Imperva Blog|Login|中文Deutsch日本語
News

Imperva grabs cloud security with Incapsula and Skyfence buy-ins February 10, 2014

Techworld

"The strategy we are unveiling today comprehensively addresses the dangerous security gaps raised by the move to the cloud," said senior vice president for marketing, Mark Kraynak.

Imperva Buys Skyfence and Incapsula to Improve its Cloud Security Offering February 7, 2014

Infosecurity Magazine

While launching a new cloud strategy, Imperva has simultaneously announced the acquisition of Skyfence (a cloud security start-up) and Tomium (a mainframe monitoring firm); and has agreed to buy the remaining shares in its majority owned subsidiary, Incapsula.

Imperva seals double acquisition to boost cloud options February 7, 2014

 MicroScope

Enterprise security player Imperva has taken steps to shore up its position in the cloud after snapping up a couple of start-ups specialising in offering different aspects of hosted protection for users.

Imperva Makes Three Acquisitions, Unveils New Cloud Strategy February 7, 2014

SecurityWeek

Imperva, a provider of enterprise data security solutions, on Thursday announced its plans to acquire two security firms and assets from another, in a move that will help extend its data center security strategy across the cloud.

Imperva Boosts Cloud Security Tools with Three Acquisitions February 7, 2014

Dow Jones VentureWire

Senior Vice President Mark Kraynak quoted in a story about Imperva's latest moves to extend data center security to the cloud

Giving Up on Oracle, Researcher Discloses Critical Vulnerabilities in Oracle Forms and Reports February 3, 2014

SecurityWeek

Barry Shteiman, director of security strategy at Imperva quoted about a controversy involving vulnerabilities in Oracle Forms & Reports

Criminals use Java to infect Linux and Mac users with DDoS bot January 29, 2014

Techworld

Barry Shteiman, director of security strategy at Imperva quoted about new Java-based DDoS botnet

Facebook coughs up $33.5k... its BIGGEST bug bounty EVER January 24, 2014

The Register

CTO Amichai Shulman quoted on application security concerns in light of Facebook's record-breaking bug bounty

Cyber criminals tap the cloud for malware hosting January 22, 2014

SC Magazine UK

CTO Amichai Schulman quoted on Imperva's research that has found not only cyber criminals hosting their databases in the cloud, but also rogue databases hosted in the same cloud resource

January 2014 Oracle CPU fixes 36 Java vulnerabilities, 144 total January 21, 2014

SearchSecurity

CTO Amichai Shulman appeared in an article about Oracle Corp.'s first quarterly Critical Patch Update of 2014

Theft of Data Fuels Worries in South Korea January 20, 2014

New York Times

Imperva mentioned as a company that is offering a new kind of data-centric security

Yahoo malware adverts were designed to mine Bitcoins January 9, 2014

The Inquirer

CTO Amichai Shulman quoted on story about Bitcoin-mining malware

Yahoo malware enslaves PCs to Bitcoin mining January 8, 2014

BBC

CTO Amichai Shulman quoted on story about Bitcoin-mining malware

Password thieves now target blogs, CMS sites September 13, 2013

GMA News

Senior Security Strategist Barry Shteiman discusses the vulnerabilities of CMS systems


How LinkedIn and Software Rental makes it easy to attack companies September 12, 2013

LifeHacker

APJ Director of Strategic Accounts Kane Lightowler discusses insider threats

Researchers Call For Ban on PHP Superglobal Variables September 9, 2013

Threatpost

Coverage of the August Hacker Intelligence Initiative report: "PHP SuperGlobals: Supersized Trouble"

Do You Know Where Your Databases Are? September 3, 2013

Dark Reading

Senior Product Manager Anu Yamunan discusses database security

Australian companies still playing catch-up on collaborative-data security: Imperva August 30, 2013

CSO Australia

Senior Vice President of Worldwide Marketing Mark Kraynak discusses the risks of collaboration platforms

Analysis: Syria, aided by Iran, could strike back at U.S. in cyberspace August 29, 2013

Reuters

Senior Security Strategist Barry Shteiman comments on the Syrian Electronic Army's attack on the New York Times

Office 2003's burial will resurrect hacker activity August 29, 2013

Network World

CTO Amichai Shulman weighs in on the what will happen when Microsoft cuts support of Office 2003.

Microsoft Patch Problems Underline Trade-Offs For Securing Systems August 21, 2013

Dark Reading

CTO Amichai Shulman highlights how software complexity has made interactions between patches more difficult to predict, leading to problems with software updates saying, "The continued investment in code security is not paying off, and the patching process is starting to become very difficult."

Riot Games Mandates Password Changes for League of Legends Users After Breach August 21, 2013

SecurityWeek

Senior Security Strategist Barry Shteiman comments on the data breach of the 'League of Legends' online game, explaining why they are attractive targets for hackers.

Washington Post (& CNN, & Time, but not NYT) Hacked by Syrian Electronic Army August 16, 2013

InfoSecurity

With the news that CNN, Time and The Washington Post had been victims of cyberattack by the Syrian Electronic Army, Senior Security Strategist Barry Shteiman points out that the basic and uniform nature of the attacks means that companies can easily prepare for and protect against future attacks by implementing basic information sharing measures.

Incapsula's Growing 50% A Quarter By Blocking DDoS Attacks August 13, 2013

Forbes

Speaking to reporter Peter Cohan, CEO Shlomo Kramer highlights the effectiveness of Incapsula when compared with its competitors, saying "Akamai's service is very basic compared to Incapsula's and CloudFlare does quite a lot on the PR side but not so much on the security side."

Why Your CMS Is A Hacker's Dream Come True July 29, 2013

TechWeek Europe

Senior Security Strategist Barry Shteiman explains why content management systems are attractive to hackers and how companies can defend themselves.

Lakeland blames 'recent' Java flaw after hackers breach databases July 28, 2013

TechWorld

Web Research Team Lead Tal Be'ery comments on news that customer data at UK-based Lakeland was stolen through a Java flaw exploit. "The flaw is considered to be 'highly critical' and allows code execution on the attacked server," says Be'ery. "This underlines, once more, the dangers of third party code."

eWave: Is privacy dying? 'Technology is pervasive and invasive' July 27, 2013

Providence Journal

In a wide ranging article on privacy and technology, Senior Security Strategist Barry Shteiman is quoted on the shifting strategy of hackers, "The ‘industrialization' of hacking has turned this theft into a numbers game: The more people are willing to pay for stolen data, the more hackers will work to get it.”

"NASDAQ is owned." Five men charged in largest financial hack ever July 25, 2013

ArsTechnica

Data from the fourth annual Web Application Attack Report provides context for news that five men have been charged in the largest global hacking operation ever prosecuted in the U.S.

E-shopkeepers stabbed with SQL needles 'twice' as much as other sites July 23, 2013

The Register

CTO Amichai Shulman comments on Imperva's fourth annual Web Application Attack Report, saying "that hackers are setting up more and more automated assaults, threatening a greater number of web-based applications."

US more prolific source of cyber-attacks than China, says new report July 23, 2013

ITProPortal

Web research team leader Tal Be'ery comments on the Web Application Attack Report and cautions organizations against a siloed approach to security.

Time for medium sized business to wake up to web security July 19, 2013

The Data Chain

VP of Worldwide Channel Ted Plumis urges medium sized businesses to start taking web security more seriously.

35,000 Unauthorized Logins at Konami Video Games Company July 12, 2013

Infosecurity

Senior Security Strategist Barry Shteiman comments on the trend in hacking gaming companies.

EC releases guidelines on locking up cyber criminals July 10, 2013

SC Magazine

CTO Amichai Shulman shares his view on standarizing penal law in Europe to deter cyber criminals.

Seek goes for Imperva to protect data July 8, 2013

ITWire

SEEK implements Web Application Firewall from Imperva to improve business and security performance.

Firewalls in firing line as US military plans data-centric network June 28, 2013

TechWorld

Senior Security Strategist Barry Shteiman discusses the implications of the Defense Information Systems Agency's move away from firewalls.

The 20 commandments: The dos and don'ts of online safety June 25, 2013

Irish Examiner

Antivirus Hacker Intelligence Initiative report referenced in article about online safety.

Why Africa should look to the cloud June 27, 2013

VentureBurn

CEO Shlomo Kramer discusses the effects of cyber crime on small businesses in emerging markets.

Disable Java? Tech experts say yes June 24, 2013

USA Today

Senior Security Strategist Barry Shteiman discusses the risks of Java.

Call for vendors to share incident data to better help users June 18, 2013

SC Magazine

CTO Amichai Shulman discusses the benefits and realities of crowd-sourced threat intelligence.

Shlomo Kramer: The Right Board Is Like a Critical Organ June 11, 2013

The Wall Street Journal

CEO Shlomo Kramer offers advice on chosing the right board.

Cold Facts About Web App Security June 11, 2013

BankInfoSecurity

VP of WW Security Engineering Terry Ray discusses web app security.

Model behavior: User education in the workplace June 3, 2013

SC Magazine

CTO Amichai Shulman discusses insider threats.

Data breach report examines motives June 4, 2013

ProSecurityZone

Senior Security Strategist Barry Shteiman offers insight on Verizon's Data Breach Investigation Report.

Attackers exploit Ruby on Rails flaw, despite warnings and patch May 29, 2013

Computerweekly.com

Web Research Team Leader Tal Be'ery discusses the Ruby on Rails flaw.

Threat of the Week: DDoS for Hire on the Rise May 28, 2013

Credit Union Times

Senior Security Strategist Barry Shteiman offers insight on the rise of DDoS for hire.

2013 SC Award Winners May 24, 2013

SC Magazine

SecureSphere was awarded the SC Magazine Gatekeeper Award

Top 9 favorite security stories this week May 23, 2013

David Strom's
Web Informant

Senior Security Strategist Barry Shteiman's blog post "CMS Hacking" was
featured as one of David Strom's "favorite security stories this week."

Protecting Servers in Hosted Environments May 16, 2013

Datacenter Dynamics

Senior Security Strategist Barry Shteiman's shares his findings on the Moroccan Ghosts attack

Lessons from fizzled Anonymous DDoS attack May 8, 2013

USA Today

Imperva CTO, Amichai Shulman comments on the Anonymous attack.

Database Security: It's More Than Meets the Eye May 7, 2013

Security Week

Imperva's Senior Security Strategist, Barry Shteiman offers insight on database security.

'Community Defense' For a Safer Internet May 3, 2013

Security Bistro

Summary: Coverage of SecureSphere 10.0

Products of the week 4.29.13 April 29, 2013

Network World

Network World highlights SecureSphere 10.0 as a product of the week.

Imperva launches community-backed threat protection April 29, 2013

SC Magazine

Imperva launches SecureSphere 10.0

Security firm offers enhanced web application defense April 28, 2013

PC World

Read about SecureSphere 10.0

Cyber War — Just the Beginning of a New Military Era April 26, 2013

International Business Times

Imperva CEO Shlomo Kramer discusses cyber war.

Crowd Sourced Intelligence Increases Threat Blocking Efficiency: Imperva April 25, 2013

Security Week

Imperva's latest HII report finds crowd-sourced threat intelligences increasing blocking efficiency.

Fake tweets just one way hackers can disrupt stocks April 25, 2013

CBS News

Imperva SVP, Mark Kraynak, discusses the possible financial implications of a Twitter hack.

Online survival guide: Three ways to keep the bad guys out April 23, 2013

Financial Times

CTO, Amichai Shulman, gives advice on "How to Keep the Bad Guys Out."

Cybersecurity Bill Passes House, Faces Uncertain Future in Senate April 22, 2013

Security Bistro

Imperva SVP, Mark Kraynak discusses CISPA

Why Governments Should Stop Botnets April 15, 2013

Forbes

Imperva comments on the role of government in stopping botnets.

Patch PostgreSQL To Prevent DoS or Privilege Escalation April 8, 2013

Dark Reading

Imperva provides perspective on database patching practices.

Security Evolves: Antivirus, Network, Now Cloud Focus April 4, 2013

Investor's Business Daily

An article on the evolution of security, with a focus on the data center.

Ideas for deterring cyber espionage attacks March 28, 2013

Help Net Security

Industry experts provide ideas on preventing cyber espionage attacks.

Password security lacking among Singaporeans: Imperva study March 27, 2013

Computerworld SG

This article details the Imperva study on Singaporean password security practices.

Researchers resurrect and improve CRIME attack against SSL March 14, 2013

CSO

Read about the latest Imperva research on SSL.

Cyber defence inadequate, say experts March 12, 2013

Australia Financial Review

A look at the threats on financial institutions in Australia, with quotes from Imperva.

Size, Funding of Bank DDoS Attacks Grow in Third Phase March 8, 2013

Threatpost

A look at the funding and motives behind the most recent distributed denial of service attacks against major U.S. banks.

RSA: Imperva Seeks Balance in the Data Protection Force February 27, 2013

PC Mag

CTO Amichai Shulman talks about recent developments in the threat landscape and seeking a balance in data protection.

Imperva CEO, Shlomo Kramer, on Future of Security Market February 20, 2013

Forbes.com

Imperva CEO provides insights on the IT industry and company growth

Antivirus is Rubbish January 2, 2013

The Register

Think antivirus can stop advanced malware attacks? Think again.

Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt January 1, 2013

The New York Times

Imperva's study on the efficacy of antivirus sheds light on why security startups find fertile ground.

Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt January 1, 2013

CNBC

Imperva's study on the efficacy of antivirus sheds light on why security startups find fertile ground.




Americans Hacked Don't Know Commerce Chamber Left Them All Alone December 19, 2012

Bloomberg

Imperva sheds light on hacking techniques that lead to major breaches.

Is Antivirus a waste of money? December 5, 2012

CBS Moneywatch

A recent study by security research firm Imperva startlingly concludes just the opposite: Anti-virus software is so universally ineffective that it's just a waste of money.

Get Ready: The Future Without Passwords Will Be Complicated November 15, 2012

Atlantic Monthly

Imperva's password study.

Types and Tips for Online Security Threats November 10, 2012

Website Magazine

The CTO of American Eagle, one of our mid-market cloud partners contributed an article and mentions Imperva Cloud WAF.

IT security budgets mismatched to hacker targets October 30, 2012

ComputerWeekly.com

About 33% of hacker forum discussions are about training and tutorials for data theft techniques, such as SQL injection (SQLi), according to the latest hacker intelligence report by Imperva.

Team Ghostshell Megahack September 28, 2012

The Register

Imperva explains how hacktivists took off with 1M data records.

How Last Year's 'The Next Big Thing' Start-Ups Fared September 27, 2012

Wall Street Journal

Imperva is profiled as a high growth company.

Hackers' Wide-Ranging Interests Leave No One Safe September 15, 2012

Bloomberg

Shlomo Kramer explains the hacker economy.

Imperva CEO: Companies Are Getting It Wrong On Cybersecurity September 14, 2012

Forbes

Interview with Shlomo explaining why today's security models are failing.

Glastopf Web application honeypot gets SQL injection emulation capability September 10, 2012

Infoworld

Imperva research helps shed light on how hackers execute SQL injection attacks.

FBI Denies AntiSec Hacker Claims That It Has Millions of Apple UDIDs September 5, 2012

International Digital Times

Imperva analysis helps clarify a data breach.

Apple, FBI Deny UDIDs Discovered By AntiSec September 5, 2012

Tom's Hardware

Fact or fiction: Imperva researchers analyze the contents of a major breach.

Apple, FBI play down alleged Anonymous hack September 5, 2012

The Christian Science Monitor

Imperva's analysis sheds light on the theft of 12M stolen IDs.

Amid Hacker Attacks, Security Start-Ups Draw Attention September 5, 2012

The New York Times

Imperva's IPO is cited as a technology bell weather for up and coming companies.

Hackers Claim to Have 12 Million Apple Device Records September 4, 2012

The New York Times

Fact or fiction: Imperva researchers analyze the contents of a major breach.

Prime pickings: Application security September 4, 2012

SC Magazine

Imperva's web application attack report is used to quantify the number of attacks against today's web infrastructure.

Find out just how weak your password choices are with My1Login's test page September 3, 2012

The Next Web

Imperva's password study helps consumers pick a stronger password.

Typical Web app is attacked 274 times a year, study finds August 13, 2012

Government Computer News

Imperva's web application attack report is featured in one of DC's leading tech pubs.

Five Signs Your Website is the Target of An Automated Attack August 11, 2012

eSecurityPlanet

Imperva helps enterprises deal with automated hack attacks.

Cyber-Attacks Constantly Hit Web Apps Hard, Fast: Imperva Study August 8, 2012

eWeek

Imperva's web application attack report highlights just how applications are a focus of intense attack by hackers.

Average Web App Attacked Every Three Days August 8, 2012

ThreatPost

Imperva's web application attack report highlights just how applications are a focus of intense attack by hackers.

Security Start-Ups Catch Fancy of Investors August 5, 2012

The New York Times

Imperva's IPO performance is mentioned as a bell weather for other tech companies.

Black Hat is Over, But SQL Injection Attacks Persist August 2, 2012

Wired

Imperva's web application attack report highlights the persistent role SQL injection plays in data theft.

Yahoo patches hole, but hack affects more than just Yahoo accounts July 13, 2012

The Washington Post

Imperva helps explain the Yahoo! Voices breach.

Yahoo Password Breach: New Risks July 13, 2012

Information Week

Imperva's blog helps highlight the risks of poor password management.

Yahoo Password Breach: 7 Lessons Learned July 13, 2012

Information Week

Imperva research is used to help enterprises understand what steps to take in order to implement an effective password security program.

Yahoo investigating exposure of 400,000 passwords July 11, 2012

BBC

Imperva helps explain the Yahoo! Voices breach.

Should Companies Launch Counterattacks Against Hackers? June 20, 2012

CIO

Imperva's CTO Amichai Shulman explains the drawbacks of hack backs.

New study finds CAPTCHAs easy to defeat June 19, 2012

Fierce CIO

A study on CAPTCHAs by Imperva's ADC explains how to successfully stop automated visitors.

CAPTCHA systems easy to foil, security firm finds June 18, 2012

CNET

Imperva CAPTCHA's your heart with a study on blocking automation.

CAPTCHA-busting villains branch out from spam into ID theft June 18, 2012

The Register

A study on CAPTCHAs by Imperva's ADC explains how to successfully stop automated visitors.

As CAPTCHAs Go Audio, Robots and Humans May be Blocked June 15, 2012

Bloomberg BusinessWeek

Got bots? Imperva explains what to do.

Former White House Cybersecurity Czar Calls For Security Action June 13, 2012

Dark Reading

Imperva's Rob Rachwald gives perspective on how to deal with US cyber security issues.

LinkedIn Confirms Password Breach, Phishing Intensifies June 7, 2012

Information Week

Imperva's Tal Be'ery explains the details behind the LinkedIn password breach.

LinkedIn users targeted in phishing scam after hack June 7, 2012

BBC

Imperva sheds light on the LinkedIn password breach.

LinkedIn confirms 'some' passwords leaked June 6, 2012

Computerworld

Imperva's Tal Be'ery details the LinkedIn password breach.

Researchers uncover causes of MilitarySingles.com hack May 25, 2012

SC Magazine

Imperva's Hacker Intelligence Initiative dissects the Militarysingles.com hack.

10 Questions for Imperva CTO Amichai Shulman May 24, 2012

PC World

Imperva CTO Amichai Shulman answers questions about security and life.

