Provider of cyber and data security products
POPULARITY
34 episodes with Imperva
31 episodes with Imperva
33 episodes with Imperva
9 episodes with Imperva
25 episodes with Imperva
11 episodes with Imperva
10 episodes with Imperva
7 episodes with Imperva
12 episodes with Imperva
8 episodes with Imperva
12 episodes with Imperva
5 episodes with Imperva
5 episodes with Imperva
8 episodes with Imperva
5 episodes with Imperva
2 episodes with Imperva
4 episodes with Imperva
4 episodes with Imperva
A joint operation takes down Lumma infrastructure. The FTC finalizes a security settlement with GoDaddy. The Telemessage breach compromised far more U.S. officials than initially known. Twin hackers allegedly breach a major federal software provider from the inside. U.S. telecom providers fail to notify the Senate when law enforcement agencies request data from Senate-issued devices.DragonForce makes its mark on the ransomware front. A data leak threatens survivors of domestic abuse in the UK. Lexmark discloses a critical vulnerability affecting over 120 printer models. Our guest is David Holmes, CTO for Application Security at Imperva, with insights into the role of AI in bot attacks. Scammers ship stolen cash in Squishmallows. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is David Holmes, CTO for Application Security at Imperva, a Thales company, who is sharing some insights into the role of AI in bot attacks. Selected Reading Lumma infostealer's infrastructure seized during US, EU, Microsoft operation (the Record) FTC finalizes order requiring GoDaddy to secure hosting services (Bleeping Computer) Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government (Reuters) By Default, Signal Doesn't Recall (Signal) Hack of Contractor Was at Root of Massive Federal Data Breach (Bloomberg) Phone companies failed to warn senators about surveillance, Wyden says - Live Updates (POLITICO) DragonForce targets rivals in a play for dominance (Sophos News) ‘Deep concern' for domestic abuse survivors as cybercriminals expected to publish confidential refuge addresses (The Record) Lexmark reporting remote code execution flaw affecting over 120 Printer Models (Beyond Machines) DOJ charges 12 more in $263 million crypto fraud takedown where money was hidden in squishmallow stuffed animals (Bitdefender) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
"For the first time in over a decade, bots now outnumber humans on the internet — and a growing percentage are built to defraud, disrupt, and deceive." — Tim Chang, Global VP & GM, Application Security, Thales In a sobering conversation with Technology Reseller News, Tim Chang of Thales shared key insights from the 2025 Imperva Bad Bot Report, a deep dive into the increasingly dangerous world of automated internet traffic. According to the report, 51% of all web traffic in 2024 was generated by bots, marking the first time bot traffic has surpassed human traffic. Even more concerning, 37% of all traffic is now classified as “bad bot” activity — a significant increase from 32% the previous year. Thales, a global leader in digital identity and cybersecurity with over 80,000 employees worldwide, acquired Imperva two years ago. Together, the teams behind the Imperva Threat Research division are shining a light on the surge in bot-driven attacks — from simple web scrapers to polymorphic, AI-enhanced bad bots capable of account takeovers and API abuse. Telecom Under Attack Among the most targeted sectors? Telecom and ISPs, which now account for more than half of bad bot traffic. Chang explained that this is unsurprising given the critical infrastructure telecom supports and the high volume of customer data flowing through these systems. Key takeaways from the report include: 51% of all internet traffic is now automated. 37% of global traffic comes from bad bots — a 7-point rise in one year. 40% increase in account takeover (ATO) attacks, often using stolen or brute-forced credentials. Telecom ranks as the second-most targeted vertical, just behind financial services. 55% of all telecom traffic is now made up of bad bots. Chang emphasized that these bots are increasingly using AI to evade detection, shifting IP addresses, mimicking human behavior, and attacking not just websites but APIs — which lack visual interfaces and are harder to monitor. 10 Recommendations to Reduce Risk To help organizations defend against this growing threat, Thales provides a set of 10 actionable recommendations, ranging from understanding your attack surface and deploying bot management tools, to tightening MFA usage and adopting a multi-layered defense strategy. Chang also offered a strategic reminder: don't play all your cards at once — adversaries are evolving just as quickly, and a staggered, adaptive defense is critical. Access the full 2025 Imperva Bad Bot Report: Download the Report from Thales/Imperva
Forecast = Prepare for scattered CVEs, rising bot storms, and real-time threat lightning. Keep your digital umbrellas handy! On this episode of Storm⚡️Watch, we're breaking down the latest shifts in the vulnerability tracking landscape, starting with the ongoing turbulence in the CVE program. As the MITRE-run CVE system faces funding uncertainty and a potential transition to nonprofit status, the global security community is rapidly adapting. New standards and databases are emerging to fill the gaps—Europe's ENISA is rolling out the EU Vulnerability Database to ensure regional control, while China continues to operate its own state-mandated systems. Meanwhile, the CVE ecosystem's chronic delays and the NVD's new “Deferred” status for tens of thousands of older vulnerabilities are pushing teams to look elsewhere for timely, enriched vulnerability data. Open-source projects like OSV.dev and commercial players such as VulnCheck and Snyk are stepping up, offering real-time enrichment, exploit intelligence, and predictive scoring to help organizations prioritize what matters most. The result is a fragmented but innovative patchwork of regional, decentralized, open-source, and commercial solutions, with hybrid approaches quickly becoming the norm for defenders worldwide. We're also diving into Imperva's 2024 Bad Bot Report, which reveals that nearly a third of all internet traffic last year came from malicious bots. These bots are getting more sophisticated—using residential proxies, mimicking human behavior, and bypassing traditional defenses. The report highlights a surge in account takeover attacks and shows that industries like entertainment and retail are especially hard hit, with bot traffic now outpacing human visitors in some sectors. The rise of simple bots, fueled by easy-to-use AI tools, is reshaping the threat landscape, while advanced and evasive bots continue to challenge even the best detection systems. On the threat intelligence front, GreyNoise has just launched its Global Observation Grid—now the largest deception sensor network in the world, with thousands of sensors in over 80 countries. This expansion enables real-time, verifiable intelligence on internet scanning and exploitation, helping defenders cut through the noise and focus on the threats that matter. GreyNoise's latest research shows attackers are exploiting vulnerabilities within hours of disclosure, with a significant portion of attacks targeting legacy flaws from years past. Their data-driven insights are empowering security teams to prioritize patching and response based on what's actually being exploited in the wild, not just theoretical risk. We're also spotlighting Censys and its tools for tracking botnets and advanced threats, including collaborative projects with GreyNoise and CursorAI. Their automated infrastructure mapping and pivoting capabilities are helping researchers quickly identify related malicious hosts and uncover the infrastructure behind large-scale attacks. Finally, VulnCheck continues to bridge the gap during the CVE program's uncertainty, offering autonomous enrichment, real-time exploit tracking, and comprehensive coverage—including for CVEs that NVD has deprioritized. Their Known Exploited Vulnerabilities catalog and enhanced NVD++ service are giving defenders a broader, faster view of the threat landscape, often surfacing critical exploitation activity weeks before it's reflected in official government feeds. As the vulnerability management ecosystem splinters and evolves, organizations are being forced to rethink their strategies—embracing a mix of regional, open-source, and commercial intelligence to maintain visibility and stay ahead of attackers. The days of relying on a single source of truth for vulnerability data are over, and the future is all about agility, automation, and real-time insight. Storm Watch Homepage >> Learn more about GreyNoise >>
The internet is evolving, but so are the threats that come with it. The latest Bad Bot Report from Imperva, a Thales company, reveals a staggering statistic: nearly 50% of internet traffic now comes from non-human sources, with bad bots making up almost one-third of all online activity. These bots are no longer just simple scripts running in the background; they have become more advanced, leveraging AI to mimic human behavior and evade traditional detection methods. The consequences? A surge in transaction fraud, web scraping, data harvesting, and account takeovers, affecting industries across the board. In this episode, I'm joined by Lynn Marks, Senior Product Manager at Imperva, who returns to the podcast to break down the key findings of the 2024 Bad Bot Report. We explore how bot activity is evolving, why businesses need to rethink their approach to security, and what proactive steps can be taken to mitigate these threats. Lynn explains how attackers are shifting their focus from technical vulnerabilities to exploiting business logic, making it increasingly difficult for companies to detect and prevent malicious activity. We also discuss the growing security challenges surrounding APIs, which have become prime targets for cybercriminals. With half of all account takeover attacks now targeting APIs directly, organizations need better visibility and stronger protections in place to defend against automated threats. Lynn shares insights on why industries like gaming and travel are seeing disproportionate bot activity and how businesses can better secure their platforms. As AI legislation gains momentum worldwide, the conversation around bot management is becoming increasingly complex. How can companies stay ahead of evolving threats while ensuring compliance with emerging regulations? What lessons can be learned from past security failures? And more importantly, how can organizations take a proactive stance in the fight against automated cyber threats? Tune in for an eye-opening conversation that sheds light on the hidden dangers lurking beneath internet traffic and learn how to better protect your business from the growing wave of automated attacks.
