns of 'Google Hacking' October 27, 2008
"In 2004, this was science fiction," Amichai Shulman said. "In 2008, this is a painful reality."
Google and other search engines are taking steps to stop the abuse. For example, Google has stopped certain kinds of searches that could yield a trove of Social Security numbers in a single swoop. It also puts limits on the number of search requests sent per minute, which can slow down mass searches for vulnerable Web sites.
Back to Top
Google hacking increasingly effective October 27, 2008
Google is the search engine of choice for both consumers and hackers, according to infosec experts.
Amichai Shulman, co-founder and CTO, Imperva, said: "Google can be used as an extremely powerful automated attack tool, and attacks that in 2004 were science fiction are now painful facts."
"Unfortunately, although we have seen attacks using Google increase massively since January this year, their effectiveness shows no signs of dropping."
Back to Top
Security Analyst Warns of 'Google Hacking' October 27, 2008
Even with rising awareness about data security, it takes all of a few seconds to pluck Social Security numbers from Web sites using targeted search terms, said Amichai Shulman, founder and chief technology officer for database and application security company Imperva.
The fact that Social Security numbers are even on the Web is a human error; the information should never be published in the first place. But hackers are using Google in more sophisticated ways to automate attacks against Web sites, Shulman said.
Back to Top
Microsoft releases Windows patch to stop worm attack October 23, 2008
Microsoft issued an emergency patch to repair a critical Windows server service vulnerability that leaves Windows systems dangerously open to attack. The software maker also said it had to act quickly because it was aware of targeted attacks affecting Windows users.
Security experts said the flaw is probably contained within the Server Message Block protocol, an area that handles file sharing, printer sharing and remote administration. It's a very basic networking component of all versions of Windows server," said Amichai Shulman founder of database security vendor Imperva Inc.
Back to Top
Oracle issues 36 patches, but is anyone applying them? October 15, 2008
The latest update is smaller than most of Oracle's typical quarterly updates and appears to present less serious threats than usual, said Amichai Shulman, chief technology officer at database security firm Imperva Inc., which discovered two of the vulnerabilities that were patched this week. But what continues to be surprising is that some of the patches appear to be addressing issues for which patches had been issued previously, he said.
Back to Top
Exposing 30 million IDs is a good reason for web application defense October 13, 2008
I had conversations lately with three CEO's of web application defense companies: Doug Camplejohn of MI5Networks, Nir Zuk of Palo Alto Networks, and Shlomo Kramer of Imperva. All of them are industry veterans and all of them are developing products to address the inability of standard network security gear to address web application attacks.
One truism in exposing web applications is that stuff happens. No matter how well you analyze your code, test your applications, and scan on a regular basis you can still have mis-configurations that expose critical data. Of the three I talked to Imperva's products are the best suited for addressing this kind of issue. Usually deployed inline, Imperva's web application firewall can detect and block the activity needed to grab a database such as in DT's recent blunder.
Back to Top
Tiered scheme aims to boost Imperva ranks October 13, 2008
Application data security vendor Imperva has launched its first tiered channel programme to swell its mid-market presence. Under the new PartnerSphere programme, Associate partners are required to have two certified sales staff, while higher-level Premier partners need two certified sales and four certified technical staff.
Mark Kraynak, vice president of global marketing, said more mid-market firms are moving to protect themselves from data breaches and comply with Payment Card Industry regulations. The vendor has just launched SecureSphere Standard Edition, its first product for mid-market firms. "We were seeing traction in the mid-market and needed a product specifically designed for that," said Kraynak. "There will be a new set of partners focused on the mid-market that will start at Associate level."
Back to Top
Security vendors are showing movement! October 8, 2008
Imperva is bringing its end -to-end application security (web servers and databases) down to mid-tier enterprises. This is one case where Gartner got it all wrong - they tried to artificially create a database auditing market category based on dubious requirements. Of course, database auditing belongs to the database vendors which explain why IPlocks is gone, Symantec is out of the business, AppSec and Tizor have new CEOs, and I only see Guardium making money on the golf course. The ability to audit the entire transaction path, from the user to the very back end, is important and is what I recommend IT looks for.
Back to Top
Imperva Makes Web Application Protection Accessible to Mid Market Enterprises October 7, 2008
Imperva recently announced the release of SecureSphere Standard Edition (SE), a new model of its multi award-winning SecureSphere Web Application Firewall (WAF) that is tailored to meet the requirements of mid-market enterprises. SecureSphere SE provides the automated protection and transparent inspection capabilities of its larger siblings in a form factor geared to mid size datacentres.
Back to Top
Imperva tailors Web app firewall for midsize business October 6, 2008
Imperva is introducing a scaled-down version of its Web application firewall designed for quick installation in midsize businesses. SecureSphere Standard Edition is a trimmed-back iteration of its Secure Sphere Enterprise Edition that has a simplified graphical user interface and revised documentation. It is designed for businesses that don't have full-time IT security staff and few IT staff in general, the company says.
The platform's support package comes with two hours of Webex consultation with Imperva engineers to help configure the gear, which is the amount of time the company says most small businesses need to get it up and running. Imperva says that because the device is not proxy based, it can be installed in front of Web servers without requiring any network configuration changes, again playing to short-staffed IT departments in businesses with 250 to 1,000 employees. The product's Dynamic Profiling automatically monitors Web application behavior for two to five days and recommends security policies to protect it, requiring less staff expertise in application security.
Back to Top
Imperva Brings WAF to Mid-Market October 6, 2008
According to Gartner, adoption of WAFs among mid-market enterprises is accelerating, "Smaller enterprises — which typically do not have ADCs (Application Delivery Controllers) — and enterprises whose security organizations are not willing to depend on the security functionality included in network operational equipment represent the second-most-important growth area for WAFs, after enterprises with PCI compliance requirements."
Back to Top
Imperva tailors Web app firewall for midsize business October 6, 2008
Imperva says that because the device is not proxy based, it can be installed in front of Web servers without requiring any network configuration changes, again playing to short-staffed IT departments in businesses with 250 to 1,000 employees. The product's Dynamic Profiling automatically monitors Web application behavior for two to five days and recommends security policies to protect it, requiring less staff expertise in application security.
Back to Top
Imperva names CFO September 8, 2008
Application data security company Imperva Inc. on Monday named Aviv Boim chief financial officer and general manager for Israel. Redwood City-based Imperva said Boim has "a wealth of experience in high technology finance, public offerings, operations, and mergers and acquisitions." He was formerly CFO of Israel-based Orckit Communications Ltd., a provider of carrier network equipment. He also led Tikcro Technologies Ltd., a technology investment company, in the selection and negotiation of venture capital funding. In addition, Boim was an investment banker with BT Alex Brown's technology group in London, where he managed initial public offerings, as well as mergers and acquisitions.
Back to Top
Japan's Fuji Television Network Selects Imperva for Database Monitoring and J-SOX Compliance September 7, 2008
"In comparison with alternative solutions, SecureSphere was the only product that enabled us to monitor and audit database activity without impacting our existing infrastructure," said Satoshi Morimoto, Manager of Information Security for Fuji Television Network. "SecureSphere provides us with full details on database queries and responses, and allows us to easily meet J-SOX requirements. We were also impressed with SecureSphere's ease of deployment and support services."
Back to Top
New PCI Security Standards: Lock It Down, Lock It Tight September 2, 2008
New PCI regulations are just around the corner, and retailers dealing with credit cards will need to tighten up their standards in order to comply…"The new version is making me trust the PCI standards more. It started as an actual deployment created by the industry for the industry. It is now very straightforward," said Amichia Shulman, CTO of Imperva.
Back to Top
Fuji Television Network Selects Imperva for database monitoring August 27, 2008
Imperva, a provider of application data security solutions, has announced that Fuji Television Network, a Japanese television broadcasting company, has selected its SecureSphere Database Monitoring Gateways to meet compliance requirements mandated by Japanese Financial Instruments and Exchange Law.
Back to Top
Crossbeam Systems Certifies Imperva SecureSphere on its Next Generation Security Platform August 12, 2008
Crossbeam Systems announced that it has certified Imperva's SecureSphere 6.0 to run on the X-Series Next Generation Security Platform through the iBeam ISV Certification Program. Deployed on the Crossbeam chassis, SecureSphere's market-leading application data security solution will help enterprises and carriers protect their Web applications and databases from attack, as well as enable companies to comply with a wide variety of regulatory initiatives.
