Oracle Troubled by Web Component Security July 16, 2008
Not only were previous versions of Oracle's signature database impacted by recently discovered vulnerabilities, but the latest version of their product, 11g, also contained flaws addressed in the newest patch updates released by Oracle. Imperva CTO Amichai Shulman told SecurityProNews his first look at Oracle's updates noted that disturbing revelation. Along its Internet-facing products, many web components required fixes for the usual threats like code injection or buffer overflows.
Back to Top
Oracle Patches 45 Vulnerabilities July 16, 2008
Oracle (NASDAQ: ORCL) is out with its latest critical patch update (CPU), this time providing fixes for 45 security vulnerabilities spanning the Oracle product portfolio..."The three most notable elements of this CPU are Oracle's decision to use CVE codes for vulnerability naming and that nine out 10 Database vulnerabilities apply not only to older versions of Oracle database server but also to the newest version Oracle 11G," Amichai Shulman, CTO of database security firm Imperva told InternetNews.com. "And finally two of the database vulnerabilities are in the Oracle authentication mechanism," he added.
Back to Top
Imperva Highlights EMEA Momentum July 7, 2008
Application data security solutions Imperva has revealed significant progress in the development of its EMEA operation and channels-to-market. Imperva has strengthened its sales and channel support teams in the UK, France, Germany, Italy and the Netherlands to complement its EMEA headquarters in Israel. Imperva now has more than 180 enterprise customers across the EMEA theatre.
Back to Top
Merchants Cope with PCI Compliance June 30, 2008
"After you've examined your systems, assessed them and bought the necessary technological solutions, make sure you have processes in place to deal with security gaps and breaches," Mark Kraynak, senior director of strategic marketing at Imperva, told InternetNews.com.
Back to Top
Imperva Announces Web Application Security Solution June 20, 2008
Imperva has announced the industry's first closed loop solution for managing the Web application security lifecycle on production systems. The Imperva SecureSphere Web Application Firewall (WAF), through bi-directional integration with vulnerability scanning tools from Cenzic, HP, IBM, and NT Objectives, addresses application security from quality assurance/testing into production.
Back to Top
DM Radio Interview: Mark Kraynak May 30, 2008
How can enterprises unify frameworks for security and determine proper roles and responsibilities?In this episode of DM Radio, several industry experts expound on the subject, including: Phillip Villella, Ph.D., Chief Scientist & Founder of LogRhythm; Mark Kraynak, Senior Director for Imperva; and Mike Jerbic, Principal Consultant for Trusted Systems Consulting.
Back to Top
Imperva Joins Global Security Alliance May 28, 2008
Imperva has announced that it has joined the Global Security Alliance, a platform formed by SAP for information and knowledge exchange that comprises leading providers of security and risk management offerings.
Back to Top
Interview: Shlomo Kramer May 28, 2008
The serial company founder and SC's CEO of the Year tells Paul Fisher why he knew all along that data-centric security was the future.
Back to Top
SAP Certifies Imperva for Web Security May 21, 2008
The SAP Integration and Certification Center has certified that SecureSphere meets certification criteria under the category of Network Security for enterprise service-oriented architecture solutions... Back to Top
RSA Conference White Paper Outlines Security Trends May 18, 2008
It was no surprise that some of the most interesting small companies at the show -- Imperva, LogLogic, Secerno, Intellitactics and Splunk -- are all, in one way or another, doing interesting things with data protection and log management... Back to Top
How To Protect A Company's Data May 14, 2008
A lesser-known but equally data-centric segment of the security industry involves monitoring the activity that happens around databases and major applications. That kind of monitoring, contends Imperva spokesman Mark Kraynak, could have prevented Société Générale's Jerome Kerviel from hiding his secret trades, or Enron's accountants from sneaking adjustments into their financial numbers in the company's database. Back to Top
Two Sides of the Same Coin: The Convergence of Security and Compliance May 5, 2008
By Shlomo Kramer
Security and compliance issues will continue to dominate IT initiatives as long as valuable data on customers, employees, patients and business financials is exchanged and stored.Back to Top
Israel well placed to mount defence strategy May 2, 2008
Kramer left Check Point to found application and database security supplier, Imperva, and has contributed to the funding of startups such as Trusteer, which creates solutions to protect online consumers against cyber threats. “There are a lot of experienced people in this market who know how to make a successful business,” Kramer said. Back to Top
The Art of Data Management Compliance, Part 1: Keeping Pace April 26, 2008
"Broadly, the regulating organizations are getting more and more serious and previously unregulated geographies are becoming regulated," Mark Kraynak, senior director of strategic marketing for Imperva Back to Top
Defend Critical Applications Against Attack April 23, 2008
The Imperva SecureSphere Web Application Firewall has successfully satisfied all certification criteria to achieve the ICSA Labs' Web Application Firewall (WAF) Certification. "The Imperva SecureSphere appliance has the ability to handle many complex attack scenarios," said George Japak, managing director, ICSA Labs. Back to Top
PCI's False Dilemma: Code Review or Application Firewall? April 23, 2008
For organizations attempting to secure their Web applications to meet compliance standards, PCI regulations present a choice of two options: Perform a code review or install a WAF. This, however, is a false choice. The best course of action is to do both.
Shlomo Kramer: PCI Lessons from America (French) April 8, 2008
Shlomo Kramer talks about what the French market can expect regarding PCI enforcement based on experience with Imperva customers in the United States. Back to Top
Imperva Prevents Fraud by Monitoring Database Changes March 12, 2008
"Several regulations, such as Sarbanes-Oxley, mandate change controls for financial information; unauthorized changes can lead to forensic investigations to uncover what data changed and restore the original values. SecureSphere’s Track Value Changes feature monitors and audits the values of a specific record or a subset of table rows noting values before and after changes are made." Back to Top
Software Finds Any Manipulation in Databases (German) March 11, 2008
The security problems of the French bank Société Général have produced some headlines recently. The SecureSphere security solution of Imperva is designed to detect malicious activities of company insiders. This may have helped to avoid the illegal manipulations. Back to Top
Tracking Row-Level Changes in the Database March 10, 2008
"Imperva has added new technology into its SecureSphere product to track value changes in the database that violate compliance policies." Back to Top
Core of the Matter March 7, 2008
No longer can security managers focus only on perimeter and host security. The application has become the prime target for hackers. We review six leading Web application firewalls that help deliver your critical apps securely. Imperva is the closest thing to a silver bullet for application security, based on its combination of adaptive learning and other techniques. Back to Top
Database Security March 7, 2008
Imperva's SecureSphere Database Security Gateway offers a unique combination of automated monitoring and proactive auditing for protecting your databases. SecureSphere is an impressive enterprise-ready product for large organizations. Back to Top
New VMware VMsafe(TM) Technology Allows the Virtual Datacenter to be More Secure Than Physical Environments February 27, 2008
"Application data security and compliance is a key area of concern for Imperva customers,” said Rohit Gupta, vice president of business development for Imperva. “Partnering with VMware will allow Imperva to continue to deliver flexible solutions that provide full visibility and granular control of application and data usage in virtualized environments.” Back to Top
Chicken, Egg or Omelette? February 25, 2008
Now that compliance and security seem inexorably linked, the benefits of one solution over another are no longer just how much it can save your customers’ time, and your customers’ money. Now it’s about saving your customers’ neck. Resellers need to demystify the convergence of security and compliance, and explore winning strategies that will enable them capitalise on a market worth hundreds of millions of pounds. Back to Top
Google-hacking made easy February 25, 2008
“Tools like this scanner are a wake-up call for application owners,” Shulman said. “And that is a good thing. The issue of data leakage into search engines is a big issue.” The Cult of the Dead Cow has said much of its research in this area has been against government servers where it has been able to turn up sensitive information that has been unwittingly exposed. "With a lot of script kiddies having this tool, I think the government can expect a rough period of headlines,” Shulman said. Back to Top
Hacker Group Releases New Google Vulnerability Scanner February 22, 2008
"I think (Goolag scanner) should be a wakeup call for application owners and what they are doing with respect to search engines and their application security," said Shulman. "It just emphasizes an existing trend that application owners should pay attention to." Back to Top
Data security, compliance needs "holistic approach" February 21, 2008
I feel very strongly that a new layer of visibility and security is needed in addition to the network and infrastructure layers commonly in place in today’s organizations.
