Community Blogs

* Exciting developments on Imperva Community *

By Sarah Lamont(csp) posted 3 days ago
Be the first person to recommend this.
Hi Community, Have you noticed a few changes around here? I am delighted to announce the launch of our new video hub - exclusively available to community members! We have been hard at work this year building out an on-demand video library for you to browse and search--we’re currently at just over 250 titles, with new titles added each month! We know how busy you are, so you'll find lots of micro-video content designed to answer your key questions in just minutes, helping you get the most from your Imperva products. One of the new videos you’ll find there is our first " Community Catch Up "! Check it out below... ...
0 comments

* Webinar * Advanced Bot Protection (ABP) Ask Me Anything (AMA)

By Jim Burtoft (Prm) posted 10-19-2021
Be the first person to recommend this.
Hi All, Well this was a fun session. Check out the recording below to hear @John Cosgrove and I answer your questions on all thing ABP. Here are some of the things we cover: What is the difference between rate limiting in CWAF vs ABP? Can you the use the response sent back for ABP inside other policies in SecureSphere? Fraud root-cause checking Atomic responses Multiplexed trunk connections and testing for latency ...and many more of your questions. Thanks to everyone who submitted questions and keep an eye on community events for my next webinar on getting the most from your Cloud WAF (Nov 10). If you still have questions, feel free to ...
0 comments

Learning how MTU and MSS work is key to using DDoS Protection as a Service.

By Grainne McKeever posted 10-14-2021
Be the first person to recommend this.
Maximum Transmit Unit (MTU) and Maximum Segment Size (MSS) are two important terms you should be familiar with when venturing into the world of networking, especially if you are working with GRE and IPSEC tunnels. And if you are looking to use DDoS Protection as a service, you will need to know how MTU and TCP-MSS work. What is ‘Maximum Transmit Unit’ (MTU)? MTU is the largest packet or frame size, specified in octets (eight-bit bytes), that can be sent in a packet- or frame-based network on a particular data communications link. The internet’s transmission control protocol (TCP) uses MTU to determine the maximum size of each packet in any transmission. ...
0 comments

* Webinar * How to Manage Your Unstructured Data for Privacy, Compliance and Risk - Sonar Privacy

By Sarah Lamont(csp) posted 10-12-2021
Be the first person to recommend this.
The Imperva community welcomes Jim Coalwell, Senior Product Manager, Imperva and Kyle DuPont, CEO and Co-founder of Ohalo to the webinar series. What is unstructured data? What makes it unique? Why should I be worried about it? Watch this session to learn how to tackle the complexities of unstructured data with Imperva Sonar and Ohalo. Still got questions? Why not start a thread here ? Related links: Webinar: Finding the data you didn't know you had. (imperva.com) Podcast - Imperva Customer Community - Featuring DataSecurity Episode #AllImperva #jSonar
0 comments

Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection

By Matthew Hathaway posted 09-23-2021
Be the first person to recommend this.
Thank you for securing your future with Imperva—a Magic Quadrant Leader in Web Application and API Protection. We wanted to share some great news with the Imperva Community. For 2021, Imperva has been positioned highest for Completeness of Vision in this year’s GartnerⓇ Magic Quadrant TM for Web Application and API Protection (WAAP)—making us a Leader eight years in a row! As a security innovator, we know that this recognition is a team effort. Thank you to our customers and partners in this community. For additional details on our leadership position, please feel free to read my blog . We appreciate everyone’s contributions in this win. ...
0 comments

Protect Your AWS Lambda Functions - for FREE

By Sarah Lamont(csp) posted 09-16-2021
Be the first person to recommend this.
Join Rajaram Srinivasan , Imperva Senior Product Manager to learn how to protect your AWS Lambda Functions with Imperva... for free! This session covers: What it means to adopt serverless technology Why organizations need to secure their serverless functions How to secure your transition to AWS Lambd Raj also answers attendee questions live during a very active Q&A session. If you still have questions, why not comment below, or start your own thread ? Keep an eye on our events page for more webinars from Raj in the coming weeks. #RASP #Webinar
0 comments

PowerShell and the SecureSphere API

By Jim Burtoft (Prm) posted 08-25-2021
Be the first person to recommend this.
Imperva has a lot of documentation around the SecureSphere API along with examples of how to use it. https://docs.imperva.com/bundle/v12.6-api-reference-guide/page/61914.htm We also have a lot of tools and utilities built around it with examples using cURL and python: https://github.com/imperva/imperva-web-api-composer/blob/master/src/assets/CURL_API_Samples_SecureSphere.zip and https://github.com/imperva/mx-toolbox However, I was working with a customer that wanted to use PowerShell. All we had to do was follow the cURL examples - authenticate, save the returned session id to a cookie, then make our API call. While it seemed like a simple enough ...
0 comments

Webinar: Finding the data you didn't know you had.