How zombie LulzSec exposed privates' love lives with PHP hack May 24, 2012

The Register

Imperva's examines the Militarysingles.com hack.

Hackers Break Into Bitcoin Exchange Site Bitcoinica, Steal $90,000 in Bitcoins May 14, 2012

PC World

Imperva's Rob Rachwald breaks down the Bitcoin breach.

Amnesty International Hackers Learned From Flashback May 14, 2012

Information Week

How did the Amnesty UK site get hacked? Imperva explains the details.

9 Tips To Block Hotel Wi-Fi Malware May 11, 2012

Information Week

The Malware Hotel, malware checks in but it doesn't check out.

Breaking Down a Hacktivist Attack May 11, 2012

Bank InfoSec

How do Hacktivists attack? Imperva's Rob Rachwald explains the process.

AusCERT 2012 Day 2: “You can survive” a hacktivist attack: Tal Be'ery May 10, 2012

CSO

Imperva's Tal Be'ery explains how to survive a hacktivist attack.

FBI Warns Business Travelers of Hotel Wi-Fi Malware Scam May 9, 2012

V3.co.uk

How can travelers prepare when going overseas? Imperva helps explain how.

Anonymous hacktivists prefer penetration, but choose targets of opportunity May 4, 2012

CSO

Impeva's Tal Be'ery details how hacktivists go about their business.

Low Orbit Ion Canon DDoS tool still going strong May 4, 2012

Techworld

Imperva details the growth of Anonymous' DDoS tool: the low-orbit ion canon.

7 Ways Oracle Puts Database Customers At Risk May 2, 2012

Dark Reading

Imperva's CTO Amichai Shulman helps detail why Oracle's security procedures for their database server aren't always as robust as they could be.

Anonymous Hackers' New Best Friend: Automation April 25, 2012

Information Week

Hacktivists and crime syndicates favor free, automated tools to easily and quickly exploit website vulnerabilities. How can enterprises fight back?

Now Anyone Can Hack A Website Thanks To Clever, Free Programs April 25, 2012

Forbes

Script kiddies aren't what they used to be.

Hackers now pick tools from script kiddies' toybox – report April 24, 2012

The Register

Automated hacking goes to the next level.

Updating your status? State-sponsored cyber spies want to know it too, researchers say April 10, 2012

Military Times

Military personal and social networking: do they mix?

How To Prevent Data Leaks From Happening To Your Organization April 9, 2012

Dark Reading

Imperva CTO Amichai Shulman details the threat coming from data leaks.

Imperva Report Deconstructs RFI Attack Vector April 4, 2012

Dark Reading

RFI and LFI vulnerabilities are more pervasive than many realize. Imperva details why.

Database Security On The Cheap April 4, 2012

Dark Reading

Imperva CTO Amichai Shulman explains how to properly perform database security.

RockYou Agrees to $250K FTC Fine Over Loss Of 32m Passwords March 28, 2012

Threat Post

Imperva provides perspective on RockYou's data breach settlement.

Cybercrime's Love Affair With Havij Spells SQL Injection Trouble March 28, 2012

Dark Reading

Imperva helps explain one of the most notorious SQL injection tools used by hackers.

RockYou settles FTC charges related to 2009 breach March 27, 2012

Computerworld

Imperva provides perspective on RockYou's data breach settlement.

Deals increase with need for more network security March 27, 2012

Reuters

Imperva is cited as one of the security industry's movers and shakers.

LulzSec hints at April 1 return March 22, 2012

GMA News

A "new" Lulzsec appears and Imperva speculates what they may try to do.

Cyber hacking is on the up – but these Israelis are on the case March 22, 2012

The Jewish Chronicle Online

Imperva is profiled in the Jewish Chronicle.

Anonymous-Type Attacks Not Just for Big Brands March 8, 2012

CIO Today

Imperva analyzes an Anonymous attack.

Arrests Won't Be the End for Hacking Groups March 7, 2012

IT Business Edge

Imperva explains the Lulzsec arrests.

High-profile hacker arrests a coup for FBI, analysts say March 6, 2012

Computerworld

Imperva explains the Lulzsec arrests.

LulzSec Leader Turns Informant As Feds Arrest Key Members Of Hacking Group March 6, 2012

Dark Reading

Imperva explains the Lulzsec arrests.

LulzSec bust a blow to Anonymous? Not so fast March 6, 2012

CSO

Imperva explains the Lulzsec arrests.

LulzSec Leader Sabu Unmasked, Aids FBI Hacker Sweep March 6, 2012

Information Week

Imperva explains the Lulzsec arrests.

In Attack on Vatican Web Site, a Glimpse of Hackers' Tactics February 26, 2012

The New York Times

Imperva analyzes an Anonymous attack.

10 Strategies To Fight Anonymous DDoS Attacks February 8, 2012

Information Week

Might be a target for Anonymous? Imperva's CTO explains how you can prepare.

Using business logic as a hacking vector February 7, 2012

IT Wire

Business logic attacks are growing and Imperva helps explain why.

Oracle patches denial-of-service vulnerability February 2, 2012

Info Security Magazine

Imperva sheds light on a major Oracle vulnerability that was issued out of cycle.

VeriSign Management Was 'Out of the Loop' About 2010 Data Breaches February 2, 2012

eWeek

Imperva helps explain the VeriSign breach.

Study Analyzes Fake Facebook Profiles vs. Real Users February 2, 2012

Security Week

Facebook or Fakebook? Imperva's CTO helps explain.

February 1: 'National Change Your Password Day' February 1, 2012

ABC News 57 - South Bend, Indiana

Imperva's password study featured on National Change Your Password Day.

Anonymous Attacks FBI, Hollywood Websites to Avenge Megaupload Shutdown January 19, 2012

CIO Insight

Imperva highlights how Anonymous conducts DDoS attacks.

IE URI Encoding Behavior Facilitates XSS Attacks, Researchers Say January 19, 2012

PC World

Imperva's Tal Be'ery identifies a security problem with Internet Explorer.

Oracle CPU Contains Lowest Number Of Database Fixes Ever January 17, 2012

Dark Reading

Imperva CTO interprets the latest vulnerability releases from Oracle.

Anonymous Avenges Megaupload Shutdown With Attacks on FBI, Hollywood Websites January 20, 2012

eWeek

Imperva highlights how Anonymous conducts DDoS attacks.

Symantec Confirms ‘Segment' of Source Code Was Stolen January 6, 2012

The New York Times

Hackers have stolen some of the programming code for two of Symantec's antivirus products for businesses...

Huge Security Breach at Security Firm Symantec No Threat to Consumers, Analyst Says January 6, 2012

Fox News

Imperva help explains how Symantec's source code could have been breached.

Symantec leak: Minor security threat but questions remain January 6, 2012

InfoWorld

Imperva sheds light on Symantec's possible source code leak.

Symantec Confirms Source Code Leak in Two Enterprise Security Products January 6, 2012

CSO

Imperva sheds light on Symantec's possible source code leak.

Hacker group threatens to release Symantec AV source code January 5, 2012

Computerworld

Imperva details the possible impact of Symantec's anti-virus source code getting exposed by hackers.

Hackers' Threat to Publish Symantec Source Code Not a Reason to Worry January 5, 2012

eWeek

Imperva helps assess the impact of Symantec losing its source code to hackers.

Finding the Unique in You to Build a Better Password December 23, 2011

The New York Times

Imperva's Tal Be'ery explains why biometric passwords will not be the panacea many believe.

Malware blocking – not sandboxing – key to browser security, says Imperva December 23, 2011

InfoSecurity US

Who makes the safest browser? Imperva helps shed some light on a question as old as the internet.

IT Security & Network Security News & Reviews: Enterprise Data Breaches: Insider Threats That Cause Most Losses December 21, 2011

eWeek

Imperva identifies the personalities security teams should watch out for to proactively deal with insider threats.

Hashed Passwords Readily Cracked by Code Dictionaries, Rainbow Tables December 17, 2011

eWeek

Imperva's ADC helps identify an enterprise password security policy to mitigate against the latest attack techniques.

Combating Password Cracking Tools in the Enterprise December 15, 2011

Security Week

Imperva's ADC detail how hackers crack passwords.

9 Cybersecurity Threat Predictions for 2012 December 8, 2011

Government Technology

Imperva predicts the key cyber security trends for 2012.

Imperva's Crystal Ball: Finally, Security for Security's Sake December 6, 2011

PC Magazine

Imperva predicts the key cyber security trends for 2012.

OpRobinHood more likely to stiff punters than bankers December 2, 2011

The Register

Imperva lends perspective to Anonymous' Operation Robin Hood.

Stopping Hackers November 10, 2011

CNBC

Imperva's CEO and CTO are interviewed on the floor of the NYSE about the hacking industry.

Data security co Imperva surges 39 percent on market debut November 9, 2011

Reuters

Imperva goes public.

Imperva Jumps in IPO November 9, 2011

Wall Street Journal

Imperva goes public.

Imperva Follows Groupon Lead As IPO Pops November 9, 2011

Investor's Business Daily

Imperva goes public.

Hackers TimThumb Their Noses at Vulnerability to Compromise 1.2 Million Sites November 2, 2011

Dark Reading

Imperva's Tal Be'ery explains how hackers compromised 1.2 million web sites worldwide.

Imperva SecureSphere Web Application Firewall (Review) November 1, 2011

SC Magazine

Imperva's WAF earns five-stars in this SC Magazine review.

Impeva SecureSphere Database Activity Monitoring (Review) November 1, 2011

SC Magazine

Imperva's DAM earns five-stars in this SC Magazine review.

Nitro' Cyber-Spying Campaign Stole Data From Chemical, Defense Companies October 31, 2011

eWeek

Imperva's Noa Bar Yosef explains how data was taken from key chemical and defense firms.

Products of the Week 10.31.11 October 31, 2011

NetworkWorld

Imperva's latest web application firewall is featured as a product of the week.

IT Security & Network Security News & Reviews: 10 Stupidest Hacks of All Time October 19, 2011

eWeek

Not all hackers are smart. Imperva helps profile a few dummies.

Security firm finds hacker forums offer n00b hackers training, lulz October 18, 2011

Ars Technica

Imperva research helps highlight the world of hacking.

Hackers forums provide sense of community, information security intelligence October 18, 2011

InfoSecurityUS

The dark world of hacker forums gets a little light from Imperva's ADC.

Study finds hacking discussions on the rise. What do hackers discuss and exchange in online forums? October 17, 2011

SecurityWeek

Imperva's analysis of online hacker forums helps highlight cyber attack methods.

Hackers Share Attack Techniques, Beginner Tutorials on Online Forum October 17, 2011

eWeek

Is hacking on the rise? Imperva research detailing hacker forums helps show why hacking is seeing a boom.

Inside a Hacker Forum October 17, 2011

Threat Post

Threat Post reports on the critical role hacker forums play in cyber crime.

The Cyber Jungle: Episode 234 October 17, 2011

The Cyber Jungle

Imperva's Rob Rachwald is interviews on hacker forums and their critical role in cyber crime.

Hackers spent a lot of their time educating other hackers October 17, 2011

Venture Beat

Imperva research helps highlight the world of hacking.

The Next Big Security Challenges October 12, 2011

HealthDataManagement

Imperva's Noa Bar Yosef details security issues with health care records.

Hacker chatter: Can hacker websites help companies anticipate attacks? October 11, 2011

Search Security

Imperva's hacker intelligence initiative identifies how monitoring hacker activity can help bolster cyber defenses.

6 SharePoint Security Challenges October 5, 2011

Information Week

Imperva's Rapahel Reich details the common security issues with Microsoft SharePoint.

Data security for Microsoft SharePoint October 5, 2011

Help Net Security

Imperva's new SharePoint product hits the market.

FBI Busts Suspected LulzSec Hacker in Sony Breach September 23, 2011

Information Week

Imperva helps detail how the FBI may have arrested two high profile hackers.

Imperva: 71 SQL Injection Attacks Per Hour Since July September 23, 2011

Tom's Hardware Guide

Imperva's Application Defense Center identifies the frequency and intensity of SQL injection attacks.

FBI Claims Arrest of LulzSec, Anonymous Members September 22, 2011

eWeek

Imperva identifies how law enforcement may have pinpointed hackers from Lulzsec and Anonymous.

LulzSec's Sony Hack Really Was as Simple as It Claimed September 22, 2011

The Atlantic Wire

Imperva's ADC gives perspective to the problem of SQL injections, finding that Web applications observed since July "suffered on average 71 SQLi attempts an hour.

8 Techniques to Block SQL Attacks September 20, 2011

Information Week

Imperva's SQL injection research helps enterprises bolster their defenses against one of the nastiest vulnerabilities.

Seven Ways You Give Thieves Dibs On Your Database September 14, 2011

Dark Reading

Imperva's Noa Bar Yosef gives perspective on the top database threats.

Products of the Week September 12, 2011

Network World

Imperva's new DDoS service featured as one of Network World's products of the week.

Essential Weapons in a Security Researchers' Arsenal: Part 2 September 7, 2011

Security Week

Imperva's Noa Bar Yosef details the essential tools security researchers use to be effective.

Imperva Launches DDoS Protection Service September 7, 2011

Security Week

Details on Imperva's new cloud-based DDoS service.

Imperva Cloud Service Defends Customers From DDoS Attacks September 6, 2011

eWeek

Imperva offers a new DDoS service to stop one of the oldest trick's in a hacker's book.

Web Site Ranks Hacks and Bestows Bragging Rights August 21, 2011

The New York Times

Imperva explains a hacking contest designed to help hackers identify who has the technical right skills.

SpyEye hacker toolkit to lead to surge in cyberattacks August 21, 2011

USA Today

Imperva is interviewed on trends in malware.

Botnets Powering Cyber Reconnaissance at Scale for Hackers August 17, 2011

Security Week

Imperva helps detail how bots are exploiting Google to conduct cyber reconnaissance.

Mitigating the 'Unfab Four' Threats to Web Application Security August 17, 2011

IT Business Edge

Security Blogger Mike Vizard profiles Imperva research to help security professionals prioritize which vulnerabilities to address.

Hackers and Botnets Bypass Google August 17, 2011

V3

Imperva helps detail how bots are exploiting Google to conduct cyber reconnaissance.

Botnets create Up to 80,000 Queries on Search Engines August 17, 2011

SC Magazine

Imperva helps detail how bots are exploiting Google to conduct cyber reconnaissance.

Botnets And Google Dorks: A New Recipe For Hacking August 16, 2011

Dark Reading

Imperva helps detail how bots are exploiting Google to conduct cyber reconnaissance.

Search Engine Hack Innovation August 16, 2011

Help Net Security

Imperva helps detail how bots are exploiting Google to conduct cyber reconnaissance.

Watch out for botnet-driven Google Dorks, the next automated cyber attacks August 16, 2011

Venture Beat

Imperva's Rob Rachwald explains how hackers use Google to help with cyber attack.

Hackers Submit Attacks to RankMyHack, Get Rated August 15, 2011

eWeek

A hacker sponsored hacking contest is detailed by eWeek.

Millions of Web pages are hacker landmines August 12, 2011

USA Today

Imperva's Noa Bar Yosef explains how hackers infected websites worldwide to spread malware.

Hacker 'Armageddon' Forces Symantec, McAfee to Seek Fixes August 4, 2011

Bloomberg

Imperva mentioned as a company that can help with some of the current hacks plaguing many industries.

Just slip out the hack, Jack July 27, 2011

SC Magazine

Imperva's study of new attack methods by hackers is profiled.

Hackers Attack Web Apps Once Every Two Minutes July 27, 2011

RollingStone.com (blog)

Hackers attack Web-based applications once every two minutes on average, according to a new report by data security firm Imperva. Websites targeted by automatic cyber-attacks can be subject to even more assaults, including as many as 25000 attacks...

Study: Attacks Against Websites Attempted Every Two Minutes July 26, 2011

Time

Imperva's Web Application Attack Report (WAAR) is used to explain how automated web attacks leave no one on the internet safe.

Study: Automated Web App Attacks on the Rise July 25, 2011

PC Magazine

Imperva explains how automated web attacks are the new norm in hacking.

Five Steps To Help Repel The 'Lulz' July 7, 2011

Dark Reading

Imperva helps explain how Lulzsec executed its many attacks.

How Web Sites Poison Your Computer July 6, 2011

Baseline

Imperva helps explain how search engines are poisoned to alter results and send consumers to dangerous web sites.

What LulzSec teaches us about hacktivism July 6, 2011

Federal Computer Week

Imperva gives insight into hacktivism and the Lulzsec hacking spree.

LulzSec's Top 3 Hacking Tools Deconstructed July 5, 2011

Information Week

Imperva helps explain how Lulzsec executed its many attacks.

As Hacks Proliferate, New Security Technology Emerges to Monitor Privileged IT Users July 5, 2011

Forbes

Imperva is featured as a vendor to help fight the modern, evolving cyber security threat.

The LulzSec Hacks: How They Did Them June 29, 2011

PC Magazine

Imperva provides details into the hacking techniques used by Lulzsec.

LulzSec Dissolution Won't Reduce Threat of High-Profile Cyber-Attacks June 27, 2011

eWeek

Imperva CTO Amichai Shulman explains the impact of the Lulzsec hacking spree on the cybercrime industry.

How a hacker's spiteful squabble ended up in a raid by Scotland Yard June 26, 2011

The Guardian

In this lengthy profile of hacker Ryan Clearly in the Guardian's Sunday magazine, The Observer, Imperva's CTO sheds light on the techniques and sophistication of the Lulzsec hackers.

How to pick a password that's hard to hack June 26, 2011

LA Times

In the wake of the Lulzsec attacks, Imperva gives advice on picking a strong password.

Analysis: Do "leaderless" revolts contain seeds of own failure? June 24, 2011

Reuters

Imperva CTO Amichai Shulman explains the dynamics of hacktivism.

Cybersecurity Company Imperva Plans $75 Million IPO June 23, 2011

Wall Street Journal

Imperva' plans to IPO.

English Teen Accused of Hacking, Police Hint LulzSec Link June 22, 2011

eWeek

Imperva CTO Amichai Shulman explains how forensics can be used to trace hackers.

U.K. police charge hacker linked to LulzSec June 22, 2011

Computerworld

Imperva provides insight into the players behind LulzSec.

LulzSec uncovered: are these the names and roles of the members? June 22, 2011

The Guardian

Imperva's Tal Be'ery provides helps profile the Lulzsec members.

LulzSec and Anonymous: Hunting for skeletons hidden in closets June 21, 2011

Tech Herald

Imperva's ADC sheds light on Lulzsec acitivities.

Anonymous, LulzSec Groups Team Up In 'AntiSec' Hacking Campaign June 20, 2011

Dark Reading

Imperva's CTO Amichai Shulman provides perspective on LulzSec activities.

Who's who among key LulzSec hackitivists June 20, 2011

USA Today

Imperva's Tal Be'ery provides helps profile the Lulzsec members.

Imperva files for initial public offering June 20, 2011

San Francisco Business Journal

Imperva' plans to IPO.

Dark corners of the net June 17, 2011

BBC

Imperva's Noa Bar Yosef is interviewed at length regarding hacker techniques, forums and personalities.

Analysis: Cyber raids fuel calls for training, monitoring June 16 2011

Reuters

Imperva's research on insider threats is featured in this article on cyber security.