– Shlomo Kramer, President and CEO, Imperva Back to Top
Israel is Seen as a Main Research Base in High-Tech Industry and in Particular Security (French) February 12, 2008
Israel is a melting pot for highly skilled engineers, which makes the solutions they generate among the most relevant in the world. The small size of the Israeli market means that indigenous companies have to commit outreach to international markets. In that way, companies share their knowledge to increase quickly their turnover like the ‘serial businessman’ Shlomo Kramer who has founded Checkpoint and then Imperva, the leader in ‘database protection’.
Download Article (French) Back to Top
Protection Through Data Governance February 1, 2008
As the name implies, data governance can be a difficult proposition for companies that do not have the resources to monitor and control the flow of data. It's a bit like trying to govern a small country: It's obviously important to protect your borders, police your citizens, and establish clear laws over how the country operates, but enforcing and monitoring those laws can be difficult. Back to Top
Imperva achieves RSA Secured Partner Program certification January 25, 2008
Imperva Inc., a provider of application data security and compliance, announced that it has achieved certified interoperability with RSA Access Manager software from RSA Security Inc., the security division of EMC Corp. This partnership is designed to enable joint customers to deploy a layered web security infrastructure that provides interoperable application protection with user access control. Back to Top
Oracle patches serious holes with latest CPU January 17, 2008
The focus of this particular CPU should be on client side vulnerabilities, Shulman said. Five of the application server vulnerabilities may be remotely exploitable without authentication. Back to Top
10 Database Security Tips For Smaller Businesses January 14, 2008
Don't let databases fool you. Sure, their names may sound stately (Oracle, Ingres) or innocent (MySQL, SQL Server, Sleepycat). Yet no database, just out of the box, is secure. In addition, because databases concentrate so much potentially lucrative information in one place, they're prime targets. While storing sensitive or regulated information puts any company at risk, smaller businesses may have more to lose. Back to Top
Is your Database Secure? (French) January 10, 2008
With the Internet becoming increasingly critical for businesses, databases are more and more exposed. This has placed the spotlight firmly on the need to be prevent external and internal attacks but at the same time ensuring an audit trail can be established. Back to Top
Web 2.0: Opportunities & Risks (French) January 8, 2008
According to a Forrester survey, Web 2.0 is increasing risks for enterprises. Banks are, in particular, seen to be under-prepared for Web 2.0 technology, and Forrester suggests that changes need to be made to their security policies. Comment from Shlomo Kramer highlights the need for data protection.
Download Article (French) Back to Top
Tech Insight: Database Activity Monitoring January 4, 2008
If you weren't concerned about unauthorized database access before, maybe now you should give a DAM.
Back to Top
Imperva Partners with RSA (French) January 1, 2008
Imperva joined RSA Secured program. SecureSphere and RSA Acess Manager will be interoperable allowing IT security team to access user login credentials from RSA Access Manager. Back to Top
- MarketLive deploys Imperva to achieve high level of PCI DSS certification
Imperva Inc., a provider of application data security and compliance, announced recently that MarketLive Inc., a provider of global e-commerce solution for retailers, has achieved the highest-level Payment Card Industry (PCI) Data Security Standard (DSS) compliance using the SecureSphere Web Application Firewall (WAF), Imperva said.
Computer Technology Review, December 28, 2007 - Independent Research Firm Names Imperva a Leader in Enterprise Database Auditing and Real-Time Protection Market
Report Finds SecureSphere is Best Suited to Large Scale Deployments and Real-Time Protection
October 29, 2007 - Imperva SecureSphere Wins Editor’s Choice Award from InformationWeek Magazine for Database Extrusion Prevention Systems
SecureSphere Outperforms Guardium, Crossroads, RippleTech, and Pyn Logic in Comprehensive, Six Month Evaluation
September 25, 2007 - Imperva Named Top 100 Company by Red Herring
Data Security Vendor Recognized for Leading the Next Wave of Innovation
May 2, 2007 - Oracle releases 36 patches
The update included 13 patches for the popular Oracle Database, with the most severe vulnerability rating a seven out of 10. Three of the database flaws &ndash the most serious ones &ndash may be remotely exploitable without user authentication. Amichai Shulman, Imperva's CTO, was interviewed on Oracle's release of 36 patches. He commends Oracle for its efforts to address security issues in the database code and suggests that enterprises perform a database security assessment before applying the patches and deploy an additional layer of security in front of the database servers for increased protection.
SCMagazine.com. April 17, 2007 - Understand and Defend Against Web 2.0 Security Threats
"Web 2.0 technologies such as AJAX, RSS, and client-side JavaScript libraries allow enterprises to build more responsive, immersive and collaborative applications. Although many of the technologies are not new, the threat model for Web 2.0 is not yet fully understood by developers," said Andrew Jaquith, Senior Analyst at Yankee Group. "Imperva is taking a leadership role by educating organizations about the risks associated with Web 2.0 applications, and by offering mitigation techniques."
SecurityPark.net. March 9, 2007 - Q&A: What to Do About Web 2(.0)
In an exclusive interview, Imperva co-founder talks Web 2.0 security risks, protection strategies, and how end-user education is a waste of time
darkReading.com, March 6, 2007 - Database security undermined by protocol loopholes, lax defenses
"A security expert is warning database administrators about a continued loophole in database communication protocols that would allow an attacker to bypass access controls and gain access to critical files..."