In this episode, we speak with Marc Gaffan, a three-time startup operator, investor, and current CEO of Ionix, which just raised a $42M Series A. Marc has spent the past two decades in cybersecurity. In 2008, he co-founded Incapsula, later acquired by Imperva, and since then, he's led, invested in, and mentored multiple cyber startups. But if there's one thing he's learned? No two startup rodeos are the same. “Every startup has its own dynamics, its own challenges. There's no playbook. You can't ask ChatGPT to write the recipe for doing a startup. When they do that, then I think we'll be done.” In this conversation, we dive into what it really takes to build, lead, and survive in the startup world: The startup rollercoaster never stops - but you get better at holding on. Marc explains that experience doesn't mean things get easier. "It's not that you come up with better answers to problems, but you recognize the common themes. You know it won't be a smooth sail, and over time, it doesn't shake you as much as it used to.” Mental and decision-making resilience - the two muscles every founder needs. It's one thing to push through a tough moment. It's another to do it over and over again without burning out. “How do you keep your mental resilience going? It's a tough roller coaster.” The harsh reality of being an investor vs. an operator. We talk about the limits of investor influence - and why control ultimately belongs to those in the trenches. “The only thing a board can really do operationally is fire the CEO. If you really want to have an impact, you can't be on the sidelines. You have to be in the field.” Why fixing weaknesses is a waste of time - and how to leverage strengths instead. Too many people spend their careers trying to be something they're not. Marc argues for a different approach: “If you're not gifted at math, forcing yourself to be really good at it won't work. Instead, invest heavily in what you are good at. That's where you'll find fulfillment and confidence.” The importance of celebrating wins - even when the work isn't done. It's easy to focus on the unfinished 15%. The problems. The gaps. The “not there yet.” But Marc reminds us: “You need to stop and appreciate how far you've come. Your gut instinct sharpens over time - not because of luck, but because experience refines it.” The innocent bliss of starting something new. “As a CEO, you don't really know what you're getting into. And in some ways, that's good. If you truly understood the odds, you might never take the leap. But the journey matters. And who you take it with matters even more.” Marc has built companies. He's struggled. He's succeeded. He's learned. And now, he's here to share his perspective. If you've ever tried to build something from the ground up - this episode is for you.
Shlomo Kramer, CEO and co-founder of Cato Networks is a rare bird in the cybersecurity industry, having built three unicorns in his career. For many in the cybersecurity industry, Sholmo needs no introduction. One of the early pioneers in Israel's cybersecurity startup ecosystem, what makes Shlomo remarkable is his ability to repeatedly build category-defining companies. He first co-founded Check Point, which pioneered the firewall category and today commands a $20 billion market cap. Then, seeing the shift to the cloud, he launched Imperva, focusing on web application security (WAF). That was his second IPO. Now with Cato Networks, he's created an entirely new category called SASE – Secure Access Service Edge – and Cato has already reached over $200 million in annual recurring revenue.But Shlomo isn't just a builder – he's also a remarkably successful investor with an eye for transformative companies. His portfolio includes Trusteer, which IBM acquired for $1 billion, and Palo Alto Networks, in which he wrote the first angel check and sat on its board - a company now valued well over $100 billion dollars.In this episode, we get inside the mind of the only entrepreneur we know who's on track to potentially take his third cybersecurity company public. Many founders are satisfied with one IPO, some rarely go to two and Shlomo is on track for his third IPO - a hat trick if he pulls it off. In the cybersecurity hall of fame, very few could equal what Shlomo has accomplished.We discuss building cybersecurity companies, the evolution of the security market over the past three decades, why founders should focus on their customers instead of competitors, how building startups has changed from when Shlomo started Check Point, and many other aspects of the founder's journey.
What does 2025 have in store for us? If it is anything like 2024, it will be interesting times indeed. In this episode, host Steve Prentice has a virtual fireside chat with David Holmes, CTO for Application Security, Imperva, a Thales company. The two of them chat about Salt Typhoon, ransomware, AI as a threat surface, quantum computing, the software supply chain, the importance of having a breach coach, and why there are so few young people in cybersecurity. It's a can't miss summary of the year just past, and a peek into what lies ahead.
In an era of unprecedented digital connectivity and data growth, securing sensitive information has never been more critical. With increasing threats and advancements in technology, how can businesses stay ahead of the curve? From the rise of AI-driven threats to the growing importance of zero-trust architectures, what should organisations be aware of to safeguard their data and infrastructure in an ever-changing digital world? Terry Ray, Senior Vice President and Fellow at Imperva, shares his predictions for data security in 2025 and critical trends shaping the future of cybersecurity.See omnystudio.com/listener for privacy information.