By Sarah Lamont(csp) posted 07-26-2021
Be the first person to recommend this.
How to navigate the chaotic world of personal privacy rights regulations. When it comes to personal privacy rights laws, not knowing where all of your sensitive data is can be costly, time-consuming, and could have a significant impact on your brand and reputation. During this webinar, Jim Coalwell, Senior Product Manager, examines how Imperva is helping our customers find data they didn't know they had and how to avoid some of the pitfalls of complying with personal privacy rights regulations. The session ends with a Q&A so that Jim can answer live questions #CloudDataSecurity #AllImperva #jSonar #Dataprivacy #Webinar
0 comments

Data Risk Analytics (DRA) Integration with API - The Final Deep Dive!

By Doron Tzur posted 06-28-2021
Be the first person to recommend this.
In our previous blogs, I have described several Data Risk Analytics (DRA) integration use cases and how to configure and use the Syslog. In this final blog I discuss the DRA API and how it can be used. The cool thing about APIs is that you can provide configuration and entry points to the DRA from other systems (as you have seen in the use cases examples) and the even cooler thing is that you can actually enhance your experience by adding extra functionality that currently doesn’t exist. Let’s dive deeper into the subject. API Security DRA APIs use secure communications. Client and DRA communicate via encrypted traffic using certificate ...
0 comments

Manual Mitigation for CVE-2021-21985: VMware vCenter Server Virtual SAN Health Check plugin RCE

By Patrick Mccrudden(csp) posted 06-09-2021
Be the first person to recommend this.
Below are the manual mitigation for the recently published vulnerability CVE-2021-21985: VMware vCenter Server Virtual SAN Health Check plugin RCE Vulnerability Description: A vulnerability in VMware vCenter Server contains a flaw in the vSphere Client (HTML5) that is triggered as input passed to the Virtual SAN Health Check plug-in is not properly validated. With a specially crafted request to the /ui/h5-vsan/rest/ endpoint, a remote attacker can execute arbitrary commands. Cloud WAF customers are already protected OOTB. Below are manual mitigation steps to address CVE-2021-21985: VMware vCenter Server Virtual SAN Health Check plugin ...
0 comments

*Webinar* Live DDoS Attack - Mitigation in Action

By Sarah Lamont(csp) posted 06-08-2021
Be the first person to recommend this.
The Imperva community welcomes DDoS Principal Architect, Alex Bakshtein and DDoS attack expert James Mal, of Redwolf Security Inc. In this session you willl witness a live DDoS attack and see the Imperva DDoS mitigation solution in action. Our speakers explore and track the different challenges that organizations are faced with when under a DDoS attack and in the aftermath. In this session you will learn how to investigate and understand the components of a DDoS attack so that when – not if – a DDoS attack hits, you’re prepared to answer any questions that come your way. You will also get to see the Imperva DDoS mitigation solution in action. #DDoSProtectionforNetworks ...
0 comments

Integrating DRA with Syslog - The Deep Dive!

By Doron Tzur posted 06-07-2021
Be the first person to recommend this.
In the previous blog , I have described several Data Risk Analytics (DRA) integration use cases. In this blog I will dive deeper into how you can integrate your DRA with Syslog. DRA can send Syslog messages to products that use Syslog. For example: SIEM, SOAR, ELK and others. There are several options that can be configured based on your operational/business requirements including the target server, message format and what you actually want to send. Syslog server target You need to configure the target to which messages will be sent. This includes the IP, Port, Protocol (UDP/TCP) and facility. It is recommended that once you configure ...
0 comments

Webinar: DataSec 2021: Ensuring Compliance with Imperva Data Privacy

By Sarah Lamont(csp) posted 05-18-2021
Be the first person to recommend this.
The Imperva Community is delighted to welcome @Kobi Katzir , Imperva Director, Product Management, and Assaf Zweifler, Imperva Technical Product Manager, to discuss Data Privacy and how to leverage your Imperva Data Security products to ensure compliance. During this webinar, Kobi and Assaf address why Imperva Data Privacy is important for your organization and follow with a deep dive product demo . They also provide a sneak peek of what is ahead with a look at the product roadmap . As always, we end the session with a Q&A, answering user questions live. Do you have a question? Ask it below or start your own thread . #CloudDataSecurity ...
0 comments

7 Key Use Cases for Data Risk Analytics (DRA) Integration with Syslog and API

By Doron Tzur posted 05-12-2021
Be the first person to recommend this.
As the cybersecurity industry matures and modernizes, security products are required to integrate with a wider range of products within the customer ecosystem, this is also true for the Imperva Data Risk Analytics (DRA) product. We see more and more customers that want to use external products to manage the DRA incidents and in some cases do not even provide direct access to the DRA GUI to their users. Based on these requirements Imperva invested even more into functionality development so that DRA will have the ability to integrate it into different processes using modern devops and automation methods, mainly Syslog and APIs. This first blog ...
1 comment

*Webinar - Account Takeover - Is Your Organization At Risk?

