Imperva Cyber Community

Expand all | Collapse all

Ask Me Anything - 2020 Tournament of Champions

  • 1.  Ask Me Anything - 2020 Tournament of Champions

    Community Manager
    Posted 21 days ago
    On December 3rd, 11:30 a.m. CT, we will be hosting a Ask Me Anything - 2020 Tournament of Champions. 

    In a fitting grand finale to what has been a most challenging year, we are presenting Imperva's "Oracles of Delphi", CTO @Kunal Anand and SVP of Data Security @Ron Bennatan, to deliver perspectives and advice to the Community on all things cybersecurity.  From market concerns and observations to deep-dive technical questions and informed predictions about what 2021 has to offer, Kunal and Ron will field any and all questions to help you get a jump on next year. 

    To maintain the "spirit of giving" theme, the Imperva community will raffle off three W&P "Cook from Home" kits. Submit your questions to our superstar panel in advance of the live webinar and you are automatically eligible to win. We dare you to try and stump the executives! 


    I hope you've got questions, because we've got answers...from two of cybersecurity's hardest hitters. I look forward to seeing you there.

    Here is how it works: 
    1.   Reply to this post with your questions and your name will be submitted to the drawing. 
    2.   Attend the webinar to hear the answers to the questions. RSVP here.  

    ​​

    #CloudWAF(formerlyIncapsula)
    #DatabaseActivityMonitoring
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------


  • 2.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 20 days ago
    With the never seemingly ending leaky S3 buckets of data leaks, do we ever see an end to this and if Amazon themselves are doing enough to alert users & companies to this rather than relying on 3rd party tooling and audits to find them?

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------



  • 3.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 12 days ago
    Popular 3rd party tools are always having security issues and a large amount of hacker traffic looking for weaknesses on their network. Also with COVID, you can start expecting a shortage of EXPERIENCED software engineers to be able to deep dive trouble shoot.

    ------------------------------
    Owen Rubel
    WA
    ------------------------------



  • 4.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 18 days ago
    Hi

    My question is more related to this:


    Is there something to replace these products from Imperva? We have customer with FAM and FFW.


    Best regards


    ------------------------------
    Freddy Brito
    Daitek S.A.
    CABA AGU
    ------------------------------



  • 5.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 17 days ago
    Imperva WAF bridge/sniffing mode can intercept and get the required traffic like other Reverse or Routing mode?

    ------------------------------
    Tulga Bat
    Ulaanbaatar
    ------------------------------



  • 6.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 12 days ago
    What is Cloud Jacking and what are the best prevention techniques to deal with it?

    Thanks!

    Mark

    ------------------------------
    Mark Kreyenhagen
    Western and Southern Financial Group
    Cincinnati OH
    ------------------------------



  • 7.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 12 days ago
    PREAMBLE: To quote wikipedia : 'Synchronization is the coordination of events to operate a system in unison. For example, the conductor of an orchestra keeps the orchestra synchronized or in time. Systems that operate with all parts in synchrony are said to be synchronous or in sync-and those that are not are asynchronous.'

    An example of this action is a 'master' database synchronizes its state with 'slave' databases using replication through a 'heartbeat'; it duplicates changes over to the slave databases so they are constantly in sync with the master database.

    API's are a distributed architecture wherein the 'central version of truth' for all endpoints resides where the request/response meet ... at the API Application (on the API Server); The OpenApi spec lead earlier this year was caught trying to say OpenApi is the 'central version of truth' (see img) when OpenApi docs are generated FROM the API application (see OpenApi Generator)
    State documents like OpenAPI, RAML, API Blueprint are STATIC DUPLICATIONS OF STATE found in the API Application. As per this statement from the lead on the OPENAPI Spec:



    Thus it is POSSIBLE that they might 'sync' but not necessarily true... for multiple reasons:

    - these documents can be changed/edited by hand and often are and are encouraged to be; this can cause conflict
    - they are pushed from the gateway TOWARD the  Api Server thus forcing an edited version of state upon the CENTRAL VERSION OF TRUTH; this can cause conflict.
    - manual edits are rife for error; again, this can cause conflict.

    So my question is the following: How does one synchronize state in a distributed API architecture and maintain a secure environment (ie checking for request data per ROLE per endpoint and response data per ROLE per endpoint - see API3:2019 — Excessive data exposure)? Also, how would we sync on the fly without taking server/gateway/MQ offline?


    ------------------------------
    Owen Rubel
    WA
    ------------------------------



  • 8.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 12 days ago
    How to identify and monitor any data breach or API security attack on Apple products such as iPhone, MacBook, iPad and so on...?
    How many % attack do you expect to arise in 2021 on these devices?

    ------------------------------
    Malvika Shah
    NY
    ------------------------------



  • 9.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 11 days ago
    If we are using Flex Protect Data on premise and we have set up a lot of policies, rules reports. Can we still use the same policies, rules and reports if we move our Database to the cloud?

    ------------------------------
    Tchavdar Nikolov
    ACT Sofia
    Sofia
    ------------------------------