Imperva Cyber Community

Expand all | Collapse all

Ask Me Anything - 2020 Tournament of Champions

  • 1.  Ask Me Anything - 2020 Tournament of Champions

    Community Manager
    Posted 23 days ago
    On December 3rd, 11:30 a.m. CT, we will be hosting a Ask Me Anything - 2020 Tournament of Champions. 

    In a fitting grand finale to what has been a most challenging year, we are presenting Imperva's "Oracles of Delphi", CTO @Kunal Anand and SVP of Data Security @Ron Bennatan, to deliver perspectives and advice to the Community on all things cybersecurity.  From market concerns and observations to deep-dive technical questions and informed predictions about what 2021 has to offer, Kunal and Ron will field any and all questions to help you get a jump on next year. 

    To maintain the "spirit of giving" theme, the Imperva community will raffle off three W&P "Cook from Home" kits. Submit your questions to our superstar panel in advance of the live webinar and you are automatically eligible to win. We dare you to try and stump the executives! 


    I hope you've got questions, because we've got answers...from two of cybersecurity's hardest hitters. I look forward to seeing you there.

    Here is how it works: 
    1.   Reply to this post with your questions and your name will be submitted to the drawing. 
    2.   Attend the webinar to hear the answers to the questions. RSVP here.  

    ​​

    #CloudWAF(formerlyIncapsula)
    #DatabaseActivityMonitoring
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------


  • 2.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 23 days ago
    With the never seemingly ending leaky S3 buckets of data leaks, do we ever see an end to this and if Amazon themselves are doing enough to alert users & companies to this rather than relying on 3rd party tooling and audits to find them?

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------



  • 3.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 14 days ago
    Popular 3rd party tools are always having security issues and a large amount of hacker traffic looking for weaknesses on their network. Also with COVID, you can start expecting a shortage of EXPERIENCED software engineers to be able to deep dive trouble shoot.

    ------------------------------
    Owen Rubel
    WA
    ------------------------------



  • 4.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 21 days ago
    Hi

    My question is more related to this:


    Is there something to replace these products from Imperva? We have customer with FAM and FFW.


    Best regards


    ------------------------------
    Freddy Brito
    Daitek S.A.
    CABA AGU
    ------------------------------



  • 5.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 20 days ago
    Imperva WAF bridge/sniffing mode can intercept and get the required traffic like other Reverse or Routing mode?

    ------------------------------
    Tulga Bat
    Ulaanbaatar
    ------------------------------



  • 6.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 15 days ago
    What is Cloud Jacking and what are the best prevention techniques to deal with it?

    Thanks!

    Mark

    ------------------------------
    Mark Kreyenhagen
    Western and Southern Financial Group
    Cincinnati OH
    ------------------------------



  • 7.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 14 days ago
    PREAMBLE: To quote wikipedia : 'Synchronization is the coordination of events to operate a system in unison. For example, the conductor of an orchestra keeps the orchestra synchronized or in time. Systems that operate with all parts in synchrony are said to be synchronous or in sync-and those that are not are asynchronous.'

    An example of this action is a 'master' database synchronizes its state with 'slave' databases using replication through a 'heartbeat'; it duplicates changes over to the slave databases so they are constantly in sync with the master database.

    API's are a distributed architecture wherein the 'central version of truth' for all endpoints resides where the request/response meet ... at the API Application (on the API Server); The OpenApi spec lead earlier this year was caught trying to say OpenApi is the 'central version of truth' (see img) when OpenApi docs are generated FROM the API application (see OpenApi Generator)
    State documents like OpenAPI, RAML, API Blueprint are STATIC DUPLICATIONS OF STATE found in the API Application. As per this statement from the lead on the OPENAPI Spec:



    Thus it is POSSIBLE that they might 'sync' but not necessarily true... for multiple reasons:

    - these documents can be changed/edited by hand and often are and are encouraged to be; this can cause conflict
    - they are pushed from the gateway TOWARD the  Api Server thus forcing an edited version of state upon the CENTRAL VERSION OF TRUTH; this can cause conflict.
    - manual edits are rife for error; again, this can cause conflict.

    So my question is the following: How does one synchronize state in a distributed API architecture and maintain a secure environment (ie checking for request data per ROLE per endpoint and response data per ROLE per endpoint - see API3:2019 — Excessive data exposure)? Also, how would we sync on the fly without taking server/gateway/MQ offline?


    ------------------------------
    Owen Rubel
    WA
    ------------------------------



  • 8.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 14 days ago
    How to identify and monitor any data breach or API security attack on Apple products such as iPhone, MacBook, iPad and so on...?
    How many % attack do you expect to arise in 2021 on these devices?

    ------------------------------
    Malvika Shah
    NY
    ------------------------------



  • 9.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 14 days ago
    If we are using Flex Protect Data on premise and we have set up a lot of policies, rules reports. Can we still use the same policies, rules and reports if we move our Database to the cloud?

    ------------------------------
    Tchavdar Nikolov
    ACT Sofia
    Sofia
    ------------------------------



  • 10.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 2 days ago
    ​With the continuation of turning almost any device into an IOT device, in what ways should companies and security minded individuals work to ensure that their data is protected from the multitude of potential entry points for attack located in many of these items?



    ------------------------------
    Nicholas Boucher
    Boeing Company
    Albuquerque NM
    ------------------------------



  • 11.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted 2 days ago
    Why can't you find a non-cloud based geo-fencing solution for mobile devices (iPhone, iPad, etc.)?  Everything seems cloud based which don't work when the network connection is turned off (i.e. airplane mode).

    ------------------------------
    Jeff Bunce
    TSMC
    Campbell CA
    ------------------------------



  • 12.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted yesterday
    In this product line of DAM, there are on-premise, cloud-data-security, and virtual devices that can be opened on AWS.
    The recent issues even mentioned jSonar how to integrate these products, or distinguish the differences to help customers make the best plan.

    ------------------------------
    CJ Kuo
    Ciphertech
    Taipei
    ------------------------------



  • 13.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted yesterday
    How can I create a report having number of hits per day for all polices? How can I sort on x-axis graph?

    ------------------------------
    Rok Ponikvar
    ------------------------------



  • 14.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted yesterday
    We use a SOM to Manage our MX's.  I go from the SOM and drill down into the MX's. When I create reports it lists it as SOM user instead of my user name.   If I log into the MX directly it displays my name on a created report just fine.  Is there a way when I drill down from the SOM to an MX to have this display my user name instead of SOM user on reports?

    ------------------------------
    Matthew Hogan
    Verisk
    ------------------------------



  • 15.  RE: Ask Me Anything - 2020 Tournament of Champions

    CHAMPION
    Posted yesterday
    We currently use a SOM to apply the same policies and global objects to multiple MXs.  The roadmap for DAM is increasing the capacity of the MX and eliminating the SOM.  We may not be able to use the increased capacity as MXs may need to be regionally located.  Can policies and global objects be exported from one MX and imported into another?

    ------------------------------
    Robert Miller
    Bank of the West
    Omaha NE
    ------------------------------



  • 16.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted yesterday

    Why do are aws services setup as separate networks? why cant they be used as a service in YOUR OWN VPC?



    ------------------------------
    Owen Rubel
    WA
    ------------------------------



  • 17.  RE: Ask Me Anything - 2020 Tournament of Champions

    Posted yesterday
    what features and capabilities does cloud provide that bare metal would not? (per your statement on video) :)

    ------------------------------
    Owen Rubel
    WA
    ------------------------------