• 2018 Cyberthreat Defense Report

    17 countries. 19 industries. 1200 qualified IT security employees. Since it's inaugural launch in 2014, the Cyberthreat Defense Report (CDR) has taken a vendor-agnostic view of how enterprises perceive cyber threats and how they leverage third-party products and services to overcome them.

  • Protect Your Applications Against OWASP Top 10 Risks

    The application security landscape is changing, and the new 2017 Open Web Application Security Project (OWASP) top ten risks are here. Learn how your security teams can use best-of-breed solutions to protect against OWASP Top 10 threats.

  • Cloud Migration Guide

    Migrating to the cloud is not a simple matter; there are many possible paths to consider and a variety of security concerns. The Cloud Migration Guide provides direction as you begin your journey of migrating applications and data to the cloud.

  • White Paper: Data Protection Under POPI

    6 Step Data Privacy Protection Plan for the South African Protection of Personal Information (POPI) Bill

    Is your organization ready to address the South African Protection of Personal Information (POPI) bill? POPI prescribes information protection principles to regulate collection and processing of South African citizens' personal data. In this paper, we review POPI's eight principles and discuss how best to address those with practical data security processes and solutions.

  • How to Select the Right Web Application Firewall: 10 Key Requirements to Consider

    A web application firewall is not a one-size-fits-all option. This guide provides IT security staff with an overview of the threats to web applications and items to consider when selecting a web application firewall. It also details minimum feature and functionality requirements, and provides an at-a-glance checklist for evaluating web application firewalls.

  • 2017 Cyberthreat Defense Report

    CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.

  • eBook: Cyber Security is the Board’s Business

    Board members have a fiduciary responsibility to establish and govern business policies and practices that drive a company’s financial performance and growth. But do they have a comprehensive view of the company’s defense posture to assure they are a conscientious steward of the business?

    In this eBook, Board members will discover why they need to be concerned about cyber security and how to get more involved.

  • Cyber Security Board Oversight: Taking Ownership of Cyber Security Risks

    Enterprise-level cyber security solutions require more than just technology and employee training; they require the top-down involvement of everyone within the organization, including the Board of Directors. Getting buy-in from a Board of Directors is not always easy, however.

    In this eBook, CEOs and CIOs will discover new ways to educate their Board of Directors and get them onboard with their cyber security.

  • Top 5 Solution Requirements for Account Takeover Protection

    Account takeover attacks are a significant problem for Internet facing Web applications that have become the backbone of the modern business. According to the 2015 Verizon Data Breach Investigations Report, over 50% of the Web application attacks came from the use of stolen credentials. Left unchecked, the costs can be enormous, and ranging from loss of confidential data, customer trust, and brand reputation to significant operational disruptions and financial damages.

    This paper provides five essential requirements that IT security teams can use to evaluate candidate solutions for account takeover protection. It also explains how Imperva SecureSphere Web Application Firewall with ThreatRadar Account Takeover Protection addresses each requirement.

  • Delivering Cyber Security Confidence for the Modern Enterprise

    Traditional network and endpoint security alone are not enough to keep pace with the rapid evolution and growing sophistication of cyber threats, user mobility, and the changes cloud computing is bringing to enterprise security. Read the eBook to discover a new approach to cyber security that’s focused on protecting business-critical data and applications wherever they are located, in the cloud or on-premises.

  • DDoS Response Playbook

    This handbook provides you with a practical guide for planning and executing a DDoS response plan. It outlines pragmatic steps and best practices for choosing and setting up the right mitigation solution for your organization, how to authoritatively respond to an attack, and conduct a thorough post-attack analysis for developing follow-up defense strategies.

  • Interview with Executive Allan Tessler: Corporate Directors Must Be Involved in Cyber Security

    A corporate board needs to be responsible for ensuring that an organization’s intellectual assets as well as customer information are protected. Customer data is one of the primary sets of information that needs to be safeguarded from hacking and invasion because of the potential mal-use of that information. Read this short Q&A to learn why it’s important for corporate directors to understand cyber security risks.

  • Data Privacy: The High Cost of Unprotected Sensitive Data

    Today, organizations face a heightened threat landscape with data breaches constantly on the rise. Financial records, medical records, personally identifiable information (PII), and other private business data exist in virtually every enterprise data center. Failing to safeguard the databases that store this information can damage your reputation, impact your operations, and result in regulatory violations, fines, and legal fees. This white paper will (1) present 6 steps to automate and enforce enterprise data privacy policies (2) identify the database security tools needed to accomplish each step (3) highlight Imperva's market-leading SecureSphere Data Security Suite.

  • Five Steps for Protecting Australian Government Information

    According to the Information Security Manual (ISM), the primary cyber threat to Australia is cyber exploitation: malicious activities designed to silently gather information from ICT systems. The disclosure of sensitive commercial or government information can threaten national interests. The disclosure of sensitive personal information can enable malicious activities against individuals. The security of sensitive government and commercial information is critical for ensuring that Australia continues to be a safe place to do business online. This paper outlines Five Steps to protect critical information.

  • Information Security Risk Management for Australian Financial Service Organizations

    Published in 2010 by the Australian Prudential Regulation Authority (APRA), the prudential practice guide PPG 234 aims to assist regulated financial institutions in the management of security risk in information and information technology. The guide targets areas where APRA continues to identify weaknesses as part of its ongoing supervisory activities. PPG 234 reflects the need for sound risk management disciplines and solid business understanding to evaluate and manage the IT security risk profile. This paper identifies how SecureSphere enables financial institutions to incrementally address the PPG 234 security recommendations and mitigate risks to their information and information systems.

  • Compliance with the HIPAA Security Rule - Meeting the Electronic Code of Federal Requirements

    The HIPAA Security Rule establishes national standards to protect individuals' medical records and other personal health information. In this paper we review the security standards for protection of e-PHI as listed under part 164 of the 45 CFR, and map SecureSphere Data Security Suite solutions to the specified requirements described in these standards.

  • Security for PCI Compliance

    Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers

    For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.

    This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.

  • Implementing Sarbanes-Oxley Audit Requirements

    The Sarbanes-Oxley Act (SOX) of 2002 set requirements for the integrity of the source data related to financial transactions and reporting. In particular, auditors are looking at regulated data residing in databases connected to enterprise applications such as SAP, Oracle E-Business Suite, PeopleSoft, and other Web Applications. In this White Paper, Imperva presents the range of functions that need to take place to achieve and demonstrate compliance with SOX.