• Cloud Relational Database as a Service (RDaaS) Security Guide

    Cloud providers have begun to offer sophisticated technology platforms for hosting databases in the cloud such as Relational Database as a Services (RDaaS). As organizations plan or begin to migrate databases to these offerings they need to be aware that some compliance and security services are not included. The RDaaS Security Guide provides direction that can help ensure your organization is not exposed to any compliance or Security gaps as you migrate to these kind of platforms.

  • O’Reilly: Web Application Firewalls

    This definitive book will help you to get up to speed on the latest developments in the space to better understand how you can incorporate and integrate WAF with your existing and planned technology deployments, including cloud, on-premises and hybrid topologies.

  • Q4 2017 Global DDoS Threat Landscape

    In Q4 2017, the bitcoin industry continued to draw significant attack traffic, this time making it onto the most attacked industry list according to number of attacks and number of targets. While there was a drop in the number of network layer attacks this quarter, which fell by 50 percent, application layer assaults nearly doubled. At the same time, there was a spike in both network and application attack persistence.

  • 2018 Cyberthreat Defense Report

    17 countries. 19 industries. 1200 qualified IT security employees. Since it's inaugural launch in 2014, the Cyberthreat Defense Report (CDR) has taken a vendor-agnostic view of how enterprises perceive cyber threats and how they leverage third-party products and services to overcome them.

  • Protect Your Applications Against OWASP Top 10 Risks

    The application security landscape is changing, and the new 2017 Open Web Application Security Project (OWASP) top ten risks are here. Learn how your security teams can use best-of-breed solutions to protect against OWASP Top 10 threats.

  • Forrester Study: Modern Database Architectures Demand Modern Data Security Measures

    New cloud database and big data technologies are changing the way enterprises store information and deploy applications. Forrester research was commissioned by Imperva to survey 150 IT professionals that have already implemented or are planning on moving traditional databases onto these new platforms – and into the cloud – to understand their concerns and experiences.

  • Forrester Study: The Total Economic Impact™ Of Imperva SecureSphere

    Solutions that don’t scale well are expensive to manage and can bust your budget. This study by Forrester Consulting was based on interviews with several Imperva customers and explains the Return on Investment and other benefits they gained by switching from their legacy solution to Imperva SecureSphere Database Activity Monitoring and Database Firewall.

  • Five Security Strategies for DevOps, APIs and Microservices

    Security gaps in the modern application world are highly attractive to cybercriminals. Learn the inherent risks posed by DevOps, APIs and microservices and five strategies to secure them.

  • Cloud Migration Guide

    Migrating to the cloud is not a simple matter; there are many possible paths to consider and a variety of security concerns. The Cloud Migration Guide provides direction as you begin your journey of migrating applications and data to the cloud.

  • 2017 Gartner Magic Quadrant for Web Application Firewalls

    Gartner, Inc. has released the 2017 Magic Quadrant for Web Application Firewalls. Read the new report and see why Imperva is a WAF leader for four consecutive years.

  • White Paper: Data Masking Best Practices— Five Steps to Making Data Masking a Reality

    Imperva Camouflage Data Masking offers an industry recognized best practice methodology. This guide includes the five core steps and a logical flow from the discovery of all sensitive information - through to the configuration of the masking engine with appropriate data masking techniques to protect that sensitive information.

  • White Paper: Data Protection Under POPI

    6 Step Data Privacy Protection Plan for the South African Protection of Personal Information (POPI) Bill

    Is your organization ready to address the South African Protection of Personal Information (POPI) bill? POPI prescribes information protection principles to regulate collection and processing of South African citizens' personal data. In this paper, we review POPI's eight principles and discuss how best to address those with practical data security processes and solutions.

