Blogs

DDoS Protection For Networks - SYN COOKIES

By Ishita Jain posted 12 days ago
Be the first person to like this.
Today, I’d like to talk about SYN cookies and how they can help protect your network from SYN and TCP floods, which are very harmful cyberattacks, cyberattacks on the Network layer 3/4. Have you ever experienced a situation where your network was bombarded with a lot of SYN and TCP flood attacks, causing problems like false alarms or making it hard to connect to your servers during these attacks? Don’t worry!! Our SYN cookies feature , which can be enabled by request, can come to the rescue. It’s designed to deal with these attacks effectively while keeping false alarms to a minimum. Let’s simplify what SYN cookies are: SYN cookies are often employed ...
0 comments

Incap rule catching Predated Events

By Varul Arora posted 29 days ago
Be the first person to like this.
Sometimes, it's possible that when we create a rule on a site, for example at 14:00 SGT and the rule may catch and show the events from 12:00 SGT even before the rule was created. This behaviour is bit odd as the rule was catching the event which was created before the rule. Please see the screenshot below Please note that this is an expected behaviour of the WAF as the session from that particular IP is still active which is matching the rule syntax, hence, we can see the events generated from the rule even before the rule was created. #CloudWAF(formerlyIncapsula)
0 comments

How to Scope out URL's on ABP

By Varul Arora posted 08-14-2023
2 people like this.
We have seen a lot of cases where the client is getting challenged by Identify Eventually condition under Identify Directive but no blocks happens as it’s the Javascript Challenge by ABP to fingerprint the request. If this issue happens with the client, we can suggest to increase the thresholds for no_token to > 10 as it will give appropriate time for the request to fingerprint resolving the issue. Please note that this will work but not for the API endpoints. For the API endpoints, we need to Scope Out the path, therefore, we need to cross check with the client whether they are the API endpoints or not as the API endpoints cannot pass the ABP ...
0 comments

DDoS Protection For Networks - Security Policy and Mitigation

By Ishita Jain posted 08-11-2023
2 people like this.
Hi, community, I am Ishita Jain, Senior SOC Engineer from the APJ Cloud WAF team at Imperva. One of my key areas of focus is helping our customers mitigate attacks at Layer 7 as well as Layer 3/4. I am grateful to Imperva to give me an opportunity to share my knowledge in video form (an easy and preferred way to learn for many of us). I am here to talk about how Imperva defines a custom security policy for each DDoS Protection for Networks customer network range, and how the policy impacts our mitigation process . I hope this will help you strengthen the security posture of your application/Domain. I'd love to hear your ...
0 comments

DDoS Protection for Networks - Attack Analytics Dashboard

By Ishita Jain posted 08-11-2023
1 person likes this.
Hi, community, I am Ishita Jain, Senior SOC Engineer from the APJ Cloud WAF team at Imperva. One of my key areas of focus is helping our customers mitigate attacks at Layer 7 as well as Layer 3/4. I am grateful to Imperva to give me an opportunity to share my knowledge in video form (an easy and preferred way to learn for many of us). I am here talking about our Network DDoS Analytic Dashboard which is one of our powerful tools for our DDoS protection for networks and IPs customers, which helps to see top traffic patterns for the DDoS traffic on the network that was blocked by Imperva or clean traffic that was routed through Imperva and ...
0 comments

How to block the destination port on WAF

By Varul Arora posted 08-08-2023
Be the first person to like this.
At the moment we cannot block the destination port as we don't have any specific filter for this. This can be achieved by using the filter Header Value. Please see the following rule HeaderValue != {"host";"varularora.com:443"} : This rule will block all the connections to the site user3.incaptest.net expect the port 443. When we try to add the rule, the rule will be added like in the screenshot below. #CloudWAF(formerlyIncapsula)
0 comments

Imperva Contingency DDos protection for Networks

By Alphonse Tognite posted 07-28-2023
2 people like this.
Several Distributed-Denial of Services (DDoS) attacks are targeting organisations. DDos attacks continue to be the topic of top-level executives' concerns. DDos attacks remained dangerous and can be used to distract the security team, and enable attackers to prepare other sophisticated and damaging attacks. The diagram below shows recent statistics from our Threat research team, ddos attacks have increased significantly. source : https://www.imperva.com/cyber-threat-index#ddod-threats All recent attacks have proven the fragility of the network infrastructure of our customers. It could appear that an ...
0 comments