In this latest episode of the Imperva Brand Story on ITSP Magazine, Sean Martin and Marco Ciappelli sit down with Terry Ray, CTO for Data Security at Imperva. Together, they discuss the pressing challenges and transformative innovations shaping the future of safeguarding information.Unpacking Data Security Posture ManagementTerry Ray introduces Data Security Posture Management (DSPM), comparing it to inspecting a home—where identifying vulnerabilities is just as important as fixing them. He emphasizes that data security requires constant vigilance, urging organizations to develop a deep understanding of their infrastructure while staying agile against emerging threats.Moving Beyond Compliance to Real SecurityThe conversation highlights the often-misunderstood relationship between compliance and genuine security. While meeting regulatory requirements is necessary, Terry argues that true data protection requires a broader, risk-based approach, addressing vulnerabilities in both regulated and non-regulated systems to prepare for audits and unforeseen breaches.The Power of Automation and Machine LearningTerry underscores Imperva's dedication to leveraging advanced automation, AI, and machine learning technologies to process vast data sets and detect threats proactively. By adopting innovative strategies, companies can transition from reactive to proactive measures in protecting their digital ecosystems.Fostering Collaboration and Security AwarenessA standout point from the discussion is the importance of collaboration across organizational roles—from compliance officers to database managers and security teams. By fostering a culture of continuous learning and teamwork, businesses can better allocate resources and adapt to evolving security priorities.Embracing Security's Ever-Changing NatureThe conversation concludes with a powerful reflection on the unpredictable nature of cybersecurity. As new threats and technologies emerge, organizations must remain adaptable, forward-thinking, and prepared for the unexpected to stay ahead in an ever-changing security landscape.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow [@Imperva]On Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this latest episode of the Imperva Brand Story on ITSP Magazine, Sean Martin and Marco Ciappelli sit down with Terry Ray, CTO for Data Security at Imperva. Together, they discuss the pressing challenges and transformative innovations shaping the future of safeguarding information.Unpacking Data Security Posture ManagementTerry Ray introduces Data Security Posture Management (DSPM), comparing it to inspecting a home—where identifying vulnerabilities is just as important as fixing them. He emphasizes that data security requires constant vigilance, urging organizations to develop a deep understanding of their infrastructure while staying agile against emerging threats.Moving Beyond Compliance to Real SecurityThe conversation highlights the often-misunderstood relationship between compliance and genuine security. While meeting regulatory requirements is necessary, Terry argues that true data protection requires a broader, risk-based approach, addressing vulnerabilities in both regulated and non-regulated systems to prepare for audits and unforeseen breaches.The Power of Automation and Machine LearningTerry underscores Imperva's dedication to leveraging advanced automation, AI, and machine learning technologies to process vast data sets and detect threats proactively. By adopting innovative strategies, companies can transition from reactive to proactive measures in protecting their digital ecosystems.Fostering Collaboration and Security AwarenessA standout point from the discussion is the importance of collaboration across organizational roles—from compliance officers to database managers and security teams. By fostering a culture of continuous learning and teamwork, businesses can better allocate resources and adapt to evolving security priorities.Embracing Security's Ever-Changing NatureThe conversation concludes with a powerful reflection on the unpredictable nature of cybersecurity. As new threats and technologies emerge, organizations must remain adaptable, forward-thinking, and prepared for the unexpected to stay ahead in an ever-changing security landscape.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow [@Imperva]On Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
With cybercrime damages estimated to cost the world $15-20 trillion by 2028—none of us are safe from its impact. The Godfather of Israeli Cybersecurity, Shlomo Kramer - CEO of Cato Networks, joins us for this episode of The Reboot Chronicles to unpack why the next generation of cyber security will be SASE technology. Shlomo was a seed investor and board member of industry giant Palo Alto Networks, writing their first investment check. He co-founded both Check Point and Imperva, taking both companies public—and has raised $771 million at Cato, which was last valued at over $3 billion. Speaking of going public, Cato has been on a growth tear, recently doubling revenues with a massive ecosystem of thousands of enterprise clients and partners who they protect. Listen in to this riveting episode about the cyber wars that are attacking our organizations, governments, and families, how to make our digital experience safer, and whether there should be a Geneva Convention for cyber-attacks.
Cato Networks, a Data Solutions partner, is the leading Secure Access Service Edge provider in the world, having pioneered the cloud-native architecture which is improving online speeds and security while moving away from a reliance on data centres. The company recently announced that it had surpassed $200 million in ARR —doubling ARR in under two years. This means they are the fastest company to reach this milestone since LinkedIn. Cato Networks recently attended a Data Solutions event in Dublin and I spoke to Kanwar Loyal, Cato Networks VP N Europe & EMEA. Kanwar talks about his background, what Cato does, smart policies, remote working and more. More about Kanwar Loyal: Kanwar Loyal is Vice President for Cato Networks Northern Europe and Middle East & Africa (MEA) regions. Kanwar joined Cato from CrowdStrike, where he spent the past six years in various customer-facing leadership roles. Kanwar has over two decades of experience in the technology sector. In addition to CrowdStrike, he also held key positions at cyber companies Imperva, and Fortinet where he led high-performing sales teams.
As bot activity is impacting consumer trends, it is important for brands to be agile with technology. Welcome to today's episode where we're diving into the challenges and opportunities presented by the rise of bot activity in several key industries with Nanhi Singh, Chief Customer Officer at Thales. We'll explore the implications of the 2024 Imperva Bad Bot Report and discuss strategies for staying agile amidst these changes. Nanhi Singh is responsible for application security products and all functions that enhance customer experience and value for Imperva customers. This includes customer support, consulting, training, customer success, managed services, and renewal sales. Prior, she was SVP, Customer Retention and Renewals at Symantec. Nanhi's career spans more than decades in cybersecurity and technology, always leading customer-facing functions. Nanhi also serves on the Board of Directors of Franchise Group and serves as a member of the Audit Committee on that Board. She serves on the Board of Directors of Peninsula Open Space Trust (POST), a nonprofit public benefit corporation. She is passionate about | supporting women and minorities in the Technology industry and was previously a mentor in the Tech Women program. RESOURCES Thales website: https://www.thales Imperva 2024 Bad Bot Report: https://www.imperva.com/resources/resource-library/reports/2024-bad-bot-report/ Attend the Mid-Atlantic MarCom Summit, the region's largest marketing communications conference. Register with the code "Agile" and get 15% off. Register now for HumanX 2025. This AI-focused event which brings some of the most forward-thinking minds in technology together. Register now with the code "HX25p_tab" for $250 off the regular price. Connect with Greg on LinkedIn: https://www.linkedin.com/in/gregkihlstrom Don't miss a thing: get the latest episodes, sign up for our newsletter and more: https://www.theagilebrand.show Check out The Agile Brand Guide website with articles, insights, and Martechipedia, the wiki for marketing technology: https://www.agilebrandguide.com The Agile Brand podcast is brought to you by TEKsystems. Learn more here: https://www.teksystems.com/versionnextnow The Agile Brand is produced by Missing Link—a Latina-owned strategy-driven, creatively fueled production co-op. From ideation to creation, they craft human connections through intelligent, engaging and informative content. https://www.missinglink.company Learn more about your ad choices. Visit megaphone.fm/adchoices
