• Imperva CTO Amichai Shulman explains the RockYou vulnerability.
  • A SQL injection is responsible for millions of lost passwords.
  • Britain's most prestigious computer science journal analyzes Imperva's study on the top hacking trends of 2010.
  • Attacks on social media sites will jump in 2010, says data security firm Imperva, which lists social media breaches as one of the top five data security...
  • Imperva issues a warning to RockYou that there was a serious SQL Injection flaw in their database.
  • Imperva's CTO explains to The Independent, one of the UK's leading publications, about the top five security trends facing consumers and businesses.
  • Another reference to Imperva's seminal study on PCI best practices.
  • Contrasting opinions on PCI

    December 3, 2009
    Imperva CTO Amichai Shulman gives his view on updating the PCI-DSS standards.
  • Imperva CEO Shlomo Kramer explained how enterprises are shifting away from siloed security products in favor of an integrated approach that protects more than just databases.
  • HotJobs website has been successfully blocked, after data security specialist Imperva warned the search giant of a potential SQL injection flaw.
  • According to Imperva CTO Amichai Shulman the Durham, UK police website was probably hacked by with the help of a SQL injection.
  • Brian Contos, chief security strategist, Imperva, and Jeremiah Grossman, CTO of WhiteHat, discuss the value of integrating vulnerability assessment with web application firewalls.
  • Case study on how TechSoup Global, a nonprofit, uses Imperva to protect its data.
  • Imperva's impressive Q3 '09 growth in the EMEA region nears 88%.
  • Because humans are involved in the process, "it is impossible to create flawless software," said Amichai Shulman, chief technology officer of Imperva.
  • Information on how WAFs, like Imperva's SecureSphere, can help prevent attacks such as SQL injection, cross-site scripting and others issues.
  • Imperva chief security strategist Brian Contos explains the intricacy of an insider attack coming from the former CEO of the company.
  • Imperva expands its footprint in Australia-New Zeland with the appointment of M.Tech as distributor.
  • Imperva CTO explains new approaches in the ongoing world of cybercrime.
  • Imperva CTO Amichai Shulman explains how a SQL Injection flaws might well be the cause for The Guardian's attack.
  • Amichai Shulman, CTO of Imperva, shares his own views on the latest round of Oracle patches.
  • Case study profiling Agilent's use of four Imperva WAFs and database activity monitoring products.
  • Oracle Patches 36 Bugs

    October 22, 2009
    Imperva CTO Amachai Shulman said Tuesday patch was a case of Oracle fixing for a second time a bug that Imperva discovered a year ago.
  • Imperva grew 114 percent in Asia Pacific quarter on quarter for Q3 when compared to last year.
  • How safe is Google Wave? Amichai Shulman, CTO of Imperva explains.
  • Google Wave Security (Video)

    October 15, 2009
    Imperva's Kane Lightower on Sky News Australia discussing Google Wave.
  • Story on how Agilent turned to a WAF from Imperva to boost security among internal developers and understand the basics of data flow within the company environment.
  • Imperva's CTO Amichai Shulman explans to the BBC how key logging software is behind a recent surge in online, consumer attacks.
  • Imperva CTO Amichai Shulman explains how a high number of phishing victims indicates that the scam was a key-logging attack.
  • The Ponemon Institute and tech security firm Imperva with results of a survey underscoring what cyber criminals — and merchants and banks know all too well — PCI is having only a limited effect.
  • What does PCI mean to you?

    September 23, 2009
    Another company to discuss PCI was Imperva. Its CTO is Amichai Shulman, and he was passionate about both the compliance to it and its enforcement.
  • Amichai Shulman, CTO at Imperva, explains a new approach to domain-name abuse.
  • Imperva announces its presence and firm commitment to the Asia-Pacific region with new offices and executives.
  • Imperva CTO explains how China is flooding web with SQL injection attacks that is affecting websites around the globe.
  • Imperva CTO explains how automated SQL injections from China are successfully attacking websites worldwide.
  • Hacking isn't just for geeks anymore. In this article, Imperva CTO explains how a celebrity PR campaign could be behind a profile 'hack.'
