News and Events

By Shlomo Kramer
Security and compliance issues will continue to dominate IT initiatives as long as valuable data on customers, employees, patients and business financials is exchanged and stored.

PCI's False Dilemma: Code Review or Application Firewall?

For organizations attempting to secure their Web applications to meet compliance standards, PCI regulations present a choice of two options: Perform a code review or install a WAF. This, however, is a false choice. The best course of action is to do both.

Shlomo Kramer talks about what the French market can expect regarding PCI enforcement based on experience with Imperva customers in the United States.

Now that compliance and security seem inexorably linked, the benefits of one solution over another are no longer just how much it can save your customers’ time, and your customers’ money. Now it’s about saving your customers’ neck. Resellers need to demystify the convergence of security and compliance, and explore winning strategies that will enable them capitalise on a market worth hundreds of millions of pounds.

I feel very strongly that a new layer of visibility and security is needed in addition to the network and infrastructure layers commonly in place in today’s organizations.
– Shlomo Kramer, President and CEO, Imperva

As businesses undergo compliance audits, they are discovering a "dirty little secret" within their IT security infrastructure that prevents them from passing the audit. It can leave data unprotected and when a breach occurs, the secret prevents the business and the authorities from locating the suspect. Get in on the secret now – Read this article.

PCI, SOX, HIPAA, and other mandates are narrowing the gap between security and compliance. The PCI Data Security Standard 1.1 released in September 2006 requires businesses to implement specific tools to protect and control sensitive data. Compliance is becoming less a matter of passive auditing and reporting and more an exercise in data security.

Enterprise database infrastructures, which often contain the crown jewels of an organization, are subject to a wide range of attacks. This article discusses the most critical vulnerabilities and recommends approaches to mitigating the risk of each.

The increasing frequency of database attacks is driving federal and state legislation that requires virtually every organization to deploy more robust audit mechanisms to protect sensitive data. To meet this requirement, some organizations attempt to use the built-in auditing tools supplied with database software platforms. This practice of setting up a "self-auditing" database is based upon several false assumptions and violates the fundamental audit requirement for independence.

Key Operational Issues to Consider for Application Firewalls

"A key challenge in evaluating alternative solutions is estimating the cost and time to deploy and manage them… what key deployment and operational questions you should ask your vendor and your project team to help anticipate the issues that might emerge only in a broad deployment, but which affect the ultimate success of your application firewall project."