35 posts from June 2009
June 30, 2009
 The Road To Data Intelligence
Pin It
ClearPoint Metrics and Imperva announced today a collaborative effort to deliver strategic intelligence on organizations data security and compliance initiatives. This partnership allows us to  integrate SecureSphere Data Security Suite with ClearPoint Metrics' Security Performance Manager. This will create a new class of security performance and risk metrics that will provide visibility into the state, quality and effectiveness of data security investments for chief information security officers, auditors as well as business managers concerned about security.

According to Rohit Gupta, "Imperva's mission is to help organizations secure critical data and achieve regulatory compliance for their Web and database applications. Combining the visibility and control of database activity provided by SecureSphere with ClearPoint's Security Performance Manager's customers get a powerful, global view of the state of their security infrastructure."

In the future we will release more information about this integration. Stay tuned. 


 Cybercrime on Facebook - Uh Yea
Pin It

Reuters came out with an article yesterday talking about Cybercrime on Facebook. Is anybody shocked by this? You've got millions of people using a service, many of which have no idea about what not to do, disclose, etc over the Internet. Of course there is going to be cybercrime, for the same reason pick pockets target crowded events, or bigger cities have more crime for that matter - it's a target rich environment.

Most of the cybercrime on Facebook has to do with identity impersonation, spam, and the downloading of malicious software. Some are claiming that this is going to scare people away, business will stop using Facebook, and users will flee.  Simply put - no it's not. You know what else has crime - the Internet, and for that matter, planet Earth.

I think it is safe to say that Web 2.0 is becoming as important to the Internet, as the Internet has become overall. Like everything else, it's imperfect and will take its bumps and scrapes, but the bottom line is - it's not going anywhere, because individuals and business using it are finding value.


June 29, 2009
 Imperva Podcast with GLBA co-author, Paul Reymann about GLBA, compliance, & security in the financial industry
Pin It

On this episode of the Imperva Security Podcast Paul Reymann, Co-author of the Gramm-Leach-Bliley Act (GLBA) discusses GLBA, compliance, and security within the financial industry.He also touches on financial modernization, the convergence of NIST and ISO, and the risk management continuum.

Mr. Reymann is one of the nation's leading regulatory experts and co-author of Section 501 of the Gramm-Leach-Bliley Act Security rule. Fortune 500 companies have leveraged Mr. Reymann's subject matter expertise to develop successful go-to-market strategies for information security and technology products and services within key vertical markets.

He has more than twenty years experience in the financial services industry, including thirteen years with the Department of Treasury's Office of Thrift Supervision (OTS) in Washington D.C. There he guided the regulatory agency's Technology Risk management activities and authored several key regulatory directives and advisories on emerging risk management issues, including the industry's first regulatory directive on "Transactional Internet Banking."

Listen to the podcast here.


June 26, 2009
 Imperva Podcast Transcript - Joseph Weiss, Industry Expert on Control Systems and Electronic Security
Pin It

In addition to the audio podcast on cyber security within industrial control system environments, SCADA, and NERC, the full transcript can be found here.


June 24, 2009
 Imperva Podcast Transcript on Drive-by-Downloading with Amichai Shulman, Co-founder and CTO of Imperva
Pin It

In addition to the audio podcast on drive-by-downloading, the full transcript can be found here.  Additionally, you can read drive-by-downloading definition.


June 23, 2009
 Cookie Poisoning Web Application Attack Demonstration Video
Pin It
This is a continuation of multiple educational video demonstrations related to Web application attacks. This video is focused on Cookie Poisoning. The definition can be found in the Imperva ADC Glossary.As always, these videos are in HD.


June 22, 2009
 SecureSphere followed Action and OS Integration - Part 2
Pin It
I decided to write in more details about SecureSphere's "content out" integration with different systems, starting with the generic interfaces first. In Part I I wrote about Action Sets and Action Interfaces and showed how Action Sets are used within policies. In this post I'll write about a specific type of the Action Interface: OS Command. 

Using the OS command Action Interfere, SecureSphere administrators can run any shell command or script from the management appliance. This creates integration options with external applications that are executed when an event is generated. 

Picture 1: OS Command Interface

To invoke an OS command, one should verify that required executable rights on the management server are set. The following list describes the different OS parameters defined: 

  • Command: The full path to the OS command 
  • Arguments: Arguments that should be passed to the Command. 
  • Working Dir: The location on the management computer where the OS command should run 
To show how this feature is useful  I am using a real example that was provided by one of our system Integrator partners to a customer. This customer requested to track an entire telnet session when specific users are accessing a specific sensitive system that could not support SSH.  

The partner created a custom security policy to match when telnet was being used to the DBMS. The he used the OS command followed action to execute a script that started a TCP packet capture of the source IP and telnet port and then stopping the packet capture when the session ends. Once the PCAP had been saved he had a second script that ran and parsed the PCAP into an HTML document with the SecureSphere heading (see picture 2 below).  
The HTML document displayed every telnet action taken from the client to the DB and the response.

telnet monitor via OS command integration.png
Picture 2: Telnet Report Created by Followed Action 


 Imperva Podcast - Aviram Jenik CEO of BeyondSecurity - Talks about WAF + VA + Black Box Testing
Pin It

On this episode of the Imperva Security Podcast Aviram Jenik - CEO of Imperva Partner BeyondSecurity talks about bringing together WAF, VA, and Black Box Testing. Aviram discusses several very interesting application security "stories from the trenches," and shares his perspectives on the evolution of application security.

For related information on this subject, listen to the podcast on WAF + VA with the CTO of Whitehat Security - Jeremiah Grossman.


 From Cyberwar To Cybercrime
Pin It
Time flies. Less than a year ago we predicated that the cyber-mercenary will become more common.  
"...  Probably intrigued by quotes stating that cyberattacks are inexpensive and easy to mount, he decided to join the war... Malicious tools are no longer available to the few. They are very common, can be reached by anyone and are very easy to use. The "for dummies" version of tools are available and ready... "

Last week, PCWorld told how similar tools are used in the recent Iranian conflict:

"On Monday, sites belonging to Iranian news agencies, President Mahmoud Ahmadinejad and Iran's supreme leader Ayatollah Ali Khamenei, were knocked off-line after activists opposed to the Iranian government posted tools designed to barrage these Web sites with traffic." 

So cyberwar with its different forms is here to stay. But there are some additional consequences that we are yet to be seen. In my opinion, it will affect the way "common" and less sophisticated hackers will attack their enterprise victims. Byron Acohdio blog the last watchdog  explains how proxy servers are used (Amichai was quoted) by the protesters. As we saw in the past, soon criminals will be inspired and a method (proxies and anonymous proxies) known to just a few, will be used by many. 

Beware of the proxy... 


June 18, 2009
 Spicy Food Challenge #5 - Taipei City Taiwan
Pin It

This is the second international spicy food challenge to date. You can read about and see other Spicy Challenges here:  Four, Three, Two, One.

This challenge takes us to Taipei City Taiwan to eat Hot Pot.One co-worker from Imperva and I heed the call of the pepper. 



Find Us Online
RSS Feed - Subscribe Twitter Facebook iTunes LinkedIn YouTube
Monthly Archives
Email Subscription
Sign up here to receive our blog: