Blogs

State of API Security in 2024 report available now!

By Grainne McKeever posted 12 hours ago
1 person likes this.
Hi Community, I am excited to announce the release of the State of API Security in 2024 report , a new report based on our threat research and the first report on API Security published by Imperva. The State of API Security in 2024 Report highlights how APIs and their increased usage are significantly changing the threat landscape. In 2023, the number of API-targeted attacks rose significantly. Attacks targeting the business logic of APIs constituted 27% of attacks in 2023, a growth of 10% since the previous year. Account Takeover (ATO) attacks targeting APIs also increased from 35% in 2022 to 46% in 2023. Based on data from Imperva ...
0 comments
 
Imperva Products All Imperva API Security

Transitioning to Imperva's HEC Integration for Splunk: A Seamless Approach

By Ziv Rika posted 10 days ago
1 person likes this.
As organizations continue to enhance their security posture, the need for efficient and effective log management solutions becomes increasingly critical. Imperva recognizes this necessity and is excited to introduce the new HTTP Event Collector (HEC) integration for Splunk, offering a streamlined approach to log delivery and management. Splunk's (HEC) offers a secure and simple integration method for all Imperva log types, including ABP, ATO, and also future ones. HEC complies with near real-time (NRT) delivery methods, with an SLA of less than 5 minutes. This ensures swift analysis and response to security events, enhancing overall security posture. ...
0 comments

Manual Mitigation for HTTP/2 CONTINUATION Flood Vulnerability

By Sarah Lamont posted 10 days ago
Be the first person to like this.
Hi Community, Our recent blog post highlighted that there is a widely reported HTTP/2 vulnerability that can be used to generate a DDoS. This is primarily of interest to our Cloud WAF customers, although WAF Gateway customers may also wish to know more. The following steps can be used for mitigation: Description Recently, a class of vulnerabilities in HTTP/2 implementations was published, dubbed HTTP/2 CONTINUATION Flood . This attack leverages the CONTINUATION frame that is being sent without setting the END_HEADERS, which in return creates an infinite stream of headers that HTTP/2 server would need to parse and store in memory. ...
0 comments

HTTP/2 CONTINUATION Flood Vulnerability

By Sarah Lamont posted 13 days ago
1 person likes this.
Nadav Avital, Senior Director, Threat Research HTTP/2 , a widely adopted web communication protocol, organizes data transmission through a binary framing layer, wherein all communication is divided into smaller messages called frames, each identified by a specific type, such as headers, data, and continuation frames. HTTP/2 HEADER frames facilitate the transmission of HTTP headers for requests and responses, employing the HPACK encoding algorithm for compression and efficiency. These frames can be marked with flags like END_HEADERS, indicating completion of header transmission, and END_STREAM, denoting the absence of further request/response body. ...
0 comments
 
Imperva Products All Imperva

Thales + Imperva: Creating a Global Leader in Cybersecurity

By Sarah Lamont posted 01-18-2024
1 person likes this.
Hi Community I’m sure you are already aware but on December 1, 2023, Thales closed its acquisition of Imperva. We are excited about the possibilities ahead of us. Thales and Imperva have a shared value of putting the customer first and will lead with that customer obsession to provide the highest level of service to our customers. You can find more information here . We will continue to provide updates as we move through the integration process. For now, check out the video below for a very brief welcome message from Steve Walden , Global VP of Client Services at Thales. #AccountTakeOver ...
0 comments

Happy Holidays!

By Sarah Lamont posted 12-20-2023
1 person likes this.
Hi Community, I just wanted to take a moment to wish Happy Holidays to all who celebrate. I will be taking some time to rest and get ready for a super busy 2024. I can't wait. For those who will continue to be busy over the coming days and weeks, I hope you continue to find the answers you need here on Community. If not, feel free to open a support ticket. 2024 will kick off with some great live events, including a session for our customers in and around the APAC region. Be sure to sign up here . Thank you all for supporting Community during 2023. Happy Holidays and a prosperous New Year! #AllImperva
0 comments
 
Imperva Products All Imperva

Web Attack: The Mystery of the Hidden API - Webinar Recording

By Sarah Lamont posted 12-12-2023
Be the first person to like this.
Catch up on this great session with Rob Jammes , Director, Professional Services, and John Dougherty , Principal Security Consultant, Professional Services for this in depth look at API security and how Imperva can help you solve the mystery of Hidden APIs. The team looks at the challenges faced by Stan, an intrepid security engineer, discovering an active mystery during a web attack. Watch this session to ensure that you have the the skills and tools required to discover and manage hidden APIs... The team approaches this session by looking at the challenges faced by an intrepid security engineer discovering an active mystery ...
0 comments

