Blogs

Too Many Emails? Here’s an Easy Way to Manage Your Product Notifications

By Liz Rossi posted 10 days ago
Be the first person to like this.
Hi Community, We’re excited to announce that in January 2026, our product notifications are being migrated into the Thales Support Portal. This update gives you easy access to all of your product updates and information in one place: · Customize your product emails : Do you want updates daily on your favorite products, and weekly or monthly on others? Now you can adjust your email subscriptions according to the notification type, product family, and frequency that meets your needs. · View Past Notifications : Product notices are listed on the product support page, so no more searching emails for release notes or that ...
0 comments

Community's Birthday Webinars - All in One Place

By Sarah Lamont posted 19 days ago
Be the first person to like this.
Hi Community, Catch up on our community's birthday webinars here. This blog post is a central hub for all the recent sessions, perfect for revisiting a favourite or checking out one you missed! Cloud WAF Office Hours: Getting Started . Data Security Fabric: Health Check - Ensuring DSF Delivers, Quarter After Quarter . Know Your Grey-Matter API: Best Practices to Secure Unmanaged APIs . Cloud WAF Workshop: Website Onboarding and TLS Implementation Demo . DSF Working Session: Integrating with Service ...
0 comments

Cloud WAF Workshop: Website Onboarding and TLS Implementation Demo Webinar Recording

By Seana Murray posted 10-28-2025
Be the first person to like this.
Hi Community, Just want to share this insightful webinar with you all. The Cloud WAF Workshop provided a hands-on learning experience focused on the essential steps of onboarding a website to the Imperva Cloud Web Application Firewall (WAF) and implementing Transport Layer Security (TLS) for optimal protection. In this interactive session, Chaithra Ravichander guided participants through a step-by-step demonstration that simplified the onboarding process and showcased how to securely configure TLS to safeguard web applications against modern cyber threats. The session also detailed DNS record management, emphasized the importance of SSL certificate validation, ...
0 comments

The API Battleground: Why APIs are the new frontline—and how to stop the stealthiest attacks

By Tim Chang posted 10-20-2025
Be the first person to like this.
Hi Community, I hope you all enjoyed the API Security session last week, or have had a chance to view the recording here: Know Your Grey-Matter API: Best Practices to Secure Unmanaged APIs Webinar Recording . API Security is a major focus in the current threat landscape which is why produced Imperva’s API Threat Report. Check out my recent blog for the highlights, key takeaways and a link to the full report. . Here is a sneak preview for Community… That’s why this report matters . It’s not just telemetry — it’s a playbook: how to find forgotten or shadow endpoints, how to validate actions at runtime (not just the shape of a request), ...
0 comments

Know Your Grey-Matter API: Best Practices to Secure Unmanaged APIs Webinar Recording

By Seana Murray posted 10-17-2025
1 person likes this.
HI Community, In this insightful session, Levin Cheng and Luke Barbarinde delve into the critical aspects of API security, shedding light on the growing challenges organizations face in managing both known and unknown APIs. Through real-world examples and expert analysis, they explore what truly defines an API and why that matters in the context of security. This webinar will help you will gain a deeper understanding of the threats targeting APIs and learn about practical strategies to mitigate them through a multi-layered security approach. Snapshot of what’s Included: Defining what an API is and why clarity matters for security Common ...
0 comments

In The Know: Cloud WAF Podcast

By Michael Wright posted 10-02-2025
Be the first person to like this.
Hi Community, Check out my latest podcast where I welcome Like Babarinde, Global Solutions Architect and Ziv Rika, Principle Product Manager for Cloud WAF. The discussion focuses on Cloud WAF features that protect against sensitive information leakage, cross site scripting, file upload scanning, and post quantum cryptography. Protecting sensitive data and ensuring compliance with regulations are crucial and automated solutions are highlighted for reducing operational overhead and addressing future risks. I have added some notes on the key takeaways, below the video. These emphasize the importance of these security measures in the current digital ...
0 comments

Your Cloud WAF is Watching the Door, but Who is Protecting the Gate? Network-Layer DDoS Protection Webinar Recording

