Community Blogs

Manual Mitigation for CVE-2022-30525

By Sarah Lamont(csp) posted 3 days ago
Be the first person to like this.
Manual Mitigation for CVE-2022-30525 Nathan Orr Security Analyst Threat Research Vulnerability in Zyxel Firewalls, assigned CVE-2022-30525: Zyxel Command Injection Vulnerability. Vulnerability Description : A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions ...
0 comments

Why Customers Asked us for a Data Security Fabric (Even When They Didn’t Know to ask for it by Name)

By Sarah Lamont(csp) posted 26 days ago
Be the first person to like this.
Ahead of our Data Security Roadmap 2022 webinar , I wanted to share the recent blog from Dan Neault, Imperva's SVP and GM for Data Security, to give a little insight into our Data Security Fabric. If you have any questions, comment below! We can even address them during the live session on Wednesday April 27 . Why Customers Asked us for a Data Security Fabric (Even When They Didn’t Know to ask for it by Name) Dan Neault, Imperva's SVP and GM for Data Security Our journey to the data security fabric started a while back when we built the industry’s first data security platform based on what customers said they needed and working with customers ...
1 comment

Webinar Recording: How to Truly Protect against Account Take Over (ATO)

By Sarah Lamont(csp) posted 30 days ago
1 person likes this.
How to Truly Protect against Account Take Over (ATO) - Webinar recording - with Lynn Marks and Santosh Nallu The Imperva Community is delighted to welcome Lynn Marks, Imperva Product Manager, and Sanosh Nulla, to discuss Account Takeover (ATO) and how you can truly protect your organization against it. During this webinar, Lynn discusses ATO, how it occurs and why it is a prevalent issue for the full range of industries. She looks at the impact of ATO and how you can mitigate organizational risk with Imperva's Account TakeOver Protection. Make sure you watch to the end as Lynn and Santosh address the audience questions. #AccountTakeOver ...
0 comments

Impervian Community Spotlight: Karol Gruszczyński, IT Security Expert

By Sarah Lamont(csp) posted 03-25-2022
2 people like this.
Impervian Community Spotlight: Karol Gruszczyński, IT Security Expert, Trafford IT Sharing knowledge is an important part of Karol's day to day role with Trafford IT as he aims to increase awareness through conferences, workshops and right here on community! @Karol Gruszczyński is an extremely active member of the Imperva community and a real technical asset to our members. We are delighted to have him onboard as a Community Champion. “For me, the Imperva community is the place where I can help anyone who needs it, and I can learn a lot from other Imperva engineers. I hope we will meet together one day at the IMPERVA Community Champion Event ...
0 comments

Discover and Assess your cloud database security risks with Imperva Snapshot! *Webinar Recording*

By Sarah Lamont(csp) posted 02-28-2022
Be the first person to like this.
Discover and Assess your cloud database security risks with Imperva Snapshot! *Webinar Recording* Visibility is critical in protecting your cloud data. In our digital transformation era and its rapid changes, Gartner’s prediction that “Through 2025, 99% of cloud security failures will be the customer’s fault” is a very real prospect. Imperva Snapshot, a new patent-pending technology, performs a cloud data security posture report of cloud databases in minutes. It is a fast and easy-to-use cloud data security posture assessment service for Amazon RDS managed databases. Join Gabriel Beyo, Engineering Director at the Innovation Office, and Mor Manor ...
0 comments

WAF Gateway for Cloud-Native Environment *Webinar recording*

By Sarah Lamont(csp) posted 02-01-2022
Be the first person to like this.
WAF Gateway for Cloud-Native Environment Eyal Gur Sr Product Manager We are delighted to welcome back @Eyal Gur for the latest update on WAF Gateway for Cloud Native Environments. In this great session Eyal demonstrates how you can leverage the existing full blown WAF GW capabilities within your service mesh environment (using Envoy or NGINX). He is joined by Ori Nataneli and Idan Cohen to answer your questions at the end of the session. #Webinar #recording #demonstration #WAAP #cloud #architect #devops ​​​​​​​​​ #On-PremisesWAF(formerlySecuresphere)
0 comments

*Webinar Video* DDoS for Networks: New Features Update!

