“Cybersecurity is everyone’s problem, not just the responsibility of IT departments.” Oct 27, 2015, BBC Business
The Technology of Business publication at the BBC has done an excellent job of outlining the six things businesses must do to improve their security posture. BBC responded with these recommendations for enterprises in response to the recent “significant and sustained cyber-attack” suffered by TalkTalk, a large UK telecom provider. The article in a way validates the vision for data protection at Imperva. Imperva has been pioneering security for data and applications in the cloud and on-premises with our Imperva SecureSphere, Imperva Incapsula, and Imperva Skyfence product lines. We take a look at each of the steps/actions and elaborate on how you can improve your cyber security.
1. Protect your data, not just the perimeter
Imperva has been advocating “Data Protection” since its inception, given that perimeter protection alone cannot protect against business logic attacks or completely protect against data leakage. Without belaboring “Data Protection” and sounding like a broken record, we would strongly advise firms to deploy SecureSphere DAM and SecureSphere FAM products to safeguard business critical data.
2. Know your data
You can’t protect against problems if you don’t know they exist or protect data if you don’t know it exists out in the open. SecureSphere Database Assessment solves this by quickly identifying sensitive data, database vulnerabilities and misconfigurations so that you can prioritize and mitigate them. Identifying and protecting PII/PHI data should be the highest priority task in this category. SecureSphere DAS can also identify any websites/SharePoint applications that are undocumented.
3. Wake up to the insider threat
You are not alone – It is not just external threat actors that are keeping CISOs and CIOs awake at night.
“93% of US organizations said that they felt vulnerable to insider attacks” – Trends and Future Directions in Data Security 2015 by Vormetric
The Imperva approach to insider threats involves a behavior-based approach and understanding how data is accessed and used by users in a standard workflow. Any potential of malicious data access in a manner not consistent with the business logic is detected and blocked. Imperva Skyfence, Imperva Incapsula, and the entire Imperva SecureSphere line – Web Application Firewall, Database Security, and File Security all excel in providing visibility and control over application and data usage.
4. Increase vigilance
The time between exploits/vulnerabilities published and hackers launching large-scale attacks targeting the exploits is now down to hours. It may be impossible for firms to patch their web applications in time. Imperva takes improving vigilance one-step further and provides virtual patching capabilities in the SecureSphere Web Application Firewall. Imperva ThreatRadar is the advanced warning system defending against constantly evolving web-based attacks. Imperva Incapsula is a cloud-based application delivery service that protects websites and increases their performance, improving end user experiences and safeguarding web applications and their data from attack.
5. Get to grips with mobile
A big chunk of the mobile enablement at firms comes from the adoption of Cloud/SaaS applications. Traditional perimeter security and endpoint controls cannot provide complete protection and control for SaaS applications. Imperva Skyfence enables organizations to discover SaaS applications in use and assess related risks, enforce controls to prevent account-centric threats, meet compliance requirements, and protect user accounts and data in the cloud.
6. Spend more money and time on cyber security
Spending more? We all know increased spending alone won’t assure protection. Worldwide spending on information security was expected to reach $71.1 billion in 2014, with the data loss prevention segment recording the fastest growth at 18.9 percent, according to a forecast from Gartner, Inc. We are not advocating spending more; rather we believe firms should spend wisely and invest in “Data Protection” since the stakes are significantly higher.
Imperva also has a research arm – Imperva Application Defense Center (ADC). The Imperva ADC is a premier research organization for security analysis, vulnerability discovery, and compliance expertise. ADC research combines extensive lab work with hands-on testing in real world environments to enhance Imperva products, through advanced data security technology, with the goal of delivering up-to-date threat protection and unparalleled compliance automation. The ADC team is the secret ingredient that makes Imperva products/solutions superior.
The key takeaway – if “Data Protection” is the need of the hour, shouldn’t you choose Imperva, the leader in that space?