How Hacker Chatter Can Bolster Defenses June 15, 2011

SearchSecurity

This podcast Dark Reading's Rob Westervelt explains Imperva's Hacker Intelligence.

Why Hackers Found Easy Targets At IMF, Citigroup June 15, 2011

Information Week

Imperva helps analyze the hacks that took place against IMF and Citigroup.

Former Ofcom IT Chief Jailed For Fraud June 10, 2011

eWeek

Imperva's insider threat survey used to explain a rash of data theft coming from employees.

Image of the Day: SEO Poisoning June 9, 2011

Threat Post

Imperva's analysis of search engine poisoning featured as the ThreatPost's image of the day.

How search engine poisoning works June 9, 2011

Help Net Security

Imperva explains how search engine poisoning works.

World IPv6 Day draws attention to security issues with new protocol June 9, 2011

Computerworld

Imperva's Noa Bar Yosef highlights possible security problems with IPv6.

Battle Over EU Flight Passenger Data Rages on June 3, 2011

PC World

Imperva's Tal Be'ery explains possible issues with the US and EU sharing passenger information.

Comment: Security Research Goes Proactive – The Hacker Intelligence Initiative June 3, 2011

Information Security

Amichai Shulman details Imperva's Hacker Intelligence Initiative.

Anatomy of a PDF attack June 2, 2011

ReadWriteWeb

Imperva's Tomer Bitton shows how PDFs are infected by malware that can bypass anti-virus detection.

HIPAA, HITECH Compliance Not Improving Health Care Data Security: Survey May 25, 2011

eWeek

Imperva CTO Amichai Shulman explains why PCI sets a good example for HIPAA data security requirements.

Imperva: 86% of IT Organisations Don't Track Sensitive Documents May 24, 2011

Global Security Magazine

An Imperva survey in the UK highlights how more focus needs to be placed on file security in the UK.

Looking a little closer at the winners of the SC Magazine Awards May 24, 2011

SearchSecurity

Imperva wins SC Magazine Australia's security product of the year.

Keep it safe, keep it legal: Essential guide to compliance May 24, 2011

Computing

Imperva helps detail the components of an effective security compliance program.

Imperva Wins 'Product or Service of the Year' at AUSCERT 2011 May 18, 2011

CFO World

Imperva SecureSphere named product of the year by SC Magazine Australia.

Imperva Wins 'Product or Service of the Year' at AUSCERT 2011 May 18, 2011

SC Magazine

Video of Imperva SecureSphere winning product of the year by SC Magazine Australia.

Financial services targeted for data theft May 18, 2011

Financial Standard

Imperva's Tal Be'ery details how financial services are targeted for data theft.

White House Publishes Cyber Security Plans May 16, 2011

eWeek

Imperva weighs in on the White House cyber security proposal.

Senators Demand Public Companies Disclose Data Breaches May 13 , 2011

InformationWeek

Imperva's Rob Rachwald discusses the impact of breach notification legislation.

White House cybersecurity proposal shifts FISMA responsibility to DHS May 13, 2011

InfoSecurity Magazine

Imperva's Rob Rachwald describes the potential impact of data breach notification.

Cyber "moles" essential tool against hackers: Imperva May 13, 2011

Computerworld

Imperva's web research team leader, Tal Be'ery, explains how companies and law enforcement agencies need to team up against cybercrime.

Imperva Introduces Cloud-based Web Application Firewall Service May 10, 2011

globalsecuritymag.com

Imperva Launches a new cloud-based Web Application Firewall service

Getting a Grip on Our Electronic Lives May 10, 2011

Washington Times

In this Washington Times op-ed details a plan for Congress to implement effective cyber security legislation at the federal level.

Fake AV makers, scammers exploit Bin Laden new May 2, 2011

Computerworld

Imperva's blog helps clarify how hackers use Bin Laden's death for cyber attack.

Scammers exploit bin Laden news in search, Facebook May 2, 2011

CNET

Imperva describes a hackers scam exploiting current events.

Osama Bin Laden news spurs wave of scams, malware May 2, 2011

CSO Online

Imperva's blog helps clarify how hackers use Bin Laden's death for cyber attack.

Hackers feed on bin Laden news, as experts warn of cyber retaliation May 2, 2011

GCN

Imperva's Rob Rachwald details a hacker scheme.

Cyber Scammers Rush to Capitalize on Bin Laden's Death May 2, 2011

PC Mag

Imperva warns of cyber threats coming from Osama Bin Laden's death.

Companies lack insight into where sensitive data resides: Imperva May 2, 2011

CBR Online

Imperva's Noa Bar Yosef details Imperva's file security survey.

Security Firms Warn Of Royal Wedding Malware April 30, 2011

eWeek

Imperva's InfoSec London survey on Royal Wedding scams detailed by Imperva CTO Amichai Shulman.

That Royal Wedding: agile, fast and cloudy. And that's just the website April 29, 2011

The Guardian

Imperva survey on Royal Wedding scam detailed in one of the UK's largest newspapers.

Is malware on the decline, or is evasion on the rise? April 26, 2011

SC Magazine

Imperva's Noa Bar Yosef describes how hackers are becoming more successful with their evasion techniques.

Does PCI-DSS Matter? April 20, 2011

InternetNews

Imperva CTO Amichai Shulman explains the effectiveness of PCI.

Imperva interviewed on growing threat of hacking on Jeff Randall Live April 19, 2011

Sky News

Imperva's Rob Rachwald interviewed by Sky News UK on state-sponsored hacking.

PCI DSS compliance cuts breach risk, says report April 19, 2011

CSO

Imperva's annual PCI survey featured in CSO magazine.

PCI-DSS Compliance Helps Prevent Data Breaches Despite IT Doubts: Survey April 19, 2011

eWeek

The efficacy of PCI is gauged by an Imperva-Ponemon survey.

Data breach reports highlight seriousness of problem April 19, 2011

NextGov

What can the government learn from PCI success?

Many Concerned Over Oracle's Response to Security Vulnerabilities April 19, 2011

Security Week

Imperva CTO explains the problems with Oracle's patch process.

Is Your Data As Safe As You Think? April 19, 2011

Business Insider

Noa Bar Yosef explains how hackers work and why security teams should monitor the dark side.

Cybercriminals Still Enjoy Bragging About Their Escapades April 13, 2011

The Last Watchdog

Imperva featured in USA Today report Byron Achohido's blog.

European Parliament Disables Webmail After Cyber-Attack March 30, 2011

eWeek

Imperva's CTO Amichai Shulman gives his perspective on the recent hacking of the European Parliament's webmail system.

McAfee to enhance database monitoring with Sentrigo acquisition March 23, 2011

eChannelLine

Imperva's take on another big company getting into the DAM space.

McAfee to Acquire Database Security Vendor Sentrigo March 23, 2011

InformationWeek

Imperva CEO Shlomo Kramer weighs in on the Sentrigo acquisition.

The Chinese Government's Gremlins in Google's Works March 21, 2011

TechNewsWorld

Imperva's Rob Rachwald provides perspective on China hacking Google.

Products of the Week - 3.21.11 March 21, 2011

Network World

Imperva's SecureSphere 8.5 is highlighted as Network World's product of the week.

Imperva's Amichai Shulman Discusses the Boy in the Browser Attack March 15, 2011

InfoSec Resources

Boy in the Browser Attacks 101

Twitter Finalizes FTC Security Settlement March 15, 2011

Information Week

Rob Rachwald explains the significance of Twitter's FTC settlement.

Imperva's SecureSphere enhances agent-based monitoring and auditing for open systems databases March 10, 2011

Security Park

Imperva's SecureSphere 8.5 release helps enterprises with new agent technology.

The Next Big Thing? March 9, 2011

Wall Street Journal

Imperva ranks #10 in the Wall Street Journal's list of companies likely to succeed.

Imperva Expands SecureSphere March 9, 2011

Dark Reading

Imperva's next-generation release, SecureSphere 8.5.

Enhanced Insider Threat Protection with SecureSphere 8.5 March 9, 2011

ProSecurityZone

Imperva's SecureSphere 8.5 release helps enterprises with insider threats.

APT: Are Businesses Prepared? March 9, 2011

Security Week

Imperva CTO Amichai Shulman interviewed on how to prepare for advanced persistent threats.

Malware infections and spam fall off in February March 4, 2011

V3

Imperva's Noa Bar Yosef disputes claims of malware decline.

Tax rebate scams get sophisticated March 3, 2011

itpro

Imperva details an online tax scam.

'Generation Gmail' Threatens Corporate Data Security February 23, 2011

eWeek

Imperva research helps shed light on insider threats.

Boy-in-the-Browser Attacks Come Out and Play February 22, 2011

eWeek

Imperva CTO Amichai Shulman describes a man-in-the browser attack variation.

Oracle Database Firewall To Replace DAM? Not So Fast, Competitors Say February 17, 2011

Dark Reading

Imperva comments on Oracle's new database security product.

Hackers Go After the Smartphone February 13, 2011

The New York Times

Imperva explains the security problems with mobile devices.

Security Companies to Watch February 14, 2011

Security Analysis

Imperva cited as a key company in the security space to keep an eye on.

Insider Threats February 11, 2011

Global Security Magazine

Imperva warns companies about insider threats.

Imperva Achieves Record Growth February 13, 2011

[PUB-NAME]

Imperva's strong growth in 2010.

Oracle Issues Emergency Java Patch February 9, 2011

PC World

Imperva CTO comments on Oracle's patching process.

Cybercrime: Narrowing the Gap February 1, 2011

SC Magazine

Imperva's Noa Bar Yosef explains the cybercrime industry.

Department of Defense prescription database target of hacker attack January 26, 2011

iHealthBeat.com

Imperva comments on hackers selling access to the Army's prescription drug website.

Hackers sell access to military websites January 25, 2011

FederalNewsRadio.com

Imperva comments on hackers selling access to government websites.

Hacker Selling Access to Gov Websites for $500 January 25, 2011

Tom's Guide

Imperva comments on hackers selling access to government websites.

Government, military and education sites put up for sale by hacker January 25, 2011

Fierce CIO

Imperva comments on hackers selling access to government websites.

Defense Department pharmacy site hacked January 25, 2011

ModernHealthcare.com

Imperva comments on hackers selling access to healthcare websites.

Government, military sites hacked, data access for sale January 24, 2011

ThreatPost

Imperva comments on hackers selling access to government websites.

Hackers sell access to military and government websites January 24, 2011

InfoSecurity.com

Imperva comments on hackers selling access to government websites.

Hacker hawks comprised military, university web sites January 24, 2011

CRN

Imperva comments on hackers selling access to government websites.

Gutsy hacker sells access, info January 22, 2011

PC World

Imperva comments on hackers selling access to government websites.

Hacker Sells Access To Military, University Websites January 22, 2011

PC Magazine

Imperva comments on hackers selling access to government websites.

Government, Military sites for sale in hacker forum January 21, 2011

eWEEK

Imperva comments on hackers selling access to government websites.

Got $500? You can buy a hacked US Military website January 21, 2011

Computerworld

Imperva comments on hackers selling access to government websites.

Got $500? You can buy a hacked US Military website January 21, 2011

PCWorld

Imperva comments on hackers selling access to government websites.

Got $500? You can buy a hacked US Military website January 21, 2011

ITWorld

Imperva comments on hackers selling access to government websites.

Ready for cyber war? January 21, 2011

Krebs On Security

Brian Krebs provides insights into Imperva's discovery of hackers selling access to government websites.

Security Experts Probe Oracle Patches January 20, 2011

Information Week

Imperva CTO Amichai Shulman explains the latest security patches from Oracle.

Oracle patching fewer database flaws as it adds more products January 19, 2011

Computerworld

Imperva CTO Amichai Shulman explains the latest security patches from Oracle.

Imperva CTO: Oracle Patching Needs Fixing January 19, 2011

Dr. Dobb's Journal

Imperva CTO Amichai Shulman explains the latest security patches from Oracle.

Oracle Patched 66 Vulnerabilities January 18, 2011

eSecurity Planet

Imperva CTO Amichai Shulman explains the latest security patches from Oracle.

Oracle Releases 66 Fixes in Quarterly Patch Cycle January 18, 2011

SC Magazine

Imperva CTO Amichai Shulman explains the latest security patches from Oracle.

Oracle's patching system needs fixing, according to Imperva's CTO January 18, 2011

IT Pro

Imperva CTO Amichai Shulman explains the latest security patches from Oracle.

A Patch Tuesday hole to watch for January 10, 2011

CSO Online

Imperva CTO Amichai Shulman explains the latest security patches from Oracle.

Corporate data accessed by too many January 7, 2011

zdnet

Imperva's Stree Naidu explains the ramifications of giving too many people access to data.

Security firm Imperva praises US memo on insider threats January 7, 2011

ComputerWeekly

Imperva's Noa Bar Yosef gives perspective on the US government's guide to insider threats.

Don't Get Hacked for the Holidays December 22, 2010

InformationWeek

Imperva CTO Amichai Shulman explains the latest security patches from Oracle.

Imperva's growth fuels rumors of an IPO December 17, 2010

San Francisco Business Times

Interview with Imperva CEO Shlomo Kramer.

Imperva CEO claims that more than DLP is needed for data protection December 17, 2010

SC Magazine

Claims have been made that data loss prevention (DLP) is not the correct architecture for data security and that better control mechanisms need to be used...

Gawker hack analysis reveals incredibly weak passwords December 14, 2010

Network World

Brute-force work by Michigan firm decrypts 200,000 Gawker account passwords in under an hour...

Gawker hack: another glimpse into password practices December 14, 2010

GCN

You may recall that earlier this year, security firm Imperva analyzed 32 million passwords that a hacker stole from an application developer called rockyou.com and found that many people were using simple ones, including "password," "rockyou" (the name of the site) and strings of sequential numbers...

WikiLeaks 'Hactivists' Target Fax Machines December 14, 2010

Information Week

Anonymous collective turns to old-school spam as antivirus vendors and Internet providers block access to the the LOIC botnet application...

WikiLeaks Botnet Continues Attack on MasterCard Site December 13, 2010

Information Week

"Hacktivists" say their denial of service assaults aren't intended to steal personal financial data, rather to raise awareness of companies that stopped doing business with WikiLeaks...

Website Attackers Could Be Easily Traced, Say Researchers December 13, 2010

PC World

People using a tool to conduct distributed denial-of-service (DDOS) attacks against other websites in support of WikiLeaks can easily be traced, according to computer security researchers...

Also appeared: Yahoo! News, CIO, Network World, Computerworld, Linux World

Hammer Time? WikiLeaks-inspired Java Script DDoS Planned December 13, 2010

CSO

The WikiLeaks weird fest continues, with Mastercard getting hammered some more this past weekend and a Java script-based DDoS being planned and launched through i-frame based images...

WikiLeaks Protests Attacked with Botnets December 13, 2010

CIO

A cyberwar that sprung up in support of WikiLeaks is comprised of hackers using botnets, illegal networks of hijacked computers that can be used to multiply the attack...

Web attackers point to cause in WikiLeaks December 10, 2010

The New York Times

Imperva CTO Amichai Shulman comments on Operation Payback.

WikiLeak protests use botnets to attack websites December 10, 2010

USA Today

Imperva's Tal Be'ery explains Operation Payback.

Spam downloads surge among WikiLeaks supporters December 10, 2010

Forbes

Wikileaks supporters on Friday downloaded increasing amounts of the spam-shooting software used to attack companies seen as hostile...

Foot Soldiers for WikiLeaks: 27,000 Download Attack Software Overnight December 10, 2010

ABC News

Imperva's Tal Be'ery explains Operation Payback.

Operation Payback picks up speed, WikiLeaks denies involvement December 10, 2010

Help Net Security

Imperva's Tal Be'ery explains Operation Payback.

Pro-WikiLeaks cyberattacks show growing threat" December 9, 2010

USA Today

Imperva's Rob Rachwald explains Operation Payback.

WikiLeaks Supporters' Attacks Show Power of Opt-in Botnets December 9, 2010

eWeek

Imperva's Tal Be'ery explains Operation Payback (Optin Botnets).

Botnet Operators Set To Join Operation Payback December 9, 2010

Dark Reading

Imperva's Tal Be'ery explains Operation Payback (Botnets).

Pro-WikiLeaks cyber army gains strength; thousands join DDoS attacks December 9, 2010

Computerworld

Imperva's Tal Be'ery explains Operation Payback (DDoS Attacks).

Anonymous attack on Amazon.com appears to fail December 9, 2010

Computerworld

Imperva's Tal Be'ery explains Operation Payback.

Facebook, Twitter boot WikiLeaks supporters after Visa attack December 8, 2010

CNET

Imperva's Tal Be'ery explains Operation Payback.

Operation Payback: WikiLeaks Avenged by Hacktivists December 7, 2010

PC World

Imperva's Tal Be'ery explains Operation Payback.

The Hacker War Over WikiLeaks Rages On December 7, 2010

Discover Magazine

Imperva's Tal Be'ery explains Operation Payback.

PayPal, PostFinance Hit by DoS Attacks, Counter-Attack in Progress December 6, 2010

eWeek

Imperva's Tal Be'ery explains Operation Payback.

Startup launching Web application firewall service December 6, 2010

Network World

(Also appeared: PC World Australia, Computerworld Australia, Computerworld New Zealand, TechWorld Australia, LinuxWorld)

Embedded Passwords: Dangerous by Default December 3, 2010

Ecommerce Times

Imperva's Noa Bar Yosef discusses the drawbacks of default passwords.

Wikileaks forces governments to reconsider IT security December 3, 2010

Government News

Perspectives on Wikileaks.

Lessons from the most interesting data breaches of 2010 December 2, 2010

Security Week

There has been a 93.7% drop in the volume of data stolen from 2009 to 2010...

White House Responds To WikiLeak Breach With Security Policy Review December 2, 2010

CRN

Imperva CTO Amichai Shulman explains how the Wikileaks mess could have been avoided.

Most Employees Would Pilfer Company Secrets November 24, 2010

eWeek UK

The survey of 1,026 Londoners carried out by data security firm Imperva revealed that insiders pose the greatest threat to corporate security.

72% of staff have stolen data from their employers November 23, 2010

NetworkWorld

Nearly three quarters (72 percent) of staff admit to stealing data from their employer, says Imperva.

Number of employees who would steal data increases significantly November 23, 2010

SC Magazine UK

A survey of more than 1,000 UK employees by Imperva found that 70 per cent of respondents had clear plans to take something with them upon actually leaving their job. The most popular data to take was intellectual property (27 percent) or customer records (17 percent).

Schwartz on Security: Click "Dislike" for Facebook Safety November 18, 2010

Information Week

Imperva CTO Amichai Shulman quoted on Facebook security practices.

SQL Injection Attacks and Data Theft November 16, 2010

Dr. Dobbs

Imperva's PCI study mentioned in this detailed article on data theft.

Database Protocol Exploits Explained November 15, 2010

(IN)Secure Magazine

Amichai Shulman details a new, growing breed of database attacks: protocol exploits.

Quest on Business November 15, 2010

CNN

CTO Amichai Shulman interviewed on CNN about security trends for 2011.

Imperva warns of rise in Stuxnet hacking threats November 15, 2010

V3

State-sponsored hacking, man-in-the-browser and insider attacks are among the key threats facing organisations in 2011, according to research from Imperva.

Imperva CTO endorses new PCI standard November 12, 2010

MIS Asia

Amichai Shulman, chief technology officer of data security firm Imperva has recently analyzed the PCI DSS 2.0 standard released by global industry body PCI Security Standards Council (PCI SSC) last month.