Back to Top
Yes, monitor your web apps too August 12, 2008
So what? - I thought this new capability on Imperva's web application firewall to monitor the malicious inputs (amongst other things) and help provide actionable reports to developers as fascinating. You all know I'm a big fan of monitoring, and all other things being equal, I'll choose to monitor not just the network - but the servers, databases, and apps as well. As helpful as the monitoring info is to REACT FASTER, it would be great if you didn't actually have to react every time.
Back to Top
Imperva WAM automates the discovery of application vulnerabilities in production systems August 5, 2008
"Because they monitor web traffic and detect attacks, Web Application Firewalls should help developers find and fix flaws in production code. But in reality, the process is too tedious and costly," said Andrew Jaquith, program manager in Yankee Group's Enabling Technologies Enterprise group. "In contrast, Imperva's Web Activity Monitoring solution feeds alerts and reports to both security and development teams, closing the loop between security operations and application developers."
Back to Top
Imperva WAM automates the discovery of application vulnerabilities in production systems August 5, 2008
"Historically, Web Application Firewalls have focused on reducing threats to online applications, while code review and vulnerability scanning technologies have focused on discovering vulnerabilities," said Amichai Shulman, CTO of Imperva. "With Web Activity Monitoring, SecureSphere closes this gap by blocking malicious inputs and capturing detailed information on how applications respond to live queries, which allows developers to fix code level security holes."
Back to Top
Database security: Limiting access is key August 4, 2008
As options have increased for midmarket companies to house their data, so, too, have options for securing their databases and data stores. Once the preserve of only large companies, a range of data storage options are now available and within reach of companies of all sizes…SecureSphere Database Security Gateway from Imperva Inc. is another leading product for monitoring access to databases. SecureSphere is part of a suite from Imperva that also includes its well-known Web application firewall, a natural fit since websites and applications are frequently sources of malicious access to databases. SecureSphere works through user profiling and vulnerability assessments of databases.
Back to Top
Konvergenz von Security und Compliance (German) August 1, 2008
Die Aufgabenstellungen hinsichtlich Sicherheit und Compliance werden die IT-Landschaft so lange dominieren wie sensitive Daten über Kunden, Mitarbeiter, Patienten und Finanztransaktionen ausgetauscht oder gespeichert werden. In der Vergangenheit haben sich die Sicherheitsteams mit dem Schutz der Daten beschäftigt und die Compliance-Verantwortlichen sich auf die Kontrolle der Nutzung fokussiert. Allerdings sind beide Disziplinen in der Praxis zwei Seiten der selben Medaille. Richtlinien und Vorschriften unterstützen weltweit diese Sichtweise und verlangen, dass Sicherheits- und Compliance-Bereiche zusammenarbeiten.
Back to Top
Go Daddy Picks Imperva WAF July 28, 2008
"Our Quick Shopping Cart product generated more than 55 million dollars for our customers last year alone. There's no sign of slowing - in fact, online spending is predicted to grow by more than 17% in the next year according to Forrester Research. We understand the need of top level security for our customers and ourselves," said GoDaddy.com CEO and Founder Bob Parsons. "We chose Imperva SecureSphere because we believe they are the very best. Protecting our customers and keeping the Internet safe is a top priority at Go Daddy"
Back to Top
Imperva Extends Compliance Solution to PeopleSoft July 17, 2008
"Given the complexities associated with the PeopleSoft environment, IT departments often struggle to secure these applications and meet compliance requirements," said Amichai Shulman, Imperva's CTO and the head of Imperva ADC. "The PeopleSoft Insights module combines packaged intelligence and reporting tools that eliminate the guesswork associated with protecting, monitoring and auditing PeopleSoft applications and data."
Back to Top
Oracle Troubled by Web Component Security July 16, 2008
Not only were previous versions of Oracle's signature database impacted by recently discovered vulnerabilities, but the latest version of their product, 11g, also contained flaws addressed in the newest patch updates released by Oracle. Imperva CTO Amichai Shulman told SecurityProNews his first look at Oracle's updates noted that disturbing revelation. Along its Internet-facing products, many web components required fixes for the usual threats like code injection or buffer overflows.
Back to Top
Oracle Patches 45 Vulnerabilities July 16, 2008
Oracle (NASDAQ: ORCL) is out with its latest critical patch update (CPU), this time providing fixes for 45 security vulnerabilities spanning the Oracle product portfolio..."The three most notable elements of this CPU are Oracle's decision to use CVE codes for vulnerability naming and that nine out 10 Database vulnerabilities apply not only to older versions of Oracle database server but also to the newest version Oracle 11G," Amichai Shulman, CTO of database security firm Imperva told InternetNews.com. "And finally two of the database vulnerabilities are in the Oracle authentication mechanism," he added.
Back to Top
Imperva Highlights EMEA Momentum July 7, 2008
Application data security solutions Imperva has revealed significant progress in the development of its EMEA operation and channels-to-market. Imperva has strengthened its sales and channel support teams in the UK, France, Germany, Italy and the Netherlands to complement its EMEA headquarters in Israel. Imperva now has more than 180 enterprise customers across the EMEA theatre.
Back to Top
Merchants Cope with PCI Compliance June 30, 2008
"After you've examined your systems, assessed them and bought the necessary technological solutions, make sure you have processes in place to deal with security gaps and breaches," Mark Kraynak, senior director of strategic marketing at Imperva, told InternetNews.com.
Back to Top
Imperva Announces Web Application Security Solution June 20, 2008
Imperva has announced the industry's first closed loop solution for managing the Web application security lifecycle on production systems. The Imperva SecureSphere Web Application Firewall (WAF), through bi-directional integration with vulnerability scanning tools from Cenzic, HP, IBM, and NT Objectives, addresses application security from quality assurance/testing into production.
Back to Top
Ace Insurance Japan selects SecureSphere DMG for monitoring and auditing SQL access to customer database (Japanese) June 13, 2008
DM Radio Interview: Mark Kraynak May 30, 2008
How can enterprises unify frameworks for security and determine proper roles and responsibilities?In this episode of DM Radio, several industry experts expound on the subject, including: Phillip Villella, Ph.D., Chief Scientist & Founder of LogRhythm; Mark Kraynak, Senior Director for Imperva; and Mike Jerbic, Principal Consultant for Trusted Systems Consulting.
Back to Top
Imperva Joins Global Security Alliance May 28, 2008
Imperva has announced that it has joined the Global Security Alliance, a platform formed by SAP for information and knowledge exchange that comprises leading providers of security and risk management offerings.
Back to Top
Interview: Shlomo Kramer May 28, 2008
The serial company founder and SC's CEO of the Year tells Paul Fisher why he knew all along that data-centric security was the future.
Back to Top
SAP Certifies Imperva for Web Security May 21, 2008
The SAP Integration and Certification Center has certified that SecureSphere meets certification criteria under the category of Network Security for enterprise service-oriented architecture solutions... Back to Top
RSA Conference White Paper Outlines Security Trends May 18, 2008
It was no surprise that some of the most interesting small companies at the show -- Imperva, LogLogic, Secerno, Intellitactics and Splunk -- are all, in one way or another, doing interesting things with data protection and log management... Back to Top
How To Protect A Company's Data May 14, 2008
A lesser-known but equally data-centric segment of the security industry involves monitoring the activity that happens around databases and major applications. That kind of monitoring, contends Imperva spokesman Mark Kraynak, could have prevented Société Générale's Jerome Kerviel from hiding his secret trades, or Enron's accountants from sneaking adjustments into their financial numbers in the company's database. Back to Top
Two Sides of the Same Coin: The Convergence of Security and Compliance May 5, 2008
By Shlomo Kramer
Security and compliance issues will continue to dominate IT initiatives as long as valuable data on customers, employees, patients and business financials is exchanged and stored.Back to Top
Israel well placed to mount defence strategy May 2, 2008
Kramer left Check Point to found application and database security supplier, Imperva, and has contributed to the funding of startups such as Trusteer, which creates solutions to protect online consumers against cyber threats. “There are a lot of experienced people in this market who know how to make a successful business,” Kramer said. Back to Top
The Art of Data Management Compliance, Part 1: Keeping Pace April 26, 2008
"Broadly, the regulating organizations are getting more and more serious and previously unregulated geographies are becoming regulated," Mark Kraynak, senior director of strategic marketing for Imperva Back to Top
Defend Critical Applications Against Attack April 23, 2008
The Imperva SecureSphere Web Application Firewall has successfully satisfied all certification criteria to achieve the ICSA Labs' Web Application Firewall (WAF) Certification. "The Imperva SecureSphere appliance has the ability to handle many complex attack scenarios," said George Japak, managing director, ICSA Labs. Back to Top
PCI's False Dilemma: Code Review or Application Firewall? April 23, 2008
For organizations attempting to secure their Web applications to meet compliance standards, PCI regulations present a choice of two options: Perform a code review or install a WAF. This, however, is a false choice. The best course of action is to do both.