By Sarah Lamont(csp) posted 04-26-2021
Be the first person to recommend this.
The Imperva Community is delighted to welcome @Lynn Marks , Imperva Product Manager, and Erez Hasson, Imperva Associate Product Marketing Manager, to discuss Account Takeover (ATO) and how it could impact your industry. During this webinar, Lynn and Erez discuss ATO, how it occurs and why it is a prevalent issue for the full range of industries. They follow this with a deep dive into specific industry cases, showing the impact of ATO and how tools like Imperva’s Account Takeover Protection can mitigate organizational risk. As always, the session ends with a Q&A allowing the team to answer your user questions directly. To receive a copy of the Bad Bot Report ...
0 comments

Webinar: DRA Integration with API and Syslog

By Sarah Lamont(csp) posted 03-31-2021
Be the first person to recommend this.
The Imperva Community welcomed , Imperva Customer Success Manager , to discuss how to integrate Data Risk Analytics (DRA) into your eco-system using API and Syslog. Modern eco-systems are very complex and have multiple products that interact with each other to increase productivity through automation and devops processes. In this technical session you will see several examples of how customers integrate DRA using Syslog and APIs. You will understand how to configure DRA and see an example of how DRA API was used to enhance the DRA capabilities. Got a question? Ask it below or start a new thread by posting it here . ​ #DataRiskAnalytics ...
1 comment

Manual Mitigation for recently published PHP Git Repository Hack

By Patrick Mccrudden(csp) posted 03-30-2021
Be the first person to recommend this.
Yesterday it was published that the official PHP Git repository was hacked and a RCE Backdoor was committed into the PHP base code. PHP is one of the popular server-side programming languages to power over 79% of the websites on the Internet, thus making this vulnerability a very critical one. More information on the disclosed vulnerability can be found here: https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/ Vulnerability Description: The official PHP Git repository was hacked and a RCE Backdoor was committed into the PHP base code. Cloud WAF customers and On-Prem customers that have ...
0 comments

Webinar: Advanced Bot Protection - Ask Me Anything

By Sarah Lamont(csp) posted 03-29-2021
Be the first person to recommend this.
Join us for this month’s Advanced Bot Protection AMA (Ask Me Anything) community webinar where we are joined by @Jim Burtoft (prm) , Sr. Sales Engineer and @John Cosgrove , Sr. Product Manager. During this AMA the team share their unique insights on working behind the scenes at Imperva, sharing some of their ABP best practices and tips to securing workloads, and a little of what’s coming on the horizon. This webinar is mostly an open forum where we field your ABP questions live. Do you have another question? Ask it below or start a new discussion here . #AdvancedBotProtection #AllImperva #Webinar
0 comments

* Webinar * CloudWAF New Features Demo

By Sarah Lamont(csp) posted 03-25-2021
Be the first person to recommend this.
The Imperva Community welcomes @Allegra Dan , Imperva Product Manager , to introduce some of the upcoming features on CloudWAF. What's new in CloudWAF? During this session, Allegra provides an overview of the latest feature releases in Imperva's CloudWAF, including a demonstration of the upcoming enhancements to the User Interface - navigation revamp and features, as well as the new SaaS Analytics. Allegra answers many attendee questions throughout the session and will address any additional questions in an upcoming Q&A blog. Watch this space for the next webinar in the series! #AllImperva #CloudWAF(formerlyIncapsula) ​
2 comments

Manual Mitigation for CVE-2021-22986

By Patrick Mccrudden(csp) posted 03-24-2021
Be the first person to recommend this.
A recent vulnerability found in F5 BIG IP , assigned CVE-2021-22986. The vulnerability allows unauthenticated remote attackers to execute arbitrary code on vulnerable BIG-IP devices. Vulnerability Description: On March 10th F5 published a security advisory with 21 CVEs. The most critical one (CVE-2021-22986) can be exploited for unauthenticated remote code execution attacks. In the past week, several security researchers have reverse engineered the Java software patch published by BIG-IP and posted tweets and blogs with detailed POCs. We observed multiple exploitation attempts against our customers in the last 4 days. Cloud WAF customers and ...
0 comments

Please log in to community to view our video content