By Seana Murray posted 10-01-2025
Be the first person to like this.
Hi Community, I’m excited to share this engaging webinar, where Ofir Shaham and Alex Bakshtein discussed the growing threat of large-scale Distributed Denial of Service (DDoS) attacks and the importance of protecting your network infrastructure. This session emphasized why even existing Imperva Cloud WAF customers need to consider additional layers of defense to safeguard their digital assets. Here is a snapshot of what was covered in the webinar: • The rising risk of DDoS attacks and their impact on network infrastructure • Recent DDoS incidents and what they reveal about evolving attack strategies • The role of AI in both executing and mitigating cyber ...
0 comments

Cloud Application Security Release Notes September 28, 2025

By Seana Murray posted 09-29-2025
Be the first person to like this.
Hi Community, Take a look at the latest release notes below, and feel free to share any questions or feedback in the comments! These release notes provide information on changes and enhancements in each release. Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts. You can also view the customer-facing release notes online here . Replacement of the Imperva Data Center in London We are starting to roll out a new data center (PoP) in London which will replace the current London 1 PoP. The rollout and migration to the new PoP is expected to be fully completed within ...
0 comments

Cloud Application Security Release Notes September 21, 2025

By Seana Murray posted 09-22-2025
Be the first person to like this.
Hi Community, Check out latest release notes below and feel free to ask any questions or make any comments in the comment section below! These release notes provide information on changes and enhancements in each release. Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts. You can also view the customer-facing release notes online here . Heads up - Advanced Bot Protection: Deprecation of Internet Explorer support Effective date: December 20, 2025 This serves as a 90-day notice. To ensure optimal performance and security, Advanced Bot Protection will no longer ...
0 comments

In The Know Podcast - Episode 4 Cloud WAF

By Michael Wright posted 07-09-2025
Be the first person to like this.
In this episode, Michael Wright and Ziv Rika discuss the evolving landscape of SSL management, focusing on the recent changes in certificate validity periods and the importance of automation in managing SSL certificates. They explore the challenges organizations face in maintaining SSL coverage, the role of certificate authorities, and the implications of quantum computing on cryptographic security. The conversation emphasizes the benefits of using Imperva's solutions for SSL management, including automation, governance, and compliance with industry standards. #CloudWAF(formerlyIncapsula)
0 comments

In The Know Podcast - Episode 3 WAF Gateway

By Michael Wright posted 07-09-2025
Be the first person to like this.
In this episode, we explore the WAF Gateway, a long-standing security product that offers unique capabilities in application security. Eyal Cohen, the senior product manager, discusses its features, benefits for end users, integration with other security solutions, and the importance of on-prem deployment in a cloud-first world. The conversation also highlights the target audience for WAF Gateway and its future roadmap, emphasizing the continuous evolution of the product to meet customer needs. #CloudWAF(formerlyIncapsula) #On-PremisesWAF(formerlySecuresphere)
0 comments

**Important Update for Sectigo Custom Certificate Users**

By Ciaran McAnespy posted 06-06-2025
Be the first person to like this.
Hi Community , I want to draw your attention to the recent release note regarding the Sectigo root certificate update . Please review this prior to renewing any certificates to ensure backward compatibility : https://docs.imperva.com/bundle/cloud-application-security/page/release-notes/2025-06-01.htm#SectigoCArootcertificatereplacement . Overview: Sectigo CA root certificate replacement Sectigo CA is replacing its public root certificates as part of an industry-wide modernization effort. If you use a custom ...
1 comment

Manual Mitigation for CVE-2025-31324: SAP NetWeaver Visual Composer Metadata - Unauthenticated File Upload

By Sarah Lamont posted 04-30-2025
Be the first person to like this.
Hi Community, I received the following update from our Threat Research team: A new vulnerability was recently discovered in SAP NetWeaver Visual Composer Metadata, dubbed CVE-2025-31324. Vulnerability Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. PoC can be found here Cloud WAF customers are al ...
0 comments