Shlomo Kramer: PCI Lessons from America (French) April 8, 2008
Shlomo Kramer talks about what the French market can expect regarding PCI enforcement based on experience with Imperva customers in the United States. Back to Top
Imperva Prevents Fraud by Monitoring Database Changes March 12, 2008
"Several regulations, such as Sarbanes-Oxley, mandate change controls for financial information; unauthorized changes can lead to forensic investigations to uncover what data changed and restore the original values. SecureSphere’s Track Value Changes feature monitors and audits the values of a specific record or a subset of table rows noting values before and after changes are made." Back to Top
Software Finds Any Manipulation in Databases (German) March 11, 2008
The security problems of the French bank Société Général have produced some headlines recently. The SecureSphere security solution of Imperva is designed to detect malicious activities of company insiders. This may have helped to avoid the illegal manipulations. Back to Top
Tracking Row-Level Changes in the Database March 10, 2008
"Imperva has added new technology into its SecureSphere product to track value changes in the database that violate compliance policies." Back to Top
Core of the Matter March 7, 2008
No longer can security managers focus only on perimeter and host security. The application has become the prime target for hackers. We review six leading Web application firewalls that help deliver your critical apps securely. Imperva is the closest thing to a silver bullet for application security, based on its combination of adaptive learning and other techniques. Back to Top
Database Security March 7, 2008
Imperva's SecureSphere Database Security Gateway offers a unique combination of automated monitoring and proactive auditing for protecting your databases. SecureSphere is an impressive enterprise-ready product for large organizations. Back to Top
New VMware VMsafe(TM) Technology Allows the Virtual Datacenter to be More Secure Than Physical Environments February 27, 2008
"Application data security and compliance is a key area of concern for Imperva customers,” said Rohit Gupta, vice president of business development for Imperva. “Partnering with VMware will allow Imperva to continue to deliver flexible solutions that provide full visibility and granular control of application and data usage in virtualized environments.” Back to Top
Chicken, Egg or Omelette? February 25, 2008
Now that compliance and security seem inexorably linked, the benefits of one solution over another are no longer just how much it can save your customers’ time, and your customers’ money. Now it’s about saving your customers’ neck. Resellers need to demystify the convergence of security and compliance, and explore winning strategies that will enable them capitalise on a market worth hundreds of millions of pounds. Back to Top
Google-hacking made easy February 25, 2008
“Tools like this scanner are a wake-up call for application owners,” Shulman said. “And that is a good thing. The issue of data leakage into search engines is a big issue.” The Cult of the Dead Cow has said much of its research in this area has been against government servers where it has been able to turn up sensitive information that has been unwittingly exposed. "With a lot of script kiddies having this tool, I think the government can expect a rough period of headlines,” Shulman said. Back to Top
Hacker Group Releases New Google Vulnerability Scanner February 22, 2008
"I think (Goolag scanner) should be a wakeup call for application owners and what they are doing with respect to search engines and their application security," said Shulman. "It just emphasizes an existing trend that application owners should pay attention to." Back to Top
Data security, compliance needs "holistic approach" February 21, 2008
I feel very strongly that a new layer of visibility and security is needed in addition to the network and infrastructure layers commonly in place in today's organizations.
– Shlomo Kramer, President and CEO, Imperva Back to Top
Israel is Seen as a Main Research Base in High-Tech Industry and in Particular Security (French) February 12, 2008
Israel is a melting pot for highly skilled engineers, which makes the solutions they generate among the most relevant in the world. The small size of the Israeli market means that indigenous companies have to commit outreach to international markets. In that way, companies share their knowledge to increase quickly their turnover like the ‘serial businessman’ Shlomo Kramer who has founded Checkpoint and then Imperva, the leader in ‘database protection’.
Download Article (French) Back to Top
Protection Through Data Governance February 1, 2008
As the name implies, data governance can be a difficult proposition for companies that do not have the resources to monitor and control the flow of data. It's a bit like trying to govern a small country: It's obviously important to protect your borders, police your citizens, and establish clear laws over how the country operates, but enforcing and monitoring those laws can be difficult. Back to Top
Imperva achieves RSA Secured Partner Program certification January 25, 2008
Imperva Inc., a provider of application data security and compliance, announced that it has achieved certified interoperability with RSA Access Manager software from RSA Security Inc., the security division of EMC Corp. This partnership is designed to enable joint customers to deploy a layered web security infrastructure that provides interoperable application protection with user access control. Back to Top
Oracle patches serious holes with latest CPU January 17, 2008
The focus of this particular CPU should be on client side vulnerabilities, Shulman said. Five of the application server vulnerabilities may be remotely exploitable without authentication. Back to Top
10 Database Security Tips For Smaller Businesses January 14, 2008
Don't let databases fool you. Sure, their names may sound stately (Oracle, Ingres) or innocent (MySQL, SQL Server, Sleepycat). Yet no database, just out of the box, is secure. In addition, because databases concentrate so much potentially lucrative information in one place, they're prime targets. While storing sensitive or regulated information puts any company at risk, smaller businesses may have more to lose. Back to Top
Is your Database Secure? (French) January 10, 2008
With the Internet becoming increasingly critical for businesses, databases are more and more exposed. This has placed the spotlight firmly on the need to be prevent external and internal attacks but at the same time ensuring an audit trail can be established. Back to Top
Web 2.0: Opportunities & Risks (French) January 8, 2008
According to a Forrester survey, Web 2.0 is increasing risks for enterprises. Banks are, in particular, seen to be under-prepared for Web 2.0 technology, and Forrester suggests that changes need to be made to their security policies. Comment from Shlomo Kramer highlights the need for data protection.
Download Article (French) Back to Top
Tech Insight: Database Activity Monitoring January 4, 2008
If you weren't concerned about unauthorized database access before, maybe now you should give a DAM.
Back to Top
Imperva Partners with RSA (French) January 1, 2008
Imperva joined RSA Secured program. SecureSphere and RSA Acess Manager will be interoperable allowing IT security team to access user login credentials from RSA Access Manager. Back to Top
- MarketLive deploys Imperva to achieve high level of PCI DSS certification
Imperva Inc., a provider of application data security and compliance, announced recently that MarketLive Inc., a provider of global e-commerce solution for retailers, has achieved the highest-level Payment Card Industry (PCI) Data Security Standard (DSS) compliance using the SecureSphere Web Application Firewall (WAF), Imperva said.
Computer Technology Review, December 28, 2007 - Independent Research Firm Names Imperva a Leader in Enterprise Database Auditing and Real-Time Protection Market
Report Finds SecureSphere is Best Suited to Large Scale Deployments and Real-Time Protection
October 29, 2007 - Imperva SecureSphere Wins Editor's Choice Award from InformationWeek Magazine for Database Extrusion Prevention Systems
SecureSphere Outperforms Guardium, Crossroads, RippleTech, and Pyn Logic in Comprehensive, Six Month Evaluation
September 25, 2007 - Imperva Named Top 100 Company by Red Herring
Data Security Vendor Recognized for Leading the Next Wave of Innovation
May 2, 2007 - Oracle releases 36 patches
The update included 13 patches for the popular Oracle Database, with the most severe vulnerability rating a seven out of 10. Three of the database flaws &ndash the most serious ones &ndash may be remotely exploitable without user authentication. Amichai Shulman, Imperva's CTO, was interviewed on Oracle's release of 36 patches. He commends Oracle for its efforts to address security issues in the database code and suggests that enterprises perform a database security assessment before applying the patches and deploy an additional layer of security in front of the database servers for increased protection.
