Imperva, the leader in data security, has said that that ISACA, the leading global association for information systems security, assurance and governance professionals, selected Imperva’s web application firewall (WAF) to protect ISACA’s web applications and continue to raise the bar for data security. ISACA leverages Imperva’s SecureSphere WAF as a part of a comprehensive security strategy that delivers unprecedented prevention, mitigation and protection for its on-demand platform.
“ISACA is committed to helping its constituents and the business community as a whole ensure they can have trust in, and derive value from, their information systems. As a result, Imperva is an essential component of our data security strategy,” said Manny Singh, ISACA IT director. “ISACA is a globally respected resource in the security industry so we must provide the best possible model for our constituents who live and breathe data security. Imperva helps us ensure the security of our sensitive data, which is a critical part of doing business every day. We evaluated many solutions and Imperva was found to be the best fit for our particular needs.”
Imperva SecureSphere is the market leading data security and compliance solution. SecureSphere protects sensitive data from hackers and malicious insiders. Imperva SecureSphere provides real-time protection against data breaches by hackers and malicious insiders. SecureSphere enables executives, risk officers, auditors and security professionals to mitigate the financial and reputation damage of data loss.
ISACA takes advantage of several key SecureSphere features including the ability to:
- Alert or block access requests that:
- Deviate from normal application and data usage
- Attempt to exploit known and unknown vulnerabilities
- Originate from malicious sources
- Violate corporate policies
- Are part of a sophisticated multi-stage attack
- Update defenses with research-driven intelligence on current threats and vulnerabilities
- Virtually patch application and database vulnerabilities to reduce the window of exposure and impact of ad-hoc fixes
“Having ISACA as a customer is a major proof point that SecureSphere is the fastest way to mitigate application security risk. Any company deploying sensitive Web applications should have a WAF in place to protect themselves,” said Imperva’s CTO Amichai Shulman.
Meanwhile, Microsoft Patch Tuesday shows patching does not always fix vulnerabilities
Noa Bar-Yosef, Senior Security Strategist at Imperva said:
“It is interesting to note that this release does not contain a patch for a known vulnerability. There are already reports of exploits targeting this vulnerability, and Microsoft has issued advisories on ways to block the threat. However, this release exemplifies the problems with vendor patching. Patching is a complicated process. Take for example, Oracle. Oracle issues a quarterly Critical Patch Update (CPU). According to the Independent Oracle User Group (IOUG) – patching takes from 3-6 months. Although Oracle patches are server side which in short means updating a large number of enterprise databases, and in this specific Microsoft release most of the vulnerable products are client-specific, we see the same issues arising for both:
- Assessing the exploits as mentioned in the patch. This includes understanding the details of the exploit and whether it is even applicable to the specific user. It is important also to understand how an attack would affect the system.
- Assessing the process of patching. Sometimes a patch may be contradictory to an already existing code, or even a work-around.
- Patching the system itself. The patching process should be continuously reviewed. For instance, it already happened that Microsoft released a patch which broke another fix!
Yet – as this case shows, even having a patch does not necessarily mean fixing all system vulnerabilities, which leaves the user to hope for some other solution to mitigate those threats.”