SearchSecurity.com. March 6, 2007 - Q&A: What to Do About Web 2(.0)
Everyone's talking about Web 2.0 security. But what can you really do about it? In an exclusive interview, Amichai Shulman, co-founder and CTO of Imperva and one of the Web's most widely-recognized security researchers, spoke with Dark Reading senior editor Kelly Jackson Higgins about the emerging risks in Web 2.0, and how organizations can protect themselves.
DarkReading.com. March 6, 2007 - The NWC Interview: Imperva's Shlomo Kramer
Network Computing Interview with Shlomo Kramer on database and Web application security. For more in-depth information, listen to the Podcast of the interview here.
NetworkComputing.com. March 5, 2007 - Imperva releases freeware database vulnerability scanner
Security in Production databases often gets overlooked because the security staff is so caught up in making sure the operating system is patched that database security falls to the wasteland. Secure databases are just as important as secure operating systems. Databases contain very sensitive information such as social security numbers, credit cards, and financials. If this data is compromised, it could spell disaster for your corporate image.
DatabaseJournal.com. February 28, 2007 - A Free Database Scanner
If you're worried about the security of your database - but can't afford a full-blown vulnerability assessment right now - you're in luck. Imperva is now offering a free database vulnerability scanner...One of the first beta testers of the scanner is Accor, which owns Club Med, Motel 6, Red Roof Inn, and Sofitel. The company is evaluating the product as a potential tool for determining its Oracle and SQL databases' compliance with the retail industry's PCI standards. ...Jaimin Shah, a security engineer with Accor says, "The tool did provide us a visibility into the environment we did not have before. Other database vulnerability assessment tools Accor has used did more 'surface' scanning, but Scuba went a lot deeper than that. This went into detail...If there were vulnerabilities, it provided details on it - why it failed an assessment report, where, and what you need to do to eliminate the problem."
DarkReading.com. January 29, 2007 - An Exclusive Interview: Shlomo Kramer aims to become a global leader in security
An exclusive interview with a pioneer of the Israeli high tech industry: From Check Point to Imperva, serial entrepreneur Shlomo Kramer aims to become a global leader in security.
israelValley.comk. January 24, 2007 - Security experts criticise government database plans
"Last year more than 100 million user records were compromised in the US alone," Shlomo Kramer told ZDNet UK. "The issue is that when data is available online it can be compromised - especially [in conjunction with] web services." Even if the information is only available within governmental organisations, Imperva is seeing that within its user base there are many internal security issues - including abuse of credit card data, or abuse of privileges. "Data is at risk if it is made available to a large community of users," said Kramer.
ZDNet.co.uk. January 19, 2007 - Oracle blocks 51 security holes
Amichai Shulman reckons that some of the vulnerabilities are more severe than Oracle suggests. In particular, he highlighted flaws in Oracle's HTTP server that might be exploited remotely without authentication. "The SSL implementation flaw is the worst of the lot," he added. A number of the flaws might lend themselves to SQL injections attacks. Exploits would not be difficult for a skilled hacker to craft, Shulman added. Meanwhile, applying the patches would normally involve downtime so it might be some time before enterprises are ready to roll-out fixes.
TheRegister.com. January 17, 2007 - Oracle Patches 51 Flaws
The January Critical Patch Update, as Oracle dubs its quarterly security fixes, was half as large as the previous one. That CPU, issued in October 2006, featured 101 patches. "This wasn't the largest," says Amichai Shulman, chief technology officer of Imperva, an Israeli data center security vendor. "And we've seen a lot of these same vulnerabilities, or similar vulnerabilities in previous CPUs." It's not unusual, says Shulman, for already fixed Oracle vulnerabilities to reappear or to require repatching.
CRN.com. January 17, 2007 - The state of security
Businesses are looking at new ways to exploit the Internet. But these new practices introduce new security threats...The diffusion of information through Web 2.0 technologies combined with these subtler forms of attack will make detection much harder for the security professionals...The dispersal of data is not, however, the only problem IT leaders face. According to Shlomo Kramer, CEO of data centre security provider Imperva, Web 2.0 is based on low-cost, lightweight consumer applications that are predominantly web-based and highly vulnerable - and that presents a significant threat to the business.
Information-age.com. January 16, 2007 - Mepsted to head up Imperva's EMEA push
"Imperva's products fill a niche in the market for protecting applications and it has a very informative partner extranet as well...Jonathan is very driven and channel-friendly and we have a lot of confidence that he will maintain Imperva's direct touch approach which is a popular strategy with partners."
Computing. January 5, 2007 - Q&A with Amichai Shulman on the Critical Vulnerability in AJAX Technology
"To discuss this vulnerability and its implications we talked with Amichai Shulman, the co-founder and CTO of Imperva, where he heads the ADC. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft."
Net-Security.org. January 5, 2007 - Imperva Discovers Critical Vulnerability In AJAX Technology
"The ADC announced the discovery of a critical vulnerability in DWR (Direct Web Reporting) - a well known open source AJAX library that is incorporated into existing public Web sites. This client-side vulnerability can be exploited to launch Denial of Service (DoS) attacks and break into back-end servers and databases."
AjaxWorld. January 3, 2007 - Imperva identifies AJAX flaw
"...the AJAX Web application development framework is 'emerging as the lingua franca for building new generation Web 2.0 applications' such as Google Maps. We will see more and more of these vulnerabilities in the server-side framework."
NetworkWorld. January 3, 2007 - Imperva Discovers Critical Vulnerability In AJAX Technology
"Since AJAX executes a much larger proportion of application logic in the web browser than traditional web applications, it exposes a broader attack surface to client-side exploits used by attackers to target sensitive back-end servers directly."
Linux.SYS-CON.com. January 3, 2007
- UCLA Didn't Study for Security Test
"...if the network is no longer a walled fortress, then security managers need to employ the tactics of a beat cop. So says Alan Norquist, vice president of marketing at security company Imperva. Database usage needs to be monitored, and IT managers need to develop profiles that will look for out-of-the-ordinary database queries, he adds."
eWeek. December 15, 2006 - Imperva Expands in Europe
"Jonathan Mepsted has previously built and managed successful EMEA franchises for Fortinet and NetScreen, two of the world's leading network security companies," said Jim Drill, Vice President of Worldwide Sales.
Dark Reading. December 14, 2006 - Imperva Names EMEA Managing Director
WHIR. December 14, 2006 - Imperva Sets up Shop in EMEA
"Imperva Inc, the database and application security provider headed up by CEO Shlomo Kramer, one of the founders of firewall giant Check Point Software Technologies, is to expand its operations into Europe. The vendor has adapted dynamic profiling technology, previously designed just for HTTP, to also inspect database query traffic. The system looks at database information and queries to monitor what was accessed, who was the user, or what was the IP address. The benefits of this kind of behavioral detection system is said to be that it does not require security administrators to create new rules every time the database itself changes."
