Let’s be blunt: cybersecurity is a never-ending arms race between bad actors and IT and security teams. Lately, attackers have surged. Armed with powerful, inexpensive hacking tools and deep knowledge gleaned from successful breaches, attackers are organizing sprawling botnets, probing soft targets such as website logins, and hammering web applications with DDoS attacks of unprecedented ferocity.
The attackers haven’t just grown stronger, the attack surface is growing apace. Most companies are currently engaged in digital transformation: automating their business processes, moving workloads to the cloud, and deploying technology such as microservices and open APIs in order to boost productivity and innovation and better serve customers and partners. The downside? As you invest in new technologies and move workloads to the cloud, the threat surfaces are also evolving and expanding.
No wonder eight out of 10 CSOs and CISOs surveyed in the 2019 CyberThreat Defense Report admitted their company suffered a breach last year, with a shocking one-third admitting they had been breached more than 6 times. And seven out of eight security leaders think their company will be breached this year.
What to do? Companies can try to plug their security gaps by locking down their workers and reversing their modernization moves. Even if that strategy were feasible, it would result in massive shocks to their productivity and revenue-generating businesses that would likely outweigh the huge financial damage from an actual breach.
At Imperva, we have been undergoing a transformation of our own, in order to keep ahead of the bad guys and defend your business growth while protecting your innovation efforts.
I’d like to share some of the latest expansions and enhancements we’ve made to our defense-in-depth application security portfolio. Built on top of Imperva’s single integrated stack architecture and deployed across a global network, these new services further expand our protection against a wide range of cybersecurity threats that target not just websites but also business-critical APIs, legacy systems and applications based on open source. They include:
- Comprehensive bot protection. Our new Imperva Account Takeover Protection detects and stops hackers from using stolen credentials to hijack web user accounts. Leveraging artificial intelligence, Account Takeover Protection detects and blocks botnet traffic while allowing legitimate users through to your websites. Our anticipated acquisition of Distil Networks, a Leader in Forrester Research’s New Wave: Bot Management Q3 2018, will further boost our bot management capabilities.
- Built-in application protection for websites and APIs. Open APIs enable digital businesses to innovate quickly with partners and customers, but they are also vulnerable to attack. The new Imperva API Security solution automatically builds and enforces a positive security model for all of your published APIs, while integrating with API Gateways from Microsoft Azure, Amazon AWS and Red Hat.
- Fastest Broad DDoS Protection — guaranteed. Imperva already protects against the biggest and most ferocious DDoS attacks ever reported, including one in May that hit a peak rate of 652 million packets per second (Mpps) and another that hit 713 Gbps. And we promise to mitigate any attack in three seconds or less, according to our Service Level Agreement (SLA) with our customers. That’s the fastest mitigation guarantee that covers all attacks of any size or duration — no exceptions.
- DDoS Protection all the way to the edge. We’ve also introduced a new anti-DDoS service that protects individual IP addresses. The significance is that customers with workloads hosted in the cloud can enjoy the same level of DDoS protection available for on-premises websites, networks, and domain name servers (DNS) that we have long protected.
Read our press release. In the coming weeks, look to this blog for deeper dives into these product enhancements.
For some vendors, defense-in-depth is an empty buzzword. For Imperva, providing defense-in-depth security is a way of life, and our promise to you. With these updates to our analyst-recognized, award-winning application security portfolio, we’re providing guaranteed DDoS attack mitigation in three seconds or less, and greatly bolstering our ability to protect against bot-based attacks, especially account takeovers.
We’re also extending protection from the network and applications to edge IPs and APIs, so you can continue your digital transformation and cloud migration without fear. And with our FlexProtect subscription model, you can quickly add these capabilities on-demand without the fear of price shock. As your business innovates and evolves to meet the future, Imperva is in lockstep with you as your security partner and Defender-in-Chief.