• eBook: Cyber Security is the Board’s Business

    Board members have a fiduciary responsibility to establish and govern business policies and practices that drive a company’s financial performance and growth. But do they have a comprehensive view of the company’s defense posture to assure they are a conscientious steward of the business?

    In this eBook, Board members will discover why they need to be concerned about cyber security and how to get more involved.
  • Cyber Security Board Oversight: Taking Ownership of Cyber Security Risks

    Enterprise-level cyber security solutions require more than just technology and employee training; they require the top-down involvement of everyone within the organization, including the Board of Directors. Getting buy-in from a Board of Directors is not always easy, however.

    In this eBook, CEOs and CIOs will discover new ways to educate their Board of Directors and get them onboard with their cyber security.
  • Gartner Best Practices for Managing 'Insider' Security Threats

    Read Gartner’s Best Practices for Managing 'Insider' Security Threats and get threat prevention strategies to protect your enterprise from security breaches by internal users.
  • Harvard Business Review: The Danger from Within

    The biggest threat to enterprise security is the people organizations hire and fire. Read this article from the Harvard Business Review, “Danger from Within,” and learn why the number of insider cyberattacks is growing and get five tips on how to tackle the problem.
  • Plugging the Security Gaps of Cloud File Sharing Services

    This paper examines seven items to consider when it comes to security and compliance of cloud file sharing services like Box, Dropbox, OneDrive, and Google Drive, and how you can mitigate the risks with a Cloud Access Security Broker (CASB) solution such as Imperva Skyfence. Learn why Gartner says a CASB is a required security platform for organizations using cloud services.
  • 2016 Cyberthreat Defense Report

    We’re losing the war! Today’s security threats bypass enterprise defenses and remain undetected for far too long. Read CyberEdge Group’s 2016 Cyberthreat Defense Report and find out how your defense posture stacks up against 1000 IT security decision makers. You will learn how your spend compares to that of other organizations, what defense measures your peers have in place to defend against internal and external threats, and why weaknesses in your strategy could make your organization a “low hanging fruit”.
  • Top 5 Solution Requirements for Account Takeover Protection

    Account takeover attacks are a significant problem for Internet facing Web applications that have become the backbone of the modern business. According to the 2015 Verizon Data Breach Investigations Report, over 50% of the Web application attacks came from the use of stolen credentials. Left unchecked, the costs can be enormous, and ranging from loss of confidential data, customer trust, and brand reputation to significant operational disruptions and financial damages.

    This paper provides five essential requirements that IT security teams can use to evaluate candidate solutions for account takeover protection. It also explains how Imperva SecureSphere Web Application Firewall with ThreatRadar Account Takeover Protection addresses each requirement.
  • Office 365 Playbook: How to Ensure Security through Cloud Access Security Brokers

    This playbook provides you with a practical guide for defining, developing, and executing an Office 365 security plan. It includes choosing and optimizing the appropriate solution to mitigate your Office 365 risk while also meeting all of your compliance obligations, be they regulatory requirements or best practice guidelines from organizations such as the Cloud Security Alliance.
  • Delivering Cyber Security Confidence for the Modern Enterprise

    Traditional network and endpoint security alone are not enough to keep pace with the rapid evolution and growing sophistication of cyber threats, user mobility, and the changes cloud computing is bringing to enterprise security. Read the eBook to discover a new approach to cyber security that’s focused on protecting business-critical data and applications wherever they are located, in the cloud or on-premises.
  • Securing and Monitoring Access to Office 365

    Microsoft provides basic security features for Office 365, but it’s ultimately up to the customer to protect Office 365 admin and user accounts from external threats and malicious insiders. This paper looks at the challenges of securing access to Office 365 and what you can do to protect your data.
  • Securing Administrator Access for the Amazon Web Services Management Console

    AWS provides the foundational security infrastructure for its customers, but the ultimate responsibility to secure the application running on AWS lies with the customer. This paper looks at the importance and challenges of securing access to the AWS console and what you can do to protect your data.
  • The Cloud App Visibility Blind Spot