SCMagazine.com. April 17, 2007 - Understand and Defend Against Web 2.0 Security Threats
"Web 2.0 technologies such as AJAX, RSS, and client-side JavaScript libraries allow enterprises to build more responsive, immersive and collaborative applications. Although many of the technologies are not new, the threat model for Web 2.0 is not yet fully understood by developers," said Andrew Jaquith, Senior Analyst at Yankee Group. "Imperva is taking a leadership role by educating organizations about the risks associated with Web 2.0 applications, and by offering mitigation techniques."
SecurityPark.net. March 9, 2007 - Q&A: What to Do About Web 2(.0)
In an exclusive interview, Imperva co-founder talks Web 2.0 security risks, protection strategies, and how end-user education is a waste of time
darkReading.com, March 6, 2007 - Database security undermined by protocol loopholes, lax defenses
"A security expert is warning database administrators about a continued loophole in database communication protocols that would allow an attacker to bypass access controls and gain access to critical files..."
SearchSecurity.com. March 6, 2007 - Q&A: What to Do About Web 2(.0)
Everyone's talking about Web 2.0 security. But what can you really do about it? In an exclusive interview, Amichai Shulman, co-founder and CTO of Imperva and one of the Web's most widely-recognized security researchers, spoke with Dark Reading senior editor Kelly Jackson Higgins about the emerging risks in Web 2.0, and how organizations can protect themselves.
DarkReading.com. March 6, 2007 - The NWC Interview: Imperva's Shlomo Kramer
Network Computing Interview with Shlomo Kramer on database and Web application security. For more in-depth information, listen to the Podcast of the interview here.
NetworkComputing.com. March 5, 2007 - Imperva releases freeware database vulnerability scanner
Security in Production databases often gets overlooked because the security staff is so caught up in making sure the operating system is patched that database security falls to the wasteland. Secure databases are just as important as secure operating systems. Databases contain very sensitive information such as social security numbers, credit cards, and financials. If this data is compromised, it could spell disaster for your corporate image.
DatabaseJournal.com. February 28, 2007 - A Free Database Scanner
If you're worried about the security of your database - but can't afford a full-blown vulnerability assessment right now - you're in luck. Imperva is now offering a free database vulnerability scanner...One of the first beta testers of the scanner is Accor, which owns Club Med, Motel 6, Red Roof Inn, and Sofitel. The company is evaluating the product as a potential tool for determining its Oracle and SQL databases' compliance with the retail industry's PCI standards. ...Jaimin Shah, a security engineer with Accor says, "The tool did provide us a visibility into the environment we did not have before. Other database vulnerability assessment tools Accor has used did more 'surface' scanning, but Scuba went a lot deeper than that. This went into detail...If there were vulnerabilities, it provided details on it - why it failed an assessment report, where, and what you need to do to eliminate the problem."
DarkReading.com. January 29, 2007 - An Exclusive Interview: Shlomo Kramer aims to become a global leader in security
An exclusive interview with a pioneer of the Israeli high tech industry: From Check Point to Imperva, serial entrepreneur Shlomo Kramer aims to become a global leader in security.
israelValley.comk. January 24, 2007 - Security experts criticise government database plans
"Last year more than 100 million user records were compromised in the US alone," Shlomo Kramer told ZDNet UK. "The issue is that when data is available online it can be compromised - especially [in conjunction with] web services." Even if the information is only available within governmental organisations, Imperva is seeing that within its user base there are many internal security issues - including abuse of credit card data, or abuse of privileges. "Data is at risk if it is made available to a large community of users," said Kramer.
ZDNet.co.uk. January 19, 2007 - Oracle blocks 51 security holes
Amichai Shulman reckons that some of the vulnerabilities are more severe than Oracle suggests. In particular, he highlighted flaws in Oracle's HTTP server that might be exploited remotely without authentication. "The SSL implementation flaw is the worst of the lot," he added. A number of the flaws might lend themselves to SQL injections attacks. Exploits would not be difficult for a skilled hacker to craft, Shulman added. Meanwhile, applying the patches would normally involve downtime so it might be some time before enterprises are ready to roll-out fixes.
TheRegister.com. January 17, 2007 - Oracle Patches 51 Flaws
The January Critical Patch Update, as Oracle dubs its quarterly security fixes, was half as large as the previous one. That CPU, issued in October 2006, featured 101 patches. "This wasn't the largest," says Amichai Shulman, chief technology officer of Imperva, an Israeli data center security vendor. "And we've seen a lot of these same vulnerabilities, or similar vulnerabilities in previous CPUs." It's not unusual, says Shulman, for already fixed Oracle vulnerabilities to reappear or to require repatching.
CRN.com. January 17, 2007 - The state of security
Businesses are looking at new ways to exploit the Internet. But these new practices introduce new security threats...The diffusion of information through Web 2.0 technologies combined with these subtler forms of attack will make detection much harder for the security professionals...The dispersal of data is not, however, the only problem IT leaders face. According to Shlomo Kramer, CEO of data centre security provider Imperva, Web 2.0 is based on low-cost, lightweight consumer applications that are predominantly web-based and highly vulnerable - and that presents a significant threat to the business.
Information-age.com. January 16, 2007 - Mepsted to head up Imperva's EMEA push
"Imperva's products fill a niche in the market for protecting applications and it has a very informative partner extranet as well...Jonathan is very driven and channel-friendly and we have a lot of confidence that he will maintain Imperva's direct touch approach which is a popular strategy with partners."
Computing. January 5, 2007 - Q&A with Amichai Shulman on the Critical Vulnerability in AJAX Technology
"To discuss this vulnerability and its implications we talked with Amichai Shulman, the co-founder and CTO of Imperva, where he heads the ADC. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft."
Net-Security.org. January 5, 2007 - Imperva Discovers Critical Vulnerability In AJAX Technology
"The ADC announced the discovery of a critical vulnerability in DWR (Direct Web Reporting) - a well known open source AJAX library that is incorporated into existing public Web sites. This client-side vulnerability can be exploited to launch Denial of Service (DoS) attacks and break into back-end servers and databases."
AjaxWorld. January 3, 2007 - Imperva identifies AJAX flaw
"...the AJAX Web application development framework is 'emerging as the lingua franca for building new generation Web 2.0 applications' such as Google Maps. We will see more and more of these vulnerabilities in the server-side framework."
NetworkWorld. January 3, 2007 - Imperva Discovers Critical Vulnerability In AJAX Technology
"Since AJAX executes a much larger proportion of application logic in the web browser than traditional web applications, it exposes a broader attack surface to client-side exploits used by attackers to target sensitive back-end servers directly."
Linux.SYS-CON.com. January 3, 2007
- UCLA Didn't Study for Security Test
"...if the network is no longer a walled fortress, then security managers need to employ the tactics of a beat cop. So says Alan Norquist, vice president of marketing at security company Imperva. Database usage needs to be monitored, and IT managers need to develop profiles that will look for out-of-the-ordinary database queries, he adds."
eWeek. December 15, 2006 - Imperva Expands in Europe
"Jonathan Mepsted has previously built and managed successful EMEA franchises for Fortinet and NetScreen, two of the world's leading network security companies," said Jim Drill, Vice President of Worldwide Sales.
Dark Reading. December 14, 2006 - Imperva Names EMEA Managing Director
WHIR. December 14, 2006 - Imperva Sets up Shop in EMEA
"Imperva Inc, the database and application security provider headed up by CEO Shlomo Kramer, one of the founders of firewall giant Check Point Software Technologies, is to expand its operations into Europe. The vendor has adapted dynamic profiling technology, previously designed just for HTTP, to also inspect database query traffic. The system looks at database information and queries to monitor what was accessed, who was the user, or what was the IP address. The benefits of this kind of behavioral detection system is said to be that it does not require security administrators to create new rules every time the database itself changes."
ComputerWire. December 13, 2006 - Caribou Coffee Selects Imperva SecureSphere for SOX Compliance
"Without the ability to audit all users who access and modify our financial database, we could not prove that we were in compliance with Sarbanes-Oxley. SecureSphere allows us to track all database users, including database administrators and developers, and trace their actions without impacting the performance or stability of our Microsoft SQL Server database," said Scott Ficek, senior director of information systems for Caribou Coffee.
