Category Archives: Product Security Assurance

HII Report: ‘The Non-Advanced Persistent Threat’

May 13, 2014

Imperva Releases Hacker Intelligence Initiative Report:

Imperva released its April Hacker Intelligence Initiative (HII) report, “The Non-Advanced Persistent Threat.” The report presents an in-depth view of how techniques attributed to Advanced Persistent Threats (APTs) require only basic technical skills. The report exposes simple ways that attackers are obtaining access privileges and accessing protected data by targeting weaknesses of the Microsoft NTLM protocol.

Key findings:

• Data breaches commonly associated with APT can be achieved by simple means, using basic technical skills.

• Built-in Windows functionality, combined with “innocent” file shares and SharePoint sites, can provide attackers with an entry-point to accessing an organization’s most critical data.

• A mitigation strategy should be implemented that focuses on monitoring the authentication process itself and data access patterns, in addition to tailoring authorization mechanisms for increased security.


Enhancements to Imperva’s SecureSphere 10.5 Platform

Imperva Advances Protection Against Data Breaches With the Release of SecureSphere 10.5

Imperva have introduced technology to enable customers to proactively define security strategies instead of reacting to security alerts. By doing this, Imperva customers will be able to protect against data access in real-time when suspicious behaviour is detected. The update of Imperva’s flagship SecureSphere platform confirms four major enhancements:

1. New and unique to SecureSphere 10.5 the ability to protect against access to SharePoint files in real-time based on business policy.

2. Two new feeds to ThreatRadar Reputation Services – Malicious Scanner and the Comment Spam

3. SecureSphere WAF for AWS is now shipping with SecureSphere 10.5.

4. Dramatically Lowers TCO in Database Security- up to 90% fewer virtual appliances, reduce labour costs by up to 70% and reduces infrastructure costs by up to 90%.

To read more-

Security audits for third-party providers

May 10, 2012

When firms sign up to a cloud service provider, the decision is usually in terms of utility versus cost – as external providers can usually supply better software and applications than are available to a firm using their own in-house assets, but without the initial purchase cost. Of course, these transactions are only entered into with the understanding that the external partner will do their best to ensure the safety and security of their client’s data.

However, the concentrated nature of the details stored by specialist service providers often make them a prime target for malicious parties, with the proprietary nature of the data making it highly valuable.

While the provider may assert that they are on top of their game in terms of online protection, due diligence demands that responsible firms have a clear picture of the measures currently in place. A professional security audit from an external provider can deliver a clear report into the depth and breadth of a firm’s digital capacities – providing an unbiased review of the promises made during the primary sales contact. Everything from encryption standards, storage methods and transmission protocols can be covered – providing managers with peace of mind that their partnership is secure before they sign on the dotted line