Imperva Uses AI To Block AI-Weaponised Cyber Threats

Cloudwedge | March 01, 2020

Imperva Uses AI To Block AI-Weaponised Cyber Threats
  • New technologies increase information technology connectivity and vulnerabilities, but they can also be used to fight against these problems.

  • Imperva is positioning AI to fight against AI.

  • The company conducts data research to identify the pattern of attacks and how the threat landscape is changing.


The number of security events taking place each day has seen an exponential rise as more and more companies shift to new technologies to improve the operation and efficiency of their business models. But, new technologies can bring more threats to corporate security.


As these new technologies increase information technology connectivity and vulnerabilities, they can also be used to fight against these problems. Cybersecurity software maker Imperva Inc. uses artificial intelligence and machine learning to do threat analytics and predictive attack research for its clients.


In cybersecurity, staying one step ahead of the competition is a necessity. As malicious users start using AI systems in their products, cybersecurity must figure out how to adapt on the fly to combat these threats that have the potential to evolve. Imperva is positioning AI to fight against AI.


We are fighting against technologies like AI. But we are also using those technologies to help us decide where we need to continue to add capabilities to stop [cyberattacks].

- Pam Murphy, CEO, Imperva


Murphy discussed how Imperva uses data to protect consumers from security threats, the company’s focus on consumer needs.


READ MORE: Delivering on the promise of security AI to help defenders protect today’s hybrid environments

Blocking Out One Million Threats A Minute


Imperva has what it calls a “threat research group,” whose job is to assess data that passes through the company’s content delivery network. Imperva protects over 3 million databases and looks at about 25 petabytes of data daily, offering solutions in the cloud and on-premises.


Murphy mentioned that the company’s data collection centers get records for each attempted attack on a network that Imperva is protecting.  She said, “We get the benefit of basically seeing all that are hitting our customers every day. We block about 1 million attacks every minute.”


The collection of this data enables Imperva to analyze incoming sequences and determine what they’re looking at to figure out what part of their cybersecurity defense should be shored up. For example, the data allows Imperva to conduct research to identify the pattern of attacks and how the threat landscape is changing. According to Murphy, this guides the company to augment its products to prevent those attacks.


Before, a lot of the attacks were just sort of fast and furious. Now we’re seeing a pattern towards slow — slow and continuous.

- Pam Murphy, CEO, Imperva


Imperva is in a unique position to determine the needs of their clientele and respond to those requirements given access to vast volumes of data. By pushing the boundaries of cybersecurity innovation, Imperva intends to combine its data collection system with analytics to help them develop solutions that can be applied across the board.


Murphy wants to harness her knowledge of customer demand to perfect Imperva’s market approach. The idea is to deliver a more complete and integrated solution for enterprise customers. She said, “Our focus is on what do customers need rather than what software tech companies or security companies think that they need." The new approach involves making the tools easier to use and showing customers the breadth of the company’s solutions.


With a focus innovation, Imperva plans to launch a range of tools in the year ahead.


READ MORE: Five Ways Imperva Attack Analytics Helps You Cut Through the Event Noise

Spotlight

Integrated Application Delivery and DDoS Protection with Cisco ACI – Radware. Learn how to add application delivery and DDoS protection services into an ACI application profile - increasing data center agility without compromising application SLA. For more information on Radware and Cisco joint solutions.


Other News
DATA SECURITY

Cohere Cyber Secure and SecurityScorecard Partner to Improve Cybersecurity of Financial Sector