How to Block Good BOTS traffic

By Ankit Sharma posted 07-17-2023
1 person likes this.
Imperva recommendation When you Unselect a Good bot from a good bot list, the request from those good bots will be treated like a regular request which means it may or may not be blocked . To categorize further on the request level in terms of bot categories or type of bots then configure the WAF log integration to your SIEM solution. (https://docs.imperva.com/bundle/cloud-application-security/page/settings/client-classification.htm) If you do not suspect customers to come from a particular client type then you can present those client types with Captcha to restrict only human traffic . Enabling the " Require ...
0 comments

Anonymous Sudan, MOVEit, and Cl0p - Update from Kunal Anand, CTO

By Laura Beaulieu posted 06-16-2023
Be the first person to like this.
Hi Community, I wanted to bring to your attention this update posted by Imperva's Chief Technology officer, Kunal Anand. Note that each of these have been covered in our weekly Threat Intel Report, which you can find here . Please see details below... Kunal Anand , Chief Technology Officer (2 min read) There are three concurrent events of significant concern: An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking SWIFT and inducing potential downtime, the attackers could ...
0 comments

MX Alerts Data Structure in a Nutshell - WAF Gateway Fundamentals Part 10

By Michael Gorelick posted 05-31-2023
Be the first person to like this.
In this very short edition of our WAF Gateway Fundamentals, I will cover (very succinctly) MX Alerts Data Structure, before we move on to Web Profiling in the next edition. If you have any questions, I'd love to hear them in the comment section. Don't forget you can see the rest of the "WAF Gateway Fundamentals" blog series here . Definitions I will start with a few key definitions Event: Event is the basic entity when discussing alerts, it represents the traffic seen by the Gateway. For example HTTP request, SQL query, file operation, TCP stream. Irregular Behaviour: Also known as a violation (this is how it is called on the UI), ...
0 comments

Imperva's 10th Annual Bad Bot Report

By Laura Beaulieu posted 05-17-2023
1 person likes this.
Hello, In case you have missed it, I thought you might be interested in the 10th Annual Imperva Bad Bot Report we have just released. This year's report, based on data from our global network in 2022, including 6 trillion blocked bad bot requests, delves into the relationship between bad bots, online fraud, API insecurity, and the impact of automated attacks across various industries. You can download the report on our website here . Highlights of this year’s report: - Bad Bots are 30% of automated traffic - Automated attacks targeting APIs on the rise - Evasive bad bots accounted for 66.6% of all bad bot traffic ...
1 comment

Everything You Wanted to Know About the Health of Your DAM Deployment! *Webinar Recording*

By Sarah Lamont posted 04-19-2023
1 person likes this.
Hi Community, I am so glad we record these sessions, because this one is GOLD for Imperva Database Activity Monitoring (DAM) users. Or any Imperva customer interested in how our consulting services can help you to get the most from your Imperva product. Be sure to catch up on this session with @Yassir Saeed , Director, Consulting Services and @Richard St John , Architect, Consulting Services to find out everything you Want to know about the health of your Database Activity Monitoring (DAM) deployment! By the end of this session, you will: Discover the quickest and most efficient way to conduct ...
2 comments

Workflow for Working with Alerts - WAF Gateway Fundamentals Part 9

By Michael Gorelick posted 03-30-2023
Be the first person to like this.
In my previous blog I looked at un-applied policies, disabled rules, and policies with no alerts. This blog will now look at alerts , one of the most critical functionalities of your WAF Gateway. Many alerts may be generated simultaneously, however, managing these alerts does not need to be overwhelming. In this blog post, I aim to simplify the management of WAF Gateway alerts by laying out the workflow step by step. If you have questions or comments, I'd love to hear them in the comments section below. Alerts are notifications that a violation or group of violations (of security policies) have taken place on monitored traffic. ...
0 comments

Applied Policies, Disabled Rules and No Alerts - Fundamentals of WAF Gateway Pt 8