  • Network Solutions experienced a major breach. Imperva CTO Amichai Shulman analyzes the attack and its implications.
  • Kevin Mitnick is a high profile security professional trying to escape the constant attacks on his personal website. He recently selected Firehost to carry his website — and they use Imperva's web application firewall to protect not just Kevin but their entire customer base.
  • Computerworld explains common strategies to protect your database — including Imperva's database firewall.
  • Despite a down economy, Imperva continues to grow.
  • Security is the top concern for IT professional looking at cloud computing. Imperva CTO Amichai Shulman explains why this concern is valid.
  • Network Solutions experienced a major breach. Imperva CTO Amichai Shulman analyzes the attack and its implications.
  • PCI isn't spelled CYA. Even though Network Solutions was PCI compliant, Imperva CTO Amichai Shulman explains that compliance doesn't always equal security.
  • The attraction of cloud computing will continue — but is it secure? Imperva CTO Amichai Shulman gives his perspectives on what security issues sit in the cloud.
  • Twitter represents a typical Web 2.0 technology — built quickly, popular and full of security holes. Imperva CTO Amichai Shulman explains why Twitter and the cloud computing paradigm will lead to more and more security headaches.
  • Oracle releases quarterly patches for its database and application software. And every quarter they release patches and more patches. Imperva CTO analyzes the patches as well as Oracle's security process.
  • How hard is to carry out a botnet attack? About the same cost as a mid-range Mercedes, explains Imperva CTO Amichai Shulman.
  • North Korea's reported attack against the US government was pretty cheap to execute, explains Imperva CTO Amichai Shulman.
  • Attacking the US government — everyone does it. But the methods change constantly and Imperva CTO Amichai Shulman provides an autopsy.
  • Baldness is the least of Britney Spears' problems. When a celebrity communicates with fans in the cyber world, explains Imperva CTO Amichai Shulman, security should be a high priority.
  • Imperva and ClearPoint integrate to help security executives gain unparalleled insight into security trends.
  • Imperva CEO Shlomo Kramer comments on what the right profile should look like as the UK government tries to fill a vital cyber security post.
  • Iranian citizens protesting the results of the presidential elections were aided by 'hactivists' outside the country trying to bring down government websites and services.
  • The only thing worse than a SQL injection is an automated SQL injection. Imperva CTO Amichai Shulman comments on automated SQL injection attacks focused on ISPs hosting thousands of websites.
  • Mark Kraynak, vice president of marketing for Imperva, says Henrique and Gauci's research is not all that new, including their work on signature evasion, which Imperva has researched. "A lot of what they are saying is not new," he says. "Part of the founding premise of why you need a WAF versus a signature engine...is that you can evade a weak signature engine." Products that use only signatures -- without other features like normalization and encoding/decoding -- are not true WAFs, he says. "Signature-only WAFs are not going to do it," he says.
  • Officials at the University of California at Berkeley on Friday began notifying students and the public that hackers had breached a healthcare database at the school, potentially gaining access to the personal information of up to 160,000 students dating back to 1999. Administrators need specific database security tools, according to Brian Contos, chief security strategist for data security vendor Imperva. "You need purpose built tools designed specifically for securing sensitive data these days," Contos said in an e-mail to InternetNews.com. Trying to secure applications and databases with network-centric solutions is like bringing a knife to a gun fight."
  • An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on Sunday to sites that were defaced, according to security firm Imperva. A group calling itself the "Peace Crew" claimed that they used a SQL injection attack to break into the Puerto Rico registrar's management system said Amichai Shulman, chief technology officer at Imperva. "We're seeing more and more of these DNS-related attacks and seeing them scale up," he added
  • Two words — cloud security — dominated discussion and drove the action this week at RSA Conference 2009… Network services provider Savvis launched a Web application firewall service based on a choice of Imperva WAF appliances or virtual instances of its software that reside between the Internet and its network. Savvis said it thinks customers comfortable with its software-as-a-service offerings will also embrace cloud-based security.