Cohere Cyber Secure and SecurityScorecard | September 24, 2021

Cohere Cyber Secure today announced a partnership with SecurityScorecard, the global leader in cybersecurity ratings, to deliver cyber ratings to customers and jointly drive market penetration with a single integrated solution. These include the most recognized companies globally across financial services, including various groups surrounding Registered Investment Advisors of Real Estate, Private Equity, Portfolio Managers, Hedge and LBO funds. As part of the partnership, Cohere will embed SecurityScorecard's monitoring capabilities into our security operations via Cohere's SIEM technology to continuously monitor and mitigate potential cyber threats, both on-premise and in the cloud. "Financial organizations are the biggest target for cyber criminals, and security teams need a comprehensive and compliant cybersecurity strategy that provides in-depth intelligence," says Aleksandr Yampolskiy, CEO at SecurityScorecard. "This partnership provides real actionable insights into the real-time threats facing financial organizations, and ensures that they will maintain the strongest possible security posture and conform to industry compliance standards." The combined solution from Cohere delivers a 360-degree view and addresses critical security concerns including vulnerability assessment and risk management, threat detection with real-time monitoring, incident response, and regulatory reporting. Partnership customers can review their SecurityScorecard rating and extend this support to their portfolio and vendor firms. This complete solution allows for continuous monitoring that provides an outside-in view into security practices, ensuring that organizations can continue to provide their clients the most secure financial services. Additionally, as a tightly-coupled solution, customers can generate comprehensive monthly or on-demand Cyber health reports for governance boards and regulators. Security organizations are often hamstrung by only looking within their cyber borders with an inside-out view into their vulnerabilities, and often have to break up monitoring tools with multiple outside vendors. Investors, customers, regulators, CISO's and compliance officers can rest easier knowing our solution keeps your company safe and secure. Steven Francesco, Chairman and CEO at Cohere Cyber Secure Scoring more than 11 million companies continuously and on a daily basis, SecurityScorecard provides an objective, outside-in view of cyber risk based on publicly-available data. In addition, the company's technology uses non-intrusive proprietary methods and data feeds continuously monitor covered entities based on 10 risk factors, including endpoint security, patching cadence, and network security, and ultimately delivers an "A" through "F" rating. About Cohere Cyber Secure Cohere Cyber Secure is a trusted, single-source provider of technology solutions including, Cybersecurity, Cloud Hosting, Managed IT and UCaaS Services. From its New York City headquarters, Cohere maintains data center facilities throughout North America and key global locations. Additionally, Cohere performs cyber protection assessments and advises companies on regulatory compliance requirements. Our clients include global enterprises that demand high availability, operating diversity and tailored IT solutions. In addition, Cohere's Consulting services provide unparalleled IT expertise that enable strategic planning in Cyber and Compliance Policies, Managed IT and Data Protection Services, Crisis Management/Incident Response, Risk Management and Business Continuity. Cohere's enhanced solutions and dedicated staff simplify the everyday challenges of complex business technologies. About SecurityScorecard Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 11 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 22,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

DATA SECURITY

SCADAfence Partners with Keysight Technologies To Provide Visibility and Industrial Cyber Security for OT Infrastructures