Sarbanes-Oxley Compliance Journal. December 1, 2006 - Euronext Secures Trading Platform with Imperva SecureSphere
"SecureSphere is able to transparently protect our derivatives trading platform from internet attacks with out degrading application response times. Moreover, Imperva impressed us with superior technical support throughout the evaluation and deployment process." - Mamal Torfeh, Head of Global Managed Services, Atos Euronext Market Solutions (AEMS)
Dark Reading. November 28, 2006 - Study: SQL Server Is Safest DB
"...hacking a database is like striking gold, whether it's via a Web app or database bug - or both. There have been a number of security issues with Web applications recently...and at least one-third of the 97 million data records that were compromised since 2005 came from a database..."
Dark Reading. November 16, 2006 - Staffmark Selects Imperva to Protect PeopleSoft
"Maintaining the security and privacy of confidential employee information is our first priority. SecureSphere enables us to do this, while allowing us to safely use the Internet to make it easy for prospective job applicants to apply and work with Staffmark," said David Bartholomew, Chief Executive Officer of Staffmark. "After evaluating the leading web application firewalls, Imperva delivered the highest security and lowest cost of deployment and maintenance. SecureSphere was the only product capable of learning our PeopleSoft applications and dynamically creating the appropriate security policies. This is a huge time and cost saver for us."
Sarbanes-Oxley Compliance Journal. October 2006 - You Can't Make Everyone Happy- but Can You Come Close?
"The complexities of meeting audit industry best practices and delivering the information that auditors require put a significant strain on IT departments that are already strapped for manpower and resources. SecureSphere Database Monitoring Gateway...gives auditors what they want: details about all logged activities, who is accountable for every transaction, and what transactions are material exceptions. The product also gives IT staff members what they want: automated Universal User Tracking that identifies specific users and their activities without requiring a rewrite of the database or application. In addition, because the appliance doesn't sit on top of the database, users get what they want: unimpaired performance."
SQL Server Magazine. October 2006 - Staffmark Selects Imperva to Protect PeopleSoft
"Maintaining the security and privacy of confidential employee information is our first priority. SecureSphere enables us to do this, while allowing us to safely use the Internet to make it easy for prospective job applicants to apply and work with Staffmark," said David Bartholomew, Chief Executive Officer of Staffmark. "After evaluating the leading web application firewalls, Imperva delivered the highest security and lowest cost of deployment and maintenance. SecureSphere was the only product capable of learning our PeopleSoft applications and dynamically creating the appropriate security policies. This is a huge time and cost saver for us."
Sarbanes-Oxley Compliance Journal. October 24, 2006 - Oracle fixes 101 flaws
"The most severe issues are SQL injection and buffer overflow vulnerabilities," said Amichai Shulman, CTO of Foster City, Calif.-based Imperva Inc., a data security firm. Attackers can exploit SQL injection flaws to access the core of the database with full administrative privileges, he said, adding, "The troubling thing about this quarter is that several flaws that were patched before seem to have reappeared."
SearchSecurity.com. October 17, 2006 - Oracle releases 101 fixes
But Amichai Shulman, CTO of data security firm Imperva, objects to the low ratings, telling SCMagazine.com today that Oracle is attempting to downplay the severity of the flaws. He said even though the holes are not exploitable without valid credentials, they still pose a high-risk for most organizations. "A lot of people have access to a database within an organization," he said. "Saying access credentials are an impeding factor is not that true. You have many low-privileged users in an organization."
SC Magazine. October 17, 2006 - Oracle releases 101 patches in quarterly update
"One issue of concern for enterprises is that some of the flaws addressed by today's updates appear to be identical to flaws that were supposed to have been patched previously," said Amichai Shulman, chief technology officer at database security firm Imperva Inc. of Foster City, Calif. "There is something alarming about this trend of the same vulnerability repeating itself in the same database package and the same object," he said.
Computerworld. October 17, 2006 - Oracle Issues Monster Security Patch
"Redwood Shores, Calif.-based Oracle patched 22 vulnerabilities in Oracle Database, most of which address SQL injection or buffer overflow issues," said Amichai Shulman, CTO at Imperva, a Foster City, Calif.-based security vendor.
CRN. October 17, 2006 - Application Security: Countering The Professionals
"It is becoming increasingly important to stop the professionals who want to steal valuable information. The new attackers search for vulnerabilities in the application and exploit these weaknesses. Attackers are bypassing the traditional network-layer firewall and IDS defenses; their exploits appear as legitimate traffic to the network layer defense, but hiding in the application layer are deadly attacks."
Business Communications Review. September 2006 - DB2 Vulnerable to Trend of Communication Protocol Flaws
E-mail and Web servers aren't the only ones that get slammed by denial of service and other types of attacks. Database servers, including DB2, are also vulnerable to malicious activity, and communication protocol vulnerabilities are a growing trend.
System iNetwork. October 3, 2006 - Analysts: Changes to PCI rules help the measure
"Also significant are new rules that require companies to put controls in place for better securing their application software against online threats," Shulman said. "Companies are required to install the latest software patches, help identify new vulnerabilities, do application code reviews and help protect against specific Web security threats. Such measures are crucial to ensuring the integrity of the application environment," he said.
InfoWorld. September 13, 2006 - Changes to PCI rules a step in the right direction, analysts say
"I think most of the problems implementing the previous version of the standard was around this issue of database-field-level encryption," said Amichai Shulman, chief technology officer at Imperva Inc., a Foster City, Calif.-based security vendor. "I think this makes it more practical to implement the requirements of this standard."
ComputerWorld. September 12, 2006 - Strategic Security: Identity Theft Protection
"Imperva...will notify you of large or aberrant extractions. We classify this product category as "database extrusion prevention". These products can be configured to track data by user and profile each user's "normal" activity to give you a blueprint of what they're supposed to be doing - and raise a flag when abnormal activity is spotted."
Network Computing. August 31, 2006 - New pump and dump scheme
"If these stock trading sites had been monitoring account activity they could have seen the unusual behavior when someone liquidates their holdings and they should be especially vigilant for multiple accounts doing similar trades. Solutions from ... Imperva ... could have alerted them before the damage was done."
ZDNet. August 31, 2006 - Building Up Database Defenses
"Harvey Ewing, senior director of IT security at Carrollton, Texas-based Accor North America, ... uses SecureSphere application layer firewalls from Imperva to protect his Web and database servers."
ComputerWorld. August 28, 2006 - Hackers steal personal info of 19,000 AT&T customers
"We recognize that there is an active market for illegally obtained personal information," said Priscilla Hill-Ardoin, AT&T chief privacy officer. Shlomo Kramer, CEO Imperva, pointed out that the attack against AT&T exemplifies how hackers are turning their attention away from the infrastructure in favor of targeted data.
SC Magazine. August 30, 2006 - AT&T to Offer Credit Checks After Data Hack
"Shlomo Kramer, CEO of security appliance maker Imperva said the breach is indicative of how traditional security measures, such as firewalls and intrusion prevention systems (IPS), can't totally shore up a network's defenses, especially if the attack comes from within."
internetnews.com. August 30, 2006 - Oracle fixes 65 flaws
"These are vulnerabilities in the underlying network protocol between Oracle clients and Oracle servers," said Amichai Shulman. "These are the most dangerous type of vulnerability because they do not require database credentials at all and they leave no trace in the database audit trail and there is absolutely no workaround for them."
SC Magazine. July 19, 2006 - Oracle has65 fixes in latest security update
"Many of the vulnerabilities relate to a proprietary networking protocol used by Oracle's database, called Oracle Net. This protocol has come under increased scrutiny over the past year," according to Amichai Sulman, CTO with Imperva. "...because you don't need any database credentials in order to exploit them."
NetworkWorld. July 18, 2006 - Security Briefs: JavaScript Worm, IBM DB2 Vulnerability, NIST Performance Metrics
Imperva, a data security vendor, announced it discovered a critical buffer-overrun vulnerability in IBM DB2 version 8 databases. In a statement, Imperva says this flaw "enables any attacker with network access to the database server to take down or even run arbitrary code on the server's machine."