By Sarah Lamont(csp) posted 01-19-2022
Be the first person to like this.
DDoS for Networks: New Features Update! Imperva community is delighted to welcome @Ofir Shaham, Sr Product Manager, and @Grainne McKeever , Sr. Security Product Marketing Manager, to the webinar series. In this session, Ofir and Grainne discuss DDoS for Networks and the latest solution features including: SD-SOC & SD-NOC Link Performance Monitoring Nrt-SIEM Integration Notification settings integration Hierarchical Account Support Distributed Denial of Service (DDoS) attacks are on the rise, and constantly evolving as attackers look for innovative ways to disrupt your operations and bring down your networks. ...
0 comments

Stopping Log4j attacks with Runtime Protection (RASP) * Video with language options *

By Sarah Lamont(csp) posted 12-21-2021
Be the first person to like this.
Imperva Up2date: The Log4j Exploit and the call for Runtime Protection (RASP) Josh Hogle, Sr Technical Marketing Engineer. *Video includes closed captions in Chinese, English, German, Japanese, Korean, Russian, Spanish* Log4j is a popular logging framework maintained by the Apache Software Foundation, which is used in almost every Java-based commercial and open-source application around the world. In December of 2021, multiple zero-day vulnerabilities involving remote code execution were discovered in the log4j package. The primary vulnerability, dubbed Log4Shell, allows a hacker to place a specially crafted LDAP or JNDI string ...
1 comment

Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions

By Sarah Lamont(csp) posted 12-16-2021
Be the first person to like this.
Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions Kunal Anand, CTO Since it was disclosed on Friday, December 11, I have spoken with many customers about CVE-2021-44228 and the ways Imperva is working to ensure that they are protected . Countless others have contacted us with questions about ways to mitigate the impact from the Log4j vulnerability. In the spirit of transparency and information sharing, we’ve aggregated below the most common questions we’ve received to date and the answers we’ve been providing to assist our customers through this time. This is a complex and evolving situation -- one that takes ...
1 comment

How We’re Protecting Customers & Staying Ahead of CVE-2021-44228

By Sarah Lamont(csp) posted 12-14-2021
Be the first person to like this.
How We’re Protecting Customers & Staying Ahead of CVE-2021-44228 Kunal Anand , Nadav Avital Dec 10, 2021 2 min read CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, the team at LunaSec has an excellent technical writeup on their blog . In terms of magnitude, this will without any doubt, have a big impact on all organizations running Java workloads. Similar to other common ...
3 comments

* Exciting developments on Imperva Community *

By Sarah Lamont(csp) posted 12-02-2021
Be the first person to like this.
Hi Community, Have you noticed a few changes around here? I am delighted to announce the launch of our new video hub - exclusively available to community members! We have been hard at work this year building out an on-demand video library for you to browse and search--we’re currently at just over 250 titles, with new titles added each month! We know how busy you are, so you'll find lots of micro-video content designed to answer your key questions in just minutes, helping you get the most from your Imperva products. One of the new videos you’ll find there is our first " Community Catch Up "! Check it out below... ...
0 comments

* Webinar * Advanced Bot Protection (ABP) Ask Me Anything (AMA)

By Jim Burtoft posted 10-19-2021
Be the first person to like this.
Hi All, Well this was a fun session. Check out the recording below to hear @John Cosgrove and I answer your questions on all thing ABP. Here are some of the things we cover: What is the difference between rate limiting in CWAF vs ABP? Can you the use the response sent back for ABP inside other policies in SecureSphere? Fraud root-cause checking Atomic responses Multiplexed trunk connections and testing for latency ...and many more of your questions. Thanks to everyone who submitted questions and keep an eye on community events for my next webinar on getting the most from your Cloud WAF (Nov 10). If you still have questions, feel free to ...
0 comments

Learning how MTU and MSS work is key to using DDoS Protection as a Service.

By Grainne McKeever posted 10-14-2021
Be the first person to like this.
Maximum Transmit Unit (MTU) and Maximum Segment Size (MSS) are two important terms you should be familiar with when venturing into the world of networking, especially if you are working with GRE and IPSEC tunnels. And if you are looking to use DDoS Protection as a service, you will need to know how MTU and TCP-MSS work. What is ‘Maximum Transmit Unit’ (MTU)? MTU is the largest packet or frame size, specified in octets (eight-bit bytes), that can be sent in a packet- or frame-based network on a particular data communications link. The internet’s transmission control protocol (TCP) uses MTU to determine the maximum size of each packet in any transmission. ...
0 comments

* Webinar * How to Manage Your Unstructured Data for Privacy, Compliance and Risk - Sonar Privacy

