Community Blogs

Be the first person to recommend this.
Hi Community, Have you noticed a few changes around here? I am delighted to announce the launch of our new video hub - exclusively available to community members! We have been hard at work this year building out an on-demand video library for you to browse and search--we’re currently at just over 250 titles, with new titles added each month! We know how busy you are, so you'll find lots of micro-video content designed to answer your key questions in just minutes, helping you get the most from your Imperva products. One of the new videos you’ll find there is our first " Community Catch Up "! Check it out below... ...
0 comments
Be the first person to recommend this.
Hi All, Well this was a fun session. Check out the recording below to hear @John Cosgrove and I answer your questions on all thing ABP. Here are some of the things we cover: What is the difference between rate limiting in CWAF vs ABP? Can you the use the response sent back for ABP inside other policies in SecureSphere? Fraud root-cause checking Atomic responses Multiplexed trunk connections and testing for latency ...and many more of your questions. Thanks to everyone who submitted questions and keep an eye on community events for my next webinar on getting the most from your Cloud WAF (Nov 10). If you still have questions, feel free to ...
0 comments
Be the first person to recommend this.
Maximum Transmit Unit (MTU) and Maximum Segment Size (MSS) are two important terms you should be familiar with when venturing into the world of networking, especially if you are working with GRE and IPSEC tunnels. And if you are looking to use DDoS Protection as a service, you will need to know how MTU and TCP-MSS work. What is ‘Maximum Transmit Unit’ (MTU)? MTU is the largest packet or frame size, specified in octets (eight-bit bytes), that can be sent in a packet- or frame-based network on a particular data communications link. The internet’s transmission control protocol (TCP) uses MTU to determine the maximum size of each packet in any transmission. ...
0 comments
Be the first person to recommend this.
The Imperva community welcomes Jim Coalwell, Senior Product Manager, Imperva and Kyle DuPont, CEO and Co-founder of Ohalo to the webinar series. What is unstructured data? What makes it unique? Why should I be worried about it? Watch this session to learn how to tackle the complexities of unstructured data with Imperva Sonar and Ohalo. Still got questions? Why not start a thread here ? Related links: Webinar: Finding the data you didn't know you had. (imperva.com) Podcast - Imperva Customer Community - Featuring DataSecurity Episode #AllImperva #jSonar
0 comments
Be the first person to recommend this.
Thank you for securing your future with Imperva—a Magic Quadrant Leader in Web Application and API Protection. We wanted to share some great news with the Imperva Community. For 2021, Imperva has been positioned highest for Completeness of Vision in this year’s GartnerⓇ Magic Quadrant TM for Web Application and API Protection (WAAP)—making us a Leader eight years in a row! As a security innovator, we know that this recognition is a team effort. Thank you to our customers and partners in this community. For additional details on our leadership position, please feel free to read my blog . We appreciate everyone’s contributions in this win. ...
0 comments
Be the first person to recommend this.
Join Rajaram Srinivasan , Imperva Senior Product Manager to learn how to protect your AWS Lambda Functions with Imperva... for free! This session covers: What it means to adopt serverless technology Why organizations need to secure their serverless functions How to secure your transition to AWS Lambd Raj also answers attendee questions live during a very active Q&A session. If you still have questions, why not comment below, or start your own thread ? Keep an eye on our events page for more webinars from Raj in the coming weeks. #RASP #Webinar
0 comments
Be the first person to recommend this.
Imperva has a lot of documentation around the SecureSphere API along with examples of how to use it. https://docs.imperva.com/bundle/v12.6-api-reference-guide/page/61914.htm We also have a lot of tools and utilities built around it with examples using cURL and python: https://github.com/imperva/imperva-web-api-composer/blob/master/src/assets/CURL_API_Samples_SecureSphere.zip and https://github.com/imperva/mx-toolbox However, I was working with a customer that wanted to use PowerShell. All we had to do was follow the cURL examples - authenticate, save the returned session id to a cookie, then make our API call. While it seemed like a simple enough ...
0 comments
Be the first person to recommend this.
How to navigate the chaotic world of personal privacy rights regulations. When it comes to personal privacy rights laws, not knowing where all of your sensitive data is can be costly, time-consuming, and could have a significant impact on your brand and reputation. During this webinar, Jim Coalwell, Senior Product Manager, examines how Imperva is helping our customers find data they didn't know they had and how to avoid some of the pitfalls of complying with personal privacy rights regulations. The session ends with a Q&A so that Jim can answer live questions #CloudDataSecurity #AllImperva #jSonar #Dataprivacy #Webinar
0 comments
Be the first person to recommend this.
In our previous blogs, I have described several Data Risk Analytics (DRA) integration use cases and how to configure and use the Syslog. In this final blog I discuss the DRA API and how it can be used. The cool thing about APIs is that you can provide configuration and entry points to the DRA from other systems (as you have seen in the use cases examples) and the even cooler thing is that you can actually enhance your experience by adding extra functionality that currently doesn’t exist. Let’s dive deeper into the subject. API Security DRA APIs use secure communications. Client and DRA communicate via encrypted traffic using certificate ...
0 comments
Be the first person to recommend this.
Below are the manual mitigation for the recently published vulnerability CVE-2021-21985: VMware vCenter Server Virtual SAN Health Check plugin RCE Vulnerability Description: A vulnerability in VMware vCenter Server contains a flaw in the vSphere Client (HTML5) that is triggered as input passed to the Virtual SAN Health Check plug-in is not properly validated. With a specially crafted request to the /ui/h5-vsan/rest/ endpoint, a remote attacker can execute arbitrary commands. Cloud WAF customers are already protected OOTB. Below are manual mitigation steps to address CVE-2021-21985: VMware vCenter Server Virtual SAN Health Check plugin ...
