Community Blogs

Be the first person to like this.
Cross System Global Objects Welcome to part 6 of our Fundamentals blog series. In this blog, will be looking at defining the Cross System Global objects, what they help you achieve and how to implement them. Be sure to check out the previous blogs in the series - links are included at the end of this blog. Global Port Groups Global Port Groups are lists of ports used in various locations in On-Prem WAF, including: Service Scans Firewall Policy The Global Ports Group attaches a name to the port number, making it more readable in alerts. IP Groups IP Groups are lists of IP Addresses used for a variety of purposes ...
0 comments
Be the first person to like this.
Beyond the WAF - 4 key Tools for Complete Application Security Webinar Recording The Imperva Community is delighted to welcome Craig Porter, Imperva AppSec Specialist, and Louis Zisiadis , Customer Success Manager to the webinar series. In this session, the team will look outside of Cloud WAF and discuss the 4 additional tools in Imperva's Application Security Suite and how they can further protect your environment. These include: API Security Advanced Bot Protection Client Side Protection Runtime Protection The team take time to answer audience questions throughout the session, but feel free to add your own below! ...
0 comments
1 person likes this.
Advanced Web Security Policies – Fundamentals of On-Prem WAF Part 5 Introduction A web application firewall (WAF) is a web-based security appliance that helps protect servers and websites from malicious web applications. It is a web application security solution that analyzes the content of the requests, examines their headers and responses, and then makes decisions on whether or not to allow them through. There are several different advanced web policies that you can use to protect your website from being attacked when you're building a web application firewall. In this post, we will examine the different types of policies that can be ...
0 comments
Be the first person to like this.
Imperva Support Case Creation and Portal Updates The Imperva Customer Support Portal brings together some of our key customer tools in one unified customer support portal. It also allowed us to enhance the experience for you, the customer. Here is a quick reminder of some of those enhancements. Case management - You can open, update, and view support cases for all Imperva products and also determine the severity to set the proper sense of urgency and influence response times. SSO access allows you to search and browse a wealth of knowledge resources directly from the portal landing page, including product documentation, ...
0 comments
2 people like this.
Types of Web Security Policies - Fundamentals of On-Prem WAF Part 4 Introduction Having already addressed the SSL Certificates and Ciphers, part 4 of this On-Prem WAF Fundamentals blog series will hone in on policies, looking at the different types available and best practices. This is followed by a step by step guide on defining policies. What is a Policy? To ensure complete application security, Imperva On-Premises WAF policies provide the system with multi-level protection in line with the Imperva On-Premises WAF object hierarchy, as follows: Server Groups > Services > Applications Policies are enabled by ...
0 comments
2 people like this.
Appl ication Hierarchy: Server Group, Service, Application Fundamentals of On-Prem WAF - Part 3 Introduction In the first parts of our series, we discussed the basics of On-Prem WAF, and notably, we stated that the OSI 7-layer model is essential to understanding the concept of computer networking. The 7 layers are the physical layer, the Data link layer, the Network layer, the transport layer, the session layer, the presentation layer, and the application layer. We also looked at the SSL Certificates and Ciphers. This article elaborates on the Application layer focusing on the different hierarchies within the Application layer. We would take ...
0 comments
2 people like this.
SSL certificates and Ciphers Fundamentals of On-Prem WAF - Part 2 Introduction When you're configuring your SSL certificates, it's important to understand which SSL ciphers are supported by your server and web application. The strength and configuration of supported ciphers will vary depending on the version of software deployed by the server and what hardware, operating system and CPU architecture is supporting the service. In this blog, we will discuss some of the important points related to SSL certificates and ciphers. Also, we would give you step by step guide on how to add SSL keys. But before we dive into it, ...
0 comments
3 people like this.
Fundamentals of On-Premise WAF - Blog Series Part1: Multi-Layer Protection - the basis of On-Premise WAF Ira Miga Knowledge Engineer At Imperva, we appreciate that a lot of our users are required to communicate internally the workings of our products and the value they bring to the organization. With this in mind, we're excited to announce a new blog series on On-Premise WAF! I will go "back to basics" with a focus on On-Premise WAF in a series of informational blogs. In this first blog, I'll go over the multi-layer protection with On-Premise WAF and why it's so important for organizations. On-Premise WAF is an important tool that helps protect ...
2 comments
Be the first person to like this.
Manual Mitigation for CVE-2022-30525 Nathan Orr Security Analyst Threat Research Vulnerability in Zyxel Firewalls, assigned CVE-2022-30525: Zyxel Command Injection Vulnerability. Vulnerability Description : A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions ...
0 comments
Be the first person to like this.
Ahead of our Data Security Roadmap 2022 webinar , I wanted to share the recent blog from Dan Neault, Imperva's SVP and GM for Data Security, to give a little insight into our Data Security Fabric. If you have any questions, comment below! We can even address them during the live session on Wednesday April 27 . Why Customers Asked us for a Data Security Fabric (Even When They Didn’t Know to ask for it by Name) Dan Neault, Imperva's SVP and GM for Data Security Our journey to the data security fabric started a while back when we built the industry’s first data security platform based on what customers said they needed and working with customers ...
1 comment
1 person likes this.
