Firewalls and intrusion prevention systems don't provide sufficient protections
for most public-facing websites or internal business-critical and custom Web applications. Here, we explain how Web application firewalls help security
leaders to better protect Web applications in their organizations.
This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building a high-performance security program and organization. This report is designed to help you understand and navigate the major business and IT trends affecting the security organization during the next five years. Today's chief information security officers (CISOs) continue to concentrate too much on tactical activities and day-to-day security operations, unable to escape the reactionary hamster wheel. Additionally, businesses and other parts of IT routinely circumvent today's security organization in order to innovate and avoid hearing the predicted “no” response. So despite all the sensational headlines about major security breaches, many CISOs find themselves marginalized by their business colleagues. In this report, Forrester details what CISOs can do to realign with their businesses and transform themselves into chief business security officers, reasserting their position with management, the board, and the company as a whole.
Securosis delves into the different ways preventative and detective data security technologies have been bundled with DAM to create far more comprehensive solutions. In this report they fairly represent the different visions of how database security fits within enterprise IT, and to show the different value propositions offered by these variations. These fundamental changes have altered the technical makeup of products so much that we needed new vocabulary to describe these products. This new paper “Understanding and Selecting Database Security Platforms” (DSP) reflects major product and market changes.
Over the past two years the first FAM products have entered the market, and although market demand is nascent, numerous discussions with a variety of organizations show that interest and awareness are growing. FAM addresses a problem many organizations are now starting to tackle, and the time is right to dig into the technology and learn what it provides, how it works, and what to look for.
Imperva and The Ponemon Institute have completed a second study on the impact of the Payment Card Industry's (PCI) Data Security Standards (DSS). The 2011 PCI DSS Compliance Trends Study surveyed 670 US and multinational IT security practitioners on how efforts to comply with PCI-DSS affect an organization's data protection and security. This report is essential for any organization attempting to comply PCI and wants to benchmark their efforts with their peers.
What are the other security guys doing? What is working? The Imperva-sponsored Securosis 2010 Data Security Survey is designed as an early step towards providing security managers and practitioners with practical information on the perceived effectiveness of major data security tools and techniques. The results are based on the responses of over one thousand security and IT professionals within organizations of all sizes. Key findings can help practitioners understand the most commonly deployed data security technologies to help reduce breaches and achieve compliance.
Ovum Butler Group prepared a Technology Audit of the Imperva SecureSphere Data Security Suite
"SecureSphere Data Security Suite brings together a portfolio of Imperva products including its SecureSphere web application firewall (WAF), its SecureSphere database firewalls, its database-discovery and assessment server, and its database activity monitoring (DAM) solution. The overall offering can be deployed as separate stand-alone products or as an integrated solution that combines the strengths of WAF and DAM protection to address sophisticated attacks such as SQL injection, and also enables the tracking of web application users and their database activities. Any organization delivering services or products via the Web should consider SecureSphere as a “must-have” piece of its IT protection infrastructure. The product set makes a strong case for itself as a leading contender in this market space."
Imperva and WhiteHat worked with the Ponemon Institute to conduct a study to better understand the risk of insecure website applications and how organizations' are addressing internal and external threats. The study reveals that despite having mission-critical applications accessible via their websites, many organizations are failing to provide sufficient resources to secure and protect Web applications important to their operations. This is alarming given that the Web application layer is the number one attack target of hackers.
Imperva and the Ponemon Institute present the findings of a survey across more than 500 U.S. and multinational IT security practitioners showing that, despite the Payment Card Industry's (PCI) Data Security Standard (DSS), companies still struggle with data security, putting consumers at continued risk for identity theft. In fact, 71% of companies surveyed admit to not making data security a top strategic initiative, and 55% admit to only securing credit card information and not sensitive information such as Social Security numbers, driver's license numbers, and bank account details. However, the survey also found that companies taking a strategic approach to PCI compliance have fewer data breaches.
This report by industry experts at Securosis shows how to build a pragmatic Web application security program that constrains costs while still providing effective security. Rather than digging into the specific details of any particular technology, this report shows all the basic pieces and how to put them together. Beginning with some background on how Web applications are different than traditional enterprise applications or commercial off-the-shelf products. Next it provides basic business justifications for investments in Web application security you can use to gain management support. It focuses on the particular security needs of web applications, and then delves into details of the major security components and how to pull them together into a complete program, with examples built around typical use cases."
"Imperva's SecureSphere Database Monitoring Gateway unobtrusively addresses the end-to-end auditing requirements of the chain of data security. The datacenter becomes more secure and compliance requirements for database auditing can be met with no impact on deployed applications… Imperva's SecureSphere product line allows security operations to provide independent oversight of the business application infrastructure, allowing the protected business to grow with confidence."