SCADAfence | September 23, 2021

SCADAfence, the global leader in cybersecurity for Operational Technology (OT) & Internet of Things (IoT) environments, today announced a partnership with Keysight Technologies, Inc. (NYSE: KEYS), a leading technology company that delivers advanced design and validation solutions to help accelerate innovation to connect and secure the world, to amplify network visibility and cybersecurity to some of the world's most complex OT networks. This new partnership will help organizations gain better control over their industrial environments and detect malicious activities, reducing risk through continuous monitoring and proactive mitigation. As more critical network infrastructures adopt advanced automation systems to integrate their OT and SCADA technologies, securing the increased attack surface from threats has become more challenging with each attack. Managing these risks has become extremely complicated due to the fact that most OT network environments and devices are not monitored directly by security personnel. Consequently, the Industrial Control System (ICS) networks are harder to monitor and secure as they’re very diverse, and most of the time, they operate with an increased risk of industrial-specific vulnerabilities. This new partnership between SCADAfence and Keysight will allow organizations to have amplified visibility into OT and IT networks and increased detection and response capabilities in their OT environments. SCADAfence’s non-intrusive platform for deep packet inspection (DPI) together with Keysight’s network test access points (TAPs) and Network Packet Brokers (NPB) solutions will work together to provide complete traffic visibility, security, and asset inventory management in real-time to their industrial customers.Protecting and securing OT environments from security threats and anomalies has become a top priority for the industrial sector and we provide deep packet-level visibility with accurate real-time analytics Elad Ben-Meir, CEO of SCADAfence. "We're excited to partner with Keysight Technologies to help industrial organizations leverage both solutions for better visibility and more advanced packet information within OT environments.” The deployment of SCADAfence and Keysight Technologies together provides increased real-time visibility into OT environments, detailed asset visibility and continuous threat detection for oil and gas facilities, manufacturing sites, water and wastewater environments, automotive, and other industrial infrastructures. With the ability to collect different data across all OT environments, Keysight will be able to provide more actionable insights for customers on the threats affecting their IT environments and SCADAfence will map out the connections between IT and OT to assess the potential impacts to operational environments. “Critical infrastructures are being targeted more than ever and are facing more security threats in the OT and IoT networks. The mitigation process can take from weeks to possibly months to patch vulnerabilities within the more complex environments,” said Taran Singh, vice president, enterprise solutions, Keysight. “Our joint-partnership with SCADAfence will allow our customers and other industrial organizations to speed up that process from weeks to a few days.” About SCADAfence: SCADAfence is the global technology leader in OT & IoT cybersecurity. SCADAfence offers a full suite of industrial cybersecurity products that provides full coverage of large-scale networks, offering best-in-class network monitoring, asset discovery, governance, remote access, and IoT device security. A Gartner “Cool Vendor” in 2020, SCADAfence delivers proactive security and visibility to some of the world’s most complex OT networks, including the largest manufacturing facility in Europe. SCADAfence enables organizations in critical infrastructure, manufacturing, and building management industries to operate securely, reliably, and efficiently.

Read More

DATA SECURITY

LogPoint introduces native SOAR into core SIEM offering, advancing cybersecurity automation and efficiency

PR Newswire | September 22, 2021

LogPoint, the global cybersecurity innovator, announced the successful completion of its acquisition of Tel Aviv-based SecBI. SecBI's universal SOAR and XDR technology will integrate natively with LogPoint to form an integrated, foundational Security Operations platform. SOAR will be released with LogPoint 7.0 in December 2021, and XDR will be introduced in Q2 2022. "With the tidal wave of cyberattacks threatening businesses and societies across the globe, a disruption of the way organizations respond to cybersecurity incidents is required," said Jesper Zerlang, CEO LogPoint. "Building on LogPoint SIEM and UEBA to effectively detect threats, orchestration and automation of the response to incidents is key to advancing cybersecurity. Consequently, SOAR will be a capability included in LogPoint to advance foundational cybersecurity." With the release of LogPoint 7.0, all present and future LogPoint customers will be immediately able to apply SOAR to their security operations at the click of a button, automating repetitive tasks, orchestrating threat remediation workflows, and enabling autonomous investigation, prioritization, and execution of playbooks that reduce human involvement and speed up incident response. Customers will receive SOAR capabilities within their LogPoint Core SIEM license. "LogPoint SOAR has been in production with select customers over the past few months and we're thrilled with the overwhelmingly positive feedback that analysts have more confidence that incidents are dealt with appropriately thanks to the automatic playbooks," said Christian Have, CTO, LogPoint. "Our customers have reported a significant decrease in the time it takes to detect and respond to a phishing email – down from three hours with manual processes to 10 minutes with automated LogPoint SOAR playbooks." In today's cybersecurity market, SOAR is employed mainly by larger enterprises and managed security service providers (MSSPs) handling a considerable number of incidents. Integrating native SOAR into LogPoint will dramatically increase the effectiveness and precision of incident response without the need for dedicated management resources, making it an attractive option for organizations of all sizes, including mid-market cybersecurity. "SOAR is not only about coping with the increasing number of cybersecurity incidents. By including SOAR in the LogPoint SIEM solution, we will enable organizations of all sizes, especially companies that do not have a fully-staffed 24/7 Security Operations Center (SOC), to establish proper and relevant incident-handling processes and dramatically increase quality and speed in their response capabilities," said Have. "It also helps those organizations assess the efficiency of new cybersecurity tools and measures." The acquisition was first announced on September 1, 2021. Following finalization, SecBI will fully integrate into LogPoint's organization. The new team will make key contributions to LogPoint's continued development: SecBI founder and VP of Business Development Doron Davidson has been appointed LogPoint's VP of Global Services and will lead LogPoint Israel as the company expands its presence in Tel Aviv. The LogPoint move to acquire SecBI and integrate its SOAR and XDR technology into the LogPoint solution is recognized by industry analysts. In a recently published research brief by Omdia headlined "LogPoint Adds SOAR via SecBI Acquisition, Builds Momentum as a Top-Tier SecOps Vendor," analyst Eric Parizo concludes: "Already a strong SIEM player in Europe, LogPoint's new SOAR and XDR offerings, combined with its own notable TDIR advancements, position the vendor to compete globally for a growing share of enterprise customers."