By Sarah Lamont(csp) posted 10-12-2021
Be the first person to like this.
The Imperva community welcomes Jim Coalwell, Senior Product Manager, Imperva and Kyle DuPont, CEO and Co-founder of Ohalo to the webinar series. What is unstructured data? What makes it unique? Why should I be worried about it? Watch this session to learn how to tackle the complexities of unstructured data with Imperva Sonar and Ohalo. Still got questions? Why not start a thread here ? Related links: Webinar: Finding the data you didn't know you had. (imperva.com) Podcast - Imperva Customer Community - Featuring DataSecurity Episode #AllImperva #jSonar
0 comments

Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection

By Matthew Hathaway posted 09-23-2021
Be the first person to like this.
Thank you for securing your future with Imperva—a Magic Quadrant Leader in Web Application and API Protection. We wanted to share some great news with the Imperva Community. For 2021, Imperva has been positioned highest for Completeness of Vision in this year’s GartnerⓇ Magic Quadrant TM for Web Application and API Protection (WAAP)—making us a Leader eight years in a row! As a security innovator, we know that this recognition is a team effort. Thank you to our customers and partners in this community. For additional details on our leadership position, please feel free to read my blog . We appreciate everyone’s contributions in this win. ...
0 comments

Protect Your AWS Lambda Functions - for FREE

By Sarah Lamont(csp) posted 09-16-2021
Be the first person to like this.
Join Rajaram Srinivasan , Imperva Senior Product Manager to learn how to protect your AWS Lambda Functions with Imperva... for free! This session covers: What it means to adopt serverless technology Why organizations need to secure their serverless functions How to secure your transition to AWS Lambd Raj also answers attendee questions live during a very active Q&A session. If you still have questions, why not comment below, or start your own thread ? Keep an eye on our events page for more webinars from Raj in the coming weeks. #RASP #Webinar
0 comments

PowerShell and the SecureSphere API

By Jim Burtoft posted 08-25-2021
Be the first person to like this.
Imperva has a lot of documentation around the SecureSphere API along with examples of how to use it. https://docs.imperva.com/bundle/v12.6-api-reference-guide/page/61914.htm We also have a lot of tools and utilities built around it with examples using cURL and python: https://github.com/imperva/imperva-web-api-composer/blob/master/src/assets/CURL_API_Samples_SecureSphere.zip and https://github.com/imperva/mx-toolbox However, I was working with a customer that wanted to use PowerShell. All we had to do was follow the cURL examples - authenticate, save the returned session id to a cookie, then make our API call. While it seemed like a simple enough ...
0 comments

Webinar: Finding the data you didn't know you had.

By Sarah Lamont(csp) posted 07-26-2021
Be the first person to like this.
How to navigate the chaotic world of personal privacy rights regulations. When it comes to personal privacy rights laws, not knowing where all of your sensitive data is can be costly, time-consuming, and could have a significant impact on your brand and reputation. During this webinar, Jim Coalwell, Senior Product Manager, examines how Imperva is helping our customers find data they didn't know they had and how to avoid some of the pitfalls of complying with personal privacy rights regulations. The session ends with a Q&A so that Jim can answer live questions #CloudDataSecurity #AllImperva #jSonar #Dataprivacy #Webinar
0 comments

Data Risk Analytics (DRA) Integration with API - The Final Deep Dive!

By Doron Tzur posted 06-28-2021
Be the first person to like this.
In our previous blogs, I have described several Data Risk Analytics (DRA) integration use cases and how to configure and use the Syslog. In this final blog I discuss the DRA API and how it can be used. The cool thing about APIs is that you can provide configuration and entry points to the DRA from other systems (as you have seen in the use cases examples) and the even cooler thing is that you can actually enhance your experience by adding extra functionality that currently doesn’t exist. Let’s dive deeper into the subject. API Security DRA APIs use secure communications. Client and DRA communicate via encrypted traffic using certificate ...
0 comments

Manual Mitigation for CVE-2021-21985: VMware vCenter Server Virtual SAN Health Check plugin RCE

By Patrick Mccrudden(csp) posted 06-09-2021
Be the first person to like this.
Below are the manual mitigation for the recently published vulnerability CVE-2021-21985: VMware vCenter Server Virtual SAN Health Check plugin RCE Vulnerability Description: A vulnerability in VMware vCenter Server contains a flaw in the vSphere Client (HTML5) that is triggered as input passed to the Virtual SAN Health Check plug-in is not properly validated. With a specially crafted request to the /ui/h5-vsan/rest/ endpoint, a remote attacker can execute arbitrary commands. Cloud WAF customers are already protected OOTB. Below are manual mitigation steps to address CVE-2021-21985: VMware vCenter Server Virtual SAN Health Check plugin ...
0 comments

Please log in to community to view our video content