  • Web Attack Survival Guide

    The Web Attack Survival Guide is your secret weapon for surviving attacks from hacktivists and cybercriminals. This guide provides step-by-step instructions to help you prepare for and stop web attacks, from hardening your applications, to blocking advanced attacks like SQL injection and DDoS, to performing a post-mortem after the attack is over. Armed with this guide, you can confidently face impending web attacks with a well-thought out strategy.

  • Gartner Report: Five High-Priority Changes to Tackle the EU GDPR

    The GDPR takes effect soon and requires huge changes in privacy data processing. Not sure where to start? Read Gartner’s Focus on Five High-Priority Changes to Tackle the EU GDPR report now to ensure your organization is on track for compliance.

  • How to Select the Right Web Application Firewall: 10 Key Requirements to Consider

    A web application firewall is not a one-size-fits-all option. This guide provides IT security staff with an overview of the threats to web applications and items to consider when selecting a web application firewall. It also details minimum feature and functionality requirements, and provides an at-a-glance checklist for evaluating web application firewalls.

  • eBook: Steps for Securing Data to Comply with the GDPR

    This guide is for CISOs who want to understand whether their companies are impacted by the new regulation, what the effects might be, and the steps their teams need to take to be compliant with the GDPR data security requirements.

  • 2017 Cyberthreat Defense Report

    CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.

  • Forrester Report: The Future of Data Security and Privacy

    Most security professionals still explain the value of data security to the business only in terms of risk reduction, cost reduction and regulatory compliance. Data Security today is so much more than cost reduction. Read this Forrester report to learn how Data Security today is, in fact, a driver of revenue and growth.

  • Top Five Database Threats

    Data is the new cyber-currency; companies rely on it to optimize customer experience and drive sales – hackers target and monetize the same data. Databases, data warehouses and Big Data lakes are the richest source of data and a top target for hackers and malicious insiders. In this paper, we’ll discuss the top five database security threats to relational databases. We’ll also explore the need to secure Big Data and provide recommendations on a creating a comprehensive data security solution.

  • GDPR: New Data Protection Rules in the EU

    The European Union is changing the way it regulates data protection in the wake of large-scale cyber attacks and data loss incidents. The enforcement of the General Data Protection Regulation (GDPR). will begin on 25 May 2018, and the new rules apply to all organisations that do any business in the EU or process personal data originating in the EU. For the reasons explained in this white paper, businesses need to start working towards compliance now. This paper looks at the new data security requirements under the GDPR and provides practical tips on how to prevent a data breach disaster from happening to you and your customers.

  • Insider’s Guide to Defeating Ransomware: Protect Your Data at its Source

    Cybercriminals are increasingly using ransomware to attack companies like yours, with 40% of businesses hit by ransomware in 2015. In the ebook “Insider’s Guide to Defeating Ransomware: Protect Your Data at its Source,” you’ll learn how to protect your data and your business from being held hostage by cybercriminals.

  • Beginners Guide to Data Masking

    As data continues to grow and proliferate throughout the enterprise, data breaches continue to make headlines across all industries. As a result, regulators are increasingly focused on data protection and privacy. Beginners Guide to Data Masking explores what data masking is and how it can help organizations defend themselves against data breaches and improve compliance with data protection regulations.

  • eBook: Cyber Security is the Board’s Business

    Board members have a fiduciary responsibility to establish and govern business policies and practices that drive a company’s financial performance and growth. But do they have a comprehensive view of the company’s defense posture to assure they are a conscientious steward of the business?

    In this eBook, Board members will discover why they need to be concerned about cyber security and how to get more involved.

  • The Imperva Global Bot Traffic Report

    Malicious intruders, like the DDoS Boss, are swarming the internet leveraging bad bots to launch large scale distributed denial of service (DDoS) attacks, leaving a trail of hacked websites and downed services. This annual Imperva Incapsula Bot Traffic Report, provides statistical analysis and insights into how non-human bot traffic is trending over the years, and how you can take back your online business from such automated attack campaigns.