By Michael Gorelick posted 02-27-2023
1 person likes this.
In this blog post, we'll explore the topic of un-applied policies, disabled rules, and policies with no alerts. We'll discuss how they can affect your system's performance and why it's important to keep an eye on them. So, let's dive in! Un-applied policies Do not get executed They will be downloaded to the gateway, but will not be associated with any service, and will never run, and they will not have any counters risen. Applied policies with disabled rules Create silent alerts They still impact performance as if they were enabled. However no alert is generated and profile learning can occur on that event - assuming there is not also ...
0 comments

How to Create Efficient Signatures

By Sarah Lamont posted 12-21-2022
1 person likes this.
How to Create Efficient Signatures by Michael Gorelick Knowledge Engineer There are 3 types of signatures: Web, SQL, and Stream signatures. Web and SQL signature support enhanced pattern matching using regular expressions. Note: Stream signatures are basic pattern matching where an exact pattern must match. Stream signatures don’t have rgxp, only “part”, “rmin”, and “rmax” (the latter two being the min and max distance between the “part”s). Stream signatures are applied to stream signature policies, which are enforced at the server group level, and are therefore tested against almost all traffic. The Imperva WAF GW detection ...
0 comments

Imperva Security training

By Jazmine Reynolds posted 12-15-2022
Be the first person to like this.
Hi Community, I wanted to provide a quick snapshot of Imperva's security landscape. This is a great way for your to visualise your environment and to help you identify where there may be gaps in your training. If you have questions, we'd love to hear from you. Comment below, reach out to training-team@imperva.com or browse our training catalog . #AllImperva #training ​
0 comments

How to integrate DRA (Data Risk Analytics) with DSF (Data Security Fabric)

By Jazmine Reynolds posted 11-28-2022
2 people like this.
How to integrate Data Risk Analytics (DRA) with Data Security Fabric (DSF) Data is a core element for every business. There is an increasing demand to integrate systems for a better and more secure data flow. In this article, the training team provide a step by step guide on how to integrate Imperva’s Data Risk Analytics (DRA) with your Data Security Fabric (DSF). This is just one of the items covered in our Imperva training courses. Visit out training catalog or Contact training@imperva.com Integrating DRA with DSF Imperva Data Security Fabric* combines the granularity of Imperva Agent Gateways and Agents with the flexibility of Sonar ...
2 comments

Replacing Passwords in Agent GW Cluster With Minimal Data Loss

By Vihar Desai (csp) posted 10-24-2022
1 person likes this.
This is an upcoming feature in Agent Gateway & MX v14.10 (Q4 2022) In previous version(v14.9 and old versions) when replacing the GW/GW Password, User needs to update the password in all agents after the password has been changed and re-register the agent to the MX because of which there is a data loss (user can have many agents in a single cluster) and it might take hours until the password is updated in all the agents. New capabilities in v14.10 will add a second password to the GW/GW Cluster and update the new password in all agents. It will also remove the old password from GW/GW cluster. This capability will minimize the data loss of each agent, there ...
0 comments

Gain Control of Rapidly Securing Your Critical APIs Without Worrying About Your Backend Stack

By Luke Babarinde posted 10-05-2022
Be the first person to like this.
by Luke Babarinde Principal Architect at Imperva Imagine trying to protect your web application farm, while needing to integrate with all the different web servers' backend stacks on a one-to-one basis. This requires a WAF that understands systems such as Nginx, Apache, IIS, and Tomcat. You will effectively start a project that will never end due to the complexities associated with protecting each backend stack. Moreover, you will be bogged down with logistics; rapidly protecting your applications and integrating one-to-one with your stack is practically impossible. This is not the standard operating procedure with Imperva. Our solution has evolved ...
0 comments

Get Ahead with Imperva Community

By Sarah Lamont posted 09-29-2022
2 people like this.
Get Ahead with Imperva Community Imperva Community is designed to help you better achieve your goals, by providing a collaborative space to ask questions, share insights and learn from Imperva experts as well as fellow members! Our members love to hear your tips and tricks and are always keen to help others find solutions. We also have self service blogs and regular events from our Imperva experts that give you the opportunity to ask your questions directly to them. A lot of our content is for members only, so you must log in to make sure you aren't missing key updates. Here's what you could be missing: Regular live events ...
0 comments