Channel looking for PCI windfall - Resellers hoping to benefit from introduction of version 2.0 of PCI DSS November 10, 2010

channelweb

VARs are counting on the introduction of the latest PCI DSS standard to force retailers to open their wallets and spend on security. The PCI Security Standards Council last month tightened the security rules governing retailers and other organizations processing credit card transactions with the release of PCI DSS 2.0.

Why Does Identifying Data Owners Have to be so Hard? November 10, 2010

Gartner Blog

Neil MacDonald, vice president, distinguished analyst and Gartner Fellow at Gartner Research covers Imperva FAM product in his blog.

How much is your email address worth [registration required] November 5, 2010

InfoSecurity Magazine

Amichai Shulman, CTO of Imperva, discusses the black market value of our online credentials and how criminals turn them into cash...

M&A Activity Muddles Database Security [registration required] November 5, 2010

DarkReading

Staffing changes, mixed security policies and standards, different types of data repositories with different applications all cause problems...

Cyber-espionage: Raids from afar [registration required] November 3, 2010

SC Magazine

The Google-China attacks, revealed in January, kicked off a year in which the threat of cyber-espionage to steal corporate and government secrets firmly entrenched itself as part of the security battle zone...

Charitable misgivings [registration required] November 2, 2010

InfoSecurity Magazine

Trust makes the world of non-profit charity go round, and a breach of this trust can lead to irreparable damage of a charity's reputation. Wendy M. Grossman investigates the unique pitfalls facing those who are in the business of giving.

PCI DSS 2.0 released, makes virtual ripples October 29th, 2010

ZDNet Australia

The second edition of the Payment Card Industry Data Security Standard (PCI DSS) was released and contains minor changes to take virtualization into account and increase security levels. Security company Imperva chief technical officer, Amichai Shulman, said changes in the document are minor, and include the scoping of PCI assessments, the adoption of risk-based approaches to vulnerability mitigation and the provision of further detail on standards for secure application coding.

Halloween in Asia October 29th, 2010

SecurityAsia

Night of the living computers: Where the original zombie was said to be typically a reanimated corpse or a human being controlled by someone else by use of magic, today's computer version is controlled by cyber criminals who are usually after your bank, social network or webmail credentials

Schwartz On Security: Zombie Internet 'Kill Switch' October 28, 2010

InformationWeek

Information Week columns discusses the merits of the Internet kill switch, quoting Imperva's blog on the topic.

Imperva Tech News Briefing - Botnets for rent October 26, 2010

CFO World

The Iranian Cyber Army has been making news with its decision to sell access to its botnet. In this tech briefing, Imperva's Senior Security Strategist Noa Bar Yosef answers key questions on this issue.

Botnet for Sale Business Going Strong, Security Researchers Say October 25, 2010

eWeek

The first is size, noted Imperva Senior Security Strategist Noa Bar Yosef. Beyond that, it often depends on what type of attack is being planned...

48 Hackers charged so far with stealing $12.5M from banks October 1, 2010

USA Today

Imperva's Noa Bar Yosef comments on the hacker arrest.

Lessons from takedown of Zeus cyber robbers in UK, U.S. October 1, 2010

The Last Watch Dog

Imperva's Noa Bar Yosef comments on the hacker arrest.

Crackdown on Zeus banking scam unearths massive cybercrime outfit October 1, 2010

Fierce CIO

Imperva's Noa Bar Yosef details how hackers stole 12.5M from banks.

More than 80 arrested in alleged Zeus banking scam September 30, 2010

Dark Reading

Imperva featured in an article detailing Zeus hacker arrest.

'Freeware' phishing kit dupes s'kiddies July 23, 2010

The Register

A "freeware" phishing kit posted onto hacker forums poses as a way to set up fraudulent websites pretending...

Imperva Identifies Cloud Based Phishing Kit July 23, 2010

InformationWeek

Overview of a phishing scheme uncovered by Imperva's ADC.

Crooks dupe fellow cons into doing their phishing for them July 23, 2010

Finextra

Imperva says the phishing kit helps crooks set up fake sites.

Hackers give birth to phish that never dies July 23, 2010

IT PRO

Imperva explains this phishing scheme is interesting for its provenance and operation.

"Products of the Week" July 19, 2010

NetworkWorld

Imperva's FAM is profiled in this product overview.

Passwords that are Simple--and Safe July 18, 2010

MIT Technology Review

MIT Technology Review discusses secure passwords—citing Imperva.

How Elmer Fudd can improve your password security July 15, 2010

Federal Computer Week

Excellent story on the importance of strong passwords.

Imperva adds NAS Firewall to Line-Up July 15, 2010

PCWorld

Imperva adds file security to SecureSphere.

Imperva mitigates insider threats July 14, 2010

Government Security

Imperva adds file security to SecureSphere.

Imperva introduces File Security family to help mitigate insider threats July 14, 2010

CIO

Imperva adds file security to SecureSphere.

Imperva squares up to unstructured data security challenge July 14, 2010

Image and Data Manager

Imperva adds file security to SecureSphere.

Imperva announces file security July 14, 2010

Global Security Magazine

Imperva adds file security to SecureSphere.

Imperva adds NAS Firewall to Line-Up July 14, 2010

Networkworld

Imperva adds file security to SecureSphere.

Imperva Mitigates Insider Threats July 14, 2010

HelpNetSecurity

Imperva adds file security to SecureSphere.

Imperva launches file management and security suite July 13, 2010

SC Magazine

Imperva adds file security to SecureSphere.


Imperva Secures Files July 13, 2010

CTO Edge

Imperva adds file security to SecureSphere.

Imperva adds NAS Firewall to Line-Up July 13, 2010

Techworld

Imperva adds file security to SecureSphere.

Apple bans 'fraudulent' developer from iTunes July 7, 2010

BBC

Imperva CTO Amichai Shulman explains the iTunes breach.

"La Password" on the front page of Yahoo Finance in France July 2, 2010

TechYou

Yahoo France on password security.

Facebook changes are not enough May 27, 2010

BBC News

Amichai Shulman, chief technology officer at net security firm Imperva, comments on the new Facebook privacy policy.

Facebook announces open privacy settings May 27, 2010

Infosecurity Magazine

Amichai Shulman, Imperva's CTO, said he believes that Facebook is now at a serious crossroads.

Imperva and Katana Technologies sign deal May 22, 2010

Reseller News

"Our strategy for New Zealand will be to find the right partners, like Katana, with the expertise to work with Imperva's technologies," explains Stree Naidu, Imperva's VP of Asia-Pacific.

Imperva signs NZ partner May 22, 2010

TechDay.co.nz

Imperva's Asia Pacific footprint continues to grow.

Profile: Imperva throws one-two punch at security threats May 21, 2010

San Francisco Business Journal

Everybody knows that if you want to stop a hacker from stealing data, you have to keep him out of your network...

Imperva Offers New & Innovative Ways To Protect Your Network From Breaches May 21, 2010

Processor.com

Networking security solutions provider Imperva has an impeccable pedigree for its specialty. Its founder and CEO Shlomo Kramer has been an integral part of the security industry for many years.

Are password rules just bad magic? May 21, 2010

Government Computing News

The 32 million passwords that security firm Imperva analyzed (reported in our earlier stories) were stolen, not guessed...

The password game May 21, 2010

Louisville Courier-Journal

"It's annoying to try to remember all these things," admitted Rob Rachwald, the director of security strategy for Imperva.

Imperva Introduces SecureSphere Virtual Appliances May 19, 2010

governmentsecurity.org

Imperva's SecureSphere Virtual Appliances provide web application and database firewalls as well as database activity monitoring and can be installed on an...

Imperva Introduces Virtual Data Security Suite May 18, 2010

Global Security Mag

Imperva announced the availability of its SecureSphere Virtual Appliances ... Imperva's SecureSphere Virtual Appliances provide web application and database ...

The top 10 awfully bad passwords people use May 16, 2010

Federal Computer Week

Data security firm Imperva analyzed 32 million passwords that a hacker stole

Imperva on ZDNet Asia May 13, 2010

ZDNet Asia

Imperva says Web server-based botnet offers more attack power than PC-based botnets.

Imperva CTO explains how servers are being infected by hackers in new denial ... May 13, 2010

Infosecurity Magazine

As reported on Wednesday, Imperva claims to have uncovered a new generation of Denial-of-Service (DoS) attacks that appears to be more powerful than previous efforts.

Hackers use web servers to deliver more powerful DDoS attacks May 13, 2010

ComputerWeekly.com

New web server-based DDoS attacks are likely to be ongoing, said Amichai Shulman, chief technology officer at Imperva.

Botnet hijacks web servers for DDoS campaign May 13, 2010

Network World

Researchers at Imperva have discovered a new DDoS attack method

Imperva discovers more dangerous DDoS attack threat May 13, 2010

CIO Australia

Imperva was able to acquire the source code of this application - which consisted of just 90 lines of PHP code - and has screenshots...

Server-based zombies power souped-up DDoS assault May 12, 2010

The Register

Hundreds of web servers are infected with a DoS application that transforms them into zombie drones, according to database security firm Imperva.

New DoS attack uses Web servers as zombies May 12, 2010

CNET

Security firm Imperva said on Wednesday it uncovered a botnet of about 300 Web servers after one of its "honeypot" servers was used in an attack and based ...

How botnets, hacking kits and weak apps aid cybercrooks April 28, 2010

USA Today

WhiteHat Security and Imperva study on application security is profiled in USA Today.

Infosecurity Europe 2010: Organizations fall short on securing websites April 28, 2010

Infosecurity Magazine

Overview of the Ponemon Institute study sponsored by data security firm Imperva and WhiteHat Security.

Organizations Not Focusing Enough on Web App Security, Survey Finds April 28, 2010

eWEEK

A survey, performed by the Ponemon Institute and commissioned by Imperva and WhiteHat Security, found that 70 percent of the respondents felt that web application security was not a strategic initiative.

The Need for Application Security April 28, 2010

eSecurity Planet

A new survey from Imperva, WhiteHat Security and the Ponemon Institute, entitled The State of Application Security, has found that most businesses fail to secure web applications.

Business spend is failing to protect against top threat to data ... April 28, 2010

ComputerWeekly.com

Imperva CTO Amichai Shulman interviewed about application security.

Defenseless against cyber attacks April 28, 2010

Network World

Imperva CEO Shlomo Kramer explains the changing nature of cyber threats.

Protecting Our Medical Records Online April 26, 2010

eGov monitor

Amichai Shulman, CTO, Imperva explains best practices for securing medical databases.

Imperva's CEO Shlomo Kramer profile April 23, 2010

Silicon Valley Business Journal]

Imperva blocks data breaches externally as well as internally

What CEOs should know about advanced persistent threats and industrialized hacking April 23, 2010

SC Magazine

The world of hacking has evolved into two major varieties: industrialized attacks and advanced persistent threats (APT)...

Social Studies April 17, 2010

Globe and Mail

Canada's largest newspaper profiles Imperva's analysis of 32 million user passwords that were posted online.

Imperva adds 100 new customers April 15, 2010

TechDay

Performance of the Australia and New Zealand markets has contributed to Imperva's record growth in Q1.

ANZ contributes as Imperva continues record growth in Q1 April 15, 2010

Computerworld

Computerworld Australia is the leading source of technology news, analysis and tools for IT decision makers, managers and professionals.

Fake drug scam hijacks UK college websites March 5, 2010

BBC News

Researchers at security company Imperva believe "thousands" of organisations may have fallen victim. "It's a pretty successful campaign," said Amichai...

Password primer: 12345 just isn't good enough March 5, 2010

msnbc.com

Here are the five most commonly used passwords based on a recent study by Imperva. PC Tools has a free password generator.

What's in store for 2010? March 5, 2010

Infosecurity Magazine

Amichai Shulman, chief technology officer at data security specialist Imperva, predicts that a defining of roles within the hacking community will resemble a drug cartel.

Imperva Rolls Out WAF Add-On March 4, 2010

ChannelPro-SMB

Data security provider Imperva has announced the general availability of its new ThreatRadar product. ThreatRadar is an add-on to Imperva's Web Application...

Online Password Tips and Tricks March 3, 2010

Forbes

As hacking becomes industrialized, Forbes interviewed Imperva to help determine password best practices.

Why 41 Percent of You Would Fail a PCI Audit March 3, 2010

NetworkWorld

PCI isn't just about compliance. As Imperva CTO Amichai Shulman explains, the industrialization of hacking means PCI compliance—and security—become much more important in light of a stronger, automated foe.

Zombie tactics threaten to poison honeypots March 3, 2010

The Register

Amichai Shulman, CTO at database security firm Imperva, suggested that rather than monitoring the behaviour of infected machines miscreants could instead...

Microsoft's foiling of botnet gets mixed response February 26, 2010

BBC

Imperva CTO Amichai Shulman casts doubt over the long term success of MSFT shutting down a bot operation.

This you??? Twitter hit by phishing attacks February 25, 2010

The New Zealand Herald

Imperva CTO Amichai Shulman explains how Twitter was breached.

A San Francisco Technology Charity Gets a Lesson in Online Security February 21, 2010

The Chronicle of Philanthropy

TechSoup Global uses Imperva to bolster its security posture.

The Top 10 Most Common Internet Passwords January 26, 2010

FOX News

Imperva, a data security firm, said it had analyzed around 32 million passwords that had been exposed in a recent hack.

Was ein sicheres Passwort ist January 25, 2010

Spiegel

Germany's largest newspaper on the ADC password study.

Populairste wachtwoord: 123456 January 25, 2010

De Telegraaf

The Netherland's largest newspaper on the ADC password study.

Making Your Passwords Harder on Hackers January 25, 2010

CBS News

A recent analysis by computer security company Imperva showed one-out-of-five people choosing the simplest of passwords, such as 123456.

123456 is the most popular netizen password January 25, 2010

Sing Tao Daily

Hong Kong's largest daily explores password security.

Hacking online accounts is easy as abc123 January 24, 2010

The Sydney Morning Herald

Data security provider Imperva, which analysed the passwords in a new report, says such laziness is often equivalent to having no locks on the account at all as simple passwords are easily broken using "brute force" techniques.

123456 January 22, 2010

The Straits Times

BACK at the dawn of the Web, the most popular account password was '12345'. Today, it's one digit longer but hardly safer: 123456.

Social networking site breach exposes most popularly used passwords January 22, 2010

The Independent

An analysis of more than 32 million exposed passwords revealed "123456" as the most commonly used security code when logging into online accounts.

RockYou hack reveals easy-to-crack passwords January 21, 2010

The Register

Analysis of the 32 million passwords recently shows how easy it is to hack into personal accounts.

Avoiding Bad Passwords (Video) January 21, 2010

CNN

CNN reports on Imperva's password analysis.

Depressing Analysis Of RockYou Hacked Passwords January 21, 2010

The Washington Post

What's the most common password? According to a study by Imperva, it's "123456," followed by "12345," "123456789" and "Password," in that order. "iloveyou" came in at no. 5.

If Your Password Is 123456, Just Make It HackMe January 20, 2010

The New York Times

Imperva CTO Amichai Shulman explains how our Application Defense Center analyzed 32 million consumer passwords.

RockYou Hack a Reminder to Consider Data Stored in the Clear December 17, 2009

eWEEK

Imperva CTO Amichai Shulman explains the RockYou vulnerability.

32.6m passwords may have been compromised in RockYou hack December 16, 2009

Guardian.co.uk

A SQL injection is responsible for millions of lost passwords.

Hackers 'will industrialise themselves' December 15, 2009

British Computer Society

Britain's most prestigious computer science journal analyzes Imperva's study on the top hacking trends of 2010.

Social Media's a Victim of its Success December 15, 2009

Bank Technology News

Attacks on social media sites will jump in 2010, says data security firm Imperva, which lists social media breaches as one of the top five data security...

One Of The 32 Million With A RockYou Account? You May Want To Change All Your Passwords. Like Now. December 14, 2009

TechCrunch

Imperva issues a warning to RockYou that there was a serious SQL Injection flaw in their database.

The top five security trends of the next decade: hackers to 'resemble drug cartels' December 9, 2009

The Independent

Imperva's CTO explains to The Independent, one of the UK's leading publications, about the top five security trends facing consumers and businesses.

Analyst Report: PCI DSS Compliance Survey – companies still struggle December 4, 2009

Data Privacy Regulation & Management

Another reference to Imperva's seminal study on PCI best practices.

Contrasting opinions on PCI December 3, 2009

SC Magazine

Imperva CTO Amichai Shulman gives his view on updating the PCI-DSS standards.

IBM's Guardium acquisition misses the mark, says Imperva December 2, 2009

ComputerWeekly.com

Imperva CEO Shlomo Kramer explained how enterprises are shifting away from siloed security products in favor of an integrated approach that protects more than just databases.

Yahoo defends against a blind SQL injection November 16, 2009

eWEEK

HotJobs website has been successfully blocked, after data security specialist Imperva warned the search giant of a potential SQL injection flaw.

Durham police website vulnerabilities shared by hackers November 6, 2009

PublicTechnology.net

According to Imperva CTO Amichai Shulman the Durham, UK police website was probably hacked by with the help of a SQL injection.

Vulnerability assessment integration with web application firewalls November 6, 2009

SC Magazine

Brian Contos, chief security strategist, Imperva, and Jeremiah Grossman, CTO of WhiteHat, discuss the value of integrating vulnerability assessment with web application firewalls.

Cyber criminals see charities as easy targets November 5, 2009

IT PRO

Case study on how TechSoup Global, a nonprofit, uses Imperva to protect its data.

Imperva achieves record 88% revenue growth in Europe November 5, 2009

contactcenterworld.com

Imperva's impressive Q3 '09 growth in the EMEA region nears 88%.

Has secure software development reached its limits? November 4, 2009

GCN.com

Because humans are involved in the process, "it is impossible to create flawless software," said Amichai Shulman, chief technology officer of Imperva.

How network administrators can help to prevent SQL injection November 4, 2009

Search Security

Information on how WAFs, like Imperva's SecureSphere, can help prevent attacks such as SQL injection, cross-site scripting and others issues.

Former YouSendIt Boss Charged With DoS Attack November 3, 2009

eWEEK

Imperva chief security strategist Brian Contos explains the intricacy of an insider attack coming from the former CEO of the company.

Imperva appoints M.Tech as ANZ distributor November 2, 2009

Reseller News

Imperva expands its footprint in Australia-New Zeland with the appointment of M.Tech as distributor.

Change passwords: Crooks want keys to your e-mail October 26, 2009

USA Today

Imperva CTO explains new approaches in the ongoing world of cybercrime.

The Guardian: Up to half a million users may have been compromised October 26, 2009

The Tech Herald

Imperva CTO Amichai Shulman explains how a SQL Injection flaws might well be the cause for The Guardian's attack.

Oracle Patches Highest Security Vulnerability (CVSS) October 24, 2009

IT SecCity

Amichai Shulman, CTO of Imperva, shares his own views on the latest round of Oracle patches.

WAF use goes beyond compliance, improves visibility company finds October 23, 2009

Search Security

Case study profiling Agilent's use of four Imperva WAFs and database activity monitoring products.

Oracle Patches 36 Bugs October 22, 2009

InformationWeek

Imperva CTO Amachai Shulman said Tuesday patch was a case of Oracle fixing for a second time a bug that Imperva discovered a year ago.