  • The 2016 Insider Threat Study: Current State of Enterprise Data Security

    The 2016 Insider Threat Study: Current State of Enterprise Data Security surveyed IT executives on their top concerns regarding data security and insider threats. 72% of respondents said “careless users” are their highest worry for data breaches while 39% are concerned about malicious users. Addressing the risk of insider threats is a priority, and respondents said lack of user behavior monitoring and poor visibility across products and vendors hamper detection. Download the study to get the full breakdown of the results and learn how organizations are addressing insider threats.

  • 2015-16 DDoS Threat Landscape Report

    The Imperva DDoS Threat Landscape Report contains the latest attack trends, using the data collected in the course of mitigating thousands of network and application DDoS attacks on Imperva Incapsula customers worldwide.

  • Database Audit and Protection Tips, eBook 1: Getting Started

    The demand for better data security and improved data privacy is driving a parallel demand for skilled staff. The challenge of finding and hiring experienced staff takes time and budget. This book will help existing teams and people seeking a career in data security get started learning the practical knowledge necessary to plan, implement and maintain a cost-effective data protection solution that simplifies compliance.

  • 2016 Magic Quadrant for Web Application Firewalls

    Gartner, Inc. has released the 2016 Magic Quadrant for Web Application Firewalls. Imperva has been positioned as the ONLY Leader on this Magic Quadrant for the third consecutive year. Read this report for Gartner’s analysis of the Web Application Firewalls market.

  • Cyber Security Board Oversight: Taking Ownership of Cyber Security Risks

    Enterprise-level cyber security solutions require more than just technology and employee training; they require the top-down involvement of everyone within the organization, including the Board of Directors. Getting buy-in from a Board of Directors is not always easy, however.

    In this eBook, CEOs and CIOs will discover new ways to educate their Board of Directors and get them onboard with their cyber security.

  • Mitigating OWASP Automated Threats – Learn How Imperva SecureSphere WAF and ThreatRadar combine to stop automated threats in their tracks

    Automated web-based attacks that abuse standard functionality in web-based applications are on the rise. The Open Web Application Security Project (OWASP) recently published its Automated Threat Handbook for web applications, to bring greater attention and clarity to detect this attack trend.

    Using the threat classification scheme from the OWASP handbook as a framework, this white paper demonstrates how Imperva SecureSphere Web Application Firewall and Imperva ThreatRadar threat intelligence services together provide organizations an effective and proactive way to protect web applications against automated threats, both now and in the future.

  • Combat today’s threats with a single platform for app and data security

    Read Combat Today’s Threats with a Single Platform for App and Data Security and learn how to protect web applications and sensitive data across the enterprise and in the cloud. Employing a practical approach, this paper guides you through four simple steps to discover, assess, protect and monitor access to sensitive data.

  • Stop Bad Bots – What Security Professionals Need to Know about Defeating Zombies

    Organized cybercrime is thriving as hackers continue to invent new ways to attack your critical web assets. Armies of zombie devices—or botnets—are responsible for $9 billion in losses to U.S. victims and over $110 billion in losses globally. Source: Imperva Incapsula, FBI testimony before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism

    This eBook examines ways you can improve your web application security strategy by defending against bad bots, proactively detect and classify malicious and unknown bots, mitigate them and prevent web account takeover.

  • Five Ways Imperva Surpasses the Competition for Web Application Security

    Web application firewalls have become an essential component of the modern organization's security infrastructure, providing scalable high-fidelity protection of business-critical web applications from a broad spectrum of cyber threats. As with any must-have enterprise security solution, there is considerable variation in available offerings. This white paper examines five ways that the industry leading Imperva SecureSphere Web Application Firewall surpasses the competition, to help IT security and application defense teams navigate the evaluation process.