  • Security service provider Savvis this week launched a new managed Web application firewall (WAF) service that runs on its Cloud Compute offering. The Savvis service, which is built around Imperva's SecureSphere product line, allows enterprises to get WAF hardware and maintenance without having to install or maintain it themselves. It lets enterprises detect and block malicious Web requests, combining a dynamic white list policy model with up-to-date application signatures and session tracking, the company says.
  • After thorough testing conducted by the Science Applications International Corporation, data security provider Imperva (www.imperva.com) has proven its web application firewall and database monitoring solution SecureSphere v6.0 has achieved Common Criteria Certification, a worldwide standard for assessing the reliability, quality, and trustworthiness of IT products.
  • Security continues to be a prominent challenge for enterprises – especially in the face of shrinking IT budgets. Many companies struggle to balance their business objectives with the need to protect and comply. OnWindows spoke with Douglas Leland, general manager of Microsoft's Identity and Security Business Group, to find out how the company intends to face such challenges. Today we are also announcing a broad group of companies supporting and extending the capabilities of Forefront Stirling including Brocade, Guardium, Imperva, Juniper Networks, Kaspersky, Q1 Labs, StillSecure, Sourcefire, Tipping Point and RSA.
  • The Forefront Stirling security suite basically integrates the security of desktops, servers, applications, and network devices with a common interface that lets each Forefront security product under Microsoft's Stirling line -- Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Forefront Threat Management -- share and use security information with one another to automatically mediate threats. The new Stirling partner ecosystem extends that capability to partners' security tools, as well.
  • "The products affected include the Oracle Database, Application Server, E-Business Suite, PeopleSoft and JD Edwards Suite, as well as its BEA Products Suite. Of the database vulnerabilities, most of them were SQL injection vulnerabilities," Amichai Shulman, CTO of security firm Imperva, told SCMagazineUS.com on Wednesday. "A couple were related to the underlying network protocols."
  • The new SecureSphere Discovery and Assessment Server finds all database servers in the network, classifies data according to its sensitivity as defined by the customer and points out vulnerabilities on the servers involved. This automated process saves time over doing it manually so customers can take quicker action to better protect that data found to be at risk. The assessment results detail the vulnerabilities found, such as unpatched systems or default passwords that have been left unchanged. Imperva competes against Guardian and Lumigent Technologies among other vendors.
  • Imperva hat seine erste integrierte Risk-Management-Plattform vorgestellt, die als Teil seiner Lösung SecureSphere 7 Datenbanken, Daten und darauf zugreifende Applikationen absichern soll. Sie soll die Bewertung von Risiken sowie deren Visualisierung für Datenbanken und Daten ermöglichen.
  • Database security vendor Imperva Inc. is adding automated risk scoring and visualization of databases to its activity monitoring platform in an update that industry analysts say would be welcomed by companies seeking ways to get a better handle on data located in multiple systems.
  • Imperva has launched an integrated risk management platform and has revamped its database gateway offering. The new capabilities are part of version seven of SecureSphere, and combine risk scoring and visualisation for databases and data. Also introduced into the range is the Discovery and Assessment Server automated solution that identifies sensitive data and vulnerabilities in databases.
  • VeriSign Enterprise Security Services has launched its web application firewall management service, enabled through a strategic agreement with Imperva, a provider of application and database security technology. VeriSign said that the service enables it to provide customers worldwide with a premium service that includes deployment, management and monitoring of the SecureSphere web application firewall.
  • Organizations need a way to monitor who has access to information stored in databases and what these employees do with the data. Many enterprises are using database monitoring and security tools to accomplish this task. We have some legacy applications [for which], because of performance reasons, the actual database logs were not turned on," says McPhedran of Aegon. The company uses a product called Imperva SecureSphere to monitor database activity, look for anomalies in use patterns and flag flagrant policy violations.
  • Imperva has announced a new version of its SecureSphere database activity monitoring (DAM) solution that adds analytics intelligence to automate forensic and audit investigations. SecureSphere now provides near real time multidimensional views of audit data, collects native audit logs from new platforms, and bridges the gap between obscure SAP audit data trails and their associated business transactions. To back up its claim that SecureSphere is the best DAM solution on the market, the company is offering qualified organizations a $1,000 money-back guarantee if they evaluate the product for 30 days and do not come to the same conclusion.