Enterprise System Journal. June 20, 2006 - eWEEK honors Imperva SecureSphere with Excellence Award
"Imperva's SecureSphere 4.2 stood out from the pack in the Network Data-Stream Protection category because its in-line protection for both Web applications and communications with back-end databases is simply unmatched. While Imperva's Web application firewalls are exceptional-providing intelligent learning capabilities and granular application controls-Imperva truly differentiates itself from competitors with its insight into communications with the database."
eWeek. June 19, 2006 - Imperva Introduces New DB Monitoring Gateway
"Data center security vendor Imperva of Foster City, Calif., has released its new SecureSphere Database Monitoring Gateway, which logs query-level details of database activity, audits usage for exception-based behavior and associates every event with the responsible Web application user."
eWeek. June 16, 2006 - DB2 Crack Lets in Attackers Without Database Credentials
Imperva's Application Defense Center … discovered the vulnerability which allows any attacker with network access to the database server to bring it down or to run arbitrary code-in DB2 Version 8. "IBM realizes that it is unrealistic to claim that any database is 'unbreakable' and that code-by its very nature-may contain some flaws" - IBM engineers via spokesperson
eWEEK. June 12, 2006 - Imperva Announces Database Monitoring Gateway
"Auditors want to know who is accountable - who is the initiator of the transaction? What are the material exceptions - which database transactions really matter? And, are the controls in place being circumvented? These are big issues for database administrators?"
Database Trends and Applications. June 5, 2006 - Amichai Shulman Named to InfoWorld CTO 25 List
"Shulman notes that 'critical vulnerabilities' exist in all - not some - commercial database servers. Vendors and customers alike should be grateful for his efforts."
InfoWorld. June 5, 2006 - Database Monitoring Gateway Tracks Back to Web Users
"Who is accountable is a big issue that has become even more important with the need to satisfy SOX. Auditors want to know who was responsible for a fraudulent transaction, not which application was used."
Database Journal. June 5, 2006 - Imperva monitors the database
"Imperva has announced a database gateway that pretty much logs transaction level detail and can take it to that next step by determining which user in which application committed the transaction. Any of you that have spent time trying to secure an application like SAP or Oracle Financials knows that the application basically opens up only a few anonymous sessions with the database, so you have no idea which user did what within the database. So this is cool." - Mike Rothman
Security Incite . June 5, 2006 - Imperva appliance tracks who accesses database
"SecureSphere Database Monitoring Gateway... is a step up from monitoring devices that track which applications pull data from databases rather than the individuals who put in the requests, according to Andrew Jaquith, an analyst with the Yankee Group."
NetworkWorld. June 5, 2006 - Web App Security: The Firewall Factor
Report evaluates the application security market and profiles Imperva SecureSphere in this Dark Reading Security Insider report. According to the report, "Imperva comes from Check Point cofounder Shlomo Kramer and offers an impressive set of features." (subscription required for full report)
Dark Reading. May 1, 2006 - Web App Vulnerabilities Are Getting More Attention; Now's The Time For IT To Get Defensive
Scottrade placed its Web-based trading systems behind an Imperva SecureSphere Web Application Firewall, which is designed to reinforce the company's application security policies that specify the amount and type of data that can be input into any field. "To be a solid security organization, you have to look at all layers of protection," says Grant Bourzikas, senior manager of information security and business continuity at Scottrade. "Now there's increased interest in the payoff from stealing data that Web applications store, such as information that lets users log in to Web sites, pay bills, check accounts, and conduct other business. If the hacker can construct application code that can query this information, it's better than trying to hack it out of a back-end server that's been patched," said Bourzikas.
InformationWeek. April 17, 2006 - Web App Hack Incidents Are Up As Businesses Take Cover
"No one needs to tell online brokerage firm Scottrade about the value of Web security. The company in November had to notify a number of its clients that their personal information may have been exposed thanks to a data breach found in a partner company's data processing system. ...Scottrade's investigation into the breach is ongoing, but it recently bolstered the security of its Web-based trading systems by placing them behind an Imperva Inc. SecureSphere Web Application Firewall.
InformationWeek. April 12, 2006 - Scottrade secures trading network with Imperva firewall
"Our online trading system is our core business offering and our most important service delivery channel for our customers, and we believe Imperva was able fill in the gaps that were lacking in traditional enterprise information security solutions," said Grant Bourzikas, senior manager of Information Security at Scottrade.
Computer Business Review. April 11, 2006 - Scottrade Selects Imperva to Protect Internet Trading Systems
"SecureSphere enables us to protect these core business systems from attack, fraud and data theft by blocking attacks that are not detected by traditional perimeter security products." said Grant Bourzikas, Senior Manager of Information Security at Scottrade.
Sarbanes-Oxley Compliance Journal. April 11, 2006 - Imperva Web-App Firewall Adapts to Users' Networks
The problem with first-generation Web application firewalls is that they require users to make a variety of changes to existing networks.
eWeek. March 30, 2006 - Imperva adds deployment modes for its Web apps firewall
"It will notice if a SQL-injection attack occurs - it's not a quick attack; it takes several steps - and it stops it." - Harvey Ewing, Senior Director of IT Security, Accor North America
NetworkWorld. March 28, 2006 - SecureSphere Compliance Bundles Monitor and Secure Database
"Products that help network managers and database administrators demonstrate adherence to the most important requirements helps reduce the cost of compliance initiatives." said Andrew Jaquith, Senior Analyst for Yankee Group.
Sarbanes-Oxley Compliance Journal. March 28, 2006 - Network World 20 people who changed the industry
Shlomo Kramer - Named to Top 20 People Who Changed the Network Industry - Wherever there's an enterprise network, firewalls stand guard at its entry points. Some may argue that a garden-variety firewall no longer provides enough enterprise protection, but no one can deny how significant the technology has been for corporate security during the last decade. Kramer and his compadres at Check Point, including CEO Gil Schwed, get credit for inventing the firewall.
NetworkWorld. March 27, 2006 - Imperva's First Network Adaptive Web Application Firewall
Networking News. March 27, 2006 - Imperva Tops Innovation Station Showdown
"The purpose of the Innovation Station program is to recognize the emerging companies which, based on their technology, vision and market impact, are poised to make a mark in the information security industry," said Sandra Toms LaPedis, general manager and area vice president of RSA Conference.
SearchSecurity.com. February 15, 2006 - People On The Move
Leventhal joins Imperva from VA Software, where he was responsible for strategic alliances and channel development. Before that, he held positions at Sana Security, Red Hat, VeriSign, RSA Security and EMC.
Mercury News. February 15, 2006 - Imperva Keeps Database Activity in Check
The hardest part of database security is controlling an authorized user's activity once he's gained access to the database. This type of access control is quickly becoming a bigger issue for compliance officers... And while the database vendors are merely auditing this activity, they are doing nothing to control it. ...SecureSphere nicely fills in this security gap left by the vendors.
InfoWorld. February 13, 2006 - Hotel Chain Turns to Imperva to Guard Against SSL Attacks (288KB PDF)
Accor, owner/operators of Motel 6, Red Roof Inns, Novotel and Sofitel, uses Imperva's SecureSphere database security gateway and Web application firewall to protect its Internet front end -- as well as its back-end databases.
Computerworld. February 9, 2006 - Ten Ways to Counterattack
Enterprise database infrastructures, which often contain the crown jewels of an organization, are subject to a wide range of attacks. This article discusses the most critical vulnerabilities and recommends approaches to mitigating the risk of each.
SC Magazine. February 8, 2006 - Imperva Introduces Compliance Modules for PCI, HIPAA and SOX
SecureSphere audit reports go beyond simple logging of events to answer difficult questions that allow security administrators and auditors to know whether a given transaction is an attack or an acceptable change in the application. "It's one thing to know every transaction in the database," Norquist said. "It's another thing to know which transactions are important to follow. With volumes of data the key thing with audits is knowing what matters."
Database Trends and Applications. February 7, 2006 - Imperva Security Boxes Aid Compliance Efforts
Imperva SecureSphere Gateway appliances help meet regulatory requirements, including PCI, HIPAA, and SOX. The boxes address these requirements by integrating reporting intelligence with a database security gateway, Web application firewall, network firewall and IPS (intrusion prevention system), thereby complying with the legislation by providing controls and reporting capabilities that span the complexity of the data center.
eWeek. February 2, 2006 - Oracle Advises Users: Patch Critical Hole--Now
The patch, known as DB18, fixes a hole that affects most supported versions of the Oracle database software, including Oracle versions 8, 9 and 10. The hole is "very severe" and allows users to bypass the Oracle database's authentication and become administrative "super users," according to Shlomo Kramer, CEO of Imperva, which discovered the hole.
eWeek. January 26, 2006 - Gartner: Oracle no longer a bastion of security
"Gartner has warned administrators to be 'more aggressive' when protecting their Oracle applications because, according to Gartner, they are not getting enough help from the database giant. Gartner analyst Rich Mogull said administrators should: (1) Immediately shield these systems as well as possible, using firewalls, intrusion prevention systems and other technologies. (2) Use alternative security tools, such as activity-monitoring technologies, to detect unusual activity."
