Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Security Fears Draw VC Bucks

Imperva wins $17M in funding to address Web and database security and compliance concerns

What keeps security managers awake at night? That their systems will get hacked over the Web. That their databases will be compromised, exposing sensitive information to the world. That they will be audited and found in violation of federal regulations.

It should come as no surprise, then, that a vendor whose products address all three of those problems, Imperva, today won a record round of financing, generating $17 million in funding from four different venture companies.

Imperva, whose XML firewall product line is designed to stop insider abuse and criminal activity targeted at databases and sensitive e-commerce apps, is one of the few beneficiaries of recent trends toward Web-based database theft, as well as Sarbanes-Oxley and other regulations designed to protect investor and customer information, observers say.

The SANS Institute recently listed online database attacks as one of its Top 20 most critical Internet security vulnerabilities, which reflects the recent trend towards data-targeted exploits, in which criminals steal user information, rather than funds. "Criminals are seeing that there's a lot more money to be made in stealing information than in stealing money," said Alan Paller, director of research at the SANS Institute. (See SANS Exposes 'Safe' Technologies.)

Imperva, which was founded by Check Point founder Shlomo Kramer, is sitting at the nexus of the online database security problem, according to Asheem Chandna, a partner at Greylock Partners, the VC company that led the latest round of funding along with Accel Partners, US Ventures, and Venrock Associates.

"Imperva is doing something that's very difficult to do," Chandna said. "It uniquely looks across both the Web and the database stacks at the application and user levels, builds detailed behavioral models, and then reports on or blocks suspicious user actions."

Chandna's comments were echoed by Grant Bourzikas, senior manager of information security at Scottrade, a major online brokerage firm, which purchased the Imperva XML firewall last month. "SecureSphere enables us to protect our core business systems from attack, fraud, and data theft by blocking attacks that are not detected by traditional perimeter security products," he said.

In addition to the firewall, Imperva's product line includes a database security gateway that uses profiling techniques and policy networking; a management server for overseeing multi-gateway installations; and compliance-oriented software bundles to address SOX, PCI, and HIPAA requirements, for example.

Imperva said it will use the new financing to expand its distribution and channel sales infrastructure.

— Tim Wilson, Site Editor, Dark Reading

Organizations mentioned in this story

  • Check Point Software Technologies Ltd. (Nasdaq: CHKP)
  • Greylock Partners
  • Imperva Inc.
  • The SANS Institute

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    HackerOne Drops Mobile Voting App Vendor Voatz
    Dark Reading Staff 3/30/2020
    Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
    Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    State of Cybersecurity Incident Response
    State of Cybersecurity Incident Response
    Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-6994
    PUBLISHED: 2020-04-03
    A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The followi...
    CVE-2020-8637
    PUBLISHED: 2020-04-03
    A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
    CVE-2020-8638
    PUBLISHED: 2020-04-03
    A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
    CVE-2020-8639
    PUBLISHED: 2020-04-03
    An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system com...
    CVE-2020-10601
    PUBLISHED: 2020-04-03
    VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.