Subscribe to RSS - Imperva

Imperva

How can one evaluate none perfect security solutions?

Submitted by Ofer Shezaf on 16 November 2011 - 7:05pm
Share/Save

Amichai Shulman, Imperva's CTO presented in Source Barcelona today an innovative solution for detecting men-in-the-browser attacks by the web server itself. The interesting aspect of the solution is that it relies on logic that goes unencrypted through the attacker code. As such, there is no way to prevent the attacker from interfering and therefore bypassing detection.

Tags: 
Risk and Uncertainty
Security Research Review
Source Conference
Amichai Shulman
Imperva

Innovative Approach to Anti-Automation

Submitted by Ofer Shezaf on 23 March 2011 - 6:58pm
Share/Save

As WAFs traditional functionality is being absorbed in other solutions such as IPS and Load Balancers, WAFs are looking for future direction. One feature that seems to appear in many WAFs and show promise is anti-automation. Anti-automation is a complex feature not the least since automation itself is multifaceted and ill-defined. The attached presentation provides insight into automation applications from auction sniping to data scraping.

Tags: 
Imperva
F5
Trustwave
Commtouch
WhiteHat Security
Automation
Denial of Service
Cloud

Are the Guardium and GreenSQL deals precursors to the WAF market?

Submitted by Ofer Shezaf on 29 November 2009 - 6:09pm
Share/Save

Two significant events in the database security market occurred this week. On the one end of the spectrum Guardium, a late stage database security startup, was purchased by IBM for $225 million. On the other end of the spectrum GreenSQL, an open source database security upstart raised $1.5 in its first investment round.

Tags: 
Imperva
GreenSQL
Guardium

Imperva WAF detection for Wafwoof

Submitted by Ofer Shezaf on 3 November 2009 - 11:47am
Share/Save

Mathieu Dessus has create a patch for WAFWOOF, a tool that identifies WAFs remotely using fingerpriting to identify Imperva SecureSphere. As far as I understand the patch simply checks that the HTTP response version is 1.0. I am not sure and would appreciate any comment on why this would identify a SecureSphere.

You can find the patch here.

Tags: 
Imperva
Fingerprinting
WAFWOOF

Agilent uses Imperva to protect and monitor web applications

Submitted by Ofer Shezaf on 2 November 2009 - 11:33am
Share/Save

SearchSecurity is running a story about Agilent use of WAFs. Agilent bought WAFs for PCI compliance but found that they are very useful for providing insight to data flow and sensitive information in the organization.

Note that while the story is interesting, it seems to be initiated by the Imperva marketing team whos WAFs are used by Agilent.

Tags: 
Imperva
Case Study
Agilent

RSA WAF Trend: WAF in the cloud

Submitted by Ofer Shezaf on 22 April 2009 - 1:22pm
Share/Save

As usual, RSA is the time of year companies choose for major announcements. The WAF announcements this year focus, following the general computing trend, around cloud computing:

  • Art of Defense, a WAF vendor from Germany, has launched its SaaS WAF solution which target mostly service providers and SaaS vendors.
  • Savvis, a web hosting turning into cloud services company, has added WAF in the cloud offering based on Imperva SecureSphere WAF.
  • SecureWorks, a managed security services provides, announced full management for Imperva SecureSphere and monitoring for other WAFs.

Two challenges facing WAFs in the cloud are bandwidth and complexity.

Tags: 
RSA
Art of Defence
Savvis
Imperva
SecureWorks
Cloud