Imperva makes inroads in Asia Pacific October 18, 2009

Reseller News

Imperva grew 114 percent in Asia Pacific quarter on quarter for Q3 when compared to last year.

Cybercriminals set to ride Google's Wave October 15, 2009

Infosecurity Magazine

How safe is Google Wave? Amichai Shulman, CTO of Imperva explains.

Google Wave Security (Video) October 15, 2009

Sky News Australia

Imperva's Kane Lightower on Sky News Australia discussing Google Wave.

Developers Need Help with Security Errors October 11, 2009

Search Security

Story on how Agilent turned to a WAF from Imperva to boost security among internal developers and understand the basics of data flow within the company environment.

Key-logging behind web mail scam October 7, 2009

BBC News – UK

Imperva's CTO Amichai Shulman explans to the BBC how key logging software is behind a recent surge in online, consumer attacks.

Email phishing attack spreading, say experts October 7, 2009

Telegraph.co.uk

Imperva CTO Amichai Shulman explains how a high number of phishing victims indicates that the scam was a key-logging attack.

PCI compliance often ineffective in stopping data thieves September 23, 2009

The Last Watchdog

The Ponemon Institute and tech security firm Imperva with results of a survey underscoring what cyber criminals — and merchants and banks know all too well — PCI is having only a limited effect.

What does PCI mean to you? September 23, 2009

SC Magazine

Another company to discuss PCI was Imperva. Its CTO is Amichai Shulman, and he was passionate about both the compliance to it and its enforcement.

Domain-name abuse proliferates; rogue registrars turn a blind eye September 3, 2009

The Industry Standard

Amichai Shulman, CTO at Imperva, explains a new approach to domain-name abuse.

Imperva expands APAC data security effort September 3, 2009

The Channel

Imperva announces its presence and firm commitment to the Asia-Pacific region with new offices and executives.

China flooding web with SQL injection attacks August 28, 2009

Security Watch

Imperva CTO explains how China is flooding web with SQL injection attacks that is affecting websites around the globe.

Mass SQL injection attacks still scaling up August 27, 2009

SC Magazine

Imperva CTO explains how automated SQL injections from China are successfully attacking websites worldwide.

Is Simon Cowell a closet computer hacker? August 24, 2009

Security Watch

Hacking isn't just for geeks anymore. In this article, Imperva CTO explains how a celebrity PR campaign could be behind a profile 'hack.'

Network Solutions starts healing process after data breach August 5, 2009

DM News

Network Solutions experienced a major breach. Imperva CTO Amichai Shulman analyzes the attack and its implications.

Kevin Mitnick Seeks Refuge from Hackers with Imperva August 3, 2009

Network World

Kevin Mitnick is a high profile security professional trying to escape the constant attacks on his personal website. He recently selected Firehost to carry his website — and they use Imperva's web application firewall to protect not just Kevin but their entire customer base.

Common-sense controls for local database security August 3, 2009

Computerworld New Zealand

Computerworld explains common strategies to protect your database — including Imperva's database firewall.

Imperva Completes Strong Second Quarter - Grows Nearly 30 Percent July 30, 2009

PR Avenue

Despite a down economy, Imperva continues to grow.

Cloud computing massively increases risk of data loss July 29, 2009

mcsolutions.co.uk

Security is the top concern for IT professional looking at cloud computing. Imperva CTO Amichai Shulman explains why this concern is valid.

Network Solutions data security breach exposes a half-million credit card numbers July 27, 2009

Search Security

Network Solutions experienced a major breach. Imperva CTO Amichai Shulman analyzes the attack and its implications.

Network Solutions was PCI compliant before breach July 27 , 2009

SC Magazine

PCI isn't spelled CYA. Even though Network Solutions was PCI compliant, Imperva CTO Amichai Shulman explains that compliance doesn't always equal security.

Manufacturing Computer Solutions July 27 , 2009

TMC Net

The attraction of cloud computing will continue — but is it secure? Imperva CTO Amichai Shulman gives his perspectives on what security issues sit in the cloud.

Twitter suffers from hacking incident as documents are downloaded and published across the internet July 27, 2009

SC Magazine

Twitter represents a typical Web 2.0 technology — built quickly, popular and full of security holes. Imperva CTO Amichai Shulman explains why Twitter and the cloud computing paradigm will lead to more and more security headaches.

Oracle patches show a major database vulnerability July 17, 2009

SC Magazine

Oracle releases quarterly patches for its database and application software. And every quarter they release patches and more patches. Imperva CTO analyzes the patches as well as Oracle's security process.

Cyber Attacks Cost No More than $50K to Execute: Analyst July 17, 2009

TMC Net

How hard is to carry out a botnet attack? About the same cost as a mid-range Mercedes, explains Imperva CTO Amichai Shulman.

Cyber Attacks a Complicated Affair July 15, 2009

Daily NK

North Korea's reported attack against the US government was pretty cheap to execute, explains Imperva CTO Amichai Shulman.

Authorities close in on South Korea hackers July 14, 2009

v3.co.uk

Attacking the US government — everyone does it. But the methods change constantly and Imperva CTO Amichai Shulman provides an autopsy.

Celebs risk 'reputational damage' with weak passwords July 7, 2009

Security Watch

Baldness is the least of Britney Spears' problems. When a celebrity communicates with fans in the cyber world, explains Imperva CTO Amichai Shulman, security should be a high priority.

ClearPoint Metrics and Imperva Partner to Help CISOs, Auditors and Business Managers Accelerate Data Security, Compliance Initiatives June 30, 2009

Business Week

Imperva and ClearPoint integrate to help security executives gain unparalleled insight into security trends.

UK government to create Office of Cyber Security June 26, 2009

SC Magazine

Imperva CEO Shlomo Kramer comments on what the right profile should look like as the UK government tries to fill a vital cyber security post.

Hactivist DDoS Attacks In Iran Trigger Worries Of Wider 'Net Crackdown June 17, 2009

Dark Reading

Iranian citizens protesting the results of the presidential elections were aided by 'hactivists' outside the country trying to bring down government websites and services.

ISP hit by SQL attack to affect over 100000 websites June 16, 2009

SC Magazine

The only thing worse than a SQL injection is an automated SQL injection. Imperva CTO Amichai Shulman comments on automated SQL injection attacks focused on ISPs hosting thousands of websites.

Researchers Hack Web Application Firewalls May 13, 2009

Dark Reading

Mark Kraynak, vice president of marketing for Imperva, says Henrique and Gauci's research is not all that new, including their work on signature evasion, which Imperva has researched. "A lot of what they are saying is not new," he says. "Part of the founding premise of why you need a WAF versus a signature engine...is that you can evade a weak signature engine." Products that use only signatures -- without other features like normalization and encoding/decoding -- are not true WAFs, he says. "Signature-only WAFs are not going to do it," he says.

UC Berkley Says Hackers Breached Database May 11, 2009

Internetnews.com

Officials at the University of California at Berkeley on Friday began notifying students and the public that hackers had breached a healthcare database at the school, potentially gaining access to the personal information of up to 160,000 students dating back to 1999.

Administrators need specific database security tools, according to Brian Contos, chief security strategist for data security vendor Imperva. "You need purpose built tools designed specifically for securing sensitive data these days," Contos said in an e-mail to InternetNews.com. Trying to secure applications and databases with network-centric solutions is like bringing a knife to a gun fight."

Puerto Rico sites redirected in DNS attack April 27, 2009

CNET

An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on Sunday to sites that were defaced, according to security firm Imperva.

A group calling itself the "Peace Crew" claimed that they used a SQL injection attack to break into the Puerto Rico registrar's management system said Amichai Shulman, chief technology officer at Imperva. "We're seeing more and more of these DNS-related attacks and seeing them scale up," he added

Cloud security stokes concerns at RSA April 23, 2009

NetworkWorld

Two words — cloud security — dominated discussion and drove the action this week at RSA Conference 2009… Network services provider Savvis launched a Web application firewall service based on a choice of Imperva WAF appliances or virtual instances of its software that reside between the Internet and its network. Savvis said it thinks customers comfortable with its software-as-a-service offerings will also embrace cloud-based security.

Savvis Launches Web Firewall Service April 22, 2009

Dark Reading

Security service provider Savvis this week launched a new managed Web application firewall (WAF) service that runs on its Cloud Compute offering. The Savvis service, which is built around Imperva's SecureSphere product line, allows enterprises to get WAF hardware and maintenance without having to install or maintain it themselves. It lets enterprises detect and block malicious Web requests, combining a dynamic white list policy model with up-to-date application signatures and session tracking, the company says.

SecureSphere Earns Common Criteria Approval April 21, 2009

Web Host Industry Review

After thorough testing conducted by the Science Applications International Corporation, data security provider Imperva (www.imperva.com) has proven its web application firewall and database monitoring solution SecureSphere v6.0 has achieved Common Criteria Certification, a worldwide standard for assessing the reliability, quality, and trustworthiness of IT products.

The challenge of enterprise security April 17, 2009

OnWindows.com

Security continues to be a prominent challenge for enterprises – especially in the face of shrinking IT budgets. Many companies struggle to balance their business objectives with the need to protect and comply. OnWindows spoke with Douglas Leland, general manager of Microsoft's Identity and Security Business Group, to find out how the company intends to face such challenges.

Today we are also announcing a broad group of companies supporting and extending the capabilities of Forefront Stirling including Brocade, Guardium, Imperva, Juniper Networks, Kaspersky, Q1 Labs, StillSecure, Sourcefire, Tipping Point and RSA.

Microsoft Partners with Network Security Vendors for "Stirling" April 16, 2009

Dark Reading

The Forefront Stirling security suite basically integrates the security of desktops, servers, applications, and network devices with a common interface that lets each Forefront security product under Microsoft's Stirling line -- Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Forefront Threat Management -- share and use security information with one another to automatically mediate threats. The new Stirling partner ecosystem extends that capability to partners' security tools, as well.

Oracle patches for high-security flaws April 15, 2009

SC Magazine

"The products affected include the Oracle Database, Application Server, E-Business Suite, PeopleSoft and JD Edwards Suite, as well as its BEA Products Suite. Of the database vulnerabilities, most of them were SQL injection vulnerabilities," Amichai Shulman, CTO of security firm Imperva, told SCMagazineUS.com on Wednesday. "A couple were related to the underlying network protocols."

Imperva adds risk management tool to its database protection April 10, 2009

Network World

The new SecureSphere Discovery and Assessment Server finds all database servers in the network, classifies data according to its sensitivity as defined by the customer and points out vulnerabilities on the servers involved. This automated process saves time over doing it manually so customers can take quicker action to better protect that data found to be at risk. The assessment results detail the vulnerabilities found, such as unpatched systems or default passwords that have been left unchanged. Imperva competes against Guardian and Lumigent Technologies among other vendors.

Imperva integriert Risikoeinschätzung für Datenbanken und Daten (German) April 8, 2009

Computerwoche

Imperva hat seine erste integrierte Risk-Management-Plattform vorgestellt, die als Teil seiner Lösung SecureSphere 7 Datenbanken, Daten und darauf zugreifende Applikationen absichern soll. Sie soll die Bewertung von Risiken sowie deren Visualisierung für Datenbanken und Daten ermöglichen.

Imperva assigns security risk levels to databases April 6, 2009

Information Security

Database security vendor Imperva Inc. is adding automated risk scoring and visualization of databases to its activity monitoring platform in an update that industry analysts say would be welcomed by companies seeking ways to get a better handle on data located in multiple systems.

Imperva revamps product offering and introduces integrated risk management platform April 6, 2009

SC Magazine

Imperva has launched an integrated risk management platform and has revamped its database gateway offering. The new capabilities are part of version seven of SecureSphere, and combine risk scoring and visualisation for databases and data. Also introduced into the range is the Discovery and Assessment Server automated solution that identifies sensitive data and vulnerabilities in databases.

VeriSign launches web application firewall management service March 30, 2009

CBR Security

VeriSign Enterprise Security Services has launched its web application firewall management service, enabled through a strategic agreement with Imperva, a provider of application and database security technology. VeriSign said that the service enables it to provide customers worldwide with a premium service that includes deployment, management and monitoring of the SecureSphere web application firewall.

Is Your Information Really Safe? March 20, 2009

Baseline

Organizations need a way to monitor who has access to information stored in databases and what these employees do with the data. Many enterprises are using database monitoring and security tools to accomplish this task. We have some legacy applications [for which], because of performance reasons, the actual database logs were not turned on," says McPhedran of Aegon. The company uses a product called Imperva SecureSphere to monitor database activity, look for anomalies in use patterns and flag flagrant policy violations.

Imperva Enhances Database Activity Monitoring with Analytics to Piece Together Security and Audit Risks March 18, 2009

Enterprise Systems Journal

Imperva has announced a new version of its SecureSphere database activity monitoring (DAM) solution that adds analytics intelligence to automate forensic and audit investigations. SecureSphere now provides near real time multidimensional views of audit data, collects native audit logs from new platforms, and bridges the gap between obscure SAP audit data trails and their associated business transactions. To back up its claim that SecureSphere is the best DAM solution on the market, the company is offering qualified organizations a $1,000 money-back guarantee if they evaluate the product for 30 days and do not come to the same conclusion.

Scuba - Cross-platform Database Assessment Tool March 16, 2009

PenTestIT

Scuba is a Database Vulnerability Scanner... that scans Oracle, DB2, MS-SQL, and Sybase databases for known vulnerabilities and configuration flaws. Based on its data security assessment results, Scuba creates clear, informative reports with detailed test descriptions.

Imperva bietet Schutz und Auditing für IBM-Mainframe-Datenbanken (German) March 12, 2009

LANLine

Imperva stellt das Securesphere Database Gateway für z/OS (DGZ) vor. Securesphere DGZ bietet Monitoring, Auditing und Schutz für DB2-Datenbanken auf z/OS-Mainframes. Das Produkt überwacht lokale und netzwerkbasierte Aktivitäten von privilegierten und nicht-privilegierten Anwendern sowie Applikationen, um Datenverluste und Betrugsversuche zu verhindern. Es dienst außerdem zur automatischen Erstellung von Compliance-Berichten.

Most Oracle database shops don't mandate use of security patches, survey says February 26, 2009

Computerworld

Amichai Shulman, chief technology officer at database security vendor Imperva Inc. in Redwood Shores, Calif., also expressed surprise about the lack of Oracle patching policies at some companies. "It's one thing to have a policy saying you don't have to patch each and every database," he noted. "It's a different thing to have no policy at all."

Imperva Releases DB2 Security and Auditing Product February 26, 2009

Enterprise Systems

Imperva recently released a new product designed to help administrators protect and audit IBM DB2 databases that run on z/OS. SecureSphere DGZ checks all traffic coming from and going to the DB2 database for malicious activity. It monitors and audits network-based activity such as queries and application responses. Meanwhile, all local activity (from administrators and privileged users) is inspected by the native IBM Audit Management Expert tool.

New tech start-ups can rise from the economy's ashes February 17, 20009

USA TODAY

Tech firms with services that help corporations reduce operational costs, such as videoconferencing and clean tech, are in vogue. Cisco, for example, says it will save $400 million this year in travel expenses through its use of videoconferencing.

Computer-security firm Imperva, which monitors the digital traffic in and out of a company's database to prevent breaches, landed a contract with SuccessFactors, a software service for human resources departments, last week. Imperva's customers include 62 of the Fortune 1,000 — half of which joined in the last year.

SuccessFactors deploys Imperva's SecureSphere to protect HR data February 10, 2009

TMCnews

SuccessFactors, a provider of on-demand performance and talent management solutions, has deployed Imperva's SecureSphere to protect its software as a service application and human resources or HR data it processes.

Database security: Protecting the crown jewels February 5, 2009

SC Magazine

Universities, banks, SMBs and large brands alike are waking up to the fact that their databases are no longer safe inside their perimeter firewalls, intrusion prevention systems and other edge protections.

Database security awareness has reached the point where some sort of database logging and auditing now occurs at 83 percent of organizations, based on a survey of 260 IT professionals sponsored by encryption vendor, Vormetric, released in October.

Monster Breach Shows Security Needs Rethinking January 28, 2009

InternetNews

For some security experts, the recent data breach at job site Monster.com comes as no surprise, and they say enterprises need to reconsider their approach to security.

"When most organizations talk about security, they're talking about network security, which is five years out of date," Brian Contos, chief security strategist at database and Web application security vendor Imperva, told InternetNews.com. "Attackers are focusing on data, not the technology."

Imperva Names Chief Security Strategist January 21, 2009

Web Host Industry Review

Application data security provider Imperva (www.imperva.com) announced on Tuesday that it has appointed Brian Contos as its chief security strategist.

Imperva's announcement describes Contos as "a noted information security speaker and author with over a decade of experience." He previously worked as chief security officer at ArcSight (www.arcsight.com), a provider of security and compliance management solutions. At ArcSight, Contos advised government organizations on security strategy, and helped position the company for a successful 2008 IPO.

Vendors Tie Database Monitoring, Security Event Management January 14, 2009

eWeek

More and more vendors are tying together database activity monitoring and security information management, a move that could benefit enterprise data protection efforts. Imperva and ArcSight announced interoperability between their products in December 2008.

Oracle patches dangerous WebLogic, Secure Backup vulnerabilities January 14, 2009

Information Security

Amichai Shulman, chief technology officer of database and application security and reporting and audit vendor at Imperva Inc., said the BEA WebLogic Server is at a greater threat to attack since it is perimeter facing.

"[Oracle] will continue to have their hands full with this product because I think that this is a matter of a culture of releasing vulnerabilities in Web servers before a vendor can respond," Shulman said. "I think during a certain period of time some people at WebLogic were not as responsive to security issues and some researchers grew frustrated."

Oracle Releases Critical Patch Update with 41 Fixes January 13, 2009

eWeek

Amichai Shulman, CTO of Imperva, said the lack of technical details provided by Oracle — particularly for the vulnerabilities rated 10 — makes it difficult for customers to assess their exposure.

"What we know is the vulnerabilities rated 10 for Secure Backup are important because they allow an attacker to take control of the databases being backed up," Shulman said. "Also, the WebLogic vulnerability rated 10 allows an attacker to take over a Web application without authentication. These are both serious flaws."

False Intrusion Alerts Cost Time, Money December 17, 2008

InternetNews

With data breaches hitting the headlines regularly and reports that regulatory compliance will be tightened up considerably in 2009, monitoring database activity to maintain security is becoming more important than ever. However, most monitoring tools give rise to false positives, costing companies time and money as IT chases down these false alerts.

Imperva uses a technology called Dynamic Profiling in its SecureSphere that uses the behavioral approach which it has had for about six years, Vice President of Marketing Mark Kraynak told InternetNews.com.

Fear the database admin, says security report December 15, 2008

Techworld

One of the best ways to improve database security is to carefully monitor the very people entrusted to manage them, database administrators (DBAs), a report has concluded. Perhaps not surprisingly, the Aberdeen Group study of 120 mostly large companies around the globe found a correlation between adopting a range of database security practices and frequency of data breaches.

"This Aberdeen report establishes and quantifies the risk organisations are taking by not monitoring the actions of privileged insiders, as well as the payback for companies that implement database activity monitoring," said Mark Kraynak of database security company, Imperva, one of the report's three co-sponsors.

Mature Imperva opts for two tiers November 27, 2008

CRN

Application data security vendor Imperva has moved to a two-tier model across Europe after claiming it has reached a "maturation phase" in its development.