CNet News.com.com. January 24, 2006 - Analyst: Oracle not on the ball
"…Oracle can no longer be considered a bastion of security," analyst Rich Mogull said Monday on the Gartner website. "Database and application managers must begin protecting and maintaining Oracle systems more aggressively." "Critical Oracle vulnerabilities are being discovered and disclosed at an increasing rate," Mogull said.
SC Magazine. January 24, 2006 - Critical patch released by Oracle
Imperva suggested users implement a database security gateway, which detects possible attacks by analyzing messages going from clients to server. "Such products have the capability to provide protection against platform-level vulnerabilities in the timeframes of hours or days after a new vulnerability is discovered," Imperva said.
SC Magazine. January 18, 2006 - Oracle releases patches for more than 100 flaws
"I think the fact that vulnerabilities as severe as [the one reported by Imperva] remain unaddressed for so long is scary," Kramer said. "It basically leaves customers vulnerable and unprotected for too long."
ComputerWorld. January 17, 2006 - Interview with Shlomo Kramer (2.5MB MP3)
BBC World Business Report. January 6, 2006
- No One-Stop Shopping to Stop Database Pilferages
What should customers be asking? Andrew Jaquith, an analyst with Yankee Group advises "asking if the product can protect an entire application. That includes all the layers of, for example, commerce applications with database back ends and Web front ends, along with Web interfaces to partners."
eWeek. December 21, 2005 - Survivor's Guide to 2006: Security
Web application firewalls are poised to police Web traffic. The first interactions of Web application firewalls were little more than HTTP application proxies with HTML parsing engines. Although they could block many attacks, it was difficult to learn how to use them and how to tune them, and they impeded traffic. Those first-generation Web application firewalls also couldn't handle Web services. However, Web application firewalls from .. Imperva . have largely overcome the performance problems and can provide a reasonable solution to protecting from application-level attacks.
Network Computing. December 16, 2005 - Risky Business - The Self Auditing Database
The increasing frequency of database attacks is driving federal and state legislation that requires virtually every organization to deploy more robust audit mechanisms to protect sensitive data. To meet this requirement, some organizations attempt to use the built-in auditing tools supplied with database software platforms. This practice of setting up a "self-auditing" database is based upon several false assumptions and violates the fundamental audit requirement for independence.
iTObserver. December 14, 2005 - Web application firewalls take on more heat
"The products are defending against people that are trying to use malicious attacks to cause Web sites to disgorge sensitive information or for break-ins," says Andrew Jaquith, a Yankee Group analyst.
Network World. December 5, 2005 - Flaw Found in SQL Server 2000 Profiler
A recently discovered vulnerability in Microsoft Corp.'s SQL Server 2000 database allows users to mask their log-in names. The vulnerability was discovered by Imperva, a researcher and vendor of data-center security products.
eWeek. December 5, 2005 - Security firms warn of new Microsoft threats
Users who take advantage of the flaw could gain access to a vulnerable database and take any action they want without fear of their actions being audited, Imperva CEO Shlomo Kramer said.
Computerworld. December 2, 2005 - Imperva Discovers and Helps Microsoft Address SQL Server Vulnerability
Imperva ... Application Defense Center (ADC), has discovered and reported a serious database flaw in Microsoft SQL Server 2000
Database Journal. December 2, 2005 - Database Auditing and Monitoring
SecureSphere automatically creates security policies by examining live database traffic and profiling legitimate activity. Role-based security policies are updated for both individual users and applications accessing the database.
Network Computing. November 24, 2005 - Q&A: Imperva's Shlomo Kramer
Q&A with Shlomo Kramer, CEO and Founder of Imperva, Inc.
Red Herring. November 23, 2005 - Security gateway from Imperva helps ease security and compliance concerns<
"FFF Enterprises Inc... in November will launch a Web-based application called IG Treatment Tracker that will let patients receiving home-based care for certain immune-system deficiencies track their treatments. ...This data will be protected by Imperva's SecureSphere Database Security Gateway."
InformationWeek. October 17, 2005 - Imperva Pushes Database Security
Imperva Inc. has unveiled a new high-end device designed specifically to lock down common database traffic of the sort that was recently blamed for a security breach at the FBI and the White House. Temecula, Calif., pharmaceutical distributor FFF Enterprises is already using a G4 device to secure its critical databases. Are there any plans to check out the new box? "Absolutely, we will," says Bob Coates, FFF's vice president of technology.
Next-Gen Data Center Forum. October 14, 2005 - A Hardware Sentinel to Watch Over Databases
Firewall vendor Imperva is launching a database protection appliance later this year geared to protect organizations from attack or misuse.
internetnews.com. October 11, 2005 - Data protection
...as attackers' profiles increasingly change from mischief-minded adolescents to professional criminals, the target is not the network but the data that resides on the network. … As a result, industry is developing a new set of security solutions to tackle looming threats. … Imperva's SecureSphere firewall, for example, aims to protect data centers from all attacks, whether via the Web, a database breach or a worm launched from outside or inside the network.
FCW.com. October 10, 2005 - Start-up touts attack-blocking appliance
SecureSphere differs in that it monitors and protects at the Web browser, Web server, application server and database level. "It's a vertical integration approach to defending applications by looking at them as a stack of processes and protecting the different layers," says Andrew Jaquith, an analyst with the Yankee Group.
NetworkWorld. October 10, 2005 - Web-Application Security Gets Better
Some Web-application security vendors are making their products more comprehensive. While most products have offered perimeter defenses such as firewalls, companies like Breach Security and Imperva are taking increasingly broader approaches.
InformationWeek. September 27, 2005 - The Threat From Within
Imperva SecureSphere highlighted in feature article on database security solutions.
Network Magazine. August 1, 2005 - Key Operational Issues to Consider for Application Firewalls
A key challenge in evaluating alternative solutions is estimating the cost and time to deploy and manage them… what key deployment and operational questions you should ask your vendor and your project team to help anticipate the issues that might emerge only in a broad deployment, but which affect the ultimate success of your application firewall project.
Information Storage+Security Journal. June 22, 2005 - Intrusion Protection Systems get hot: Web Services and internal threats become a new focus
Taxed with providing an ever-expanding range of complex security functions, IPS vendors are rising to the challenge, transforming their wares to go beyond simply identifying and stopping attacks based on updated threat profiles.
InfoWorld. June 13, 2005 - Imperva Offers Dual-CPU 1GB App Firewall (subscription required)
Imperva Inc has upped the speeds of its SecureSphere G4 web application firewalls, and has launched a new box, the G8, that provides throughput up to 1Gbps. The company has also added support for web services standards to its software.
ComputerWire. June 8, 2005 - Web Application Security For All
Feature article on application security products and technologies.
Network Magazine. February 1, 2005 - Shlomo Kramer, Serial Entrepreneur
Feature article on Shlomo Kramer, CEO and Founder of Imperva, Inc.
Ha'aretz. January 12, 2005
- From intrusion detection to spam, security solutions were high on our list in 2004
The porous perimeter and the ominous "unknown threat" registered high IT managers' worry meters again this year, and security vendors replied with every manner of product.
InfoWorld. December 17, 2004 - Vendors back Web app security testing
Debate over what protections a Web application firewall is supposed to provide reached a head last week as four security vendors rallied around a common product-testing regimen.
Network World. November 15, 2004 - Establishing More Rigorous Standards For Application Security
Are enterprises being mislead by claims of large application security vendors?
Web Services Pipeline. November 12, 2004 - Vendors seek certification for application security tools
They hope to help IT managers better evaluate tools from different companies.
Computerworld. November 12, 2004 - Small Vendors Issue Security Challenge To Large Competitors
Group of four says some competitors aren't providing acceptable protection against hackers.