ComputerWire. December 13, 2006 - Caribou Coffee Selects Imperva SecureSphere for SOX Compliance
"Without the ability to audit all users who access and modify our financial database, we could not prove that we were in compliance with Sarbanes-Oxley. SecureSphere allows us to track all database users, including database administrators and developers, and trace their actions without impacting the performance or stability of our Microsoft SQL Server database," said Scott Ficek, senior director of information systems for Caribou Coffee.
Sarbanes-Oxley Compliance Journal. December 1, 2006 - Euronext Secures Trading Platform with Imperva SecureSphere
"SecureSphere is able to transparently protect our derivatives trading platform from internet attacks with out degrading application response times. Moreover, Imperva impressed us with superior technical support throughout the evaluation and deployment process." - Mamal Torfeh, Head of Global Managed Services, Atos Euronext Market Solutions (AEMS)
Dark Reading. November 28, 2006 - Study: SQL Server Is Safest DB
"...hacking a database is like striking gold, whether it's via a Web app or database bug - or both. There have been a number of security issues with Web applications recently...and at least one-third of the 97 million data records that were compromised since 2005 came from a database..."
Dark Reading. November 16, 2006 - Staffmark Selects Imperva to Protect PeopleSoft
"Maintaining the security and privacy of confidential employee information is our first priority. SecureSphere enables us to do this, while allowing us to safely use the Internet to make it easy for prospective job applicants to apply and work with Staffmark," said David Bartholomew, Chief Executive Officer of Staffmark. "After evaluating the leading web application firewalls, Imperva delivered the highest security and lowest cost of deployment and maintenance. SecureSphere was the only product capable of learning our PeopleSoft applications and dynamically creating the appropriate security policies. This is a huge time and cost saver for us."
Sarbanes-Oxley Compliance Journal. October 2006 - You Can't Make Everyone Happy- but Can You Come Close?
"The complexities of meeting audit industry best practices and delivering the information that auditors require put a significant strain on IT departments that are already strapped for manpower and resources. SecureSphere Database Monitoring Gateway...gives auditors what they want: details about all logged activities, who is accountable for every transaction, and what transactions are material exceptions. The product also gives IT staff members what they want: automated Universal User Tracking that identifies specific users and their activities without requiring a rewrite of the database or application. In addition, because the appliance doesn't sit on top of the database, users get what they want: unimpaired performance."
SQL Server Magazine. October 2006 - Staffmark Selects Imperva to Protect PeopleSoft
"Maintaining the security and privacy of confidential employee information is our first priority. SecureSphere enables us to do this, while allowing us to safely use the Internet to make it easy for prospective job applicants to apply and work with Staffmark," said David Bartholomew, Chief Executive Officer of Staffmark. "After evaluating the leading web application firewalls, Imperva delivered the highest security and lowest cost of deployment and maintenance. SecureSphere was the only product capable of learning our PeopleSoft applications and dynamically creating the appropriate security policies. This is a huge time and cost saver for us."
Sarbanes-Oxley Compliance Journal. October 24, 2006 - Oracle fixes 101 flaws
"The most severe issues are SQL injection and buffer overflow vulnerabilities," said Amichai Shulman, CTO of Foster City, Calif.-based Imperva Inc., a data security firm. Attackers can exploit SQL injection flaws to access the core of the database with full administrative privileges, he said, adding, "The troubling thing about this quarter is that several flaws that were patched before seem to have reappeared."
SearchSecurity.com. October 17, 2006 - Oracle releases 101 fixes
But Amichai Shulman, CTO of data security firm Imperva, objects to the low ratings, telling SCMagazine.com today that Oracle is attempting to downplay the severity of the flaws. He said even though the holes are not exploitable without valid credentials, they still pose a high-risk for most organizations. "A lot of people have access to a database within an organization," he said. "Saying access credentials are an impeding factor is not that true. You have many low-privileged users in an organization."
SC Magazine. October 17, 2006 - Oracle releases 101 patches in quarterly update
"One issue of concern for enterprises is that some of the flaws addressed by today's updates appear to be identical to flaws that were supposed to have been patched previously," said Amichai Shulman, chief technology officer at database security firm Imperva Inc. of Foster City, Calif. "There is something alarming about this trend of the same vulnerability repeating itself in the same database package and the same object," he said.
Computerworld. October 17, 2006 - Oracle Issues Monster Security Patch
"Redwood Shores, Calif.-based Oracle patched 22 vulnerabilities in Oracle Database, most of which address SQL injection or buffer overflow issues," said Amichai Shulman, CTO at Imperva, a Foster City, Calif.-based security vendor.
CRN. October 17, 2006 - Application Security: Countering The Professionals
"It is becoming increasingly important to stop the professionals who want to steal valuable information. The new attackers search for vulnerabilities in the application and exploit these weaknesses. Attackers are bypassing the traditional network-layer firewall and IDS defenses; their exploits appear as legitimate traffic to the network layer defense, but hiding in the application layer are deadly attacks."
Business Communications Review. September 2006 - DB2 Vulnerable to Trend of Communication Protocol Flaws
E-mail and Web servers aren't the only ones that get slammed by denial of service and other types of attacks. Database servers, including DB2, are also vulnerable to malicious activity, and communication protocol vulnerabilities are a growing trend.
System iNetwork. October 3, 2006 - Analysts: Changes to PCI rules help the measure
"Also significant are new rules that require companies to put controls in place for better securing their application software against online threats," Shulman said. "Companies are required to install the latest software patches, help identify new vulnerabilities, do application code reviews and help protect against specific Web security threats. Such measures are crucial to ensuring the integrity of the application environment," he said.
InfoWorld. September 13, 2006 - Changes to PCI rules a step in the right direction, analysts say
"I think most of the problems implementing the previous version of the standard was around this issue of database-field-level encryption," said Amichai Shulman, chief technology officer at Imperva Inc., a Foster City, Calif.-based security vendor. "I think this makes it more practical to implement the requirements of this standard."
ComputerWorld. September 12, 2006 - Strategic Security: Identity Theft Protection
"Imperva...will notify you of large or aberrant extractions. We classify this product category as "database extrusion prevention". These products can be configured to track data by user and profile each user's "normal" activity to give you a blueprint of what they're supposed to be doing - and raise a flag when abnormal activity is spotted."
Network Computing. August 31, 2006 - New pump and dump scheme
"If these stock trading sites had been monitoring account activity they could have seen the unusual behavior when someone liquidates their holdings and they should be especially vigilant for multiple accounts doing similar trades. Solutions from ... Imperva ... could have alerted them before the damage was done."