Roland Hamann, channel director at Imperva, said the change in model was necessary to cope with increased end-user demand. "When we started we had to find opportunities. Now the opportunities are coming to us," he said. "The need for compliance is growing."

Rob Swainson, managing director of Imperva partner Blue Cube, said: "This is a good indication that the market has grown and that we have backed the right horse. And Exclusive seems keen and hungry."

Web 2.0 Security: Getting Collaborative Peace of Mind November 26, 2008

CIO Today

Imperva stresses the importance of having security measures in place on the server side when explaining its security solutions to customers. "What we talk to customers about is the need to apply security on the server side because that's where you have control," says Mark Kraynak, Imperva's director of strategic marketing. Still, with this approach, the goal is to prevent future problems. "We can show how the applications are working and we use the model to prevent attacks," explains Kraynak. Imperva's SecureSphere monitors the activity in its customers' applications and databases to prevent vulnerabilities. By using dynamic profiling, Imperva creates profiles of applications and databases, so changes and possible malicious activity can be more easily noticed.

Security Analyst Warns of 'Google Hacking' October 27, 2008

Macworld

"In 2004, this was science fiction," Amichai Shulman said. "In 2008, this is a painful reality."

Google and other search engines are taking steps to stop the abuse. For example, Google has stopped certain kinds of searches that could yield a trove of Social Security numbers in a single swoop. It also puts limits on the number of search requests sent per minute, which can slow down mass searches for vulnerable Web sites.

Google hacking increasingly effective October 27, 2008

SC Magazine UK

Google is the search engine of choice for both consumers and hackers, according to infosec experts.

Amichai Shulman, co-founder and CTO, Imperva, said: "Google can be used as an extremely powerful automated attack tool, and attacks that in 2004 were science fiction are now painful facts."

"Unfortunately, although we have seen attacks using Google increase massively since January this year, their effectiveness shows no signs of dropping."

Security Analyst Warns of 'Google Hacking' October 27, 2008

CIO Today

Even with rising awareness about data security, it takes all of a few seconds to pluck Social Security numbers from Web sites using targeted search terms, said Amichai Shulman, founder and chief technology officer for database and application security company Imperva.

The fact that Social Security numbers are even on the Web is a human error; the information should never be published in the first place. But hackers are using Google in more sophisticated ways to automate attacks against Web sites, Shulman said.

Microsoft releases Windows patch to stop worm attack October 23, 2008

Information Security

Microsoft issued an emergency patch to repair a critical Windows server service vulnerability that leaves Windows systems dangerously open to attack. The software maker also said it had to act quickly because it was aware of targeted attacks affecting Windows users.

Security experts said the flaw is probably contained within the Server Message Block protocol, an area that handles file sharing, printer sharing and remote administration. It's a very basic networking component of all versions of Windows server," said Amichai Shulman founder of database security vendor Imperva Inc.

Oracle issues 36 patches, but is anyone applying them? October 15, 2008

Computerworld

The latest update is smaller than most of Oracle's typical quarterly updates and appears to present less serious threats than usual, said Amichai Shulman, chief technology officer at database security firm Imperva Inc., which discovered two of the vulnerabilities that were patched this week. But what continues to be surprising is that some of the patches appear to be addressing issues for which patches had been issued previously, he said.

Exposing 30 million IDs is a good reason for web application defense October 13, 2008

Network World

I had conversations lately with three CEO's of web application defense companies: Doug Camplejohn of MI5Networks, Nir Zuk of Palo Alto Networks, and Shlomo Kramer of Imperva. All of them are industry veterans and all of them are developing products to address the inability of standard network security gear to address web application attacks.

One truism in exposing web applications is that stuff happens. No matter how well you analyze your code, test your applications, and scan on a regular basis you can still have mis-configurations that expose critical data. Of the three I talked to Imperva's products are the best suited for addressing this kind of issue. Usually deployed inline, Imperva's web application firewall can detect and block the activity needed to grab a database such as in DT's recent blunder.

Tiered scheme aims to boost Imperva ranks October 13, 2008

CRN

Application data security vendor Imperva has launched its first tiered channel programme to swell its mid-market presence. Under the new PartnerSphere programme, Associate partners are required to have two certified sales staff, while higher-level Premier partners need two certified sales and four certified technical staff.

Mark Kraynak, vice president of global marketing, said more mid-market firms are moving to protect themselves from data breaches and comply with Payment Card Industry regulations. The vendor has just launched SecureSphere Standard Edition, its first product for mid-market firms. "We were seeing traction in the mid-market and needed a product specifically designed for that," said Kraynak. "There will be a new set of partners focused on the mid-market that will start at Associate level."

Security vendors are showing movement! October 8, 2008

Computerworld

Imperva is bringing its end -to-end application security (web servers and databases) down to mid-tier enterprises. This is one case where Gartner got it all wrong - they tried to artificially create a database auditing market category based on dubious requirements. Of course, database auditing belongs to the database vendors which explain why IPlocks is gone, Symantec is out of the business, AppSec and Tizor have new CEOs, and I only see Guardium making money on the golf course. The ability to audit the entire transaction path, from the user to the very back end, is important and is what I recommend IT looks for.

Imperva Makes Web Application Protection Accessible to Mid Market Enterprises October 7, 2008

Network Computing

Imperva recently announced the release of SecureSphere Standard Edition (SE), a new model of its multi award-winning SecureSphere Web Application Firewall (WAF) that is tailored to meet the requirements of mid-market enterprises. SecureSphere SE provides the automated protection and transparent inspection capabilities of its larger siblings in a form factor geared to mid size datacentres.

Imperva tailors Web app firewall for midsize business October 6, 2008

New York Times

Imperva is introducing a scaled-down version of its Web application firewall designed for quick installation in midsize businesses. SecureSphere Standard Edition is a trimmed-back iteration of its Secure Sphere Enterprise Edition that has a simplified graphical user interface and revised documentation. It is designed for businesses that don't have full-time IT security staff and few IT staff in general, the company says.

The platform's support package comes with two hours of Webex consultation with Imperva engineers to help configure the gear, which is the amount of time the company says most small businesses need to get it up and running. Imperva says that because the device is not proxy based, it can be installed in front of Web servers without requiring any network configuration changes, again playing to short-staffed IT departments in businesses with 250 to 1,000 employees. The product's Dynamic Profiling automatically monitors Web application behavior for two to five days and recommends security policies to protect it, requiring less staff expertise in application security.

Imperva Brings WAF to Mid-Market October 6, 2008

Dark Reading

According to Gartner, adoption of WAFs among mid-market enterprises is accelerating, "Smaller enterprises — which typically do not have ADCs (Application Delivery Controllers) — and enterprises whose security organizations are not willing to depend on the security functionality included in network operational equipment represent the second-most-important growth area for WAFs, after enterprises with PCI compliance requirements."

Imperva tailors Web app firewall for midsize business October 6, 2008

Network World

Imperva says that because the device is not proxy based, it can be installed in front of Web servers without requiring any network configuration changes, again playing to short-staffed IT departments in businesses with 250 to 1,000 employees. The product's Dynamic Profiling automatically monitors Web application behavior for two to five days and recommends security policies to protect it, requiring less staff expertise in application security.

Imperva names CFO September 8, 2008

Silicon Valley Business Journal

Application data security company Imperva Inc. on Monday named Aviv Boim chief financial officer and general manager for Israel. Redwood City-based Imperva said Boim has "a wealth of experience in high technology finance, public offerings, operations, and mergers and acquisitions." He was formerly CFO of Israel-based Orckit Communications Ltd., a provider of carrier network equipment. He also led Tikcro Technologies Ltd., a technology investment company, in the selection and negotiation of venture capital funding. In addition, Boim was an investment banker with BT Alex Brown's technology group in London, where he managed initial public offerings, as well as mergers and acquisitions.

Japan's Fuji Television Network Selects Imperva for Database Monitoring and J-SOX Compliance September 7, 2008

Compliance Home

"In comparison with alternative solutions, SecureSphere was the only product that enabled us to monitor and audit database activity without impacting our existing infrastructure," said Satoshi Morimoto, Manager of Information Security for Fuji Television Network. "SecureSphere provides us with full details on database queries and responses, and allows us to easily meet J-SOX requirements. We were also impressed with SecureSphere's ease of deployment and support services."

New PCI Security Standards: Lock It Down, Lock It Tight September 2, 2008

E-Commerce Times

New PCI regulations are just around the corner, and retailers dealing with credit cards will need to tighten up their standards in order to comply…"The new version is making me trust the PCI standards more. It started as an actual deployment created by the industry for the industry. It is now very straightforward," said Amichia Shulman, CTO of Imperva.

Fuji Television Network Selects Imperva for database monitoring August 27, 2008

Computer Business Review

Imperva, a provider of application data security solutions, has announced that Fuji Television Network, a Japanese television broadcasting company, has selected its SecureSphere Database Monitoring Gateways to meet compliance requirements mandated by Japanese Financial Instruments and Exchange Law.

Crossbeam Systems Certifies Imperva SecureSphere on its Next Generation Security Platform August 12, 2008

ComplianceHome.com

Crossbeam Systems announced that it has certified Imperva's SecureSphere 6.0 to run on the X-Series Next Generation Security Platform through the iBeam ISV Certification Program. Deployed on the Crossbeam chassis, SecureSphere's market-leading application data security solution will help enterprises and carriers protect their Web applications and databases from attack, as well as enable companies to comply with a wide variety of regulatory initiatives.

Yes, monitor your web apps too August 12, 2008

Security Incite

So what? - I thought this new capability on Imperva's web application firewall to monitor the malicious inputs (amongst other things) and help provide actionable reports to developers as fascinating. You all know I'm a big fan of monitoring, and all other things being equal, I'll choose to monitor not just the network - but the servers, databases, and apps as well. As helpful as the monitoring info is to REACT FASTER, it would be great if you didn't actually have to react every time.

Imperva WAM automates the discovery of application vulnerabilities in production systems August 5, 2008

Bank Security

"Because they monitor web traffic and detect attacks, Web Application Firewalls should help developers find and fix flaws in production code. But in reality, the process is too tedious and costly," said Andrew Jaquith, program manager in Yankee Group's Enabling Technologies Enterprise group. "In contrast, Imperva's Web Activity Monitoring solution feeds alerts and reports to both security and development teams, closing the loop between security operations and application developers."

Imperva WAM automates the discovery of application vulnerabilities in production systems August 5, 2008

SecurityPark.net

"Historically, Web Application Firewalls have focused on reducing threats to online applications, while code review and vulnerability scanning technologies have focused on discovering vulnerabilities," said Amichai Shulman, CTO of Imperva. "With Web Activity Monitoring, SecureSphere closes this gap by blocking malicious inputs and capturing detailed information on how applications respond to live queries, which allows developers to fix code level security holes."

Database security: Limiting access is key August 4, 2008

SearchCIO-Midmarket

As options have increased for midmarket companies to house their data, so, too, have options for securing their databases and data stores. Once the preserve of only large companies, a range of data storage options are now available and within reach of companies of all sizes…SecureSphere Database Security Gateway from Imperva Inc. is another leading product for monitoring access to databases. SecureSphere is part of a suite from Imperva that also includes its well-known Web application firewall, a natural fit since websites and applications are frequently sources of malicious access to databases. SecureSphere works through user profiling and vulnerability assessments of databases.

Konvergenz von Security und Compliance (German) August 1, 2008

IT-Sicherheit

Die Aufgabenstellungen hinsichtlich Sicherheit und Compliance werden die IT-Landschaft so lange dominieren wie sensitive Daten über Kunden, Mitarbeiter, Patienten und Finanztransaktionen ausgetauscht oder gespeichert werden. In der Vergangenheit haben sich die Sicherheitsteams mit dem Schutz der Daten beschäftigt und die Compliance-Verantwortlichen sich auf die Kontrolle der Nutzung fokussiert. Allerdings sind beide Disziplinen in der Praxis zwei Seiten der selben Medaille. Richtlinien und Vorschriften unterstützen weltweit diese Sichtweise und verlangen, dass Sicherheits- und Compliance-Bereiche zusammenarbeiten.

Go Daddy Picks Imperva WAF July 28, 2008

Dark Reading

"Our Quick Shopping Cart product generated more than 55 million dollars for our customers last year alone. There's no sign of slowing - in fact, online spending is predicted to grow by more than 17% in the next year according to Forrester Research. We understand the need of top level security for our customers and ourselves," said GoDaddy.com CEO and Founder Bob Parsons. "We chose Imperva SecureSphere because we believe they are the very best. Protecting our customers and keeping the Internet safe is a top priority at Go Daddy"

Imperva Extends Compliance Solution to PeopleSoft July 17, 2008

Enterprise Systems

"Given the complexities associated with the PeopleSoft environment, IT departments often struggle to secure these applications and meet compliance requirements," said Amichai Shulman, Imperva's CTO and the head of Imperva ADC. "The PeopleSoft Insights module combines packaged intelligence and reporting tools that eliminate the guesswork associated with protecting, monitoring and auditing PeopleSoft applications and data."

Oracle Troubled by Web Component Security July 16, 2008

SecurityProNews

Not only were previous versions of Oracle's signature database impacted by recently discovered vulnerabilities, but the latest version of their product, 11g, also contained flaws addressed in the newest patch updates released by Oracle. Imperva CTO Amichai Shulman told SecurityProNews his first look at Oracle's updates noted that disturbing revelation. Along its Internet-facing products, many web components required fixes for the usual threats like code injection or buffer overflows.


Oracle Patches 45 Vulnerabilities July 16, 2008

internetnews.com

Oracle (NASDAQ: ORCL) is out with its latest critical patch update (CPU), this time providing fixes for 45 security vulnerabilities spanning the Oracle product portfolio..."The three most notable elements of this CPU are Oracle's decision to use CVE codes for vulnerability naming and that nine out 10 Database vulnerabilities apply not only to older versions of Oracle database server but also to the newest version Oracle 11G," Amichai Shulman, CTO of database security firm Imperva told InternetNews.com. "And finally two of the database vulnerabilities are in the Oracle authentication mechanism," he added.


Imperva Highlights EMEA Momentum July 7, 2008

ChannelEMEA

Application data security solutions Imperva has revealed significant progress in the development of its EMEA operation and channels-to-market. Imperva has strengthened its sales and channel support teams in the UK, France, Germany, Italy and the Netherlands to complement its EMEA headquarters in Israel. Imperva now has more than 180 enterprise customers across the EMEA theatre.


Merchants Cope with PCI Compliance June 30, 2008

Internet.com

"After you've examined your systems, assessed them and bought the necessary technological solutions, make sure you have processes in place to deal with security gaps and breaches," Mark Kraynak, senior director of strategic marketing at Imperva, told InternetNews.com.


Imperva Announces Web Application Security Solution June 20, 2008

Computer Technology Review

Imperva has announced the industry's first closed loop solution for managing the Web application security lifecycle on production systems. The Imperva SecureSphere Web Application Firewall (WAF), through bi-directional integration with vulnerability scanning tools from Cenzic, HP, IBM, and NT Objectives, addresses application security from quality assurance/testing into production.


DM Radio Interview: Mark Kraynak May 30, 2008

DM Review

How can enterprises unify frameworks for security and determine proper roles and responsibilities?In this episode of DM Radio, several industry experts expound on the subject, including: Phillip Villella, Ph.D., Chief Scientist & Founder of LogRhythm; Mark Kraynak, Senior Director for Imperva; and Mike Jerbic, Principal Consultant for Trusted Systems Consulting.


Imperva Joins Global Security Alliance May 28, 2008

Compliance Home

Imperva has announced that it has joined the Global Security Alliance, a platform formed by SAP for information and knowledge exchange that comprises leading providers of security and risk management offerings.

Interview: Shlomo Kramer May 28, 2008

SC

The serial company founder and SC's CEO of the Year tells Paul Fisher why he knew all along that data-centric security was the future.


SAP Certifies Imperva for Web Security May 21, 2008

Dark Reading

The SAP Integration and Certification Center has certified that SecureSphere meets certification criteria under the category of Network Security for enterprise service-oriented architecture solutions...

RSA Conference White Paper Outlines Security Trends May 18, 2008

eChannel Line

It was no surprise that some of the most interesting small companies at the show -- Imperva, LogLogic, Secerno, Intellitactics and Splunk -- are all, in one way or another, doing interesting things with data protection and log management...

How To Protect A Company's Data May 14, 2008

Forbes

A lesser-known but equally data-centric segment of the security industry involves monitoring the activity that happens around databases and major applications. That kind of monitoring, contends Imperva spokesman Mark Kraynak, could have prevented Société Générale's Jerome Kerviel from hiding his secret trades, or Enron's accountants from sneaking adjustments into their financial numbers in the company's database.

Two Sides of the Same Coin: The Convergence of Security and Compliance May 5, 2008

eCommerce Times

By Shlomo Kramer
Security and compliance issues will continue to dominate IT initiatives as long as valuable data on customers, employees, patients and business financials is exchanged and stored.

Israel well placed to mount defence strategy May 2, 2008

IT Week

Kramer left Check Point to found application and database security supplier, Imperva, and has contributed to the funding of startups such as Trusteer, which creates solutions to protect online consumers against cyber threats. “There are a lot of experienced people in this market who know how to make a successful business,” Kramer said.

The Art of Data Management Compliance, Part 1: Keeping Pace April 26, 2008

eCommerce Times

"Broadly, the regulating organizations are getting more and more serious and previously unregulated geographies are becoming regulated," Mark Kraynak, senior director of strategic marketing for Imperva

Defend Critical Applications Against Attack April 23, 2008

Dm Review

The Imperva SecureSphere Web Application Firewall has successfully satisfied all certification criteria to achieve the ICSA Labs' Web Application Firewall (WAF) Certification. "The Imperva SecureSphere appliance has the ability to handle many complex attack scenarios," said George Japak, managing director, ICSA Labs.

PCI's False Dilemma: Code Review or Application Firewall? April 23, 2008

ESJ

For organizations attempting to secure their Web applications to meet compliance standards, PCI regulations present a choice of two options: Perform a code review or install a WAF. This, however, is a false choice. The best course of action is to do both.

PDF Download Article

Shlomo Kramer: PCI Lessons from America (French) April 8, 2008

ESJ

Shlomo Kramer talks about what the French market can expect regarding PCI enforcement based on experience with Imperva customers in the United States.

Imperva Prevents Fraud by Monitoring Database Changes March 12, 2008

ESJ

"Several regulations, such as Sarbanes-Oxley, mandate change controls for financial information; unauthorized changes can lead to forensic investigations to uncover what data changed and restore the original values. SecureSphere’s Track Value Changes feature monitors and audits the values of a specific record or a subset of table rows noting values before and after changes are made."

Software Finds Any Manipulation in Databases (German) March 11, 2008

ESJ

The security problems of the French bank Société Général have produced some headlines recently. The SecureSphere security solution of Imperva is designed to detect malicious activities of company insiders. This may have helped to avoid the illegal manipulations.

Tracking Row-Level Changes in the Database March 10, 2008

ISM

"Imperva has added new technology into its SecureSphere product to track value changes in the database that violate compliance policies."

Core of the Matter March 7, 2008

ISM

No longer can security managers focus only on perimeter and host security. The application has become the prime target for hackers. We review six leading Web application firewalls that help deliver your critical apps securely. Imperva is the closest thing to a silver bullet for application security, based on its combination of adaptive learning and other techniques.