Information Week. November 9, 2004 - Small Vendors Issue Security Challenge To Large Competitors
Four vendors of application security products have created an alliance to challenge the ability of large-scale vendors to protect customers from hacker attacks and other security breaches.
Internet Week. November 9, 2004 - Security group sets baseline standard for firewalls
Consortium wants to establish standards for comparing application security software
InfoWorld. November 9, 2004 - App-Firewall Vendors Challenge Rivals to a Test
Things are getting a bit testy in the application-security market.
eWeek. November 8, 2004 - Group aims to create hallmark of security
A small group of security companies has set a baseline standard for application firewalls and has challenged the industry's biggest players to put their goods to the test.
CNET News.com. November 8, 2004 - Competitors Join Forces to Improve Web Application Security
Four rivals in the application security market joined forces to help define more consistent and reliable best practices for Web application security.
CRN. November 8, 2004 - Vendors issue an application security challenge
A trio of Web application security companies has challenged competing vendors to evaluate products against a set of test criteria developed by the three.
GCN. November 8, 2004 - Test Run: Imperva SecureSphere 3.0
This app firewall is a quick study that needs just a little admin fine-tuning.
Network Computing. September 13, 2004 - Imperva's Dynamic Profiling Firewall Secures Networks
"... the SecureSphere suite works by examining network and application traffic to learn normal behavior. The suite uses that information to normalize application access and address any abnormal activity with a prevention technique or an administrator alert. This technology is extremely effective at battling not-yet-recognized attacks..."
CRN. September 3, 2004 - SecureSphere Appliance Protects Applications via Dynamic Profiling
The SecureSphere platform from Imperva provides protection for network accessed applications via dynamic profiling technology.
Enterprise IT Planet.com. September 2, 2004 - Imperva unveils next generation firewall technology
Application security solution vendor Imperva Inc, has announced the availability of version 3.0 of the SecureSphere G4 Dynamic Profiling Firewall and MX Management Server application security appliances.
ConnectIT. August 26, 2004 - Security appliances add dynamic profiling to firewall technology
Security-solutions vendor Imperva on Monday released version 3.0 of its SecureSphere security appliances. New to the sphere: dynamic profiling, which promises greater security by automatically learning application behavior.
ZDNet. August 25, 2004 - Imperva hits 3.0, adds worm watcher and firewall
Imperva Inc., which has been selling web application security appliances for the last twelve months, will shortly announce it has added firewall features and a web worm blocker to version 3.0 of its flagship SecureSphere boxes.
Computer Business Review. August 20, 2004 - Worm Defense: Infrastructure Equipment Repair, Load Balancing
To beef up its worm defense and complement its existing protection against external Web attacks and internal database breaches, Imperva has added a four-pronged security strategy to SecureSphere.
Network Computing. August 19, 2004 - How safe is it out there? Zeroing in on the vulnerabilities of application security
The article presents a statistical analysis of results obtained from numerous application level penetration tests performed by Imperva experts for various customers over the years 2000 - 2003.
ITtoolbox. August 6, 2004 - Application Security: Take One Or Two?
Imperva's appliance uses persistent learning, which performs real time adaptation to changing applications, identifying and blocking suspicious user sessions while continuously adjusting to changes in application and database structure, said Shlomo Kramer, CEO of Imperva.
CRN. August 2, 2004 - Google Eyes
War searchers might, for example, search for the phrase "index of /etc" along with the term "passwd." Many of the links could include unprotected, or easily cracked, password files. The paper points out that when using this method "almost every result yields a vulnerable site."
SecurityManagement. July 2004 - Internet Extortion Ring Smashed
"This type of attack could have been prevented with appropriate software," Yankee Group analyst Phoebe Waterfield told NewsFactor. "Web application gateway software blocks messages going in or out that do not comply with the site's policy."
NewsFactor. July 21, 2004 - Could Search Sites Spawn Worms?
Security firm warns that search engine data is a treasure trove for worms seeking vulnerable systems
PC World. June 24, 2004 - InfoWorld product review gives Imperva the Highest Score in Application Security
"SecureSphere provides excellent heuristics and data analysis with its Correlated Attack Verification engine. It doesn't rely strictly on hard triggers or predefined rule sets for attack detection, and its ability to learn 'normal' traffic patterns on your LAN adds to its usefulness."
InfoWorld. June 4, 2004 - Schutz von Web-, Applikations- und Datenbank-Server gegen externe und interne Angriffe
German-language article about Imperva's G4 Gateway and MX Management Server appliances.
IT SecCity. May 21, 2004 - Imperva Releases SecureSphere Web Application Appliances
Application security vendor Imperva Monday released two gateway appliances optimized to protect Web applications and databases from attacks that slip through traditional perimeter firewall and intrusion-detection systems.
CRN. May 3, 2004 - Briefs Hindsight And Foresight
Imperva Gateways protect Web applications, databases
CRN. April 30, 2004 - Bad Bots and Good Google
One of the other interesting things Imperva has done lately is to publish a research paper entitled Web Application Worms: Myth or Reality?
Network World. April 26, 2004 - Start-ups Unveil Security Appliances
"We let [the SecureSphere appliance] run in learning mode for a week where it learned about 65,000 uses of our Web site," says Greg Mooney, senior technical team leader. Putting the [G4 Gateway] into blocking mode to stop attacks was then "a no-brainer."
Network World. April 26, 2004 - War Searching
The Imperva engineers estimate that a hacker using this technique, which they dub "War Searching," would find 10,000 to 10,000,000 times as many points of vulnerability as a typical worm program wending its way across the Internet.
MIT Technology Review. April 1, 2004 - IT Departments Urged to Prepare for Next Generation of Worm Application Attacks
Hackers are trying to develop a new generation of internet worm that can bypass traditional firewalls and anti-virus software.
ComputerWeekly. March 30, 2004 - War-Googling and the Search of Death
[Imperva] will today publish a whitepaper exploring the possibility of a web-based worm that uses web search engines to automatically identify and attack vulnerable web servers.
Computer Business Review. March 29, 2004 - Security News: SecureSphere 2.0
Using proprietary technology, called Correlated Attack Validation, the software maps normal application behavior and monitors and protects against anomalies, such as buffer overflows, SQL injection, and directory traversal.
eWeek. March 17, 2004 - Demo 2004 reflects IT security concerns
Imperva launched SecureSphere Version 2 application-level defense technology, which adds signature management capabilities to its intrusion protection software.
InfoWorld. February 23, 2004 - The Invisible Demo
Linux was running just about everything on display at this year's Demo 2004
Linux Journal. February 23, 2004 - Imperva Releases App Security Solution
SecureSphere is a combination hardware/software attack prevention solution powered by both Imperva's intrusion prevention technology and its proprietary Correlated Attack Validation technology, which detects and prevents attacks on unique business logic and data.
Web Host Industry Review. February 18, 2004 - Network advances to shine at Demo
The nearly 70 companies showcasing products at this week's Demo 2004 conference will announce everything from instant messaging to Web services security to network management tools.
Network World. February 16, 2004 - Web applications wide open to hackers
The vast majority of web applications are wide open to attacks by hackers, a four-year testing programme has revealed.
VNUnet. February 5, 2004 - App-Layer Battleground
Having a firewall, virtual private network, e-mail gateway and intrusion-detection system isn't enough; today's threats increasingly come through application-layer attacks, says Imperva Inc. CEO Shlomo Kramer.
Computerworld. February 2, 2004 - Gemini Israel Funds general partner Adi Pundak-Mintz speaks out on WebCohort
WebCohort has a new approach, good investors - Check Point co-founder Shlomo Kramer is active in the company - and it could become a company with a system instead of a component.
Globes Online. January 15, 2004 - The evolution of application layer firewalls
A new way of looking at protection: While established vendors are working on pricing and features, a new company called WebCohort is touting a new way of looking at the same problem.
Network World. January 2, 2004 - Application Security Latest Opportunity For Hack Threat Specialists
Yarom Arad, Imperva international sales director, speaks with ComputerWeekly.com on the importance of using application security to protect databases and internal servers.
ComputerWeekly.com. September 15, 2003
- WebCohort Secures the 'Enterprise Application Sphere'
Schlomo Kramer, Imperva CEO, speaks with IT-Analysis.com about the vulnerabilities of traditional network security techniques in protecting against Application Sphere Attacks.
IT-Analysis.com. September 10, 2003