Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Security Fears Draw VC Bucks

Imperva wins $17M in funding to address Web and database security and compliance concerns

What keeps security managers awake at night? That their systems will get hacked over the Web. That their databases will be compromised, exposing sensitive information to the world. That they will be audited and found in violation of federal regulations.

It should come as no surprise, then, that a vendor whose products address all three of those problems, Imperva, today won a record round of financing, generating $17 million in funding from four different venture companies.

Imperva, whose XML firewall product line is designed to stop insider abuse and criminal activity targeted at databases and sensitive e-commerce apps, is one of the few beneficiaries of recent trends toward Web-based database theft, as well as Sarbanes-Oxley and other regulations designed to protect investor and customer information, observers say.

The SANS Institute recently listed online database attacks as one of its Top 20 most critical Internet security vulnerabilities, which reflects the recent trend towards data-targeted exploits, in which criminals steal user information, rather than funds. "Criminals are seeing that there's a lot more money to be made in stealing information than in stealing money," said Alan Paller, director of research at the SANS Institute. (See SANS Exposes 'Safe' Technologies.)

Imperva, which was founded by Check Point founder Shlomo Kramer, is sitting at the nexus of the online database security problem, according to Asheem Chandna, a partner at Greylock Partners, the VC company that led the latest round of funding along with Accel Partners, US Ventures, and Venrock Associates.

"Imperva is doing something that's very difficult to do," Chandna said. "It uniquely looks across both the Web and the database stacks at the application and user levels, builds detailed behavioral models, and then reports on or blocks suspicious user actions."

Chandna's comments were echoed by Grant Bourzikas, senior manager of information security at Scottrade, a major online brokerage firm, which purchased the Imperva XML firewall last month. "SecureSphere enables us to protect our core business systems from attack, fraud, and data theft by blocking attacks that are not detected by traditional perimeter security products," he said.

In addition to the firewall, Imperva's product line includes a database security gateway that uses profiling techniques and policy networking; a management server for overseeing multi-gateway installations; and compliance-oriented software bundles to address SOX, PCI, and HIPAA requirements, for example.

Imperva said it will use the new financing to expand its distribution and channel sales infrastructure.

— Tim Wilson, Site Editor, Dark Reading

Organizations mentioned in this story

  • Check Point Software Technologies Ltd. (Nasdaq: CHKP)
  • Greylock Partners
  • Imperva Inc.
  • The SANS Institute

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/9/2020
    Introducing 'Secure Access Service Edge'
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
    Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
    Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-5607
    PUBLISHED: 2020-07-10
    Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    CVE-2020-15001
    PUBLISHED: 2020-07-09
    An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
    CVE-2020-15092
    PUBLISHED: 2020-07-09
    In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
    CVE-2020-15093
    PUBLISHED: 2020-07-09
    The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
    CVE-2020-15299
    PUBLISHED: 2020-07-09
    A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...