  • Scuba is a Database Vulnerability Scanner... that scans Oracle, DB2, MS-SQL, and Sybase databases for known vulnerabilities and configuration flaws. Based on its data security assessment results, Scuba creates clear, informative reports with detailed test descriptions.
  • Imperva stellt das Securesphere Database Gateway für z/OS (DGZ) vor. Securesphere DGZ bietet Monitoring, Auditing und Schutz für DB2-Datenbanken auf z/OS-Mainframes. Das Produkt überwacht lokale und netzwerkbasierte Aktivitäten von privilegierten und nicht-privilegierten Anwendern sowie Applikationen, um Datenverluste und Betrugsversuche zu verhindern. Es dienst außerdem zur automatischen Erstellung von Compliance-Berichten.
  • Amichai Shulman, chief technology officer at database security vendor Imperva Inc. in Redwood Shores, Calif., also expressed surprise about the lack of Oracle patching policies at some companies. "It's one thing to have a policy saying you don't have to patch each and every database," he noted. "It's a different thing to have no policy at all."
  • Imperva recently released a new product designed to help administrators protect and audit IBM DB2 databases that run on z/OS. SecureSphere DGZ checks all traffic coming from and going to the DB2 database for malicious activity. It monitors and audits network-based activity such as queries and application responses. Meanwhile, all local activity (from administrators and privileged users) is inspected by the native IBM Audit Management Expert tool.
  • Tech firms with services that help corporations reduce operational costs, such as videoconferencing and clean tech, are in vogue. Cisco, for example, says it will save $400 million this year in travel expenses through its use of videoconferencing. Computer-security firm Imperva, which monitors the digital traffic in and out of a company's database to prevent breaches, landed a contract with SuccessFactors, a software service for human resources departments, last week. Imperva's customers include 62 of the Fortune 1,000 — half of which joined in the last year.
  • SuccessFactors, a provider of on-demand performance and talent management solutions, has deployed Imperva's SecureSphere to protect its software as a service application and human resources or HR data it processes.
  • Universities, banks, SMBs and large brands alike are waking up to the fact that their databases are no longer safe inside their perimeter firewalls, intrusion prevention systems and other edge protections. Database security awareness has reached the point where some sort of database logging and auditing now occurs at 83 percent of organizations, based on a survey of 260 IT professionals sponsored by encryption vendor, Vormetric, released in October.
  • For some security experts, the recent data breach at job site Monster.com comes as no surprise, and they say enterprises need to reconsider their approach to security. "When most organizations talk about security, they're talking about network security, which is five years out of date," Brian Contos, chief security strategist at database and Web application security vendor Imperva, told InternetNews.com. "Attackers are focusing on data, not the technology."
  • Application data security provider Imperva (www.imperva.com) announced on Tuesday that it has appointed Brian Contos as its chief security strategist. Imperva's announcement describes Contos as "a noted information security speaker and author with over a decade of experience." He previously worked as chief security officer at ArcSight (www.arcsight.com), a provider of security and compliance management solutions. At ArcSight, Contos advised government organizations on security strategy, and helped position the company for a successful 2008 IPO.
  • More and more vendors are tying together database activity monitoring and security information management, a move that could benefit enterprise data protection efforts. Imperva and ArcSight announced interoperability between their products in December 2008.
  • Amichai Shulman, chief technology officer of database and application security and reporting and audit vendor at Imperva Inc., said the BEA WebLogic Server is at a greater threat to attack since it is perimeter facing. "[Oracle] will continue to have their hands full with this product because I think that this is a matter of a culture of releasing vulnerabilities in Web servers before a vendor can respond," Shulman said. "I think during a certain period of time some people at WebLogic were not as responsive to security issues and some researchers grew frustrated."
  • Amichai Shulman, CTO of Imperva, said the lack of technical details provided by Oracle — particularly for the vulnerabilities rated 10 — makes it difficult for customers to assess their exposure. "What we know is the vulnerabilities rated 10 for Secure Backup are important because they allow an attacker to take control of the databases being backed up," Shulman said. "Also, the WebLogic vulnerability rated 10 allows an attacker to take over a Web application without authentication. These are both serious flaws."