Study of 10 million web application attacks shows automated attacks can peak at 25,000 an hour

Redwood Shores, CA – July 25, 2011 – Imperva, a pioneer and leader of a new category of data security solutions for high-value business data in the data center, released today the results of the Imperva Web Application Attack Report (WAAR), which revealed that web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes. The WAAR, created as a part of Imperva’s ongoing Hacker Intelligence Initiative, offers insight into actual malicious web application attack traffic over a period of six months, December 2010 through May 2011.

Imperva monitored and categorized more than 10 million individual attacks across the internet, including attacks witnessed via The Onion Router (TOR) traffic as well as attacks targeting 30 different enterprise and government web applications. The WAAR outlines the frequency, type and geography of origin of each attack to help security professionals better prioritize vulnerability remediation.

“Most security research focuses on vulnerabilities, and while this insight is extremely valuable, it doesn’t always help businesses prioritize their security efforts,” said Amichai Shulman, lead researcher and Imperva CTO. “Take a look at the OWASP Top 10, for example, RFI and Directory Traversal were not identified as top vulnerabilities, yet our research shows that these are two of the most common attacks used by hackers to steal data. It’s impossible to have effective risk management without understanding which vulnerabilities are most likely to be exploited.”

News Highlights

• Automated attacks are prevalent. According to the WAAR, attack traffic during the six month period was characterized by spikes of high volume attack activity followed longer periods of lighter activity, key indicators of automation. On average companies experienced twenty-seven attacks per hour, or an attack every two minutes. However, when websites came under automated attack they received up to 25,000 attacks in one hour, or 7 attacks every second.
• The Unfab Four. The four most prevalent Web application attacks include directory traversal (37 percent), cross site scripting (36 percent), SQL injection (23 percent) and remote file include (four percent). These attacks were often used in combination to scan for vulnerabilities and subsequently exploit found vulnerabilities.
• Most attacks come from within the United States. Over 61 percent of the attacks originated from bots in the United States, though it was unclear from where they were controlled. Attacks from China made up almost 10 percent of attack traffic, followed by attacks originating in Sweden and France. Geography, however, is less than reliable, but filtering attacks by reputation is more so. The WAAR data shows that 29 percent of the attacks originated from the same 10 most active attack sources.

“The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses,” said Shulman. “The way hackers have leveraged automation is one of the most significant innovations in criminal history. You can’t automate car theft, or purse stealing. But you can automate data theft. Automation will be the driver that makes cyber crime exceed physical crime in terms of financial impact.”

“Advances in evasion are also significant. Our data shows that it is increasingly difficult to trace attacks to specific entities or organizations,” continued Shulman. “This complicates any effort to retaliate, shut down cybercriminal gangs or identify potential acts of war.”

For a full copy of the Web Application Attack Report, visit http://www.imperva.com/go/hii_web.

On September 14th, Imperva will host a webinar to review the findings. To register, please go to:
https://imperva.webex.com/imperva/onstage/g.php?d=790430811&t=a&SourceID=016

About Imperva

Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. With more than 1,300 end-user customers and thousands of organizations protected through cloud-based deployments, Imperva’s customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere identifies and secures high-value data across file systems, web applications and databases. For more information, visit www.imperva.com, follow us on Twitter or visit our blog.

Forward Looking Statements

Certain statements contained in this press release may be forward-looking statements made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Any such statements that are not purely historical are forward-looking statements, including, without limitation, statements regarding trends or projections related to our business and our expectations, beliefs, intentions or strategies regarding the future. These statements are subject to known and unknown risks, uncertainties and other factors, which may cause our actual results to differ materially from those implied by the forward-looking statements. We undertake no obligation to update any of the forward-looking statements contained herein after the date of this presentation, whether as a result of new information, future events or otherwise.

# # #

Imperva and SecureSphere are registered trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Press Contacts

Investor Contact

Seth Potter
ir@imperva.com
Tel: (650) 832-6032