I recently took a step back to review all the content we shared in 2017 on the Imperva blog. We covered a broad range of topics including data security, cloud migration, application and API security, AI and machine learning, cybersecurity research, GDPR, insider threats and more. We were busy! Cybersecurity certainly held the world’s attention in 2017.
Several stories rose to the top as either most read by you, particularly relevant to today’s cybersecurity industry or exceptionally newsworthy (and in some cases, all of the above). For an end-of-year reading shortlist, I’ve compiled our top 10 blog posts from 2017.
1. What’s Next for Ransomware: Data Corruption, Exfiltration and Disruption
The WannaCry ransomware attack caught everyone off guard, infecting more than 230,000 computers in 150 countries by encrypting data on networked machines and demanding payments in Bitcoin. We wrote about how to protect against it, but our post on what’s next for ransomware garnered even more attention—it was our most read post of the year.
2. CVE-2017-5638: Remote Code Execution (RCE) Vulnerability in Apache Struts
Apache Struts made headlines all over the place in 2017. The vulnerability we wrote about in March hit it big and just kept on going. You might remember it reared its ugly head later in the year when it was tied to the Equifax breach. (We also wrote about two other Apache Struts vulnerabilities: CVE-2017-9791 and CVE-2017-9805.)
3. Top Insider Threat Concern? Careless Users. [Survey]
We surveyed 310 IT security professionals at Infosecurity Europe in June on their thoughts on insider threats. The big reveal? More than half (59 percent) were concerned not primarily about malicious users, but about the careless ones who unwittingly put their organization’s data at risk. (We shared more about insider threats in this infographic.)
4. Uncover Sensitive Data with the Classifier Tool
In July we launched Classifier, a free data classification tool that allows organizations to quickly uncover sensitive data in their databases. The response was immediate—over 500 downloads and counting—not surprising given it helps jump start the path to compliance with the GDPR. Our blog post walked through the steps of how to use the tool.
5. Professional Services for GDPR Compliance
Speaking of the GDPR, the new data protection regulation coming out of the EU was on everyone’s radar this year. We wrote a LOT about GDPR, including who is subject to the regulation, what rules require data protection technology, and the penalties for non-compliance. However, our post on the professional services we offer for GDPR compliance drove the most traffic on this topic by far.
6. The Evolution of Cybercrime and What It Means for Data Security
Hackers tactics may change, but what they’re after doesn’t—your data. Stealing or obstructing access to enterprise data is the foundation of the cybercrime value chain. We discussed how the changing nature of cybercrime and app and data accessibility create risk and the essentials of application and data protection in this ever-changing world.
7. Move Securely to the Cloud: WAF Requirements and Deployment Options
Moving to the cloud has become an overwhelmingly popular trend even among those who were at first reluctant to make the move. In this post, we discussed requirements and deployment options for evaluating a WAF for the cloud. (We also wrote about the benefits of a hybrid WAF deployment and the pros and cons of both cloud and on-prem WAFs.)
8. Clustering and Dimensionality Reduction: Understanding the “Magic” Behind Machine Learning
Everywhere you turned in 2017 you heard about AI and machine learning and the impact they’re having, or will have, on essentially everything. Two of Imperva’s top cybersecurity researchers explained in detail some of the techniques used in machine learning and how they’re applied to solve for identifying improper access to unstructured data. (Those two researchers were also awarded a patent for their machine learning work this year!)
9. Can a License Solve Your Cloud Migration Problem?
Gartner published their 2017 Magic Quadrant for Web Application Firewalls (WAF) in August and Imperva was once again named a WAF leader, making it four consecutive years. We stood out for offering security solutions for today’s changing deployment and infrastructure model. In this post we wrote about our flexible licensing program, which lies at the core of the move to the cloud: helping customers secure apps wherever they need, whenever they need, for one price.
10. The Uber Breach and the Case for Data Masking
Last but not least, we couldn’t ignore the Uber breach. Hard to believe in today’s world that log in credentials were shared in a public, unsecured forum, but that’s what happened. The breach did highlight an important issue, that of production data being used in development environments. It’s a bad idea; we explained why in this post. Had data masking been used at Uber, hackers would have been left with worthless data, or as we called it, digital fools gold.