  • Imperva Automates NERC CIP Compliance and Secure Critical Infrastructure

    Meeting the aggressive NERC requirements, including the April 2016 deadline for NERC CIP (Critical Infrastructure Protection) Version 5 Framework is challenging by itself. The NERC CIP Framework only address a minimal baseline for security. Simply meeting compliance does not guarantee that an organization’s web applications and data are secure. Those organizations wishing to enhance their security postures need to use NERC as a starting point and put in place preventive, investigative, and corrective cyber controls that enhance overall cyber security, that are operationally efficient, and produce compliance outputs as a natural byproduct of the security best practices.

  • The Hidden Costs of “Free” Database Auditing

    To achieve compliance for regulatory mandates, many organizations turn to the “free” auditing tools within their database servers. In reality, these “free” auditing tools may be costing businesses a significant amount more than other, independent tools such as the SecureSphere data audit and protection(DAP) solution from Imperva. In addition to their hidden monetary costs, the native auditing mechanisms leave basic audit requirements unfulfilled and expose businesses to a host of risks and vulnerabilities that leave sensitive data unprotected. This is true for any of the commercially available databases on the market today. This paper presents the true costs associated with an organization’s decision to implement native database auditing. To illustrate the costs, a scenario is presented in which a medium sized business is hit with hidden costs of $2 million when the business implements native database auditing. In contrast, Imperva SecureSphere database auditing solution would fulfill the organization’s compliance requirements at a fraction of the cost while providing more rigorous data security and auditing capabilities.

  • Top 10 Indicators of Data Abuse

    The threat from insiders is not a new phenomenon, but high-profile incidents have elevated enterprise focus on effective detection and mitigation of insider threats. Detecting insider threats is challenging because internal users have legitimate access to valuable information, making it difficult to discern between appropriate data access and a true insider threat incident. In this playbook, we examine the top 10 indicators of data abuse based on real world scenarios collected from live production data in several enterprise environments.

  • Five Keys to Big Data Audit and Protection

    To help IT security and compliance teams select an ideal data-centric audit and protection (DCAP) solution for their big data environments, this paper identifies five key requirements for evaluating candidate offerings. It also explains how Imperva SecureSphere addresses each of these requirements to deliver a unified solution that enables enterprises to support not only a growing portfolio of big data assets, but their traditional database environments as well.

  • Seven Keys to a Secure Data Solution: How to choose the right data centric audit and security solution

    Explosive data growth and a marked increase in the number and types of repositories in which it is being stored are driving enterprises to revisit their strategies for data security and governance. Rather than relying on tools and methods that result in numerous disconnected pockets of coverage, the focus needs to shift to data-centric audit and protection (DCAP). To help organizations navigate the evaluation process, this paper shares seven ways Imperva SecureSphere solutions for data security and governance surpass the competition.

  • Top 5 Solution Requirements for Account Takeover Protection

    Account takeover attacks are a significant problem for Internet facing Web applications that have become the backbone of the modern business. According to the 2015 Verizon Data Breach Investigations Report, over 50% of the Web application attacks came from the use of stolen credentials. Left unchecked, the costs can be enormous, and ranging from loss of confidential data, customer trust, and brand reputation to significant operational disruptions and financial damages.

    This paper provides five essential requirements that IT security teams can use to evaluate candidate solutions for account takeover protection. It also explains how Imperva SecureSphere Web Application Firewall with ThreatRadar Account Takeover Protection addresses each requirement.

  • Delivering Cyber Security Confidence for the Modern Enterprise

    Traditional network and endpoint security alone are not enough to keep pace with the rapid evolution and growing sophistication of cyber threats, user mobility, and the changes cloud computing is bringing to enterprise security. Read the eBook to discover a new approach to cyber security that’s focused on protecting business-critical data and applications wherever they are located, in the cloud or on-premises.

  • DDoS Response Playbook

    This handbook provides you with a practical guide for planning and executing a DDoS response plan. It outlines pragmatic steps and best practices for choosing and setting up the right mitigation solution for your organization, how to authoritatively respond to an attack, and conduct a thorough post-attack analysis for developing follow-up defense strategies.

