Web Applications May Experience More Than 2,700 Attack Incidents Per Year

Tue Aug 7, 2012 4:41am EDT

* Reuters is not responsible for the content in this press release.

Media Contact:
Fitzgerald Barth
(415) 432-2457



Third Semi-Annual Web Application Attack Report from Imperva Finds Web Applications Under Attack One Third of the Time; SQL Injection Remains Most Popular Vector

REDWOOD SHORES, Calif. - August 7, 2012 - Imperva, Inc. (NYSE:  IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, released today the results of the third Imperva Web Application Attack Report (WAAR), which reveals that the median annual attack incidents on the 50 Web applications observed was274 times a year, with one target experiencing more than 2,700 attack incidents.

According to the report, the average attack incident for the observed Web applications lasted seven minutes and 42 seconds, but the longest attack incident lasted an hour and 19 minutes. SQL Injection remains the most popular attack vector.

"These findings indicate a significant difference between an average Web application attack incident and the upper limit," said Amichai Shulman, CTO, Imperva. "We believe that organizations that are only prepared for an average attack incident may be overwhelmed by larger attack incidents, like a flood bursting through a levy."

The WAAR, created as part of Imperva's ongoing Hacker Intelligence Initiative, offers insight into actual malicious attack traffic of 50 Web applications over a period of six months, December 2011 through May 2012.  Imperva monitored and categorized numerous individual attacks across the Internet, as well as attacks targeting different enterprise and government Web applications. The WAAR outlines the frequency, type, and geography of origin of each attack to help security professionals prioritize vulnerability remediation.

Highlights from the report include:

  • SQL injection remains most common attack vector: Imperva reviews and summarizes the cumulative characteristics of Web application attack vectors, including SQL injection, cross-site scripting (XSS), RFI and LFI, and observes that SQL injection is the most commonly used attack for the 50 observed Web applications.
  • Intensity of attacks increasing: Applications will typically see only some serious attack action roughly every third day, for a few minutes, but the attacks may overwhelm the application if the defenses are prepared for only the average intensity of attack.
  • France leads SQL injection: As reported in the previous WAAR report, the majority of requests and attackers originate in the USA, western European countries, China and Brazil. However, France has emerged as the leading source of SQL injection attacks, with the attack volume of requested originating from France almost four times greater than that of the United States.

"The cyber battlefield looks a lot more like a border keeping mission than total war - most of the time very little happens, but every once in a while there's an outbreak of attacks," said Shulman. "Regardless of the frequency of attacks and peaceful periods, we believe organizations need to be prepared for these bursts of activity during attack incidents."

For a full copy of the Web Application Attack Report, visit http://www.imperva.com/download.asp?id=29.

To sign up for a webinar detailing the report, visit https://imperva.webex.com/imperva/onstage/g.php?d=796741175&t=a&SourceID=016.


About Imperva:
Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. With more than 1,800 end-user customers and thousands of organizations protected through cloud-based deployments, Imperva's customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere identifies and secures high-value data across file systems, web applications and databases. For more information, visit www.imperva.com, follow us on Twitter or visit our blog.  We're hiring!  Help us protect the world's data:  http://www.imperva.com/go/jobs.



Forward Looking Statements
This news release contains forward-looking statements, including without limitation those regarding Imperva's belief that organizations that are only prepared for an average attack incident may be overwhelmed by larger attack incidents and Imperva's belief that organizations need to be prepared for attack incidents. These forward-looking statements are subject to material risks and uncertainties that may cause actual results to differ substantially from expectations. You should consider important risk factors, which include: the risk that our products are not adopted at levels that we anticipate; the risk that competitors may be perceived by customers to be better positioned to help handle Web application attacks; and other risks detailed under the caption "Risk Factors" in Imperva's Form 10-Q  filed with the Securities and Exchange Commission, or the SEC, on May 11, 2012 and Imperva's other SEC filings. You can obtain copies of Imperva's SEC filings on the SEC's website at www.sec.gov. We undertake no obligation to update any of the forward-looking statements contained herein after the date of this release, whether as a result of new information, future events or otherwise. 

© 2012 Imperva, Inc. All rights reserved.  Imperva, the Imperva logo and SecureSphere are registered trademarks of Imperva, Inc.


# # #


This announcement is distributed by Thomson Reuters on behalf of Thomson Reuters clients.

The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and other applicable laws; and
(ii) they are solely responsible for the content, accuracy and originality of the
information contained therein.

Source: Imperva Inc. via Thomson Reuters ONE