ZDNet. August 31, 2006 - Building Up Database Defenses
"Harvey Ewing, senior director of IT security at Carrollton, Texas-based Accor North America, ... uses SecureSphere application layer firewalls from Imperva to protect his Web and database servers."
ComputerWorld. August 28, 2006 - Hackers steal personal info of 19,000 AT&T customers
"We recognize that there is an active market for illegally obtained personal information," said Priscilla Hill-Ardoin, AT&T chief privacy officer. Shlomo Kramer, CEO Imperva, pointed out that the attack against AT&T exemplifies how hackers are turning their attention away from the infrastructure in favor of targeted data.
SC Magazine. August 30, 2006 - AT&T to Offer Credit Checks After Data Hack
"Shlomo Kramer, CEO of security appliance maker Imperva said the breach is indicative of how traditional security measures, such as firewalls and intrusion prevention systems (IPS), can't totally shore up a network's defenses, especially if the attack comes from within."
internetnews.com. August 30, 2006 - Oracle fixes 65 flaws
"These are vulnerabilities in the underlying network protocol between Oracle clients and Oracle servers," said Amichai Shulman. "These are the most dangerous type of vulnerability because they do not require database credentials at all and they leave no trace in the database audit trail and there is absolutely no workaround for them."
SC Magazine. July 19, 2006 - Oracle has65 fixes in latest security update
"Many of the vulnerabilities relate to a proprietary networking protocol used by Oracle's database, called Oracle Net. This protocol has come under increased scrutiny over the past year," according to Amichai Sulman, CTO with Imperva. "...because you don't need any database credentials in order to exploit them."
NetworkWorld. July 18, 2006 - Security Briefs: JavaScript Worm, IBM DB2 Vulnerability, NIST Performance Metrics
Imperva, a data security vendor, announced it discovered a critical buffer-overrun vulnerability in IBM DB2 version 8 databases. In a statement, Imperva says this flaw "enables any attacker with network access to the database server to take down or even run arbitrary code on the server's machine."
Enterprise System Journal. June 20, 2006 - eWEEK honors Imperva SecureSphere with Excellence Award
"Imperva's SecureSphere 4.2 stood out from the pack in the Network Data-Stream Protection category because its in-line protection for both Web applications and communications with back-end databases is simply unmatched. While Imperva's Web application firewalls are exceptional-providing intelligent learning capabilities and granular application controls-Imperva truly differentiates itself from competitors with its insight into communications with the database."
eWeek. June 19, 2006 - Imperva Introduces New DB Monitoring Gateway
"Data center security vendor Imperva of Foster City, Calif., has released its new SecureSphere Database Monitoring Gateway, which logs query-level details of database activity, audits usage for exception-based behavior and associates every event with the responsible Web application user."
eWeek. June 16, 2006 - DB2 Crack Lets in Attackers Without Database Credentials
Imperva's Application Defense Center … discovered the vulnerability which allows any attacker with network access to the database server to bring it down or to run arbitrary code-in DB2 Version 8. "IBM realizes that it is unrealistic to claim that any database is 'unbreakable' and that code-by its very nature-may contain some flaws" - IBM engineers via spokesperson
eWEEK. June 12, 2006 - Imperva Announces Database Monitoring Gateway
"Auditors want to know who is accountable - who is the initiator of the transaction? What are the material exceptions - which database transactions really matter? And, are the controls in place being circumvented? These are big issues for database administrators?"
Database Trends and Applications. June 5, 2006 - Amichai Shulman Named to InfoWorld CTO 25 List
"Shulman notes that 'critical vulnerabilities' exist in all - not some - commercial database servers. Vendors and customers alike should be grateful for his efforts."
InfoWorld. June 5, 2006 - Database Monitoring Gateway Tracks Back to Web Users
"Who is accountable is a big issue that has become even more important with the need to satisfy SOX. Auditors want to know who was responsible for a fraudulent transaction, not which application was used."
Database Journal. June 5, 2006 - Imperva monitors the database
"Imperva has announced a database gateway that pretty much logs transaction level detail and can take it to that next step by determining which user in which application committed the transaction. Any of you that have spent time trying to secure an application like SAP or Oracle Financials knows that the application basically opens up only a few anonymous sessions with the database, so you have no idea which user did what within the database. So this is cool." - Mike Rothman
Security Incite . June 5, 2006 - Imperva appliance tracks who accesses database
"SecureSphere Database Monitoring Gateway... is a step up from monitoring devices that track which applications pull data from databases rather than the individuals who put in the requests, according to Andrew Jaquith, an analyst with the Yankee Group."
NetworkWorld. June 5, 2006 - Web App Security: The Firewall Factor
Report evaluates the application security market and profiles Imperva SecureSphere in this Dark Reading Security Insider report. According to the report, "Imperva comes from Check Point cofounder Shlomo Kramer and offers an impressive set of features." (subscription required for full report)
Dark Reading. May 1, 2006 - Web App Vulnerabilities Are Getting More Attention; Now's The Time For IT To Get Defensive
Scottrade placed its Web-based trading systems behind an Imperva SecureSphere Web Application Firewall, which is designed to reinforce the company's application security policies that specify the amount and type of data that can be input into any field. "To be a solid security organization, you have to look at all layers of protection," says Grant Bourzikas, senior manager of information security and business continuity at Scottrade. "Now there's increased interest in the payoff from stealing data that Web applications store, such as information that lets users log in to Web sites, pay bills, check accounts, and conduct other business. If the hacker can construct application code that can query this information, it's better than trying to hack it out of a back-end server that's been patched," said Bourzikas.
InformationWeek. April 17, 2006 - Web App Hack Incidents Are Up As Businesses Take Cover
"No one needs to tell online brokerage firm Scottrade about the value of Web security. The company in November had to notify a number of its clients that their personal information may have been exposed thanks to a data breach found in a partner company's data processing system. ...Scottrade's investigation into the breach is ongoing, but it recently bolstered the security of its Web-based trading systems by placing them behind an Imperva Inc. SecureSphere Web Application Firewall.
InformationWeek. April 12, 2006 - Scottrade secures trading network with Imperva firewall
"Our online trading system is our core business offering and our most important service delivery channel for our customers, and we believe Imperva was able fill in the gaps that were lacking in traditional enterprise information security solutions," said Grant Bourzikas, senior manager of Information Security at Scottrade.
Computer Business Review. April 11, 2006 - Scottrade Selects Imperva to Protect Internet Trading Systems
"SecureSphere enables us to protect these core business systems from attack, fraud and data theft by blocking attacks that are not detected by traditional perimeter security products." said Grant Bourzikas, Senior Manager of Information Security at Scottrade.