Enhanced API Management with Imperva and Kong - Webinar Recording

By Sarah Lamont posted 11-15-2023
Be the first person to like this.
Earlier this year Imperva announced its partnership with Kong , for enhanced API management. We were delighted to welcome leaders from Imperva and Kong to discuss how to enhance your API Management strategy with a range of API Security options. Catch up on this webinar with Mark Sivill , Senior Solutions Engineer at Kong and Luke Babarinde , Global Solutions Architect at Imperva to learn how you can discover, manage and protect your APIs without slowing down the speed of your business. This webinar will provide insights and practical guidance on how to strengthen your API strategy. Be sure to watch to the end to hear the team answer audience questions. ...
0 comments
 
Imperva Products API Security

Community Champion Spotlight: Luis Elola

By Sarah Lamont posted 10-12-2023
2 people like this.
I am delighted to introduce our newest Community Champion, @Luis Elola . Luis has been a member of community for just over one year. In this time, he has shared his extensive knowledge and asked questions that have added great value to our community. "The Imperva Community provides me with opportunities to socialize with cybersecurity colleagues, share experiences and learn from the ideas of others, taking my own knowledge to the next level of advising cybersecurity services and solutions, this in direct benefit to our clients and partners". Luis is based in Santiago, Chile and has been a Cybersecurity Product & Advisor Manager at ...
0 comments
 
User Created   champion Imperva Products All Imperva

DDoS Protection For Networks - SYN COOKIES

By Ishita Jain posted 09-14-2023
Be the first person to like this.
Today, I’d like to talk about SYN cookies and how they can help protect your network from SYN and TCP floods, which are very harmful cyberattacks, cyberattacks on the Network layer 3/4. Have you ever experienced a situation where your network was bombarded with a lot of SYN and TCP flood attacks, causing problems like false alarms or making it hard to connect to your servers during these attacks? Don’t worry!! Our SYN cookies feature , which can be enabled by request, can come to the rescue. It’s designed to deal with these attacks effectively while keeping false alarms to a minimum. Let’s simplify what SYN cookies are: SYN cookies are often employed ...
0 comments
 
Imperva Products DDoS Protection for ...

Incap rule catching Predated Events

By Varul Arora posted 08-28-2023
Be the first person to like this.
Sometimes, it's possible that when we create a rule on a site, for example at 14:00 SGT and the rule may catch and show the events from 12:00 SGT even before the rule was created. This behaviour is bit odd as the rule was catching the event which was created before the rule. Please see the screenshot below Please note that this is an expected behaviour of the WAF as the session from that particular IP is still active which is matching the rule syntax, hence, we can see the events generated from the rule even before the rule was created. #CloudWAF(formerlyIncapsula)
0 comments
 
Imperva Products Cloud WAF (formerly ...

How to Scope out URL's on ABP

By Varul Arora posted 08-14-2023
2 people like this.
We have seen a lot of cases where the client is getting challenged by Identify Eventually condition under Identify Directive but no blocks happens as it’s the Javascript Challenge by ABP to fingerprint the request. If this issue happens with the client, we can suggest to increase the thresholds for no_token to > 10 as it will give appropriate time for the request to fingerprint resolving the issue. Please note that this will work but not for the API endpoints. For the API endpoints, we need to Scope Out the path, therefore, we need to cross check with the client whether they are the API endpoints or not as the API endpoints cannot pass the ABP ...
0 comments
 
Imperva Products Advanced Bot Protection

DDoS Protection For Networks - Security Policy and Mitigation

By Ishita Jain posted 08-11-2023
2 people like this.
Hi, community, I am Ishita Jain, Senior SOC Engineer from the APJ Cloud WAF team at Imperva. One of my key areas of focus is helping our customers mitigate attacks at Layer 7 as well as Layer 3/4. I am grateful to Imperva to give me an opportunity to share my knowledge in video form (an easy and preferred way to learn for many of us). I am here to talk about how Imperva defines a custom security policy for each DDoS Protection for Networks customer network range, and how the policy impacts our mitigation process . I hope this will help you strengthen the security posture of your application/Domain. I'd love to hear your ...
0 comments
 
Imperva Products DDoS Protection for ...