  • Four Ways Built-in Database Auditing Drains Your IT Budget

    IT organizations are under pressure to deliver innovative solutions, while keeping overall IT costs in check. That’s why database auditing and protection projects often leverage existing resources, particularly built-in database auditing tools. The problem with built-in database auditing is that it leaves businesses with compliance and security gaps and burdens them with expensive hidden costs.

    This paper explores four key built-in database auditing inefficiencies that drain IT budgets. It will also demonstrate how organizations can use an automated solution to streamline database audit and protection and, in the process, free up more than 80% of the IT resources and budget dollars they are spending on database compliance today.

  • Interview with Executive Allan Tessler: Corporate Directors Must Be Involved in Cyber Security

    A corporate board needs to be responsible for ensuring that an organization’s intellectual assets as well as customer information are protected. Customer data is one of the primary sets of information that needs to be safeguarded from hacking and invasion because of the potential mal-use of that information. Read this short Q&A to learn why it’s important for corporate directors to understand cyber security risks.

  • Protecting Against Vulnerabilities in SharePoint Add-ons

    Microsoft SharePoint is a widely adopted data-sharing and collaboration platform which is often extended using third-party software. When the data in SharePoint is sensitive and regulated, the security of the platform - as well as the software extensions - must be a top concern for organizations. This paper will discuss the threats introduced when using third-party SharePoint plug-ins and Web Parts, evaluate the effectiveness of traditional security solutions in respect to these threats, and provide recommendations for hardening SharePoint systems.

  • Mitigating the OWASP Top 10 2013 with Imperva SecureSphere

    The Open Web Application Security Project (OWASP) Top Ten is widely recognized as one of the leading standards for identifying critical web application security risks. This paper analyzes the latest 2013 release of the OWASP Top Ten most critical web application security risks and outlines how SecureSphere Web Application Firewall (WAF) addresses and mitigates each OWASP Top Ten threat.

  • How Malware and Targeted Attacks Infiltrate Your Data Center

    Advanced targeted attacks leverage social engineering techniques and malware to bypass the security perimeter and compromise those individuals already on the inside of your enterprise. It only takes one infected employee to unknowingly unleash an attack on your entire network. This white paper will examine the seven stages of an advanced targeted attack, explore why traditional defenses, such as firewalls and IPS solutions lack the application and data focus needed to protect data center assets, and outline the functionality required to safeguard your organization from targeted attacks.

  • [eBook] Targeted Attacks: 8 Steps to Safeguard Your Organization

    User accounts and devices provide a direct pathway for hackers to access your most valuable asset - your data. By targeting your trusted employees, attackers can circumvent conventional solutions like firewalls and IPS solutions to penetrate your network and compromise your data center. A multi-layered strategy with malware detection and data center security is critical as it buys your IT department time to remediate compromised devices on your schedule and without impeding user productivity. This eBook includes case studies from eight organizations in highly targeted industries that suffered an advanced targeted attack; explains how targeted attacks, often using spear phishing and malware, consistently defy firewalls and IPS solutions; details critical layers of technology that businesses can implement to ensure data center protection; and provides an eight step plan for safeguarding your organization from attack.

  • What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications

    Web application attacks threaten nearly every organization with an online presence. While some security vendors contend that their next generation firewalls can stop Web attacks, these products lack essential Web security features, leaving customers exposed to attack. This paper lays out the six key requirements needed to protect Web applications and it shows how Web application firewalls alone can effectively satisfy these requirements.

  • SharePoint Governance and Security: Where to Start

    SharePoint is a complex platform experiencing explosive growth in adoption, exposure, and storage of sensitive content. Consequently, SharePoint security and governance are under greater scrutiny at the executive level and require immediate mitigation actions. The phased, risk-based perspective outlined in this paper aligns investments and priorities to accomplish the greatest security return for existing SharePoint deployments. Security plans should include both preventative and analytical capabilities and incorporate automated tools to provide controls and information that cannot be addressed practically by native SharePoint functionality or corporate resources.