    Traditional security controls weren’t designed with the cloud in mind. Read this white paper to learn about the challenges created by “Shadow IT” and what you can do to mitigate those risks and safely enable the use of cloud apps in your organization.
  • IaaS Reference Architectures: for AWS

    Data center, IT and Operations Architects can now secure their web applications whether those are on-premise, in a virtual environment or in the most popular public cloud, Amazon Web Services (AWS). This Blueprint document provides guidance on architecting security for cloud-based web applications using the leading WAF solution in the market today, Imperva SecureSphere, along with other Imperva security solutions for Amazon Web Services (AWS).
  • DDoS Response Playbook

    This handbook provides you with a practical guide for planning and executing a DDoS response plan. It outlines pragmatic steps and best practices for choosing and setting up the right mitigation solution for your organization, how to authoritatively respond to an attack, and conduct a thorough post-attack analysis for developing follow-up defense strategies.
  • Interview with Executive Allan Tessler: Corporate Directors Must Be Involved in Cyber Security

    A corporate board needs to be responsible for ensuring that an organization’s intellectual assets as well as customer information are protected. Customer data is one of the primary sets of information that needs to be safeguarded from hacking and invasion because of the potential mal-use of that information. Read this short Q&A to learn why it’s important for corporate directors to understand cyber security risks.
  • Data Protection Under POPI

    6 Step Data Privacy Protection Plan for the South African Protection of Personal Information (POPI) Bill

    Is your organization ready to address the South African Protection of Personal Information (POPI) bill? POPI prescribes information protection principles to regulate collection and processing of South African citizens' personal data. In this paper, we review POPI's eight principles and discuss how best to address those with practical data security processes and solutions.
  • Data Privacy: The High Cost of Unprotected Sensitive Data

    Today, organizations face a heightened threat landscape with data breaches constantly on the rise. Financial records, medical records, personally identifiable information (PII), and other private business data exist in virtually every enterprise data center. Failing to safeguard the databases that store this information can damage your reputation, impact your operations, and result in regulatory violations, fines, and legal fees. This white paper will (1) present 6 steps to automate and enforce enterprise data privacy policies (2) identify the database security tools needed to accomplish each step (3) highlight Imperva's market-leading SecureSphere Data Security Suite.
  • Five Steps for Protecting Australian Government Information

    According to the Information Security Manual (ISM), the primary cyber threat to Australia is cyber exploitation: malicious activities designed to silently gather information from ICT systems. The disclosure of sensitive commercial or government information can threaten national interests. The disclosure of sensitive personal information can enable malicious activities against individuals. The security of sensitive government and commercial information is critical for ensuring that Australia continues to be a safe place to do business online. This paper outlines Five Steps to protect critical information.
  • Information Security Risk Management for Australian Financial Service Organizations

    Published in 2010 by the Australian Prudential Regulation Authority (APRA), the prudential practice guide PPG 234 aims to assist regulated financial institutions in the management of security risk in information and information technology. The guide targets areas where APRA continues to identify weaknesses as part of its ongoing supervisory activities. PPG 234 reflects the need for sound risk management disciplines and solid business understanding to evaluate and manage the IT security risk profile. This paper identifies how SecureSphere enables financial institutions to incrementally address the PPG 234 security recommendations and mitigate risks to their information and information systems.
  • Compliance with the HIPAA Security Rule - Meeting the Electronic Code of Federal Requirements

    The HIPAA Security Rule establishes national standards to protect individuals' medical records and other personal health information. In this paper we review the security standards for protection of e-PHI as listed under part 164 of the 45 CFR, and map SecureSphere Data Security Suite solutions to the specified requirements described in these standards.
  • Security for PCI Compliance

    Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers

    For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.

    This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.
  • Implementing Sarbanes-Oxley Audit Requirements

    The Sarbanes-Oxley Act (SOX) of 2002 set requirements for the integrity of the source data related to financial transactions and reporting. In particular, auditors are looking at regulated data residing in databases connected to enterprise applications such as SAP, Oracle E-Business Suite, PeopleSoft, and other Web Applications. In this White Paper, Imperva presents the range of functions that need to take place to achieve and demonstrate compliance with SOX.