DDoS Protection for Networks - Attack Analytics Dashboard

By Ishita Jain posted 08-11-2023
1 person likes this.
Hi, community, I am Ishita Jain, Senior SOC Engineer from the APJ Cloud WAF team at Imperva. One of my key areas of focus is helping our customers mitigate attacks at Layer 7 as well as Layer 3/4. I am grateful to Imperva to give me an opportunity to share my knowledge in video form (an easy and preferred way to learn for many of us). I am here talking about our Network DDoS Analytic Dashboard which is one of our powerful tools for our DDoS protection for networks and IPs customers, which helps to see top traffic patterns for the DDoS traffic on the network that was blocked by Imperva or clean traffic that was routed through Imperva and ...
0 comments
 
Imperva Products DDoS Protection for ...

How to block the destination port on WAF

By Varul Arora posted 08-08-2023
Be the first person to like this.
At the moment we cannot block the destination port as we don't have any specific filter for this. This can be achieved by using the filter Header Value. Please see the following rule HeaderValue != {"host";"varularora.com:443"} : This rule will block all the connections to the site user3.incaptest.net expect the port 443. When we try to add the rule, the rule will be added like in the screenshot below. #CloudWAF(formerlyIncapsula)
0 comments
 
Imperva Products Cloud WAF (formerly ...

How to Block Good BOTS traffic

By Ankit Sharma posted 07-17-2023
1 person likes this.
Imperva recommendation When you Unselect a Good bot from a good bot list, the request from those good bots will be treated like a regular request which means it may or may not be blocked . To categorize further on the request level in terms of bot categories or type of bots then configure the WAF log integration to your SIEM solution. (https://docs.imperva.com/bundle/cloud-application-security/page/settings/client-classification.htm) If you do not suspect customers to come from a particular client type then you can present those client types with Captcha to restrict only human traffic . Enabling the " Require ...
0 comments
 
Imperva Products Cloud WAF (formerly ...

Anonymous Sudan, MOVEit, and Cl0p - Update from Kunal Anand, CTO

By Laura Beaulieu posted 06-16-2023
Be the first person to like this.
Hi Community, I wanted to bring to your attention this update posted by Imperva's Chief Technology officer, Kunal Anand. Note that each of these have been covered in our weekly Threat Intel Report, which you can find here . Please see details below... Kunal Anand , Chief Technology Officer (2 min read) There are three concurrent events of significant concern: An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking SWIFT and inducing potential downtime, the attackers could ...
0 comments

MX Alerts Data Structure in a Nutshell - WAF Gateway Fundamentals Part 10

By Michael Gorelick posted 05-31-2023
Be the first person to like this.
In this very short edition of our WAF Gateway Fundamentals, I will cover (very succinctly) MX Alerts Data Structure, before we move on to Web Profiling in the next edition. If you have any questions, I'd love to hear them in the comment section. Don't forget you can see the rest of the "WAF Gateway Fundamentals" blog series here . Definitions I will start with a few key definitions Event: Event is the basic entity when discussing alerts, it represents the traffic seen by the Gateway. For example HTTP request, SQL query, file operation, TCP stream. Irregular Behaviour: Also known as a violation (this is how it is called on the UI), ...
0 comments
 
User Created   fundamentals Imperva Products On-Premises WAF ...

Imperva's 10th Annual Bad Bot Report

By Laura Beaulieu posted 05-17-2023
1 person likes this.
Hello, In case you have missed it, I thought you might be interested in the 10th Annual Imperva Bad Bot Report we have just released. This year's report, based on data from our global network in 2022, including 6 trillion blocked bad bot requests, delves into the relationship between bad bots, online fraud, API insecurity, and the impact of automated attacks across various industries. You can download the report on our website here . Highlights of this year’s report: - Bad Bots are 30% of automated traffic - Automated attacks targeting APIs on the rise - Evasive bad bots accounted for 66.6% of all bad bot traffic ...
1 comment
 
Imperva Products All Imperva

Everything You Wanted to Know About the Health of Your DAM Deployment! *Webinar Recording*

By Sarah Lamont posted 04-19-2023
2 people like this.
Hi Community, I am so glad we record these sessions, because this one is GOLD for Imperva Database Activity Monitoring (DAM) users. Or any Imperva customer interested in how our consulting services can help you to get the most from your Imperva product. Be sure to catch up on this session with @Yassir Saeed , Director, Consulting Services and @Richard St John , Architect, Consulting Services to find out everything you Want to know about the health of your Database Activity Monitoring (DAM) deployment! By the end of this session, you will: Discover the quickest and most efficient way to conduct ...
2 comments