  • [eBook] 10 Things Every Web Application Firewall Should Provide

    Securing Web applications against cybercriminals, hacktivists, and state-sponsored hackers is a never-ending effort. Why? Because hackers evade traditional network security defenses to take down Websites and to steal data; malicious users probe websites around-the-clock looking for vulnerabilities; and, automation tools such as off-the-shelf attack toolkits and botnets make it easy to execute large-scale attacks. Web application firewalls have become the central platform for protecting applications against all online threats. This eBook explains in detail the 10 features that every Web application firewall should provide.

  • The Future of Web Security: 10 Things Every Web Application Firewall Should Provide

    Web application firewalls have become the central platform for protecting applications against all online threats including technical Web attacks, business logic attacks, and online fraud. Web application firewalls understand Web usage and validate input to stop dangerous attacks like SQL injection, XSS, and directory traversal. They block scanners and virtually patch vulnerabilities. And they rapidly evolve to prevent new attacks and to keep critical applications safe. Because Web application firewalls are strategic, every organization must carefully evaluate the products' security, management, and deployment capabilities. This paper explains in detail the 10 features that every Web application firewall should provide.

  • Data Privacy: The High Cost of Unprotected Sensitive Data

    Today, organizations face a heightened threat landscape with data breaches constantly on the rise. Financial records, medical records, personally identifiable information (PII), and other private business data exist in virtually every enterprise data center. Failing to safeguard the databases that store this information can damage your reputation, impact your operations, and result in regulatory violations, fines, and legal fees. This white paper will (1) present 6 steps to automate and enforce enterprise data privacy policies (2) identify the database security tools needed to accomplish each step (3) highlight Imperva's market-leading SecureSphere Data Security Suite.

  • An Inside Track on Insider Threats

    How do leading companies mitigate the invisible problem of rogue insiders? Imperva analyzed dozens of companies to understand some of the commonly deployed practices across human resources, legal and technology to stop malicious insiders from taking data and intellectual property. Specifically, we identify nine practices top enterprises have found the most useful to control the leakage of digital assets. Pinpointing the source and scope of data theft is often hard to quantify, especially since your largest internal threat may actually be one of your most loyal employees. This research presents the findings of the first-ever global insider threat study that catalogs common practices used by leading organizations across numerous verticals.

  • Five Steps for Protecting Australian Government Information

    According to the Information Security Manual (ISM), the primary cyber threat to Australia is cyber exploitation: malicious activities designed to silently gather information from ICT systems. The disclosure of sensitive commercial or government information can threaten national interests. The disclosure of sensitive personal information can enable malicious activities against individuals. The security of sensitive government and commercial information is critical for ensuring that Australia continues to be a safe place to do business online. This paper outlines Five Steps to protect critical information.

  • Information Security Risk Management for Australian Financial Service Organizations

    Published in 2010 by the Australian Prudential Regulation Authority (APRA), the prudential practice guide PPG 234 aims to assist regulated financial institutions in the management of security risk in information and information technology. The guide targets areas where APRA continues to identify weaknesses as part of its ongoing supervisory activities. PPG 234 reflects the need for sound risk management disciplines and solid business understanding to evaluate and manage the IT security risk profile. This paper identifies how SecureSphere enables financial institutions to incrementally address the PPG 234 security recommendations and mitigate risks to their information and information systems.

  • [eBook] How to Protect Your Website From Hackers

    Hackers continuously attack Websites in order to steal sensitive data and disrupt access. To address the threat from hackers, the PCI Data Security Standard mandates that merchants fortify their Web applications against attack. This eBook describes today's Web security risks and introduces new cloud-based solutions that protect Websites from hackers and meet PCI compliance requirements.