Database Security March 7, 2008

ISM

Imperva's SecureSphere Database Security Gateway offers a unique combination of automated monitoring and proactive auditing for protecting your databases. SecureSphere is an impressive enterprise-ready product for large organizations.

New VMware VMsafe(TM) Technology Allows the Virtual Datacenter to be More Secure Than Physical Environments February 27, 2008

CNN MONEY

"Application data security and compliance is a key area of concern for Imperva customers,” said Rohit Gupta, vice president of business development for Imperva. “Partnering with VMware will allow Imperva to continue to deliver flexible solutions that provide full visibility and granular control of application and data usage in virtualized environments.”

Chicken, Egg or Omelette? February 25, 2008

GCN

Now that compliance and security seem inexorably linked, the benefits of one solution over another are no longer just how much it can save your customers’ time, and your customers’ money. Now it’s about saving your customers’ neck. Resellers need to demystify the convergence of security and compliance, and explore winning strategies that will enable them capitalise on a market worth hundreds of millions of pounds.

Google-hacking made easy February 25, 2008

GCN

“Tools like this scanner are a wake-up call for application owners,” Shulman said. “And that is a good thing. The issue of data leakage into search engines is a big issue.”  The Cult of the Dead Cow has said much of its research in this area has been against government servers where it has been able to turn up sensitive information that has been unwittingly exposed. "With a lot of script kiddies having this tool, I think the government can expect a rough period of headlines,” Shulman said.

Hacker Group Releases New Google Vulnerability Scanner February 22, 2008

Channel Web

"I think (Goolag scanner) should be a wakeup call for application owners and what they are doing with respect to search engines and their application security," said Shulman. "It just emphasizes an existing trend that application owners should pay attention to."

Data security, compliance needs "holistic approach" February 21, 2008

SC Magazine

I feel very strongly that a new layer of visibility and security is needed in addition to the network and infrastructure layers commonly in place in today's organizations.
– Shlomo Kramer, President and CEO, Imperva

Israel is Seen as a Main Research Base in High-Tech Industry and in Particular Security (French) February 12, 2008

ISM

Israel is a melting pot for highly skilled engineers, which makes the solutions they generate among the most relevant in the world.  The small size of the Israeli market means that indigenous companies have to commit outreach to international markets. In that way, companies share their knowledge to increase quickly their turnover like the ‘serial businessman’  Shlomo Kramer  who has founded Checkpoint and then Imperva, the leader in ‘database protection’.

PDF Download Article (French)

Protection Through Data Governance February 1, 2008

Processor

As the name implies, data governance can be a difficult proposition for companies that do not have the resources to monitor and control the flow of data. It's a bit like trying to govern a small country: It's obviously important to protect your borders, police your citizens, and establish clear laws over how the country operates, but enforcing and monitoring those laws can be difficult.

Imperva achieves RSA Secured Partner Program certification January 25, 2008

Computer Technology Review

Imperva Inc., a provider of application data security and compliance, announced that it has achieved certified interoperability with RSA Access Manager software from RSA Security Inc., the security division of EMC Corp. This partnership is designed to enable joint customers to deploy a layered web security infrastructure that provides interoperable application protection with user access control.

Oracle patches serious holes with latest CPU January 17, 2008

Search Security

The focus of this particular CPU should be on client side vulnerabilities, Shulman said. Five of the application server vulnerabilities may be remotely exploitable without authentication.

10 Database Security Tips For Smaller Businesses January 14, 2008

Don't let databases fool you. Sure, their names may sound stately (Oracle, Ingres) or innocent (MySQL, SQL Server, Sleepycat). Yet no database, just out of the box, is secure. In addition, because databases concentrate so much potentially lucrative information in one place, they're prime targets. While storing sensitive or regulated information puts any company at risk, smaller businesses may have more to lose.

Is your Database Secure? (French) January 10, 2008

ISM

With the Internet becoming increasingly critical for businesses, databases are more and more exposed. This has placed the spotlight firmly on the need to be prevent external and internal attacks but at the same time ensuring an audit trail can be established.

Web 2.0: Opportunities & Risks (French) January 8, 2008

banque_informatique.jpg

According to a Forrester survey, Web 2.0 is increasing risks for enterprises. Banks are, in particular, seen to be under-prepared for Web 2.0 technology, and Forrester suggests that changes need to be made to their security policies. Comment from Shlomo Kramer highlights the need for data protection.

PDF Download Article (French) Back to Top

Tech Insight: Database Activity Monitoring January 4, 2008

If you weren't concerned about unauthorized database access before, maybe now you should give a DAM.


Imperva Partners with RSA (French) January 1, 2008

lesnouvelles.jpg

Imperva joined RSA Secured program. SecureSphere and RSA Acess Manager will be interoperable allowing IT security team to access user login credentials from RSA Access Manager.