0 comments
Be the first person to recommend this.
The Imperva community welcomes DDoS Principal Architect, Alex Bakshtein and DDoS attack expert James Mal, of Redwolf Security Inc. In this session you willl witness a live DDoS attack and see the Imperva DDoS mitigation solution in action. Our speakers explore and track the different challenges that organizations are faced with when under a DDoS attack and in the aftermath. In this session you will learn how to investigate and understand the components of a DDoS attack so that when – not if – a DDoS attack hits, you’re prepared to answer any questions that come your way. You will also get to see the Imperva DDoS mitigation solution in action. #DDoSProtectionforNetworks ...
0 comments
Be the first person to recommend this.
In the previous blog , I have described several Data Risk Analytics (DRA) integration use cases. In this blog I will dive deeper into how you can integrate your DRA with Syslog. DRA can send Syslog messages to products that use Syslog. For example: SIEM, SOAR, ELK and others. There are several options that can be configured based on your operational/business requirements including the target server, message format and what you actually want to send. Syslog server target You need to configure the target to which messages will be sent. This includes the IP, Port, Protocol (UDP/TCP) and facility. It is recommended that once you configure ...
0 comments
Be the first person to recommend this.
The Imperva Community is delighted to welcome @Kobi Katzir , Imperva Director, Product Management, and Assaf Zweifler, Imperva Technical Product Manager, to discuss Data Privacy and how to leverage your Imperva Data Security products to ensure compliance. During this webinar, Kobi and Assaf address why Imperva Data Privacy is important for your organization and follow with a deep dive product demo . They also provide a sneak peek of what is ahead with a look at the product roadmap . As always, we end the session with a Q&A, answering user questions live. Do you have a question? Ask it below or start your own thread . #CloudDataSecurity ...
0 comments
Be the first person to recommend this.
As the cybersecurity industry matures and modernizes, security products are required to integrate with a wider range of products within the customer ecosystem, this is also true for the Imperva Data Risk Analytics (DRA) product. We see more and more customers that want to use external products to manage the DRA incidents and in some cases do not even provide direct access to the DRA GUI to their users. Based on these requirements Imperva invested even more into functionality development so that DRA will have the ability to integrate it into different processes using modern devops and automation methods, mainly Syslog and APIs. This first blog ...
1 comment
Be the first person to recommend this.
The Imperva Community is delighted to welcome @Lynn Marks , Imperva Product Manager, and Erez Hasson, Imperva Associate Product Marketing Manager, to discuss Account Takeover (ATO) and how it could impact your industry. During this webinar, Lynn and Erez discuss ATO, how it occurs and why it is a prevalent issue for the full range of industries. They follow this with a deep dive into specific industry cases, showing the impact of ATO and how tools like Imperva’s Account Takeover Protection can mitigate organizational risk. As always, the session ends with a Q&A allowing the team to answer your user questions directly. To receive a copy of the Bad Bot Report ...
0 comments
Be the first person to recommend this.
The Imperva Community welcomed , Imperva Customer Success Manager , to discuss how to integrate Data Risk Analytics (DRA) into your eco-system using API and Syslog. Modern eco-systems are very complex and have multiple products that interact with each other to increase productivity through automation and devops processes. In this technical session you will see several examples of how customers integrate DRA using Syslog and APIs. You will understand how to configure DRA and see an example of how DRA API was used to enhance the DRA capabilities. Got a question? Ask it below or start a new thread by posting it here . ​ #DataRiskAnalytics ...
1 comment
Be the first person to recommend this.
Yesterday it was published that the official PHP Git repository was hacked and a RCE Backdoor was committed into the PHP base code. PHP is one of the popular server-side programming languages to power over 79% of the websites on the Internet, thus making this vulnerability a very critical one. More information on the disclosed vulnerability can be found here: https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/ Vulnerability Description: The official PHP Git repository was hacked and a RCE Backdoor was committed into the PHP base code. Cloud WAF customers and On-Prem customers that have ...
0 comments
Be the first person to recommend this.
Join us for this month’s Advanced Bot Protection AMA (Ask Me Anything) community webinar where we are joined by @Jim Burtoft (prm) , Sr. Sales Engineer and @John Cosgrove , Sr. Product Manager. During this AMA the team share their unique insights on working behind the scenes at Imperva, sharing some of their ABP best practices and tips to securing workloads, and a little of what’s coming on the horizon. This webinar is mostly an open forum where we field your ABP questions live. Do you have another question? Ask it below or start a new discussion here . #AdvancedBotProtection #AllImperva #Webinar
0 comments
Be the first person to recommend this.
The Imperva Community welcomes @Allegra Dan , Imperva Product Manager , to introduce some of the upcoming features on CloudWAF. What's new in CloudWAF? During this session, Allegra provides an overview of the latest feature releases in Imperva's CloudWAF, including a demonstration of the upcoming enhancements to the User Interface - navigation revamp and features, as well as the new SaaS Analytics. Allegra answers many attendee questions throughout the session and will address any additional questions in an upcoming Q&A blog. Watch this space for the next webinar in the series! #AllImperva #CloudWAF(formerlyIncapsula) ​
2 comments
Be the first person to recommend this.
A recent vulnerability found in F5 BIG IP , assigned CVE-2021-22986. The vulnerability allows unauthenticated remote attackers to execute arbitrary code on vulnerable BIG-IP devices. Vulnerability Description: On March 10th F5 published a security advisory with 21 CVEs. The most critical one (CVE-2021-22986) can be exploited for unauthenticated remote code execution attacks. In the past week, several security researchers have reverse engineered the Java software patch published by BIG-IP and posted tweets and blogs with detailed POCs. We observed multiple exploitation attempts against our customers in the last 4 days. Cloud WAF customers and ...
0 comments

Please log in to community to view our video content