Imperva Inc. : Retailers Suffer 2X More SQL Injection Attacks than Other Industries; One Application Attacked an Average of 26

   Imperva Inc. : Retailers Suffer 2X More SQL Injection Attacks than Other
    Industries; One Application Attacked an Average of 26 Times per Minute

Media Contact:
Michelle Dailey
LEWIS PR for Imperva
415-432-2458
imperva@lewispr.com

  Retailers Suffer 2X More SQL Injection Attacks than Other Industries; One
            Application Attacked an Average of 26 Times per Minute

                                      

            Imperva's Fourth Annual Web Application Attack Report
               Finds U.S. the Number One Source of Web Attacks



REDWOOD SHORES, Calif. - July 23, 2013 -Imperva (NYSE: IMPV), a pioneer and a
leader of a new category of business security solutions for critical
applications and high-value data in the data center, released today the
results of the fourth annual Imperva Web Application Attack Report (WAAR),
which reveals that retailers suffer twice as many SQL injection attacks as
other industries. Additionally, these attacks were more intense, both in terms
of number of attacks per incident and duration of each incident. In fact,
retail applications received an average of 749 individual attack requests per
attack campaign.

The report also shows that some applications are constantly under attack and
that the U.S. has maintained its position as the number one source of web
attacks.

"While most of the 70 web applications monitored were attacked a significant
amount, some received an astounding number of attacks -- with one application
receiving up to an average of 26 per minute," said Amichai Shulman, CTO,
Imperva. "While these findings undeniably demonstrate that web application
attacks are far from consistently distributed, the takeaway is that
organizations should base security measures on the worst case scenario, not on
the average case."

The WAAR, created as part of Imperva's ongoing Hacker Intelligence Initiative,
offers insight into actual malicious attack traffic of 70 web applications
over a six-month period to reveal the underlying distribution of attacks, and
give an accurate picture of today's application threat landscape. To achieve
this, Imperva matched events to known attack signatures, compared attack
sources to black lists of malicious hosts, and reviewed specific attributes of
malicious traffic. The WAAR outlines the frequency, type, and geography of
origin of each attack to help security professionals prioritize vulnerability
remediation.

Highlights from the report include:

  *Retailers suffer twice as many SQL injection attacks as other industries:
    Analysis revealed that SQL injection attacks on retail applications
    consisted of more HTTP requests and lasted longer than SQL injection
    attacks on other applications. This finding can be attributed to the
    design and size of the applications. For example, it is plausible to
    assume that retail applications contain a relatively large number of pages
    in the form of online catalogs, and that this factor may have contributed
    to the length and the intensity of SQL injection attacks.

  *Most web apps monitored receive four or more attacks per month: A typical
    application experienced 12 "battle" days; that is, days in which at least
    one attack incident occurred. By comparison, the worst case scenario saw
    176 battle days in the six months observed -- meaning the application
    suffered attacks almost every day within this time period, with one
    attacked on average as many as 26 times per minute. Another interesting
    finding is that while the typical attack incident lasted around five
    minutes, the worst-case incident was about 100 times longer, lasting more
    than 15 hours.

  *The US is the number one source of web attacks: The majority of requests
    and attackers originated in the United States, Western European countries,
    China and Brazil.

"We believe that, with the current threat landscape, organizations can no
longer afford to take an every-man-for-himself approach to security," said
Shulman. "This report demonstrates that the automation and scale of attacks
leave a large footprint that can be better addressed by looking at data
gathered from a large set of potential victims. Thus it is important to rely
on one's peers to acquire intelligence on malicious sources and apply this
intelligence in real time."

For a full copy of the Web Application Attack Report, please
visit:http://www.imperva.com/download.asp?id=419.

About Imperva
Impervais a pioneer and leader of a new category of business security
solutions for critical applications and high-value data in the data
center.Imperva'saward-winning solutions protect against data theft, insider
abuse, and fraud while streamlining regulatory compliance by monitoring and
controlling data usage and business transactions across the data center, from
storage in a database or on a file server to consumption through applications.
With over 2,400 end-user customers in more than 75 countries and thousands of
organizations protected through cloud-based deployments, securing your
business with Impervaputs you in the company of the world's leading
organizations. For more information, visit www.imperva.com,follow us on
Twitteror visit ourblog.

© 2013Imperva, Inc.All rights reserved.Impervaand theImpervalogo are
trademarks ofImperva, Inc.

                                    # # #

------------------------------------------------------------------------------

This announcement is distributed by Thomson Reuters on behalf of Thomson
Reuters clients.

The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and other
applicable laws; and
(ii) they are solely responsible for the content, accuracy and originality of
the
information contained therein.

Source: Imperva Inc. via Thomson Reuters ONE
HUG#1717983