  • Advanced Persistent Threat - Are You the Next Target?

    Security researchers have been talking about advanced persistent threat (APT) for some time. Recently, we have seen a steep increase in the number of organizations hit by this type of attack. Initially, researchers thought APTs were mostly aimed at government agencies or political targets, but the latest attacks on enterprises suggest that APTs are not confined to a specific type of organization or sector.

  • [eBook] SharePoint Security Playbook

    The increasing use of Microsoft SharePoint to store sensitive business data and extend access and collaboration to partners, customers, and suppliers has outpaced native SharePoint security capabilities. More and more organizations are storing and accessing sensitive, regulated information through this platform. To improve business security, organizations must invest in organizing, managing, and protecting these valuable assets. By implementing the five lines of defense outlined in this eBook, you will be able to overcome operational challenges and protect your SharePoint deployments against both internal and external threats.

  • Cutting the Cost of Application Security

    Web application attacks can result in devastating data breaches and application downtime, costing companies millions of dollars in fines, brand damage, and customer turnover. This paper illustrates how the SecureSphere Web Application Firewall provides a Return on Security Investment of 2090% by preventing data breaches and Website downtime. SecureSphere also offers a compelling return compared to manual vulnerability remediation by eliminating costly emergency fix and test measures.

  • Implementing Security Controls for addressing DHS Sensitive Systems Policy Directive 4300A

    This paper reviews how SecureSphere enables DHS components to implement the technical controls described in chapter 5 of the DHS 4300A Sensitive Systems Handbook. With SecureSphere Data Security Solutions, DHS components can facilitate detection of security violations, and support security requirements for applications and data, including Identification and Authentication, Access Controls and Auditing.

  • Compliance with the HIPAA Security Rule - Meeting the Electronic Code of Federal Requirements

    The HIPAA Security Rule establishes national standards to protect individuals' medical records and other personal health information. In this paper we review the security standards for protection of e-PHI as listed under part 164 of the 45 CFR, and map SecureSphere Data Security Suite solutions to the specified requirements described in these standards.

  • How to Secure Your SharePoint Deployment

    This paper presents five best practices for securing your SharePoint environment. It discusses how SecureSphere for SharePoint can help organizations get the most out of SharePoint's existing permissions system, and fill some of SharePoint's security gaps.

  • Meeting NIST SP 800-53 Guidelines

    This paper reviews information security requirements described by NIST in SP 800-53. It discusses the main implementation challenges organizations struggle with. The paper also maps key capabilities of Imperva's SecureSphere Data Security Suite to NIST SP 800-53 guidelines, describing how SecureSphere solutions can be used to implement required controls, manage risk to federal information and demonstrate compliance.

  • Four Steps to Defeating a DDoS Attack

    Hackers, criminals, and political ""hactivists"" have increasingly turned to Distributed Denial of Service (DDoS) attacks to disrupt access to or even take down legitimate Websites. This white paper describes DDoS attack methods such as powerful DDoS attacks originating from servers and new, advanced application DDoS attacks. It then lays out four simple steps that organizations can undertake to mitigate DDoS attacks.

  • Facing Reality: Top Database Security Trends

    Enterprise database infrastructure is subject to an overwhelming range of threats. Securing databases and the data they host is challenging not only because of the volume of data spread across heterogeneous platforms, but also because of the increased sophistication and rising rate of database security threats. This paper reviews the top database security trends that IT managers and security teams struggle to keep up with, including: advanced persistent threat (APT), SQL injection, implementation of audit controls, database patch and configuration management, limiting users rights to data based on business need-to-know, abuse of legitimate data access privileges, and cloud security.

  • Cutting IT Operations Costs for Unstructured Data

    Market analysts estimate that 80% of all enterprise data is unstructured and that unstructured data will grow tenfold in the next five years. Crushed under the weight of these files are the IT organizations tasked with managing and securing them. Operationally, it's nearly impossible to keep track of who is creating all of these business documents, who owns them, and who can - and is - accessing them.

