• eBook: Cyber Security is the Board’s Business

    Board members have a fiduciary responsibility to establish and govern business policies and practices that drive a company’s financial performance and growth. But do they have a comprehensive view of the company’s defense posture to assure they are a conscientious steward of the business?

    In this eBook, Board members will discover why they need to be concerned about cyber security and how to get more involved.
  • 2015-16 DDoS Threat Landscape Report

    The Imperva DDoS Threat Landscape Report contains the latest attack trends, using the data collected in the course of mitigating thousands of network and application DDoS attacks on Imperva Incapsula customers worldwide.
  • 2016 Magic Quadrant for Web Application Firewalls

    Gartner, Inc. has released the 2016 Magic Quadrant for Web Application Firewalls. Imperva has been positioned as the ONLY Leader on this Magic Quadrant for the third consecutive year. Read this report for Gartner’s analysis of the Web Application Firewalls market.
  • Cyber Security Board Oversight: Taking Ownership of Cyber Security Risks

    Enterprise-level cyber security solutions require more than just technology and employee training; they require the top-down involvement of everyone within the organization, including the Board of Directors. Getting buy-in from a Board of Directors is not always easy, however.

    In this eBook, CEOs and CIOs will discover new ways to educate their Board of Directors and get them onboard with their cyber security.
  • Mitigating OWASP Automated Threats – Learn How Imperva SecureSphere WAF and ThreatRadar combine to stop automated threats in their tracks

    Automated web-based attacks that abuse standard functionality in web-based applications are on the rise. The Open Web Application Security Project (OWASP) recently published its Automated Threat Handbook for web applications, to bring greater attention and clarity to detect this attack trend.

    Using the threat classification scheme from the OWASP handbook as a framework, this white paper demonstrates how Imperva SecureSphere Web Application Firewall and Imperva ThreatRadar threat intelligence services together provide organizations an effective and proactive way to protect web applications against automated threats, both now and in the future.
  • Combat today’s threats with a single platform for app and data security

    Read Combat Today’s Threats with a Single Platform for App and Data Security and learn how to protect web applications and sensitive data across the enterprise and in the cloud. Employing a practical approach, this paper guides you through four simple steps to discover, assess, protect and monitor access to sensitive data.
  • Stop Bad Bots – What Security Professionals Need to Know about Defeating Zombies

    Organized cybercrime is thriving as hackers continue to invent new ways to attack your critical web assets. Armies of zombie devices—or botnets—are responsible for $9 billion in losses to U.S. victims and over $110 billion in losses globally. Source: Imperva Incapsula, FBI testimony before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism

    This eBook examines ways you can improve your web application security strategy by defending against bad bots, proactively detect and classify malicious and unknown bots, mitigate them and prevent web account takeover.
  • Five Ways Imperva Surpasses the Competition for Web Application Security

    Web application firewalls have become an essential component of the modern organization's security infrastructure, providing scalable high-fidelity protection of business-critical web applications from a broad spectrum of cyber threats. As with any must-have enterprise security solution, there is considerable variation in available offerings. This white paper examines five ways that the industry leading Imperva SecureSphere Web Application Firewall surpasses the competition, to help IT security and application defense teams navigate the evaluation process.
  • 2016 Cyberthreat Defense Report

    We’re losing the war! Today’s security threats bypass enterprise defenses and remain undetected for far too long. Read CyberEdge Group’s 2016 Cyberthreat Defense Report and find out how your defense posture stacks up against 1000 IT security decision makers. You will learn how your spend compares to that of other organizations, what defense measures your peers have in place to defend against internal and external threats, and why weaknesses in your strategy could make your organization a “low hanging fruit”.
  • Top 5 Solution Requirements for Account Takeover Protection

    Account takeover attacks are a significant problem for Internet facing Web applications that have become the backbone of the modern business. According to the 2015 Verizon Data Breach Investigations Report, over 50% of the Web application attacks came from the use of stolen credentials. Left unchecked, the costs can be enormous, and ranging from loss of confidential data, customer trust, and brand reputation to significant operational disruptions and financial damages.

    This paper provides five essential requirements that IT security teams can use to evaluate candidate solutions for account takeover protection. It also explains how Imperva SecureSphere Web Application Firewall with ThreatRadar Account Takeover Protection addresses each requirement.
  • IaaS Reference Architectures: for AWS

    Data center, IT and Operations Architects can now secure their web applications whether those are on-premise, in a virtual environment or in the most popular public cloud, Amazon Web Services (AWS). This Blueprint document provides guidance on architecting security for cloud-based web applications using the leading WAF solution in the market today, Imperva SecureSphere, along with other Imperva security solutions for Amazon Web Services (AWS).
  • Interview with Executive Allan Tessler: Corporate Directors Must Be Involved in Cyber Security