2025 Bad Bot Report Highlights!

By Veronica Cooke posted 04-28-2025
Be the first person to like this.
Hi Community, I wanted to share something I think you’ll find valuable. We recently released the 12th edition of our Bad Bot report , and this year’s findings highlight the increase in sophisticated bad bots across the full range of regions and industries. . Explore all the key insights and statistics by downloading the full report here Highlights of this year report In 2025, bad bots now account for 37% of all internet traffic —with the majority built using AI , making them faster, more evasive, and harder to detect. These bots are no longer just scraping content—they are: · Targeting APIs · ...
1 comment

In The Know Podcast: Episode 2 - WAF Gateway

By Sarah Lamont posted 04-04-2025
1 person likes this.
🎙️ Welcome to Ep 2 of the In the Know Podcast: WAF Gateway! 🎙️ Join us as we dive deep into the fascinating world of web application firewalls and the evolving landscape of cybersecurity. In this episode, our expert hosts discuss the launch of Version 15 of the WAF Gateway, now equipped with cutting-edge API security integration and Luna HSM integration! They delve into the crucial benefits of upgrading from fifth to seventh generation hardware, emphasizing the enhanced security features that deliver greater value to customers. Discover why customer engagement is key in the realm of API security packages, and how your feedback can shape the ...
0 comments

Big News: We’re Moving to a Unified Thales Support Portal

By Sarah Lamont posted 04-04-2025
2 people like this.
A Simpler, Stronger Support Experience is on the Way Hi Everyone, In the coming weeks we will be sharing some exciting news that’s been in the works for a while. Starting April 26, 2025 , Imperva customer support will officially move to the Thales Unified Support Portal . This is a major milestone following Imperva’s integration into the Thales Cybersecurity Products (CSP) family. While our commitment to supporting you hasn’t changed, how you engage with us will soon be more efficient, more unified, and more connected than ever before. Why We’re Making This Change We know how important it is to have fast, reliable, and accessible ...
0 comments

New Imperva Support Numbers are Now Live!

By Sarah Lamont posted 03-24-2025
Be the first person to like this.
Hi Community, As promised in this earlier post, our new support telephone numbers are now live. Please be aware that previous Imperva telephone numbers will no longer be active. The link below will provide you with the full extent of the changes: View the Technical Support Telephone Numbers here! In case you missed it, you can find a message about this change from Steve Walden, our Vice President, at the link below: Important Update: New Imperva Support Numbers Many thanks, Sarah #AllImperva
0 comments

Imperva Cloud WAF Podcast - Episode 1

By Michael Wright posted 03-12-2025
Be the first person to like this.
Hi Community, Welcome to the first episode of our Cloud WAF Podcast! In this episode, I talk to Ziv Rika about the latest features of Cloud WAF from Imperva, focusing on three main innovations: AI Explain for security events, sensitive information leakage prevention, and AI bot management. We explore how these features enhance security processes, improve communication between developers and security teams, and address compliance requirements. The conversation highlights the importance of AI in cybersecurity and the need for organizations to adapt to evolving threats. Let me know what you think in the comments below. ...
0 comments

Navigating the New Era of AI Traffic: How to Identify and Block AI Scrapers

By Ziv Rika posted 12-20-2024
1 person likes this.
In the not-so-distant past, webmasters faced challenges from bots like Google’s search spiders, which diligently scanned websites to index content and provide the best search results for users. Fast forward to today, and we are witnessing a new breed of bot: Large Language Models (LLMs) like ChatGPT and Claude. These AI models are not just seeking information; they actively scrape websites to educate themselves, respond to prompts, and enhance their training. As a website owner, the question arises: how do you manage this new form of traffic, and more importantly, how can you reclaim control? The Problem with LLM Scraping LLMs operate similarly ...
0 comments

Understanding the Role of the Origin Server and Ensuring Secure Access

By Omer Shaharabani posted 10-20-2024
1 person likes this.
. An origin server is the endpoint where HTTP requests are ultimately directed to retrieve resources necessary for browsing a site or submitting data to perform actions, such as registering or updating a user's profile. In modern web architectures, particularly those utilizing a Content Delivery Network (CDN), there is a clear distinction between origin servers (which host the original content) and edge servers (which cache and serve content closer to end users). When a site is onboarded to the cWAF, an additional layer is introduced. The WAF is now positioned between the user and the origin server, inspecting incoming traffic for security threats. Every ...
0 comments