Cloud Relational Database as a Service (RDaaS) Security Guide
Cloud providers have begun to offer sophisticated technology platforms for hosting databases in the cloud such as Relational Database as a Services (RDaaS). As organizations plan or begin to migrate databases to these offerings they need to be aware that some compliance and security services are not included. The RDaaS Security Guide provides direction that can help ensure your organization is not exposed to any compliance or Security gaps as you migrate to these kind of platforms.
O’Reilly: Web Application Firewalls
This definitive book will help you to get up to speed on the latest developments in the space to better understand how you can incorporate and integrate WAF with your existing and planned technology deployments, including cloud, on-premises and hybrid topologies.
Q4 2017 Global DDoS Threat Landscape
In Q4 2017, the bitcoin industry continued to draw significant attack traffic, this time making it onto the most attacked industry list according to number of attacks and number of targets. While there was a drop in the number of network layer attacks this quarter, which fell by 50 percent, application layer assaults nearly doubled. At the same time, there was a spike in both network and application attack persistence.
2018 Cyberthreat Defense Report
17 countries. 19 industries. 1200 qualified IT security employees. Since it's inaugural launch in 2014, the Cyberthreat Defense Report (CDR) has taken a vendor-agnostic view of how enterprises perceive cyber threats and how they leverage third-party products and services to overcome them.
Protect Your Applications Against OWASP Top 10 Risks
The application security landscape is changing, and the new 2017 Open Web Application Security Project (OWASP) top ten risks are here. Learn how your security teams can use best-of-breed solutions to protect against OWASP Top 10 threats.
Cloud Migration Guide
Migrating to the cloud is not a simple matter; there are many possible paths to consider and a variety of security concerns. The Cloud Migration Guide provides direction as you begin your journey of migrating applications and data to the cloud.
White Paper: Data Protection Under POPI
6 Step Data Privacy Protection Plan for the South African Protection of Personal Information (POPI) Bill
Is your organization ready to address the South African Protection of Personal Information (POPI) bill? POPI prescribes information protection principles to regulate collection and processing of South African citizens' personal data. In this paper, we review POPI's eight principles and discuss how best to address those with practical data security processes and solutions.
How to Select the Right Web Application Firewall: 10 Key Requirements to Consider
A web application firewall is not a one-size-fits-all option. This guide provides IT security staff with an overview of the threats to web applications and items to consider when selecting a web application firewall. It also details minimum feature and functionality requirements, and provides an at-a-glance checklist for evaluating web application firewalls.
2017 Cyberthreat Defense Report
CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
eBook: Cyber Security is the Board’s Business
Board members have a fiduciary responsibility to establish and govern business policies and practices that drive a company’s financial performance and growth. But do they have a comprehensive view of the company’s defense posture to assure they are a conscientious steward of the business?
In this eBook, Board members will discover why they need to be concerned about cyber security and how to get more involved.
Cyber Security Board Oversight: Taking Ownership of Cyber Security Risks
Enterprise-level cyber security solutions require more than just technology and employee training; they require the top-down involvement of everyone within the organization, including the Board of Directors. Getting buy-in from a Board of Directors is not always easy, however.
In this eBook, CEOs and CIOs will discover new ways to educate their Board of Directors and get them onboard with their cyber security.
Top 5 Solution Requirements for Account Takeover Protection
Account takeover attacks are a significant problem for Internet facing Web applications that have become the backbone of the modern business. According to the 2015 Verizon Data Breach Investigations Report, over 50% of the Web application attacks came from the use of stolen credentials. Left unchecked, the costs can be enormous, and ranging from loss of confidential data, customer trust, and brand reputation to significant operational disruptions and financial damages.
This paper provides five essential requirements that IT security teams can use to evaluate candidate solutions for account takeover protection. It also explains how Imperva SecureSphere Web Application Firewall with ThreatRadar Account Takeover Protection addresses each requirement.
Delivering Cyber Security Confidence for the Modern Enterprise
Traditional network and endpoint security alone are not enough to keep pace with the rapid evolution and growing sophistication of cyber threats, user mobility, and the changes cloud computing is bringing to enterprise security. Read the eBook to discover a new approach to cyber security that’s focused on protecting business-critical data and applications wherever they are located, in the cloud or on-premises.
DDoS Response Playbook
This handbook provides you with a practical guide for planning and executing a DDoS response plan. It outlines pragmatic steps and best practices for choosing and setting up the right mitigation solution for your organization, how to authoritatively respond to an attack, and conduct a thorough post-attack analysis for developing follow-up defense strategies.
Interview with Executive Allan Tessler: Corporate Directors Must Be Involved in Cyber Security
A corporate board needs to be responsible for ensuring that an organization’s intellectual assets as well as customer information are protected. Customer data is one of the primary sets of information that needs to be safeguarded from hacking and invasion because of the potential mal-use of that information. Read this short Q&A to learn why it’s important for corporate directors to understand cyber security risks.
Data Privacy: The High Cost of Unprotected Sensitive Data
Today, organizations face a heightened threat landscape with data breaches constantly on the rise. Financial records, medical records, personally identifiable information (PII), and other private business data exist in virtually every enterprise data center. Failing to safeguard the databases that store this information can damage your reputation, impact your operations, and result in regulatory violations, fines, and legal fees. This white paper will (1) present 6 steps to automate and enforce enterprise data privacy policies (2) identify the database security tools needed to accomplish each step (3) highlight Imperva's market-leading SecureSphere Data Security Suite.
Five Steps for Protecting Australian Government Information
According to the Information Security Manual (ISM), the primary cyber threat to Australia is cyber exploitation: malicious activities designed to silently gather information from ICT systems. The disclosure of sensitive commercial or government information can threaten national interests. The disclosure of sensitive personal information can enable malicious activities against individuals. The security of sensitive government and commercial information is critical for ensuring that Australia continues to be a safe place to do business online. This paper outlines Five Steps to protect critical information.
Information Security Risk Management for Australian Financial Service Organizations
Published in 2010 by the Australian Prudential Regulation Authority (APRA), the prudential practice guide PPG 234 aims to assist regulated financial institutions in the management of security risk in information and information technology. The guide targets areas where APRA continues to identify weaknesses as part of its ongoing supervisory activities. PPG 234 reflects the need for sound risk management disciplines and solid business understanding to evaluate and manage the IT security risk profile. This paper identifies how SecureSphere enables financial institutions to incrementally address the PPG 234 security recommendations and mitigate risks to their information and information systems.
Compliance with the HIPAA Security Rule - Meeting the Electronic Code of Federal Requirements
The HIPAA Security Rule establishes national standards to protect individuals' medical records and other personal health information. In this paper we review the security standards for protection of e-PHI as listed under part 164 of the 45 CFR, and map SecureSphere Data Security Suite solutions to the specified requirements described in these standards.
Security for PCI Compliance
Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers
For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.
This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.
Implementing Sarbanes-Oxley Audit Requirements
The Sarbanes-Oxley Act (SOX) of 2002 set requirements for the integrity of the source data related to financial transactions and reporting. In particular, auditors are looking at regulated data residing in databases connected to enterprise applications such as SAP, Oracle E-Business Suite, PeopleSoft, and other Web Applications. In this White Paper, Imperva presents the range of functions that need to take place to achieve and demonstrate compliance with SOX.