In this Brand Story episode, hosts Sean Martin and Marco Ciappelli welcome Lebin Cheng from Imperva to discuss the ever-important topic of API security. As the head of the API security team at Imperva, Lebin Cheng offers a nuanced view into the challenges and solutions involved in protecting sensitive data facilitated by APIs. A central theme of the discussion revolves around API security's complexity due to APIs' role in digital transformation, cloud migration, and data integration. APIs act as a gateway for data interaction and integration, offering flexibility but also introducing significant security risks.Cheng underscores that as APIs provide open access to critical data, they become prime targets for sophisticated cyber threats. These threats exploit vulnerabilities in API deployments, making robust security measures indispensable. Cheng highlights the importance of securing APIs not as a one-time effort but as an ongoing process. He discusses how Imperva employs real-time monitoring and behavioral analysis to enhance API security. By establishing a baseline of what constitutes normal behavior, Imperva can quickly detect and respond to anomalies. This approach goes beyond traditional, static security measures, which often fall short against dynamic threats that evolve alongside technology.Additionally, the conversation touches on the notion of 'security by design.' Cheng advocates for integrating security considerations from the earliest stages of API development. This results in more resilient applications capable of withstanding sophisticated attacks. The discussion also notes the growing trend of DevSecOps, which emphasizes the collaboration between development, security, and operations teams to embed security throughout the software development lifecycle. Real-world applications of these principles are evident in various sectors, including open banking.Cheng explains how open banking initiatives, which allow smaller financial institutions to access larger banks' data via APIs, highlight the necessity of strong API security. A breached API could expose sensitive financial data, leading to significant financial and reputational damage. The hosts and Cheng also explore how Imperva's innovation in API security involves leveraging artificial intelligence and machine learning. These technologies help in identifying and mitigating potential risks by analyzing vast amounts of data to detect unusual patterns that might indicate a security threat.In closing, Cheng emphasizes the importance of continuous innovation and vigilance in the field of API security. He invites organizations to adopt a proactive stance, continuously updating their security measures to protect their data assets effectively. This episode serves as a compelling reminder of the critical role API security plays in today's interconnected digital world.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Lebin Cheng, VP, API Security, Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/lebin/ResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story episode, hosts Sean Martin and Marco Ciappelli welcome Lebin Cheng from Imperva to discuss the ever-important topic of API security. As the head of the API security team at Imperva, Lebin Cheng offers a nuanced view into the challenges and solutions involved in protecting sensitive data facilitated by APIs. A central theme of the discussion revolves around API security's complexity due to APIs' role in digital transformation, cloud migration, and data integration. APIs act as a gateway for data interaction and integration, offering flexibility but also introducing significant security risks.Cheng underscores that as APIs provide open access to critical data, they become prime targets for sophisticated cyber threats. These threats exploit vulnerabilities in API deployments, making robust security measures indispensable. Cheng highlights the importance of securing APIs not as a one-time effort but as an ongoing process. He discusses how Imperva employs real-time monitoring and behavioral analysis to enhance API security. By establishing a baseline of what constitutes normal behavior, Imperva can quickly detect and respond to anomalies. This approach goes beyond traditional, static security measures, which often fall short against dynamic threats that evolve alongside technology.Additionally, the conversation touches on the notion of 'security by design.' Cheng advocates for integrating security considerations from the earliest stages of API development. This results in more resilient applications capable of withstanding sophisticated attacks. The discussion also notes the growing trend of DevSecOps, which emphasizes the collaboration between development, security, and operations teams to embed security throughout the software development lifecycle. Real-world applications of these principles are evident in various sectors, including open banking.Cheng explains how open banking initiatives, which allow smaller financial institutions to access larger banks' data via APIs, highlight the necessity of strong API security. A breached API could expose sensitive financial data, leading to significant financial and reputational damage. The hosts and Cheng also explore how Imperva's innovation in API security involves leveraging artificial intelligence and machine learning. These technologies help in identifying and mitigating potential risks by analyzing vast amounts of data to detect unusual patterns that might indicate a security threat.In closing, Cheng emphasizes the importance of continuous innovation and vigilance in the field of API security. He invites organizations to adopt a proactive stance, continuously updating their security measures to protect their data assets effectively. This episode serves as a compelling reminder of the critical role API security plays in today's interconnected digital world.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Lebin Cheng, VP, API Security, Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/lebin/ResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational damage. In this discussion, David Holmes offers insights into the latest trends in API and bot attacks and provides strategies to defend against these threats. Segment Resources: The Economic Impact of API and Bot Attacks: https://www.imperva.com/resources/resource-library/reports/the-economic-impact-of-api-and-bot-attacks/ The True Cost of API Insecurity and Bot Attacks in 2024: https://www.imperva.com/resources/resource-library/webinars/the-true-cost-of-api-insecurity-and-bot-attacks-in-2024/ This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! In the news, fuzzing network traffic in OpenWRT, parsing problems lead to GitLab auth bypass, more fuzzing finds vulns in a JPEG parser, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-300
APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational damage. In this discussion, David Holmes offers insights into the latest trends in API and bot attacks and provides strategies to defend against these threats. Segment Resources: The Economic Impact of API and Bot Attacks: https://www.imperva.com/resources/resource-library/reports/the-economic-impact-of-api-and-bot-attacks/ The True Cost of API Insecurity and Bot Attacks in 2024: https://www.imperva.com/resources/resource-library/webinars/the-true-cost-of-api-insecurity-and-bot-attacks-in-2024/ This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/asw-300
APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational damage. In this discussion, David Holmes offers insights into the latest trends in API and bot attacks and provides strategies to defend against these threats. Segment Resources: The Economic Impact of API and Bot Attacks: https://www.imperva.com/resources/resource-library/reports/the-economic-impact-of-api-and-bot-attacks/ The True Cost of API Insecurity and Bot Attacks in 2024: https://www.imperva.com/resources/resource-library/webinars/the-true-cost-of-api-insecurity-and-bot-attacks-in-2024/ This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! In the news, fuzzing network traffic in OpenWRT, parsing problems lead to GitLab auth bypass, more fuzzing finds vulns in a JPEG parser, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-300
APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational damage. In this discussion, David Holmes offers insights into the latest trends in API and bot attacks and provides strategies to defend against these threats. Segment Resources: The Economic Impact of API and Bot Attacks: https://www.imperva.com/resources/resource-library/reports/the-economic-impact-of-api-and-bot-attacks/ The True Cost of API Insecurity and Bot Attacks in 2024: https://www.imperva.com/resources/resource-library/webinars/the-true-cost-of-api-insecurity-and-bot-attacks-in-2024/ This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/asw-300
How prepared is your organization to tackle the growing threat of client-side attacks? In this episode of the Tech Talks Daily Podcast, I sit down with Lynn Marks, Senior Product Director at Imperva, a Thales company, to discuss the rise of Magecart attacks and the implications of the newly updated PCI DSS 4.0 standards. Client-side attacks, like Magecart, have been a looming threat since 2015, gaining significant traction as digital transformation accelerated during the global pandemic. As more businesses moved their operations online, the landscape for these attacks became increasingly fertile, putting sensitive customer data at risk. With the recent release of PCI DSS 4.0, the stakes have never been higher for organizations processing payments online. Lynn dives into the specifics of how these attacks operate, targeting vulnerable JavaScript to steal data directly from users, often without detection. We explore the key updates in PCI DSS 4.0, particularly the new requirements that demand businesses inventory, authorize, and monitor client-side scripts more rigorously. Lynn shares practical insights on how companies can navigate these requirements, mitigate risks, and enhance cross-team communication to protect against these sophisticated threats. What strategies should your business adopt to stay ahead of client-side attackers, and how can you ensure compliance with the evolving security standards? Tune in to this episode for an in-depth conversation on safeguarding your online transactions and staying resilient in the face of emerging cyber threats. After listening, I'd love to hear your thoughts—how is your organization adapting to the new PCI DSS 4.0 requirements?