Sarbanes-Oxley Compliance Journal. April 11, 2006 - Imperva Web-App Firewall Adapts to Users' Networks
The problem with first-generation Web application firewalls is that they require users to make a variety of changes to existing networks.
eWeek. March 30, 2006 - Imperva adds deployment modes for its Web apps firewall
"It will notice if a SQL-injection attack occurs - it's not a quick attack; it takes several steps - and it stops it." - Harvey Ewing, Senior Director of IT Security, Accor North America
NetworkWorld. March 28, 2006 - SecureSphere Compliance Bundles Monitor and Secure Database
"Products that help network managers and database administrators demonstrate adherence to the most important requirements helps reduce the cost of compliance initiatives." said Andrew Jaquith, Senior Analyst for Yankee Group.
Sarbanes-Oxley Compliance Journal. March 28, 2006 - Network World 20 people who changed the industry
Shlomo Kramer - Named to Top 20 People Who Changed the Network Industry - Wherever there's an enterprise network, firewalls stand guard at its entry points. Some may argue that a garden-variety firewall no longer provides enough enterprise protection, but no one can deny how significant the technology has been for corporate security during the last decade. Kramer and his compadres at Check Point, including CEO Gil Schwed, get credit for inventing the firewall.
NetworkWorld. March 27, 2006 - Imperva's First Network Adaptive Web Application Firewall
Networking News. March 27, 2006 - Imperva Tops Innovation Station Showdown
"The purpose of the Innovation Station program is to recognize the emerging companies which, based on their technology, vision and market impact, are poised to make a mark in the information security industry," said Sandra Toms LaPedis, general manager and area vice president of RSA Conference.
SearchSecurity.com. February 15, 2006 - People On The Move
Leventhal joins Imperva from VA Software, where he was responsible for strategic alliances and channel development. Before that, he held positions at Sana Security, Red Hat, VeriSign, RSA Security and EMC.
Mercury News. February 15, 2006 - Imperva Keeps Database Activity in Check
The hardest part of database security is controlling an authorized user's activity once he's gained access to the database. This type of access control is quickly becoming a bigger issue for compliance officers... And while the database vendors are merely auditing this activity, they are doing nothing to control it. ...SecureSphere nicely fills in this security gap left by the vendors.
InfoWorld. February 13, 2006 - Hotel Chain Turns to Imperva to Guard Against SSL Attacks (288KB PDF)
Accor, owner/operators of Motel 6, Red Roof Inns, Novotel and Sofitel, uses Imperva's SecureSphere database security gateway and Web application firewall to protect its Internet front end -- as well as its back-end databases.
Computerworld. February 9, 2006 - Ten Ways to Counterattack
Enterprise database infrastructures, which often contain the crown jewels of an organization, are subject to a wide range of attacks. This article discusses the most critical vulnerabilities and recommends approaches to mitigating the risk of each.
SC Magazine. February 8, 2006 - Imperva Introduces Compliance Modules for PCI, HIPAA and SOX
SecureSphere audit reports go beyond simple logging of events to answer difficult questions that allow security administrators and auditors to know whether a given transaction is an attack or an acceptable change in the application. "It's one thing to know every transaction in the database," Norquist said. "It's another thing to know which transactions are important to follow. With volumes of data the key thing with audits is knowing what matters."
Database Trends and Applications. February 7, 2006 - Imperva Security Boxes Aid Compliance Efforts
Imperva SecureSphere Gateway appliances help meet regulatory requirements, including PCI, HIPAA, and SOX. The boxes address these requirements by integrating reporting intelligence with a database security gateway, Web application firewall, network firewall and IPS (intrusion prevention system), thereby complying with the legislation by providing controls and reporting capabilities that span the complexity of the data center.
eWeek. February 2, 2006 - Oracle Advises Users: Patch Critical Hole--Now
The patch, known as DB18, fixes a hole that affects most supported versions of the Oracle database software, including Oracle versions 8, 9 and 10. The hole is "very severe" and allows users to bypass the Oracle database's authentication and become administrative "super users," according to Shlomo Kramer, CEO of Imperva, which discovered the hole.
eWeek. January 26, 2006 - Gartner: Oracle no longer a bastion of security
"Gartner has warned administrators to be 'more aggressive' when protecting their Oracle applications because, according to Gartner, they are not getting enough help from the database giant. Gartner analyst Rich Mogull said administrators should: (1) Immediately shield these systems as well as possible, using firewalls, intrusion prevention systems and other technologies. (2) Use alternative security tools, such as activity-monitoring technologies, to detect unusual activity."
CNet News.com.com. January 24, 2006 - Analyst: Oracle not on the ball
"…Oracle can no longer be considered a bastion of security," analyst Rich Mogull said Monday on the Gartner website. "Database and application managers must begin protecting and maintaining Oracle systems more aggressively." "Critical Oracle vulnerabilities are being discovered and disclosed at an increasing rate," Mogull said.
SC Magazine. January 24, 2006 - Critical patch released by Oracle
Imperva suggested users implement a database security gateway, which detects possible attacks by analyzing messages going from clients to server. "Such products have the capability to provide protection against platform-level vulnerabilities in the timeframes of hours or days after a new vulnerability is discovered," Imperva said.
SC Magazine. January 18, 2006 - Oracle releases patches for more than 100 flaws
"I think the fact that vulnerabilities as severe as [the one reported by Imperva] remain unaddressed for so long is scary," Kramer said. "It basically leaves customers vulnerable and unprotected for too long."
ComputerWorld. January 17, 2006 - Interview with Shlomo Kramer (2.5MB MP3)
BBC World Business Report. January 6, 2006
- No One-Stop Shopping to Stop Database Pilferages
What should customers be asking? Andrew Jaquith, an analyst with Yankee Group advises "asking if the product can protect an entire application. That includes all the layers of, for example, commerce applications with database back ends and Web front ends, along with Web interfaces to partners."
eWeek. December 21, 2005 - Survivor's Guide to 2006: Security
Web application firewalls are poised to police Web traffic. The first interactions of Web application firewalls were little more than HTTP application proxies with HTML parsing engines. Although they could block many attacks, it was difficult to learn how to use them and how to tune them, and they impeded traffic. Those first-generation Web application firewalls also couldn't handle Web services. However, Web application firewalls from .. Imperva . have largely overcome the performance problems and can provide a reasonable solution to protecting from application-level attacks.
Network Computing. December 16, 2005 - Risky Business - The Self Auditing Database
The increasing frequency of database attacks is driving federal and state legislation that requires virtually every organization to deploy more robust audit mechanisms to protect sensitive data. To meet this requirement, some organizations attempt to use the built-in auditing tools supplied with database software platforms. This practice of setting up a "self-auditing" database is based upon several false assumptions and violates the fundamental audit requirement for independence.
iTObserver. December 14, 2005 - Web application firewalls take on more heat
"The products are defending against people that are trying to use malicious attacks to cause Web sites to disgorge sensitive information or for break-ins," says Andrew Jaquith, a Yankee Group analyst.