  • MarketLive deploys Imperva to achieve high level of PCI DSS certification
    Imperva Inc., a provider of application data security and compliance, announced recently that MarketLive Inc., a provider of global e-commerce solution for retailers, has achieved the highest-level Payment Card Industry (PCI) Data Security Standard (DSS) compliance using the SecureSphere Web Application Firewall (WAF), Imperva said.
    Computer Technology Review, December 28, 2007
  • Independent Research Firm Names Imperva a Leader in Enterprise Database Auditing and Real-Time Protection Market
    Report Finds SecureSphere is Best Suited to Large Scale Deployments and Real-Time Protection
    October 29, 2007
  • Imperva SecureSphere Wins Editor's Choice Award from InformationWeek Magazine for Database Extrusion Prevention Systems
    SecureSphere Outperforms Guardium, Crossroads, RippleTech, and Pyn Logic in Comprehensive, Six Month Evaluation
    September 25, 2007
  • Imperva Named Top 100 Company by Red Herring
    Data Security Vendor Recognized for Leading the Next Wave of Innovation
    May 2, 2007
  • Oracle releases 36 patches
    The update included 13 patches for the popular Oracle Database, with the most severe vulnerability rating a seven out of 10. Three of the database flaws &ndash the most serious ones &ndash may be remotely exploitable without user authentication. Amichai Shulman, Imperva's CTO, was interviewed on Oracle's release of 36 patches. He commends Oracle for its efforts to address security issues in the database code and suggests that enterprises perform a database security assessment before applying the patches and deploy an additional layer of security in front of the database servers for increased protection.
    SCMagazine.com. April 17, 2007
  • Understand and Defend Against Web 2.0 Security Threats
    "Web 2.0 technologies such as AJAX, RSS, and client-side JavaScript libraries allow enterprises to build more responsive, immersive and collaborative applications. Although many of the technologies are not new, the threat model for Web 2.0 is not yet fully understood by developers," said Andrew Jaquith, Senior Analyst at Yankee Group. "Imperva is taking a leadership role by educating organizations about the risks associated with Web 2.0 applications, and by offering mitigation techniques."
    SecurityPark.net. March 9, 2007
  • Q&A: What to Do About Web 2(.0)
    In an exclusive interview, Imperva co-founder talks Web 2.0 security risks, protection strategies, and how end-user education is a waste of time
    darkReading.com, March 6, 2007
  • Database security undermined by protocol loopholes, lax defenses
    "A security expert is warning database administrators about a continued loophole in database communication protocols that would allow an attacker to bypass access controls and gain access to critical files..."
    SearchSecurity.com. March 6, 2007
  • Q&A: What to Do About Web 2(.0)
    Everyone's talking about Web 2.0 security. But what can you really do about it? In an exclusive interview, Amichai Shulman, co-founder and CTO of Imperva and one of the Web's most widely-recognized security researchers, spoke with Dark Reading senior editor Kelly Jackson Higgins about the emerging risks in Web 2.0, and how organizations can protect themselves.
    DarkReading.com. March 6, 2007
  • The NWC Interview: Imperva's Shlomo Kramer
    Network Computing Interview with Shlomo Kramer on database and Web application security. For more in-depth information, listen to the Podcast of the interview here.
    NetworkComputing.com. March 5, 2007
  • Imperva releases freeware database vulnerability scanner
    Security in Production databases often gets overlooked because the security staff is so caught up in making sure the operating system is patched that database security falls to the wasteland. Secure databases are just as important as secure operating systems. Databases contain very sensitive information such as social security numbers, credit cards, and financials. If this data is compromised, it could spell disaster for your corporate image.
    DatabaseJournal.com. February 28, 2007
  • A Free Database Scanner
    If you're worried about the security of your database - but can't afford a full-blown vulnerability assessment right now - you're in luck. Imperva is now offering a free database vulnerability scanner...One of the first beta testers of the scanner is Accor, which owns Club Med, Motel 6, Red Roof Inn, and Sofitel. The company is evaluating the product as a potential tool for determining its Oracle and SQL databases' compliance with the retail industry's PCI standards. ...Jaimin Shah, a security engineer with Accor says, "The tool did provide us a visibility into the environment we did not have before. Other database vulnerability assessment tools Accor has used did more 'surface' scanning, but Scuba went a lot deeper than that. This went into detail...If there were vulnerabilities, it provided details on it - why it failed an assessment report, where, and what you need to do to eliminate the problem."
    DarkReading.com. January 29, 2007
  • An Exclusive Interview: Shlomo Kramer aims to become a global leader in security
    An exclusive interview with a pioneer of the Israeli high tech industry: From Check Point to Imperva, serial entrepreneur Shlomo Kramer aims to become a global leader in security.
    israelValley.comk. January 24, 2007
  • Security experts criticise government database plans
    "Last year more than 100 million user records were compromised in the US alone," Shlomo Kramer told ZDNet UK. "The issue is that when data is available online it can be compromised - especially [in conjunction with] web services." Even if the information is only available within governmental organisations, Imperva is seeing that within its user base there are many internal security issues - including abuse of credit card data, or abuse of privileges. "Data is at risk if it is made available to a large community of users," said Kramer.
    ZDNet.co.uk. January 19, 2007
  • Oracle blocks 51 security holes
    Amichai Shulman reckons that some of the vulnerabilities are more severe than Oracle suggests. In particular, he highlighted flaws in Oracle's HTTP server that might be exploited remotely without authentication. "The SSL implementation flaw is the worst of the lot," he added. A number of the flaws might lend themselves to SQL injections attacks. Exploits would not be difficult for a skilled hacker to craft, Shulman added. Meanwhile, applying the patches would normally involve downtime so it might be some time before enterprises are ready to roll-out fixes.
    TheRegister.com. January 17, 2007
  • Oracle Patches 51 Flaws
    The January Critical Patch Update, as Oracle dubs its quarterly security fixes, was half as large as the previous one. That CPU, issued in October 2006, featured 101 patches. "This wasn't the largest," says Amichai Shulman, chief technology officer of Imperva, an Israeli data center security vendor. "And we've seen a lot of these same vulnerabilities, or similar vulnerabilities in previous CPUs." It's not unusual, says Shulman, for already fixed Oracle vulnerabilities to reappear or to require repatching.
    CRN.com. January 17, 2007
  • The state of security
    Businesses are looking at new ways to exploit the Internet. But these new practices introduce new security threats...The diffusion of information through Web 2.0 technologies combined with these subtler forms of attack will make detection much harder for the security professionals...The dispersal of data is not, however, the only problem IT leaders face. According to Shlomo Kramer, CEO of data centre security provider Imperva, Web 2.0 is based on low-cost, lightweight consumer applications that are predominantly web-based and highly vulnerable - and that presents a significant threat to the business.
    Information-age.com. January 16, 2007
  • Mepsted to head up Imperva's EMEA push
    "Imperva's products fill a niche in the market for protecting applications and it has a very informative partner extranet as well...Jonathan is very driven and channel-friendly and we have a lot of confidence that he will maintain Imperva's direct touch approach which is a popular strategy with partners."
    Computing. January 5, 2007
  • Q&A with Amichai Shulman on the Critical Vulnerability in AJAX Technology
    "To discuss this vulnerability and its implications we talked with Amichai Shulman, the co-founder and CTO of Imperva, where he heads the ADC. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft."
    Net-Security.org. January 5, 2007
  • Imperva Discovers Critical Vulnerability In AJAX Technology
    "The ADC announced the discovery of a critical vulnerability in DWR (Direct Web Reporting) - a well known open source AJAX library that is incorporated into existing public Web sites. This client-side vulnerability can be exploited to launch Denial of Service (DoS) attacks and break into back-end servers and databases."
    AjaxWorld. January 3, 2007
  • Imperva identifies AJAX flaw
    "...the AJAX Web application development framework is 'emerging as the lingua franca for building new generation Web 2.0 applications' such as Google Maps. We will see more and more of these vulnerabilities in the server-side framework."
    NetworkWorld. January 3, 2007
  • Imperva Discovers Critical Vulnerability In AJAX Technology
    "Since AJAX executes a much larger proportion of application logic in the web browser than traditional web applications, it exposes a broader attack surface to client-side exploits used by attackers to target sensitive back-end servers directly."
    Linux.SYS-CON.com. January 3, 2007
  • UCLA Didn't Study for Security Test
    "...if the network is no longer a walled fortress, then security managers need to employ the tactics of a beat cop. So says Alan Norquist, vice president of marketing at security company Imperva. Database usage needs to be monitored, and IT managers need to develop profiles that will look for out-of-the-ordinary database queries, he adds."
    eWeek. December 15, 2006
  • Imperva Expands in Europe
    "Jonathan Mepsted has previously built and managed successful EMEA franchises for Fortinet and NetScreen, two of the world's leading network security companies," said Jim Drill, Vice President of Worldwide Sales.
    Dark Reading. December 14, 2006
  • Imperva Names EMEA Managing Director
    WHIR. December 14, 2006
  • Imperva Sets up Shop in EMEA
    "Imperva Inc, the database and application security provider headed up by CEO Shlomo Kramer, one of the founders of firewall giant Check Point Software Technologies, is to expand its operations into Europe. The vendor has adapted dynamic profiling technology, previously designed just for HTTP, to also inspect database query traffic. The system looks at database information and queries to monitor what was accessed, who was the user, or what was the IP address. The benefits of this kind of behavioral detection system is said to be that it does not require security administrators to create new rules every time the database itself changes."
    ComputerWire. December 13, 2006
  • Caribou Coffee Selects Imperva SecureSphere for SOX Compliance
    "Without the ability to audit all users who access and modify our financial database, we could not prove that we were in compliance with Sarbanes-Oxley. SecureSphere allows us to track all database users, including database administrators and developers, and trace their actions without impacting the performance or stability of our Microsoft SQL Server database," said Scott Ficek, senior director of information systems for Caribou Coffee.
    Sarbanes-Oxley Compliance Journal. December 1, 2006
  • Euronext Secures Trading Platform with Imperva SecureSphere
    "SecureSphere is able to transparently protect our derivatives trading platform from internet attacks with out degrading application response times. Moreover, Imperva impressed us with superior technical support throughout the evaluation and deployment process." - Mamal Torfeh, Head of Global Managed Services, Atos Euronext Market Solutions (AEMS)
    Dark Reading. November 28, 2006
  • Study: SQL Server Is Safest DB
    "...hacking a database is like striking gold, whether it's via a Web app or database bug - or both. There have been a number of security issues with Web applications recently...and at least one-third of the 97 million data records that were compromised since 2005 came from a database..."
    Dark Reading. November 16, 2006
  • Staffmark Selects Imperva to Protect PeopleSoft
    "Maintaining the security and privacy of confidential employee information is our first priority. SecureSphere enables us to do this, while allowing us to safely use the Internet to make it easy for prospective job applicants to apply and work with Staffmark," said David Bartholomew, Chief Executive Officer of Staffmark. "After evaluating the leading web application firewalls, Imperva delivered the highest security and lowest cost of deployment and maintenance. SecureSphere was the only product capable of learning our PeopleSoft applications and dynamically creating the appropriate security policies. This is a huge time and cost saver for us."
    Sarbanes-Oxley Compliance Journal. October 2006
  • You Can't Make Everyone Happy- but Can You Come Close?
    "The complexities of meeting audit industry best practices and delivering the information that auditors require put a significant strain on IT departments that are already strapped for manpower and resources. SecureSphere Database Monitoring Gateway...gives auditors what they want: details about all logged activities, who is accountable for every transaction, and what transactions are material exceptions. The product also gives IT staff members what they want: automated Universal User Tracking that identifies specific users and their activities without requiring a rewrite of the database or application. In addition, because the appliance doesn't sit on top of the database, users get what they want: unimpaired performance."
    SQL Server Magazine. October 2006
  • Staffmark Selects Imperva to Protect PeopleSoft
    "Maintaining the security and privacy of confidential employee information is our first priority. SecureSphere enables us to do this, while allowing us to safely use the Internet to make it easy for prospective job applicants to apply and work with Staffmark," said David Bartholomew, Chief Executive Officer of Staffmark. "After evaluating the leading web application firewalls, Imperva delivered the highest security and lowest cost of deployment and maintenance. SecureSphere was the only product capable of learning our PeopleSoft applications and dynamically creating the appropriate security policies. This is a huge time and cost saver for us."
    Sarbanes-Oxley Compliance Journal. October 24, 2006
  • Oracle fixes 101 flaws
    "The most severe issues are SQL injection and buffer overflow vulnerabilities," said Amichai Shulman, CTO of Foster City, Calif.-based Imperva Inc., a data security firm. Attackers can exploit SQL injection flaws to access the core of the database with full administrative privileges, he said, adding, "The troubling thing about this quarter is that several flaws that were patched before seem to have reappeared."
    SearchSecurity.com. October 17, 2006
  • Oracle releases 101 fixes
    But Amichai Shulman, CTO of data security firm Imperva, objects to the low ratings, telling SCMagazine.com today that Oracle is attempting to downplay the severity of the flaws. He said even though the holes are not exploitable without valid credentials, they still pose a high-risk for most organizations. "A lot of people have access to a database within an organization," he said. "Saying access credentials are an impeding factor is not that true. You have many low-privileged users in an organization."
    SC Magazine. October 17, 2006
  • Oracle releases 101 patches in quarterly update
    "One issue of concern for enterprises is that some of the flaws addressed by today's updates appear to be identical to flaws that were supposed to have been patched previously," said Amichai Shulman, chief technology officer at database security firm Imperva Inc. of Foster City, Calif. "There is something alarming about this trend of the same vulnerability repeating itself in the same database package and the same object," he said.
    Computerworld. October 17, 2006
  • Oracle Issues Monster Security Patch
    "Redwood Shores, Calif.-based Oracle patched 22 vulnerabilities in Oracle Database, most of which address SQL injection or buffer overflow issues," said Amichai Shulman, CTO at Imperva, a Foster City, Calif.-based security vendor.
    CRN. October 17, 2006
  • Application Security: Countering The Professionals
    "It is becoming increasingly important to stop the professionals who want to steal valuable information. The new attackers search for vulnerabilities in the application and exploit these weaknesses. Attackers are bypassing the traditional network-layer firewall and IDS defenses; their exploits appear as legitimate traffic to the network layer defense, but hiding in the application layer are deadly attacks."
    Business Communications Review. September 2006
  • DB2 Vulnerable to Trend of Communication Protocol Flaws
    E-mail and Web servers aren't the only ones that get slammed by denial of service and other types of attacks. Database servers, including DB2, are also vulnerable to malicious activity, and communication protocol vulnerabilities are a growing trend.
    System iNetwork. October 3, 2006
  • Analysts: Changes to PCI rules help the measure
    "Also significant are new rules that require companies to put controls in place for better securing their application software against online threats," Shulman said. "Companies are required to install the latest software patches, help identify new vulnerabilities, do application code reviews and help protect against specific Web security threats. Such measures are crucial to ensuring the integrity of the application environment," he said.
    InfoWorld. September 13, 2006
  • Changes to PCI rules a step in the right direction, analysts say
    "I think most of the problems implementing the previous version of the standard was around this issue of database-field-level encryption," said Amichai Shulman, chief technology officer at Imperva Inc., a Foster City, Calif.-based security vendor. "I think this makes it more practical to implement the requirements of this standard."
    ComputerWorld. September 12, 2006
  • Strategic Security: Identity Theft Protection
    "Imperva...will notify you of large or aberrant extractions. We classify this product category as "database extrusion prevention". These products can be configured to track data by user and profile each user's "normal" activity to give you a blueprint of what they're supposed to be doing - and raise a flag when abnormal activity is spotted."
    Network Computing. August 31, 2006
  • New pump and dump scheme
    "If these stock trading sites had been monitoring account activity they could have seen the unusual behavior when someone liquidates their holdings and they should be especially vigilant for multiple accounts doing similar trades. Solutions from ... Imperva ... could have alerted them before the damage was done."
    ZDNet. August 31, 2006
  • Building Up Database Defenses
    "Harvey Ewing, senior director of IT security at Carrollton, Texas-based Accor North America, ... uses SecureSphere application layer firewalls from Imperva to protect his Web and database servers."
    ComputerWorld. August 28, 2006
  • Hackers steal personal info of 19,000 AT&T customers
    "We recognize that there is an active market for illegally obtained personal information," said Priscilla Hill-Ardoin, AT&T chief privacy officer. Shlomo Kramer, CEO Imperva, pointed out that the attack against AT&T exemplifies how hackers are turning their attention away from the infrastructure in favor of targeted data.
    SC Magazine. August 30, 2006
  • AT&T to Offer Credit Checks After Data Hack
    "Shlomo Kramer, CEO of security appliance maker Imperva said the breach is indicative of how traditional security measures, such as firewalls and intrusion prevention systems (IPS), can't totally shore up a network's defenses, especially if the attack comes from within."
    internetnews.com. August 30, 2006
  • Oracle fixes 65 flaws
    "These are vulnerabilities in the underlying network protocol between Oracle clients and Oracle servers," said Amichai Shulman. "These are the most dangerous type of vulnerability because they do not require database credentials at all and they leave no trace in the database audit trail and there is absolutely no workaround for them."
    SC Magazine. July 19, 2006
  • Oracle has65 fixes in latest security update
    "Many of the vulnerabilities relate to a proprietary networking protocol used by Oracle's database, called Oracle Net. This protocol has come under increased scrutiny over the past year," according to Amichai Sulman, CTO with Imperva. "...because you don't need any database credentials in order to exploit them."
    NetworkWorld. July 18, 2006
  • Security Briefs: JavaScript Worm, IBM DB2 Vulnerability, NIST Performance Metrics
    Imperva, a data security vendor, announced it discovered a critical buffer-overrun vulnerability in IBM DB2 version 8 databases. In a statement, Imperva says this flaw "enables any attacker with network access to the database server to take down or even run arbitrary code on the server's machine."
    Enterprise System Journal. June 20, 2006
  • eWEEK honors Imperva SecureSphere with Excellence Award
    "Imperva's SecureSphere 4.2 stood out from the pack in the Network Data-Stream Protection category because its in-line protection for both Web applications and communications with back-end databases is simply unmatched. While Imperva's Web application firewalls are exceptional-providing intelligent learning capabilities and granular application controls-Imperva truly differentiates itself from competitors with its insight into communications with the database."
    eWeek. June 19, 2006
  • Imperva Introduces New DB Monitoring Gateway
    "Data center security vendor Imperva of Foster City, Calif., has released its new SecureSphere Database Monitoring Gateway, which logs query-level details of database activity, audits usage for exception-based behavior and associates every event with the responsible Web application user."
    eWeek. June 16, 2006
  • DB2 Crack Lets in Attackers Without Database Credentials
    Imperva's Application Defense Center … discovered the vulnerability which allows any attacker with network access to the database server to bring it down or to run arbitrary code-in DB2 Version 8. "IBM realizes that it is unrealistic to claim that any database is 'unbreakable' and that code-by its very nature-may contain some flaws" - IBM engineers via spokesperson
    eWEEK. June 12, 2006
  • Imperva Announces Database Monitoring Gateway
    "Auditors want to know who is accountable - who is the initiator of the transaction? What are the material exceptions - which database transactions really matter? And, are the controls in place being circumvented? These are big issues for database administrators?"
    Database Trends and Applications. June 5, 2006
  • Amichai Shulman Named to InfoWorld CTO 25 List
    "Shulman notes that 'critical vulnerabilities' exist in all - not some - commercial database servers. Vendors and customers alike should be grateful for his efforts."
    InfoWorld. June 5, 2006
  • Database Monitoring Gateway Tracks Back to Web Users
    "Who is accountable is a big issue that has become even more important with the need to satisfy SOX. Auditors want to know who was responsible for a fraudulent transaction, not which application was used."
    Database Journal. June 5, 2006
  • Imperva monitors the database
    "Imperva has announced a database gateway that pretty much logs transaction level detail and can take it to that next step by determining which user in which application committed the transaction. Any of you that have spent time trying to secure an application like SAP or Oracle Financials knows that the application basically opens up only a few anonymous sessions with the database, so you have no idea which user did what within the database. So this is cool." - Mike Rothman
    Security Incite . June 5, 2006
  • Imperva appliance tracks who accesses database
    "SecureSphere Database Monitoring Gateway... is a step up from monitoring devices that track which applications pull data from databases rather than the individuals who put in the requests, according to Andrew Jaquith, an analyst with the Yankee Group."
    NetworkWorld. June 5, 2006
  • Web App Security: The Firewall Factor
    Report evaluates the application security market and profiles Imperva SecureSphere in this Dark Reading Security Insider report. According to the report, "Imperva comes from Check Point cofounder Shlomo Kramer and offers an impressive set of features." (subscription required for full report)
    Dark Reading. May 1, 2006
  • Web App Vulnerabilities Are Getting More Attention; Now's The Time For IT To Get Defensive
    Scottrade placed its Web-based trading systems behind an Imperva SecureSphere Web Application Firewall, which is designed to reinforce the company's application security policies that specify the amount and type of data that can be input into any field. "To be a solid security organization, you have to look at all layers of protection," says Grant Bourzikas, senior manager of information security and business continuity at Scottrade. "Now there's increased interest in the payoff from stealing data that Web applications store, such as information that lets users log in to Web sites, pay bills, check accounts, and conduct other business. If the hacker can construct application code that can query this information, it's better than trying to hack it out of a back-end server that's been patched," said Bourzikas.
    InformationWeek. April 17, 2006
  • Web App Hack Incidents Are Up As Businesses Take Cover
    "No one needs to tell online brokerage firm Scottrade about the value of Web security. The company in November had to notify a number of its clients that their personal information may have been exposed thanks to a data breach found in a partner company's data processing system. ...Scottrade's investigation into the breach is ongoing, but it recently bolstered the security of its Web-based trading systems by placing them behind an Imperva Inc. SecureSphere Web Application Firewall.
    InformationWeek. April 12, 2006
  • Scottrade secures trading network with Imperva firewall
    "Our online trading system is our core business offering and our most important service delivery channel for our customers, and we believe Imperva was able fill in the gaps that were lacking in traditional enterprise information security solutions," said Grant Bourzikas, senior manager of Information Security at Scottrade.
    Computer Business Review. April 11, 2006
  • Scottrade Selects Imperva to Protect Internet Trading Systems
    "SecureSphere enables us to protect these core business systems from attack, fraud and data theft by blocking attacks that are not detected by traditional perimeter security products." said Grant Bourzikas, Senior Manager of Information Security at Scottrade.
    Sarbanes-Oxley Compliance Journal. April 11, 2006
  • Imperva Web-App Firewall Adapts to Users' Networks
    The problem with first-generation Web application firewalls is that they require users to make a variety of changes to existing networks.
    eWeek. March 30, 2006
  • Imperva adds deployment modes for its Web apps firewall
    "It will notice if a SQL-injection attack occurs - it's not a quick attack; it takes several steps - and it stops it." - Harvey Ewing, Senior Director of IT Security, Accor North America
    NetworkWorld. March 28, 2006
  • SecureSphere Compliance Bundles Monitor and Secure Database
    "Products that help network managers and database administrators demonstrate adherence to the most important requirements helps reduce the cost of compliance initiatives." said Andrew Jaquith, Senior Analyst for Yankee Group.
    Sarbanes-Oxley Compliance Journal. March 28, 2006
  • Network World 20 people who changed the industry
    Shlomo Kramer - Named to Top 20 People Who Changed the Network Industry - Wherever there's an enterprise network, firewalls stand guard at its entry points. Some may argue that a garden-variety firewall no longer provides enough enterprise protection, but no one can deny how significant the technology has been for corporate security during the last decade. Kramer and his compadres at Check Point, including CEO Gil Schwed, get credit for inventing the firewall.
    NetworkWorld. March 27, 2006
  • Imperva's First Network Adaptive Web Application Firewall
    Networking News. March 27, 2006
  • Imperva Tops Innovation Station Showdown
    "The purpose of the Innovation Station program is to recognize the emerging companies which, based on their technology, vision and market impact, are poised to make a mark in the information security industry," said Sandra Toms LaPedis, general manager and area vice president of RSA Conference.
    SearchSecurity.com. February 15, 2006
  • People On The Move
    Leventhal joins Imperva from VA Software, where he was responsible for strategic alliances and channel development. Before that, he held positions at Sana Security, Red Hat, VeriSign, RSA Security and EMC.
    Mercury News. February 15, 2006
  • Imperva Keeps Database Activity in Check
    The hardest part of database security is controlling an authorized user's activity once he's gained access to the database. This type of access control is quickly becoming a bigger issue for compliance officers... And while the database vendors are merely auditing this activity, they are doing nothing to control it. ...SecureSphere nicely fills in this security gap left by the vendors.
    InfoWorld. February 13, 2006
  • Hotel Chain Turns to Imperva to Guard Against SSL Attacks (288KB PDF)
    Accor, owner/operators of Motel 6, Red Roof Inns, Novotel and Sofitel, uses Imperva's SecureSphere database security gateway and Web application firewall to protect its Internet front end -- as well as its back-end databases.
    Computerworld. February 9, 2006
  • Ten Ways to Counterattack
    Enterprise database infrastructures, which often contain the crown jewels of an organization, are subject to a wide range of attacks. This article discusses the most critical vulnerabilities and recommends approaches to mitigating the risk of each.
    SC Magazine. February 8, 2006
  • Imperva Introduces Compliance Modules for PCI, HIPAA and SOX
    SecureSphere audit reports go beyond simple logging of events to answer difficult questions that allow security administrators and auditors to know whether a given transaction is an attack or an acceptable change in the application. "It's one thing to know every transaction in the database," Norquist said. "It's another thing to know which transactions are important to follow. With volumes of data the key thing with audits is knowing what matters."
    Database Trends and Applications. February 7, 2006
  • Imperva Security Boxes Aid Compliance Efforts
    Imperva SecureSphere Gateway appliances help meet regulatory requirements, including PCI, HIPAA, and SOX. The boxes address these requirements by integrating reporting intelligence with a database security gateway, Web application firewall, network firewall and IPS (intrusion prevention system), thereby complying with the legislation by providing controls and reporting capabilities that span the complexity of the data center.
    eWeek. February 2, 2006
  • Oracle Advises Users: Patch Critical Hole--Now
    The patch, known as DB18, fixes a hole that affects most supported versions of the Oracle database software, including Oracle versions 8, 9 and 10. The hole is "very severe" and allows users to bypass the Oracle database's authentication and become administrative "super users," according to Shlomo Kramer, CEO of Imperva, which discovered the hole.
    eWeek. January 26, 2006
  • Gartner: Oracle no longer a bastion of security
    "Gartner has warned administrators to be 'more aggressive' when protecting their Oracle applications because, according to Gartner, they are not getting enough help from the database giant. Gartner analyst Rich Mogull said administrators should: (1) Immediately shield these systems as well as possible, using firewalls, intrusion prevention systems and other technologies. (2) Use alternative security tools, such as activity-monitoring technologies, to detect unusual activity."
    CNet News.com.com. January 24, 2006
  • Analyst: Oracle not on the ball
    "…Oracle can no longer be considered a bastion of security," analyst Rich Mogull said Monday on the Gartner website. "Database and application managers must begin protecting and maintaining Oracle systems more aggressively." "Critical Oracle vulnerabilities are being discovered and disclosed at an increasing rate," Mogull said.
    SC Magazine. January 24, 2006
  • Critical patch released by Oracle
    Imperva suggested users implement a database security gateway, which detects possible attacks by analyzing messages going from clients to server. "Such products have the capability to provide protection against platform-level vulnerabilities in the timeframes of hours or days after a new vulnerability is discovered," Imperva said.
    SC Magazine. January 18, 2006
  • Oracle releases patches for more than 100 flaws
    "I think the fact that vulnerabilities as severe as [the one reported by Imperva] remain unaddressed for so long is scary," Kramer said. "It basically leaves customers vulnerable and unprotected for too long."
    ComputerWorld. January 17, 2006
  • Interview with Shlomo Kramer (2.5MB MP3)
    BBC World Business Report. January 6, 2006
  • No One-Stop Shopping to Stop Database Pilferages
    What should customers be asking? Andrew Jaquith, an analyst with Yankee Group advises "asking if the product can protect an entire application. That includes all the layers of, for example, commerce applications with database back ends and Web front ends, along with Web interfaces to partners."
    eWeek. December 21, 2005
  • Survivor's Guide to 2006: Security
    Web application firewalls are poised to police Web traffic. The first interactions of Web application firewalls were little more than HTTP application proxies with HTML parsing engines. Although they could block many attacks, it was difficult to learn how to use them and how to tune them, and they impeded traffic. Those first-generation Web application firewalls also couldn't handle Web services. However, Web application firewalls from .. Imperva . have largely overcome the performance problems and can provide a reasonable solution to protecting from application-level attacks.
    Network Computing. December 16, 2005
  • Risky Business - The Self Auditing Database
    The increasing frequency of database attacks is driving federal and state legislation that requires virtually every organization to deploy more robust audit mechanisms to protect sensitive data. To meet this requirement, some organizations attempt to use the built-in auditing tools supplied with database software platforms. This practice of setting up a "self-auditing" database is based upon several false assumptions and violates the fundamental audit requirement for independence.
    iTObserver. December 14, 2005
  • Web application firewalls take on more heat
    "The products are defending against people that are trying to use malicious attacks to cause Web sites to disgorge sensitive information or for break-ins," says Andrew Jaquith, a Yankee Group analyst.
    Network World. December 5, 2005
  • Flaw Found in SQL Server 2000 Profiler
    A recently discovered vulnerability in Microsoft Corp.'s SQL Server 2000 database allows users to mask their log-in names. The vulnerability was discovered by Imperva, a researcher and vendor of data-center security products.
    eWeek. December 5, 2005
  • Security firms warn of new Microsoft threats
    Users who take advantage of the flaw could gain access to a vulnerable database and take any action they want without fear of their actions being audited, Imperva CEO Shlomo Kramer said.
    Computerworld. December 2, 2005
  • Imperva Discovers and Helps Microsoft Address SQL Server Vulnerability
    Imperva ... Application Defense Center (ADC), has discovered and reported a serious database flaw in Microsoft SQL Server 2000
    Database Journal. December 2, 2005
  • Database Auditing and Monitoring
    SecureSphere automatically creates security policies by examining live database traffic and profiling legitimate activity. Role-based security policies are updated for both individual users and applications accessing the database.
    Network Computing. November 24, 2005
  • Q&A: Imperva's Shlomo Kramer
    Q&A with Shlomo Kramer, CEO and Founder of Imperva, Inc.
    Red Herring. November 23, 2005
  • Security gateway from Imperva helps ease security and compliance concerns<
    "FFF Enterprises Inc... in November will launch a Web-based application called IG Treatment Tracker that will let patients receiving home-based care for certain immune-system deficiencies track their treatments. ...This data will be protected by Imperva's SecureSphere Database Security Gateway."
    InformationWeek. October 17, 2005
  • Imperva Pushes Database Security
    Imperva Inc. has unveiled a new high-end device designed specifically to lock down common database traffic of the sort that was recently blamed for a security breach at the FBI and the White House. Temecula, Calif., pharmaceutical distributor FFF Enterprises is already using a G4 device to secure its critical databases. Are there any plans to check out the new box? "Absolutely, we will," says Bob Coates, FFF's vice president of technology.
    Next-Gen Data Center Forum. October 14, 2005
  • A Hardware Sentinel to Watch Over Databases
    Firewall vendor Imperva is launching a database protection appliance later this year geared to protect organizations from attack or misuse.
    internetnews.com. October 11, 2005
  • Data protection
    ...as attackers' profiles increasingly change from mischief-minded adolescents to professional criminals, the target is not the network but the data that resides on the network. … As a result, industry is developing a new set of security solutions to tackle looming threats. … Imperva's SecureSphere firewall, for example, aims to protect data centers from all attacks, whether via the Web, a database breach or a worm launched from outside or inside the network.
    FCW.com. October 10, 2005
  • Start-up touts attack-blocking appliance
    SecureSphere differs in that it monitors and protects at the Web browser, Web server, application server and database level. "It's a vertical integration approach to defending applications by looking at them as a stack of processes and protecting the different layers," says Andrew Jaquith, an analyst with the Yankee Group.
    NetworkWorld. October 10, 2005
  • Web-Application Security Gets Better
    Some Web-application security vendors are making their products more comprehensive. While most products have offered perimeter defenses such as firewalls, companies like Breach Security and Imperva are taking increasingly broader approaches.
    InformationWeek. September 27, 2005
  • The Threat From Within
    Imperva SecureSphere highlighted in feature article on database security solutions.
    Network Magazine. August 1, 2005
  • Key Operational Issues to Consider for Application Firewalls
    A key challenge in evaluating alternative solutions is estimating the cost and time to deploy and manage them… what key deployment and operational questions you should ask your vendor and your project team to help anticipate the issues that might emerge only in a broad deployment, but which affect the ultimate success of your application firewall project.
    Information Storage+Security Journal. June 22, 2005
  • Intrusion Protection Systems get hot: Web Services and internal threats become a new focus
    Taxed with providing an ever-expanding range of complex security functions, IPS vendors are rising to the challenge, transforming their wares to go beyond simply identifying and stopping attacks based on updated threat profiles.
    InfoWorld. June 13, 2005
  • Imperva Offers Dual-CPU 1GB App Firewall (subscription required)
    Imperva Inc has upped the speeds of its SecureSphere G4 web application firewalls, and has launched a new box, the G8, that provides throughput up to 1Gbps. The company has also added support for web services standards to its software.
    ComputerWire. June 8, 2005
  • Web Application Security For All
    Feature article on application security products and technologies.
    Network Magazine. February 1, 2005
  • Shlomo Kramer, Serial Entrepreneur
    Feature article on Shlomo Kramer, CEO and Founder of Imperva, Inc.
    Ha'aretz. January 12, 2005