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies: CSOs/CISOs for their focus on security CTOs for their focus on innovation CIOs for their focus on operational efficiency Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results. Segment Resources: www.okta.com/resources/whitepaper-ai-at-work-report/ www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-354
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies: CSOs/CISOs for their focus on security CTOs for their focus on innovation CIOs for their focus on operational efficiency Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results. Segment Resources: www.okta.com/resources/whitepaper-ai-at-work-report/ www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-354
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/bsw-354
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/bsw-354
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust. Segment Resources: https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 https://www.cisa.gov/securebydesign/pledge https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers https://blog.tidelift.com/paying-maintainers-the-howto Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-287
Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/asw-287
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust. Segment Resources: https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 https://www.cisa.gov/securebydesign/pledge https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers https://blog.tidelift.com/paying-maintainers-the-howto Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-287
Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/asw-287
Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization. This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them! While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/vault-bsw-9
Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization. This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them! While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/vault-bsw-10
Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization. This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them! While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/vault-bsw-10
In the buzzing atmosphere of the RSA conference in San Francisco, key players in the cybersecurity industry gathered to discuss the evolving landscape of technology and data security. Among them was Nanhi Singh, the General Manager for the application security business of Imperva, who shared insights on how organizations are redefining cybersecurity to achieve better business outcomes.Embracing Technology for Business SuccessThe theme of this year's conference, "The Art of Possible," resonated with Nahnhi Singh as she highlighted the shifting perspectives of executives and organizations towards leveraging technology and cybersecurity to drive business growth. In a conversation with Sean Martin, host of the Redefining Cybersecurity podcast on ITSP magazine, Nanhi discussed the critical role of CIOs and CISOs in not only securing digital experiences but also enabling business innovations.Navigating the Complexities of Application EnvironmentsAs organizations embark on their digital transformation journeys, the complexities of modern application environments come to the forefront. Nanhi emphasized the prevalence of APIs in connecting various systems and the challenges of securing these connections amidst cloud migrations and hybrid infrastructures. Imperva's API security solutions were highlighted as essential tools in providing visibility and protection against potential threats.Addressing Concerns of API-Driven AttacksThe conversation delved into the rising concern of API-driven attacks, with Nanhi underscoring the importance of identifying and mitigating threats posed by advanced bots targeting organizations across different industries. By leveraging Imperva's advanced bot protection solutions and a comprehensive security portfolio, organizations can fortify their defenses against evolving cyber threats.Empowering Organizations with Comprehensive Security SolutionsWith the recent acquisition of Imperva by Thales, Nanhi Singh showcased the combined strength of their security offerings, encompassing application security, API security, advanced bot protection, data security, encryption, key management, and identity and access management solutions. This holistic approach enables organizations to protect their data and applications across diverse environments and technologies.Driving Operational Efficiency and FocusIn a landscape where security teams are stretched thin and faced with cost constraints, Imperva's solutions aim to enhance operational efficiency and empower teams to concentrate on strategic security initiatives. By automating security controls and collaborating closely with customers to mitigate threats, Imperva ensures that organizations can operate securely and effectively in a rapidly evolving digital ecosystem.Securing Applications AnywhereAs applications are deployed across multiple cloud providers and environments, the need to secure them anywhere becomes paramount. Imperva's commitment to safeguarding applications and APIs regardless of their deployment location reinforces the idea that security should be intrinsic to every aspect of an organization's digital infrastructure.ConclusionThe engaging dialogue between Nanhi Singh and Sean Martin offered valuable insights into the current cybersecurity landscape and the imperative for organizations to adapt proactively to emerging threats. By embracing the art of what is possible in cybersecurity, businesses can not only safeguard their digital assets but also unlock new opportunities for growth and innovation. Imperva's comprehensive security solutions stand as a beacon of trust and efficacy in an ever-evolving cybersecurity landscape.Stay tuned for more insightful conversations and updates from Imperva at the RSA Conference, and continue following our coverage to stay abreast of the latest trends and developments in cybersecurity.Thank you for joining us in this exploration of cybersecurity and business resilience.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Nanhi Singh, Chief Customer Officer and GM Application Security at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/nanhi-singh-aa51371On Twitter | https://twitter.com/NanhiSingh14ResourcesLearn more and catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The world of cybersecurity never ceases to amaze with its intricacies and challenges. One of the ongoing battles that organizations face is the constant threat posed by bad bots infiltrating the digital landscape. In a recent interview with Sean Martin and Erez Hasson from Imperva, key insights from the 11th edition of the Bad Bot Report were unveiled, shedding light on the evolving nature of automated traffic and the impact it has on various industries.Unraveling the Bad Bot LandscapeThe conversation kicks off with Sean Martin introducing the topic of bad bots and the significance of Imperva's Bad Bot Report in providing insights into the world of automated traffic. Erez Hasson, a senior product marketing manager at Imperva, dives into the details of the 11th edition report, which is based on a staggering 6 trillion blocked bad bot requests processed by the Imperva network over the past year.Delving into Key StatisticsErez Hasson elaborates on the critical statistics highlighted in the report, such as the percentage breakdown of automated traffic into bad bots and good bots. The report categorizes bad bots based on their sophistication levels, ranging from simple to advanced (evasive), emphasizing the need for robust bot management strategies to combat sophisticated attacks.Industry Insights and Use CasesThe conversation shifts towards exploring the impact of bad bots across different industries, with a focus on sectors such as Law, Government, Travel, Airlines, Retail, and Financial Services. Erez emphasizes the need for organizations to understand the sophistication level of bot attacks targeting their industry to effectively mitigate risks and safeguard their digital assets.Transforming Data into ActionSean Martin underscores the importance of translating the insights from the Bad Bot Report into actionable strategies for organizations. By leveraging the educational content provided in the report, companies can enhance their understanding of bot-related challenges and tailor their security programs to address potential threats effectively.AI's Role in Bot EvolutionThe discussion moves into the intersection of artificial intelligence (AI) and bot activity, highlighting the increased use of AI-driven attacks, including credential stuffing attacks orchestrated through AI algorithms. The evolving landscape of automated traffic poses challenges for organizations, necessitating a proactive approach to mitigate risks associated with bot-driven activities.Safeguarding Against Bot AbuseThe conversation touches upon the misuse of bots targeting AI interfaces, leading to increased operational costs for organizations. Additionally, the resurgence of debates around the legality of web scraping underscores the complex nature of combating bot-related activities and protecting proprietary content from illicit scraping practices.ConclusionAs the conversation draws to a close, a call to action is extended to readers to delve into the insights provided by Imperva's Bad Bot Report and equip themselves with the knowledge needed to combat bot threats effectively. The collaboration between security teams, leadership, and practitioners is essential in implementing robust bot management strategies to safeguard against evolving cyber threats.By understanding bad bots and automated traffic, organizations can bolster their cybersecurity defenses and stay ahead of malicious actors looking to exploit digital vulnerabilities. The insights shared in Imperva's 11th edition report serve as the base of awareness, guiding organizations towards a more secure digital future.