Network World. December 5, 2005 - Flaw Found in SQL Server 2000 Profiler
A recently discovered vulnerability in Microsoft Corp.'s SQL Server 2000 database allows users to mask their log-in names. The vulnerability was discovered by Imperva, a researcher and vendor of data-center security products.
eWeek. December 5, 2005 - Security firms warn of new Microsoft threats
Users who take advantage of the flaw could gain access to a vulnerable database and take any action they want without fear of their actions being audited, Imperva CEO Shlomo Kramer said.
Computerworld. December 2, 2005 - Imperva Discovers and Helps Microsoft Address SQL Server Vulnerability
Imperva ... Application Defense Center (ADC), has discovered and reported a serious database flaw in Microsoft SQL Server 2000
Database Journal. December 2, 2005 - Database Auditing and Monitoring
SecureSphere automatically creates security policies by examining live database traffic and profiling legitimate activity. Role-based security policies are updated for both individual users and applications accessing the database.
Network Computing. November 24, 2005 - Q&A: Imperva's Shlomo Kramer
Q&A with Shlomo Kramer, CEO and Founder of Imperva, Inc.
Red Herring. November 23, 2005 - Security gateway from Imperva helps ease security and compliance concerns<
"FFF Enterprises Inc... in November will launch a Web-based application called IG Treatment Tracker that will let patients receiving home-based care for certain immune-system deficiencies track their treatments. ...This data will be protected by Imperva's SecureSphere Database Security Gateway."
InformationWeek. October 17, 2005 - Imperva Pushes Database Security
Imperva Inc. has unveiled a new high-end device designed specifically to lock down common database traffic of the sort that was recently blamed for a security breach at the FBI and the White House. Temecula, Calif., pharmaceutical distributor FFF Enterprises is already using a G4 device to secure its critical databases. Are there any plans to check out the new box? "Absolutely, we will," says Bob Coates, FFF's vice president of technology.
Next-Gen Data Center Forum. October 14, 2005 - A Hardware Sentinel to Watch Over Databases
Firewall vendor Imperva is launching a database protection appliance later this year geared to protect organizations from attack or misuse.
internetnews.com. October 11, 2005 - Data protection
...as attackers' profiles increasingly change from mischief-minded adolescents to professional criminals, the target is not the network but the data that resides on the network. … As a result, industry is developing a new set of security solutions to tackle looming threats. … Imperva's SecureSphere firewall, for example, aims to protect data centers from all attacks, whether via the Web, a database breach or a worm launched from outside or inside the network.
FCW.com. October 10, 2005 - Start-up touts attack-blocking appliance
SecureSphere differs in that it monitors and protects at the Web browser, Web server, application server and database level. "It's a vertical integration approach to defending applications by looking at them as a stack of processes and protecting the different layers," says Andrew Jaquith, an analyst with the Yankee Group.
NetworkWorld. October 10, 2005 - Web-Application Security Gets Better
Some Web-application security vendors are making their products more comprehensive. While most products have offered perimeter defenses such as firewalls, companies like Breach Security and Imperva are taking increasingly broader approaches.
InformationWeek. September 27, 2005 - The Threat From Within
Imperva SecureSphere highlighted in feature article on database security solutions.
Network Magazine. August 1, 2005 - Key Operational Issues to Consider for Application Firewalls
A key challenge in evaluating alternative solutions is estimating the cost and time to deploy and manage them… what key deployment and operational questions you should ask your vendor and your project team to help anticipate the issues that might emerge only in a broad deployment, but which affect the ultimate success of your application firewall project.
Information Storage+Security Journal. June 22, 2005 - Intrusion Protection Systems get hot: Web Services and internal threats become a new focus
Taxed with providing an ever-expanding range of complex security functions, IPS vendors are rising to the challenge, transforming their wares to go beyond simply identifying and stopping attacks based on updated threat profiles.
InfoWorld. June 13, 2005 - Imperva Offers Dual-CPU 1GB App Firewall (subscription required)
Imperva Inc has upped the speeds of its SecureSphere G4 web application firewalls, and has launched a new box, the G8, that provides throughput up to 1Gbps. The company has also added support for web services standards to its software.
ComputerWire. June 8, 2005 - Web Application Security For All
Feature article on application security products and technologies.
Network Magazine. February 1, 2005 - Shlomo Kramer, Serial Entrepreneur
Feature article on Shlomo Kramer, CEO and Founder of Imperva, Inc.
Ha'aretz. January 12, 2005
- From intrusion detection to spam, security solutions were high on our list in 2004
The porous perimeter and the ominous "unknown threat" registered high IT managers' worry meters again this year, and security vendors replied with every manner of product.
InfoWorld. December 17, 2004 - Vendors back Web app security testing
Debate over what protections a Web application firewall is supposed to provide reached a head last week as four security vendors rallied around a common product-testing regimen.
Network World. November 15, 2004 - Establishing More Rigorous Standards For Application Security
Are enterprises being mislead by claims of large application security vendors?
Web Services Pipeline. November 12, 2004 - Vendors seek certification for application security tools
They hope to help IT managers better evaluate tools from different companies.
Computerworld. November 12, 2004 - Small Vendors Issue Security Challenge To Large Competitors
Group of four says some competitors aren't providing acceptable protection against hackers.
Information Week. November 9, 2004 - Small Vendors Issue Security Challenge To Large Competitors
Four vendors of application security products have created an alliance to challenge the ability of large-scale vendors to protect customers from hacker attacks and other security breaches.
Internet Week. November 9, 2004 - Security group sets baseline standard for firewalls
Consortium wants to establish standards for comparing application security software
InfoWorld. November 9, 2004 - App-Firewall Vendors Challenge Rivals to a Test
Things are getting a bit testy in the application-security market.
eWeek. November 8, 2004 - Group aims to create hallmark of security
A small group of security companies has set a baseline standard for application firewalls and has challenged the industry's biggest players to put their goods to the test.
CNET News.com. November 8, 2004 - Competitors Join Forces to Improve Web Application Security
Four rivals in the application security market joined forces to help define more consistent and reliable best practices for Web application security.
CRN. November 8, 2004 - Vendors issue an application security challenge
A trio of Web application security companies has challenged competing vendors to evaluate products against a set of test criteria developed by the three.
GCN. November 8, 2004 - Test Run: Imperva SecureSphere 3.0
This app firewall is a quick study that needs just a little admin fine-tuning.
Network Computing. September 13, 2004 - Imperva's Dynamic Profiling Firewall Secures Networks
"... the SecureSphere suite works by examining network and application traffic to learn normal behavior. The suite uses that information to normalize application access and address any abnormal activity with a prevention technique or an administrator alert. This technology is extremely effective at battling not-yet-recognized attacks..."
CRN. September 3, 2004 - SecureSphere Appliance Protects Applications via Dynamic Profiling
The SecureSphere platform from Imperva provides protection for network accessed applications via dynamic profiling technology.