    A corporate board needs to be responsible for ensuring that an organization’s intellectual assets as well as customer information are protected. Customer data is one of the primary sets of information that needs to be safeguarded from hacking and invasion because of the potential mal-use of that information. Read this short Q&A to learn why it’s important for corporate directors to understand cyber security risks.
  • Web Attack Survival Guide

    The Web Attack Survival Guide is your secret weapon for surviving attacks from hacktivists and cybercriminals. This guide provides step-by-step instructions to help you prepare for and stop web attacks, from hardening your applications, to blocking advanced attacks like SQL injection and DDoS, to performing a post-mortem after the attack is over. Armed with this guide, you can confidently face impending web attacks with a well-thought out strategy.
  • Mitigating the OWASP Top 10 2013 with Imperva SecureSphere

    The Open Web Application Security Project (OWASP) Top Ten is widely recognized as one of the leading standards for identifying critical web application security risks. This paper analyzes the latest 2013 release of the OWASP Top Ten most critical web application security risks and outlines how SecureSphere Web Application Firewall (WAF) addresses and mitigates each OWASP Top Ten threat.
  • What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications

    Web application attacks threaten nearly every organization with an online presence. While some security vendors contend that their next generation firewalls can stop Web attacks, these products lack essential Web security features, leaving customers exposed to attack. This paper lays out the six key requirements needed to protect Web applications and it shows how Web application firewalls alone can effectively satisfy these requirements.
  • [eBook] 10 Things Every Web Application Firewall Should Provide

    Securing Web applications against cybercriminals, hacktivists, and state-sponsored hackers is a never-ending effort. Why? Because hackers evade traditional network security defenses to take down Websites and to steal data; malicious users probe websites around-the-clock looking for vulnerabilities; and, automation tools such as off-the-shelf attack toolkits and botnets make it easy to execute large-scale attacks. Web application firewalls have become the central platform for protecting applications against all online threats. This eBook explains in detail the 10 features that every Web application firewall should provide.
  • The Future of Web Security: 10 Things Every Web Application Firewall Should Provide

    Web application firewalls have become the central platform for protecting applications against all online threats including technical Web attacks, business logic attacks, and online fraud. Web application firewalls understand Web usage and validate input to stop dangerous attacks like SQL injection, XSS, and directory traversal. They block scanners and virtually patch vulnerabilities. And they rapidly evolve to prevent new attacks and to keep critical applications safe. Because Web application firewalls are strategic, every organization must carefully evaluate the products' security, management, and deployment capabilities. This paper explains in detail the 10 features that every Web application firewall should provide.
  • [eBook] How to Protect Your Website From Hackers

    Hackers continuously attack Websites in order to steal sensitive data and disrupt access. To address the threat from hackers, the PCI Data Security Standard mandates that merchants fortify their Web applications against attack. This eBook describes today's Web security risks and introduces new cloud-based solutions that protect Websites from hackers and meet PCI compliance requirements.
  • Cutting the Cost of Application Security

    Web application attacks can result in devastating data breaches and application downtime, costing companies millions of dollars in fines, brand damage, and customer turnover. This paper illustrates how the SecureSphere Web Application Firewall provides a Return on Security Investment of 2090% by preventing data breaches and Website downtime. SecureSphere also offers a compelling return compared to manual vulnerability remediation by eliminating costly emergency fix and test measures.
  • Detecting and Blocking Site Scraping Attacks

    Site scraping attacks range from harmless data collection for personal research to calculated, repeated data harvesting used to undercut competitor's prices or to illicitly publish valuable information. Site scraping, also called screen scraping or Web scraping, can undermine victims' revenues and profits by siphoning off customers and reducing competitiveness. This paper investigates various types of scraping attacks, site scraping tools, and effective techniques to detect and stop future attacks.
  • Botnets at the Gate

    Stopping Botnets and Distributed Denial of Service Attacks
    Botnets have infiltrated millions of users' computers and wrecked incalculable damage. This white paper lifts the veil on botnets and on the cyber-criminals behind them. It analyzes the history, growth, and economics behind botnets. It then investigates one of the most common attacks executed by botnets: the Distributed Denial of Service (DDoS) attack.
  • Security for PCI Compliance

    Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers

    For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.

    This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.
  • Anatomy of an XSS Campaign

    The Imperva Defense Center observed the full anatomy of a cross-site scripting (XSS) campaign, showing why it's so easy to conduct a muscular phishing campaign in just under an hour.
  • Protected! Mitigating Web Application and Database Vulnerabilities with Virtual Patching

    It's not always possible - or practical - to patch vulnerabilities in your Web applications or databases as soon as you discover them. You can use a technique known as ""virtual patching"" to rapidly address vulnerabilities and ensure you are protected until a long-term fix can be put in place. This brief whitepaper discusses the business benefits of virtual patching, including improved security and increased operational efficiency.