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Erez Hasson, Product Marketing Manager at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/erezh/ResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Hosts Sean Martin and Marco Ciappelli delve into the complexities of business logic attacks, with a particular focus on vulnerabilities within APIs. They engage with Luke Babarinde, Global Solutions Architect at Imperva, in a detailed conversation about how cybersecurity threats have evolved in tandem with business processes, tapping into Sean Martin's introduction of the novel concept of a "Workflow Bill of Materials," underlining the necessity of comprehending each step within complex business tasks to defend against potential misuse and abuse.The discussion explores the mechanisms through which attackers leverage business logic for sophisticated, hard-to-detect attacks that pose significant risks to organizations. Through examples, Babarinde illustrates how automated bots and malicious actors can inflict substantial financial damage by exploiting publicly accessible services, highlighting the paramount importance of identifying and counteracting these threats. Moreover, the episode addresses the impact of artificial intelligence and machine learning in enhancing cybersecurity defenses while also expanding attackers' arsenals. The conversation reflects on the dual effects of these technologies, especially concerning API usage, which now dominates a considerable volume of internet traffic and is integral to digital services.Babarinde also emphasizes the crucial role of human interaction in cybersecurity, advocating for substantive dialogue between security experts and business leaders to align on strategies and comprehend the motivations behind attacks. This human-centered approach, augmented by the technological solutions offered by entities like Imperva, is portrayed as the foundation of effective cybersecurity strategies amid continuously evolving threats.Overall, the episode offers an exhaustive overview of both the challenges and strategies associated with business logic attacks, promoting a collaborative and informed stance on cybersecurity in the face of progressing threats.Top Questions Addressed:What are business logic attacks and why are they important to understand?How do artificial intelligence and machine learning impact cybersecurity strategies?Why is collaboration between security experts and business leaders crucial in combating cyber threats? Note: This story contains promotional content. Learn more. Guest: Luke Babarinde, Global Solution Architect at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lbabs/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Report: The State of API Security in 2024: https://itspm.ag/imperv7szgWhat is business logic?Rise in API Usage and Attacks Putting Businesses at Risk in 2024Protect applications from business logic abuseCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they're a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps organizations can take to protect their APIs. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-276
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they're a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps organizations can take to protect their APIs. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/asw-276
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they're a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps organizations can take to protect their APIs. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-276
Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.The conversation begins with a key question: What is client-side protection?Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,' where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva's Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva's Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.Top Questions AddressedWhat is client-side protection?How can an organization protect itself against client-side attacks?What is the role of Imperva's Client Side Protection product in combating client-side security threats? Note: This story contains promotional content. Learn more.Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lynnmarks1/Blog | https://thenewstack.io/author/lynn-marks/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttqCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The current state of cybersecurity and the looming threats warrant serious attention. In this Brand Story episode of "Reflections from 2023", Nadav Avital, Head of Threat Research at Imperva, sheds intriguing light on this cyber landscape.Avital outlines prominent threats of 2023, highlighting the prevalence of distinct attacks such as supply chain and distributed denial of service attacks, and business logic attacks. He emphasizes that, to navigate the evolving threat landscape effectively, it is vital to look backward to look forward.Cyberattacks have presented consequential impacts on organizations, from monetary losses to operational disruption, and even reputational damage. For instance, Avital mentions how ransomware attacks and denial of service attacks have left businesses grappling with restoring systems, ransom payments and downtime, citing examples from real-life scenarios drawn from his observations.Imperva's Threat Research team takes on the monumental task of monitoring, analyzing, and protecting against these cyber threats. They utilize open-source intelligence, deep web resources and data from deployed sensors and customer networks. This multifaceted intelligence gets productized and integrated into Imperva's solutions, ensuring customers can focus on their businesses rather than worrying about cyber threats.However, the battle against cyber threats extends beyond just protective measures. Raising awareness through communication plays a crucial role in helping the broader business and cybersecurity community understand and tackle these threats. The sharing of research findings through various channels such as blogs, newsletters and reports, helps impart invaluable knowledge, equipping readers with the necessary context and understanding of the evolving threat landscape.Imperva's forward-thinking approach in harnessing different intelligence resources to create protective solutions demonstrates their unrivaled expertise in the realm of cybersecurity. As Avital pointed out, it's not solely about using advanced techniques for quality attacks but also about creatively using existing ones.As cyber threats continue to evolve, it's paramount for organizations and cybersecurity professionals to stay abreast of these trends. Resources and research made available by teams like Imperva's Threat Research serve as a goldmine of intelligence information commanding our attention. Make cybersecurity a priority, leverage resources at your disposal and stay a step ahead of threats. Connect with the Imperva Threat Research team and be part of their mission to secure cyberspace. Imperva's journey into innovations and solutions is one worth following and learning from as we continue moving forward in this cyber landscape. Note: This story contains promotional content. Learn more.Guest: Nadav Avital, Head of Threat Research at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/nadav-avital-a508244/On YouTube | https://www.youtube.com/channel/UCH5blYEvvzUcWD7ApRVP9YgResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Threat Research: https://www.imperva.com/cyber-threat-index/threat-research/Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Guest: Kate Barecchia, Vice President Deputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/____________________________Hosts: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesWelcome to the Redefining Society podcast's post-event coverage of CES 2024. In this episode, host Marco Ciappelli reflects on the exciting conversations and insights from the world's largest consumer technology event, even though he couldn't attend in person. Fortunately, he had the opportunity to speak with several attendees who shared their experiences of exploring the latest technological advancements at the event.One of the notable conversations Marco had was with Kate Barecchia, Vice President, Deputy General Counsel, and Global Data Privacy Officer at Imperva. They discussed the evolving landscape of technology and its impact on our daily lives, both in terms of cybersecurity and data privacy.Kate highlighted the importance of safeguarding our privacy, not just in corporate environments but also as homeowners and individuals using wearable technology. They delved into the challenges and concerns surrounding data privacy regulations, such as the differences between the European Union's GDPR and regulations in other parts of the world, like the United States. They also examined the potential for privacy laws to be driven by market forces and discussed the need for individuals to be more aware of the privacy implications of smart home technology and wearables.The conversation then shifted to the CES event itself, where Kate presented on the topic of safeguarding one's sanctuary, focusing on hidden privacy risks in our homes. They explored the trade-offs between privacy and convenience, such as the use of home security systems and the sharing of personal data with law enforcement and other third parties. They also touched on the idea of consumers being compensated for their data and the need for clearer default settings and opt-in practices.The discussion concluded with an exploration of the future of technology, including the potential impact of robotics and AI assistants in our daily lives. Trust emerged as a key factor in embracing new technologies, with the importance of choosing brands and companies aligned with personal values.Overall, this post-event coverage provides a comprehensive overview of the key insights shared during CES 2024, shedding light on the evolving role of technology and the importance of data privacy in our rapidly changing world.ENJOY it, share, and subscribe to Redefining Society Podcast.____________________________Catch all of our CES 2024 event coverage: https://www.itspmagazine.com/ces-2024-las-vegas-usa-event-coverageWatch this and other videos on ITSPmagazine's YouTube ChannelCES 2024 Las Vegas playlist:
