Protecting Against HTTP/2 Rapid Reset

Today, Google disclosed a zero-day vulnerability in the HTTP/2 protocol. Imperva collaborated proactively with Google to gain advanced insights into this vulnerability. After a comprehensive inspection of this vulnerability by Imperva’s Product Development and Threat Research teams, we can confirm that Imperva’s existing DDoS mitigation strategies effectively defend this specific ... Read More

Understanding and Mitigating the MOVEit Incidents

Over the last several weeks, attackers have taken advantage of vulnerabilities in MOVEit, a popular file transfer application developed by Progress. Cyber attackers have successfully performed ransomware and exfiltrated data by uploading web shells into vulnerable MOVEit instances deployed worldwide. This breach poses a significant risk, not just due to ... Read More

Anonymous Sudan, MOVEit, and Cl0p

There are three concurrent events of significant concern: An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking SWIFT and inducing potential downtime, the attackers could feasibly destabilize ... Read More

Preparing for Heightened Attacks in the Current Geopolitical Environment

The current geopolitical environment has raised many concerns about security postures and readiness to respond to a cyberattack. Today, Imperva customers are protected by our world-class network, application, and data security products. Alongside that, Imperva Threat Research is closely monitoring the attack landscape for new emerging threats, vulnerabilities, attacks, and ... Read More
Imperva CVE 2021 44228 Classified Clients 1

5 Things We’ve Learned About CVE-2021-44228

| | Research labs
Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that we’ve learned from analyzing a subset of our overall global network traffic. Attacks & Attacked Sites Since last ... Read More
Attack Analytics v2

Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions 

| | rasp, Research labs, WAF Gateway
Since it was disclosed on Friday, December 11, I have spoken with many customers about CVE-2021-44228 and the ways Imperva is working to ensure that they are protected. Countless others have contacted us with questions about ways to mitigate the impact from the Log4j vulnerability.  In the spirit of transparency ... Read More
Attacks per Hour

How We’re Protecting Customers & Staying Ahead of CVE-2021-44228

CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, the team at LunaSec has an excellent technical writeup on their blog. In terms of magnitude, this will ... Read More

Imperva to acquire jSonar: A New Generation of Data Security

I’m thrilled to announce that Imperva has entered into an agreement to acquire jSonar! We view jSonar’s incredible product and technology as perfectly aligned with our mission to protect data and all paths to it. Together, we will be able to deliver a fundamentally new approach to data security to ... Read More
RASP for NIST Flow chart

NIST Recognizes RASP as Critical to Lowering Risk

The United States Congress ratified the Cybersecurity Framework set forth by the National Institute of Standards and Technology (NIST) in 2014 to standardize the practices and controls that mitigate constantly evolving cyberthreats. The framework has been adopted by federal and local government entities as well as a growing number of ... Read More

Top 5 Cybersecurity Trends to Prepare for in 2020

I don’t need a crystal ball to predict that in 2020 cybersecurity attacks will accelerate and the tactics will evolve. We’ll continue to be hounded by greater volumes of the attacks that have threatened us for years and, as businesses adopt new innovations, new vulnerabilities to threats will surface. You ... Read More