Enterprise IT Planet.com. September 2, 2004 - Imperva unveils next generation firewall technology
Application security solution vendor Imperva Inc, has announced the availability of version 3.0 of the SecureSphere G4 Dynamic Profiling Firewall and MX Management Server application security appliances.
ConnectIT. August 26, 2004 - Security appliances add dynamic profiling to firewall technology
Security-solutions vendor Imperva on Monday released version 3.0 of its SecureSphere security appliances. New to the sphere: dynamic profiling, which promises greater security by automatically learning application behavior.
ZDNet. August 25, 2004 - Imperva hits 3.0, adds worm watcher and firewall
Imperva Inc., which has been selling web application security appliances for the last twelve months, will shortly announce it has added firewall features and a web worm blocker to version 3.0 of its flagship SecureSphere boxes.
Computer Business Review. August 20, 2004 - Worm Defense: Infrastructure Equipment Repair, Load Balancing
To beef up its worm defense and complement its existing protection against external Web attacks and internal database breaches, Imperva has added a four-pronged security strategy to SecureSphere.
Network Computing. August 19, 2004 - How safe is it out there? Zeroing in on the vulnerabilities of application security
The article presents a statistical analysis of results obtained from numerous application level penetration tests performed by Imperva experts for various customers over the years 2000 - 2003.
ITtoolbox. August 6, 2004 - Application Security: Take One Or Two?
Imperva's appliance uses persistent learning, which performs real time adaptation to changing applications, identifying and blocking suspicious user sessions while continuously adjusting to changes in application and database structure, said Shlomo Kramer, CEO of Imperva.
CRN. August 2, 2004 - Google Eyes
War searchers might, for example, search for the phrase "index of /etc" along with the term "passwd." Many of the links could include unprotected, or easily cracked, password files. The paper points out that when using this method "almost every result yields a vulnerable site."
SecurityManagement. July 2004 - Internet Extortion Ring Smashed
"This type of attack could have been prevented with appropriate software," Yankee Group analyst Phoebe Waterfield told NewsFactor. "Web application gateway software blocks messages going in or out that do not comply with the site's policy."
NewsFactor. July 21, 2004 - Could Search Sites Spawn Worms?
Security firm warns that search engine data is a treasure trove for worms seeking vulnerable systems
PC World. June 24, 2004 - InfoWorld product review gives Imperva the Highest Score in Application Security
"SecureSphere provides excellent heuristics and data analysis with its Correlated Attack Verification engine. It doesn't rely strictly on hard triggers or predefined rule sets for attack detection, and its ability to learn 'normal' traffic patterns on your LAN adds to its usefulness."
InfoWorld. June 4, 2004 - Schutz von Web-, Applikations- und Datenbank-Server gegen externe und interne Angriffe
German-language article about Imperva's G4 Gateway and MX Management Server appliances.
IT SecCity. May 21, 2004 - Imperva Releases SecureSphere Web Application Appliances
Application security vendor Imperva Monday released two gateway appliances optimized to protect Web applications and databases from attacks that slip through traditional perimeter firewall and intrusion-detection systems.
CRN. May 3, 2004 - Briefs Hindsight And Foresight
Imperva Gateways protect Web applications, databases
CRN. April 30, 2004 - Bad Bots and Good Google
One of the other interesting things Imperva has done lately is to publish a research paper entitled Web Application Worms: Myth or Reality?
Network World. April 26, 2004 - Start-ups Unveil Security Appliances
"We let [the SecureSphere appliance] run in learning mode for a week where it learned about 65,000 uses of our Web site," says Greg Mooney, senior technical team leader. Putting the [G4 Gateway] into blocking mode to stop attacks was then "a no-brainer."
Network World. April 26, 2004 - War Searching
The Imperva engineers estimate that a hacker using this technique, which they dub "War Searching," would find 10,000 to 10,000,000 times as many points of vulnerability as a typical worm program wending its way across the Internet.
MIT Technology Review. April 1, 2004 - IT Departments Urged to Prepare for Next Generation of Worm Application Attacks
Hackers are trying to develop a new generation of internet worm that can bypass traditional firewalls and anti-virus software.
ComputerWeekly. March 30, 2004 - War-Googling and the Search of Death
[Imperva] will today publish a whitepaper exploring the possibility of a web-based worm that uses web search engines to automatically identify and attack vulnerable web servers.
Computer Business Review. March 29, 2004 - Security News: SecureSphere 2.0
Using proprietary technology, called Correlated Attack Validation, the software maps normal application behavior and monitors and protects against anomalies, such as buffer overflows, SQL injection, and directory traversal.
eWeek. March 17, 2004 - Demo 2004 reflects IT security concerns
Imperva launched SecureSphere Version 2 application-level defense technology, which adds signature management capabilities to its intrusion protection software.
InfoWorld. February 23, 2004 - The Invisible Demo
Linux was running just about everything on display at this year's Demo 2004
Linux Journal. February 23, 2004 - Imperva Releases App Security Solution
SecureSphere is a combination hardware/software attack prevention solution powered by both Imperva's intrusion prevention technology and its proprietary Correlated Attack Validation technology, which detects and prevents attacks on unique business logic and data.
Web Host Industry Review. February 18, 2004 - Network advances to shine at Demo
The nearly 70 companies showcasing products at this week's Demo 2004 conference will announce everything from instant messaging to Web services security to network management tools.
Network World. February 16, 2004 - Web applications wide open to hackers
The vast majority of web applications are wide open to attacks by hackers, a four-year testing programme has revealed.
VNUnet. February 5, 2004 - App-Layer Battleground
Having a firewall, virtual private network, e-mail gateway and intrusion-detection system isn't enough; today's threats increasingly come through application-layer attacks, says Imperva Inc. CEO Shlomo Kramer.
Computerworld. February 2, 2004 - Gemini Israel Funds general partner Adi Pundak-Mintz speaks out on WebCohort
WebCohort has a new approach, good investors - Check Point co-founder Shlomo Kramer is active in the company - and it could become a company with a system instead of a component.
Globes Online. January 15, 2004 - The evolution of application layer firewalls
A new way of looking at protection: While established vendors are working on pricing and features, a new company called WebCohort is touting a new way of looking at the same problem.
Network World. January 2, 2004 - Application Security Latest Opportunity For Hack Threat Specialists
Yarom Arad, Imperva international sales director, speaks with ComputerWeekly.com on the importance of using application security to protect databases and internal servers.
ComputerWeekly.com. September 15, 2003
- WebCohort Secures the 'Enterprise Application Sphere'
Schlomo Kramer, Imperva CEO, speaks with IT-Analysis.com about the vulnerabilities of traditional network security techniques in protecting against Application Sphere Attacks.
IT-Analysis.com. September 10, 2003