Read More

DATA SECURITY

Cowbell Cyber Unites Cybersecurity Giants and Cyber Insurance Industry with Launch of Cowbell Rx

Cowbell Cyber | September 21, 2021

Cowbell Cyber, the industry's first AI-powered cyber insurance provider for small to medium enterprises (SMEs), today announced the launch of its cyber risk exchange marketplace, Cowbell Rx. Cowbell Rx closes insurability gaps by providing cyber insurance applicants with resources to meet eligibility requirements while also enabling active policyholders to continuously improve their organization's risk profile. This comprehensive list of partners is the first of its kind in the cyber insurance industry. Cyberattacks continue to proliferate and damage business operations, with predictions that new attacks will happen every 2 seconds by 2031. However, cybersecurity and cyber insurance have traditionally operated in silos with insufficient coordination, resulting in a misalignment between cyber threats faced by an organization and the security measures to prevent them. Because of this, cyber insurers are tightening up insurability requirements for policyholders to obtain coverage or to renew existing cyber policies. Cowbell Rx is the first marketplace provided by a cyber insurer to help businesses gain access to recommended partners that offer solutions to organizations in order to meet the minimal criteria to get cyber insurance coverage. "Cybersecurity and cyber insurance must work in harmony to build an organization's cyber resilience. We are working with more than 20 of cybersecurity's biggest leaders to make this happen," said Isabelle Dumont, vice president of market engagement at Cowbell Cyber. "Cowbell Rx is a key component of Cowbell's closed-loop risk management initiative to continuously improve an organization's risk profile. Together with our partners, we are bringing streamlined access to today's top cybersecurity services and solutions straight to current and future policyholders." "Cowbell is an innovator in the field of cyber insurance and we share their passion for data-driven risk assessment," said Eric Skinner, vice president of Market Strategy at Trend Micro. "We're pleased to be part of Cowbell's new marketplace. By bringing together Cowbell policyholders with cybersecurity experts like Trend Micro, we can all work together to ensure our mutual customers stay resilient in a world of constantly changing cyber threats." "True cyber risk management is the combination of cyber insurance and effective cybersecurity operations," said Odin Olson, vice president of Alliances at Arctic Wolf. "Cowbell Rx is an excellent way to expose Cowbell's policyholders to some of the best cybersecurity service providers in the industry." About Cowbell Cyber Cowbell Cyber is dedicated to providing standalone, admitted individualized, and easy-to-understand cyber insurance for small and mid-size enterprises. In its unique AI-based approach to risk selection and pricing, Cowbell's continuous underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Cowbell Insurance Agency is currently licensed in 50 U.S. states and the District of Columbia.

Read More

Spotlight

Integrated Application Delivery and DDoS Protection with Cisco ACI – Radware. Learn how to add application delivery and DDoS protection services into an ACI application profile - increasing data center agility without compromising application SLA. For more information on Radware and Cisco joint solutions.

Resources

Events