How to Truly Protect against Account Take Over (ATO) - Webinar recording - with Lynn Marks and Santosh Nallu The Imperva Community is delighted to welcome Lynn Marks, Imperva Product Manager, and Sanosh Nulla, to discuss Account Takeover (ATO) and how you can truly protect your organization against it. During this webinar, Lynn discusses ATO, how it occurs and why it is a prevalent issue for the full range of industries. She looks at the impact of ATO and how you can mitigate organizational risk with Imperva's Account TakeOver Protection. Make sure you watch to the end as Lynn and Santosh address the audience questions. #AccountTakeOver ...
0 comments
2 people like this.
Impervian Community Spotlight: Karol Gruszczyński, IT Security Expert, Trafford IT Sharing knowledge is an important part of Karol's day to day role with Trafford IT as he aims to increase awareness through conferences, workshops and right here on community! @Karol Gruszczy?ski is an extremely active member of the Imperva community and a real technical asset to our members. We are delighted to have him onboard as a Community Champion. “For me, the Imperva community is the place where I can help anyone who needs it, and I can learn a lot from other Imperva engineers. I hope we will meet together one day at the IMPERVA Community Champion Event ...
0 comments
Be the first person to like this.
Discover and Assess your cloud database security risks with Imperva Snapshot! *Webinar Recording* Visibility is critical in protecting your cloud data. In our digital transformation era and its rapid changes, Gartner’s prediction that “Through 2025, 99% of cloud security failures will be the customer’s fault” is a very real prospect. Imperva Snapshot, a new patent-pending technology, performs a cloud data security posture report of cloud databases in minutes. It is a fast and easy-to-use cloud data security posture assessment service for Amazon RDS managed databases. Join Gabriel Beyo, Engineering Director at the Innovation Office, and Mor Manor ...
0 comments
Be the first person to like this.
WAF Gateway for Cloud-Native Environment Eyal Gur Sr Product Manager We are delighted to welcome back @Eyal Gur for the latest update on WAF Gateway for Cloud Native Environments. In this great session Eyal demonstrates how you can leverage the existing full blown WAF GW capabilities within your service mesh environment (using Envoy or NGINX). He is joined by Ori Nataneli and Idan Cohen to answer your questions at the end of the session. #Webinar #recording #demonstration #WAAP #cloud #architect #devops ​​​​​​​​​ #On-PremisesWAF(formerlySecuresphere)
0 comments
Be the first person to like this.
DDoS for Networks: New Features Update! Imperva community is delighted to welcome @Ofir Shaham, Sr Product Manager, and @Grainne McKeever , Sr. Security Product Marketing Manager, to the webinar series. In this session, Ofir and Grainne discuss DDoS for Networks and the latest solution features including: SD-SOC & SD-NOC Link Performance Monitoring Nrt-SIEM Integration Notification settings integration Hierarchical Account Support Distributed Denial of Service (DDoS) attacks are on the rise, and constantly evolving as attackers look for innovative ways to disrupt your operations and bring down your networks. ...
0 comments
Be the first person to like this.
Imperva Up2date: The Log4j Exploit and the call for Runtime Protection (RASP) Josh Hogle, Sr Technical Marketing Engineer. *Video includes closed captions in Chinese, English, German, Japanese, Korean, Russian, Spanish* Log4j is a popular logging framework maintained by the Apache Software Foundation, which is used in almost every Java-based commercial and open-source application around the world. In December of 2021, multiple zero-day vulnerabilities involving remote code execution were discovered in the log4j package. The primary vulnerability, dubbed Log4Shell, allows a hacker to place a specially crafted LDAP or JNDI string ...
1 comment
Be the first person to like this.
Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions Kunal Anand, CTO Since it was disclosed on Friday, December 11, I have spoken with many customers about CVE-2021-44228 and the ways Imperva is working to ensure that they are protected . Countless others have contacted us with questions about ways to mitigate the impact from the Log4j vulnerability. In the spirit of transparency and information sharing, we’ve aggregated below the most common questions we’ve received to date and the answers we’ve been providing to assist our customers through this time. This is a complex and evolving situation -- one that takes ...
1 comment
Be the first person to like this.
How We’re Protecting Customers & Staying Ahead of CVE-2021-44228 Kunal Anand , Nadav Avital Dec 10, 2021 2 min read CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, the team at LunaSec has an excellent technical writeup on their blog . In terms of magnitude, this will without any doubt, have a big impact on all organizations running Java workloads. Similar to other common ...
3 comments
Be the first person to like this.
Hi Community, Have you noticed a few changes around here? I am delighted to announce the launch of our new video hub - exclusively available to community members! We have been hard at work this year building out an on-demand video library for you to browse and search--we’re currently at just over 250 titles, with new titles added each month! We know how busy you are, so you'll find lots of micro-video content designed to answer your key questions in just minutes, helping you get the most from your Imperva products. One of the new videos you’ll find there is our first " Community Catch Up "! Check it out below... ...
0 comments
Be the first person to like this.
Hi All, Well this was a fun session. Check out the recording below to hear @John Cosgrove and I answer your questions on all thing ABP. Here are some of the things we cover: What is the difference between rate limiting in CWAF vs ABP? Can you the use the response sent back for ABP inside other policies in SecureSphere? Fraud root-cause checking Atomic responses Multiplexed trunk connections and testing for latency ...and many more of your questions. Thanks to everyone who submitted questions and keep an eye on community events for my next webinar on getting the most from your Cloud WAF (Nov 10). If you still have questions, feel free to ...
0 comments

Please log in to community to view our video content