In this Imperva Brand Story episode with CTO and CISO, Kunal Anand, Sean Martin and Marco Ciappelli explore the sometime-mysterious workings of AI, its role in cybersecurity, and the need for businesses to adapt to this AI-driven paradigm. Together, they examine the unpredictable nature of AI, highlighting how even the brightest minds struggle to fully comprehend why and how these models function.The discussion also explores the concept of adversarial AI, painting a picture of a future where AI plays a significant role in both cyber attacks and defense strategies. Throughout the conversation, the hosts touch on the economic implications of AI, underscoring the substantial costs associated with running experiments and training large models. They suggest that the companies capable of leveraging AI will be the ones to lead the market, while those that fail to adapt may find themselves outpaced and outmaneuvered.The future of AI is also a key topic in this episode, with the hosts predicting a shift towards bespoke models that businesses can run in their own environments. They introduce listeners to the concepts of Grounded LM and RAG, hinting at their potential to revolutionize the use of AI in cybersecurity.This episode of ITSPmagazine provides listeners with a thought-provoking exploration of AI's role in cybersecurity that you simply can't miss. The discussion illuminates the potential for continued innovation, emphasizing the necessity for businesses to adapt to an increasingly AI-driven landscape.Note: This story contains promotional content. Learn more.Guest: Kunal Anand, CTO and CISO at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/kunalanand/On Twitter | https://twitter.com/kaResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Guest: Shlomo Kramer, founder and CEO of Cato NetworksShlomo Kramer has founded three companies to date — Check Point, Imperva, and most recently Cato Networks — and taken the first two public, with plans to do the same with Cato. By any measure, he is a successful entrepreneur, but he defines “success” as “a burden you need to shake off every day.” And the easiest way to do that he's found is to keep moving, keep failing, and keep creating. The material wealth he's created, he explains, was never the goal: “It was never about things. It was about ideas and making them real.”In this episode, Shlomo and Joubin discuss the contexts of our actions, the IDF, taking three companies public, ideas vs. things, kibbutzes, Gong, Sumo Logic, serial entrepreneurs, leading by example, consumer cybersecurity, trusting others, Albert Einstein, “making it to the pass before winter,” and Israeli directness.In this episode, we cover: The delta between micro and macro (00:54) Working in wartime Israel (03:18) The burden of persona (06:37) Shlomo's family (13:19) The time between startups (16:30) Self-fulfillment (18:31) “What am I going to do next?” (21:14) Rebelliousness (24:58) Palo Alto Networks (29:42) Loyalty and competition (31:32) Building trust relationships (35:02) “The last one” (37:41) Shaq, Tom Brady, and Carl Eschenbach (42:15) Tough feedback (46:50) Shlomo's friends (48:18) Intellectual honesty (50:14) What Cato does (52:37) Hiring and work culture (55:23) Ignoring startup advice (58:15) Ideation and being present (59:22) Links: Connect with ShlomoLinkedIn Connect with Joubin Twitter LinkedIn Email: grit@kleinerperkins.com Learn more about Kleiner Perkins This episode was edited by Eric Johnson from LightningPod.fm
In this Brand Story episode, hosts Sean Martin and Marco Ciappelli engage in a stimulating dialogue with Nanhi Singh from Imperva. The conversation revolves around the themes of personal growth, career progression, and the importance of curiosity and questioning in personal and professional success.Nanhi shares her unique insights on the significance of self-defined success and the dangers of letting others dictate your measures of achievement. She emphasizes that success is a personal journey and should be defined on your own terms.A central theme of the discussion is the myth of needing to know everything in senior roles. Nanhi dispels this myth and stresses that the key to success lies in asking the right questions, not necessarily knowing all the answers. She encourages listeners to maintain a childlike curiosity and to probe deeper into issues to truly understand them. She also discusses the importance of staying true to your core values, even in the face of office politics. She advises listeners to identify their non-negotiable values and to remain steadfast in upholding them.Nanhi shares her own experiences and lessons learned from her career journey. She discusses the joy she finds in seeing her team members grow and advance in their careers. She also talks about the importance of learning from mistakes and the necessity of being willing to reinvent your knowledge in a rapidly changing field like technology and cybersecurity.The conversation also explores the importance of using multiple sources of data for decision-making and the role of curiosity in personal and professional growth. Nanhi shares an interesting anecdote about learning to ski as an adult, illustrating the value of taking risks and having fun in the process. Who knows, there may be a story about Marco and Sean skiing together as well.Overall, this episode offers listeners a rich exploration of career growth, self-defined success, and the power of curiosity and questioning.Note: This story contains promotional content. Learn more.Guest: Nanhi Singh, Chief Customer Officer at ImpervaOn LinkedIn | https://www.linkedin.com/in/nanhi-singh-aa51371On Twitter | https://twitter.com/NanhiSingh14ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story Podcast, hosts Marco Ciappelli and Sean Martin join forces with Ron Bennatan from Imperva to embark on a journey into the world of generative AI. The conversation is a blend of philosophy, technology, and cybersecurity, offering listeners a deep-dive into the complexities and opportunities of AI.The trio explores the accuracy and unpredictability of AI, discussing its ability to handle complex prompts and the unexpected 'hallucinations' it can produce. Bennatan highlights the challenges this poses in a software development lifecycle, emphasizing the non-deterministic nature of AI outputs and the difficulties this poses for automated testing.The conversation also delves into the scalability of AI, discussing the potential for automation at scale despite perceived slowness. Bennatan provides an interesting perspective on AI's tendency to never repeat the same answer, viewing it as both a source of creativity and a potential issue.Cybersecurity is a key theme in the discussion, with Bennatan acknowledging that AI's ability to mimic human communication could elevate the sophistication of social engineering attacks. He also raises the potential for AI to mimic specific individuals, increasing the risk of impersonation, deep fakes, and insider threats. Despite these risks, Bennatan maintains that AI can be a powerful tool for defense, making cyberattacks more sophisticated but also enhancing defenses.The conversation also gets into a philosophical exploration of the Turing test and AI's potential to fool someone into believing it's human. Bennatan suggests that AI doesn't need to excel at everything at once, but can be highly effective in specific tasks. He also envisions AI improving customer service and operational efficiency by handling complex tasks more efficiently than humans.In this episode, listeners get a taste of the intriguing possibilities, challenges, and ethical considerations that AI presents, making it a must-listen for anyone interested in the intersection of technology, philosophy, and cybersecurity.Note: This story contains promotional content. Learn more.Guest: Ron Bennatan, General Manager, Data Security at ImpervaResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaDriving Innovation and Protecting Growth: The Intricate Relationship Between Information Technology (CTO) and Information Security (CISO) | A Their Story Conversation from RSA Conference 2023 | An Imperva Story with Kunal Anand: https://redefining-cybersecurity.simplecast.com/episodes/driving-innovation-and-protecting-growth-the-intricate-relationship-between-information-technology-cto-and-information-security-ciso-a-their-story-conversation-from-rsa-conference-2023-an-imperva-story-with-kunal-anandAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this compelling episode of Tech Talks Daily, I am joined by Terry Ray, Senior Vice President at Imperva, for a crucial discussion on a frequently overlooked aspect of data security: protecting low-value data. Terry brings a wealth of knowledge and a unique perspective, warning organizations about ignoring what is often perceived as insignificant data. Throughout the episode, Terry emphasizes a critical message: no data should be ignored, regardless of its perceived value. He draws an analogy between data security and home security, illustrating how leaving low-value data unprotected is akin to leaving your front door wide open. This oversight can give cybercriminals a foothold, allowing them to gather insights and eventually target more valuable, sensitive data. The conversation delves into why organizations need to monitor low-risk data as intensely as high-risk data. Terry argues that the goal of data security shouldn't be merely to catch criminals in the act but to identify and thwart their efforts before they can execute their plans. He stresses that even data classified as low risk can be extremely valuable in the wrong hands, necessitating vigilant monitoring and protection akin to other cybersecurity practices. We explore real-world examples where organizations have suffered significant breaches due to insufficient attention to low-value data. These examples highlight the need for comprehensive visibility and knowledge of all data types to detect and respond to breaches effectively. A vital part of the discussion focuses on balancing data accessibility and security. Terry underscores the importance of continuous monitoring and analysis of unusual behavior and implementing robust controls to ensure that data access is both authorized and secure. In a world where data breaches are increasingly common and sophisticated, Terry advises organizations to prioritize data security and close any existing gaps in their security strategies. He also highlights the growing importance of leveraging machine learning and AI in analyzing data and identifying potential risks.