  • Detecting and Blocking Site Scraping Attacks

    Site scraping attacks range from harmless data collection for personal research to calculated, repeated data harvesting used to undercut competitor's prices or to illicitly publish valuable information. Site scraping, also called screen scraping or Web scraping, can undermine victims' revenues and profits by siphoning off customers and reducing competitiveness. This paper investigates various types of scraping attacks, site scraping tools, and effective techniques to detect and stop future attacks.

  • 10 Building Blocks for Securing File Data

    Three fundamental capabilities are lacking in most organizations:

    1. Operationally efficient file activity monitoring and auditing
    2. Scalable user rights management for files
    3. Automated business policy enforcement for file data
    These three capabilities are core components of the emerging File Activity Monitoring market, and form the basis of a phased approach to file security. This guide describes ten phases for securing file data, including how and when to use these basic capabilities, as well as when to deploy other complementary technologies.

  • Botnets at the Gate

    Stopping Botnets and Distributed Denial of Service Attacks
    Botnets have infiltrated millions of users' computers and wrecked incalculable damage. This white paper lifts the veil on botnets and on the cyber-criminals behind them. It analyzes the history, growth, and economics behind botnets. It then investigates one of the most common attacks executed by botnets: the Distributed Denial of Service (DDoS) attack.

  • Security for PCI Compliance

    Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers

    For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.

    This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.

  • Five Signs Your File Data is at Risk

    Persistent insider threats and regulatory compliance mandates make protecting sensitive file data a business requirement for virtually every organization. However, the sheer volume of file data and its rapid and continuous growth make it a challenge to secure properly. This whitepaper reviews the five questions to help you assess your file security posture. If you aren't able to answer these five questions confidently, your file data is probably at risk.

  • Anatomy of an XSS Campaign

    The Imperva Defense Center observed the full anatomy of a cross-site scripting (XSS) campaign, showing why it's so easy to conduct a muscular phishing campaign in just under an hour.

  • Protected! Mitigating Web Application and Database Vulnerabilities with Virtual Patching

    It's not always possible - or practical - to patch vulnerabilities in your Web applications or databases as soon as you discover them. You can use a technique known as ""virtual patching"" to rapidly address vulnerabilities and ensure you are protected until a long-term fix can be put in place. This brief whitepaper discusses the business benefits of virtual patching, including improved security and increased operational efficiency.

  • Data Security Study: Consumer Password Worst Practices

    In December 2009, a major vulnerability was discovered in Rockyou.com. By examining a hacker's blog, a major vulnerability was discovered that led to the breach of 32 million passwords and the hacker posted to the Internet the full list of the 32 million passwords (with no other identifiable information). The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. Further, never before has there been such a high volume of real-world passwords to examine. The Imperva Defense Center analyzed the strength of the passwords.

  • Top 10 Guide to Data Security for Federal Agencies

    Web application and database security remains one of the most vulnerable areas across federal agencies as well as the private sector in virtually every geography and business vertical. An essential difference between enterprises and federal agencies is the attacker.

    Irrespective of attacks from inside or outside an organization data remains the prize. Traditional network security controls while valuable and necessary simply don't scale to address data-centric attacks, and organizations need to augment them with data-centric solutions focused on the targets: Web applications and databases. But federal agencies are not just focused on security - they also need to demonstrate compliance to both agency and congressional mandates.

  • Implementing Sarbanes-Oxley Audit Requirements

    The Sarbanes-Oxley Act (SOX) of 2002 set requirements for the integrity of the source data related to financial transactions and reporting. In particular, auditors are looking at regulated data residing in databases connected to enterprise applications such as SAP, Oracle E-Business Suite, PeopleSoft, and other Web Applications. In this White Paper, Imperva presents the range of functions that need to take place to achieve and demonstrate compliance with SOX.