Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Security Fears Draw VC Bucks

Imperva wins $17M in funding to address Web and database security and compliance concerns

What keeps security managers awake at night? That their systems will get hacked over the Web. That their databases will be compromised, exposing sensitive information to the world. That they will be audited and found in violation of federal regulations.

It should come as no surprise, then, that a vendor whose products address all three of those problems, Imperva, today won a record round of financing, generating $17 million in funding from four different venture companies.

Imperva, whose XML firewall product line is designed to stop insider abuse and criminal activity targeted at databases and sensitive e-commerce apps, is one of the few beneficiaries of recent trends toward Web-based database theft, as well as Sarbanes-Oxley and other regulations designed to protect investor and customer information, observers say.

The SANS Institute recently listed online database attacks as one of its Top 20 most critical Internet security vulnerabilities, which reflects the recent trend towards data-targeted exploits, in which criminals steal user information, rather than funds. "Criminals are seeing that there's a lot more money to be made in stealing information than in stealing money," said Alan Paller, director of research at the SANS Institute. (See SANS Exposes 'Safe' Technologies.)

Imperva, which was founded by Check Point founder Shlomo Kramer, is sitting at the nexus of the online database security problem, according to Asheem Chandna, a partner at Greylock Partners, the VC company that led the latest round of funding along with Accel Partners, US Ventures, and Venrock Associates.

"Imperva is doing something that's very difficult to do," Chandna said. "It uniquely looks across both the Web and the database stacks at the application and user levels, builds detailed behavioral models, and then reports on or blocks suspicious user actions."

Chandna's comments were echoed by Grant Bourzikas, senior manager of information security at Scottrade, a major online brokerage firm, which purchased the Imperva XML firewall last month. "SecureSphere enables us to protect our core business systems from attack, fraud, and data theft by blocking attacks that are not detected by traditional perimeter security products," he said.

In addition to the firewall, Imperva's product line includes a database security gateway that uses profiling techniques and policy networking; a management server for overseeing multi-gateway installations; and compliance-oriented software bundles to address SOX, PCI, and HIPAA requirements, for example.

Imperva said it will use the new financing to expand its distribution and channel sales infrastructure.

— Tim Wilson, Site Editor, Dark Reading

Organizations mentioned in this story

  • Check Point Software Technologies Ltd. (Nasdaq: CHKP)
  • Greylock Partners
  • Imperva Inc.
  • The SANS Institute

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Oldest First  |  Newest First  |  Threaded View
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    State of Cybersecurity Incident Response
    State of Cybersecurity Incident Response
    Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-10595
    PUBLISHED: 2020-03-31
    pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a ca...
    CVE-2020-11414
    PUBLISHED: 2020-03-31
    An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the di...
    CVE-2020-11111
    PUBLISHED: 2020-03-31
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
    CVE-2020-11112
    PUBLISHED: 2020-03-31
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
    CVE-2020-11113
    PUBLISHED: 2020-03-31
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).