In this Brand Story episode, Sean Martin, along with Gabi Stapel and Erez Hasson from Imperva, explores the complex landscape of retail web and mobile security and the increasing role of AI-enabled bots (both good and bad) in e-commerce and the potential threats they pose.Gabi and Erez highlight how these bots can exploit business logic and application capabilities, leading to new account fraud, account takeover, and price manipulation. They emphasize the importance of layered security and anomaly detection as key strategies to counter these threats.The discussion also explores the need for businesses to differentiate between human and bot traffic. Gabi and Erez point out the potential backlash from legitimate users when bots buy and deplete inventory, and the subsequent impact on customer experience and the company's reputation. They also touch on the importance of monitoring the total value of the cart, as bots tend to purchase single items, resulting in net losses for the retailer.The conversation further delves into the global and local aspects of commerce, including regulatory considerations like PCI DSS. Gabi and Erez discuss the upcoming changes in PCI DSS v4, which requires retailers to focus on managing scripts and changes to payment pages to prevent data breaches.The episode also offers valuable insights for both large-scale and smaller retailers. Gabi and Erez underscore the importance of staying on top of security and vulnerabilities, regardless of the size of the business. They provide practical advice for retailers, such as implementing a waiting room web page or a raffle system for big sales events, and auditing purchases for limited product drops.This episode is a must-listen for anyone involved in e-commerce and cybersecurity, providing a comprehensive understanding of the evolving landscape of cyber threats in the retail industry.Note: This story contains promotional content. Learn more.Guests: Gabi Stapel, Cybersecurity Threat Research Content Manager at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/gabriella-stapel/On Twitter | https://twitter.com/GabiStapelErez Hasson, Product Marketing Manager at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/erezh/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaBlog | Online Retailers: Five Threats Targeting Your Business This Holiday Shopping Season: https://itspm.ag/impervkb2gAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In the rapidly evolving landscape of application security, 2023 brought significant changes with the rise of generative AI tools and an increase in automated threats. In this discussion, Karl Triebes takes a deep dive into the major trends of the past year, examining their impact on the industry and shedding light on what security professionals can anticipate moving forward into 2024. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! CNCF's releases a handbook on fuzzing, OpenSSF and OWASP respond to CISA's Open Source Software Security RFI, 14 years of Go, lessons for today from an internet worm from 35 years ago, and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-263
CISA claims "No credible threats" to yesterday's US elections. Criminals seek to profit from the .ai top level domain. A Singapore resort sustains a cyberattack. A look ahead at holiday cyber threats. A major Chinese cyberespionage effort against Cambodia. The four cyber phases of a hybrid war. Robert M. Lee from Dragos explains how outside forces affect OT and critical infrastructure security. Our guest is Dan Neault of Imperva sharing how organizations are behind the eight-ball when relying upon real-time analytics. Cyber and electronic threats to space systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/214 Selected reading. CISA Sees Smooth Election Day Operations, No ‘Credible' Threats (Meritalk) The rise of .ai: cyber criminals (and Anguilla) look to profit (Netcraft) Singapore's Marina Bay Sands Says It Was Hit in Data Breach (Bloomberg) Marina Bay Sands discloses data breach impacting 665,000 customers (BleepingComputer) Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach (CNA) Report Examines Cyber Threat Trends Facing Retail and Hospitality This Holiday Season (RH-ISAC) Chinese APT Targeting Cambodian Government (Unit 42) Chinese cyberspies have widely penetrated networks of ally Cambodia (Washington Post) Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) Cyber Security of Space Systems ‘Crucial,' As US Space Force Official Notes Recent Attacks (Via Satellite) Learn more about your ad choices. Visit megaphone.fm/adchoices
The majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. This shift makes traditional signature-based defenses insufficient to stop targeted business logic attacks on their own. In this discussion, Karl Triebes shares how flaws in business logic design can leave applications and APIs open to attack and what tools organizations need to effectively mitigate these threats. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! In the news segment, a slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-255
In this week's episode we welcome cybersecurity sales leader Robert Freeman as we talk about sales, revenue growth and leadership in a hypergrowth cybersecurity startup. KEY TAKEAWAYS FROM THIS EPISODE Effective leadership involves uniting and motivating individuals towards a shared goal, understanding their motivations, and fostering good communication and positive culture. Leaders in startup environments need to be resourceful, adaptable, and able to wear multiple hats to navigate challenges and accommodate customer requests. Hiring individuals with startup experience is crucial, as they bring valuable skills and independence to thrive in a less structured environment. Identifying gaps and taking initiative to develop ideas or programs are key traits in startup leaders, who must constantly innovate and seize opportunities. The interview process for hiring salespeople is challenging, requiring a balance of assessing qualities like energy, enthusiasm, resilience, and adaptability to succeed in a demanding sales career. Robert Freeman Senior VP of Worldwide Sales at SafeBreach, is a highly experienced and results-oriented IT sales management professional. With over 20 years of expertise in managing high-growth environments, Robert has made significant contributions to renowned global vendors like Cisco, Imperva, and FireEye, as well as startups including Distil Networks and his current role at SafeBreach. Having graduated from the University of Massachusetts, Robert is responsible for scaling SafeBreach globally, leveraging his extensive sales and leadership career. His profound knowledge in cybersecurity and commitment to innovative solutions make him a valuable asset in the industry. YOUR HOST Simon Lader is the host of The Conference Room, Co-Founder of global executive search firm Salisi Human Capital, and podcast growth consultancy Viva Podcasts. Since 1997, Simon has helped cybersecurity vendors to build highly effective teams, and since 2022 he has helped people make money from podcasting. Get to know more about Simon at: Website: https://simonlader.com/ Make Money from Podcasting: https://www.vivapodcasts.com/podcastpowerups Twitter: https://twitter.com/simonlader LinkedIn: https://www.linkedin.com/in/headhuntersimonlader The Conference Room is available on Spotify, Apple Podcasts, Amazon Music, iHeartRadio and everywhere else you listen to podcasts! #RobertFreeman #CybersecuritySalesManagement #SafeBreach #Cybersecurity #ResultsOriented #GlobalExpansion #SalesLeadership #HighGrowthEnvironments #UniversityofMassachusetts #TechnologyExpertise #Startups #EmergingTechnologies #ScalingOperations #InnovativeSolutions #CybersecurityIndustry
© 2020-2025 Ivy Podcast Discovery LLC
