Company Background This network of hospitals is one of the largest nonprofit healthcare systems in the country. The system employs more than 50,000 people across dozens of hospitals and academic medical centers in six states. To deliver on its mission, the organization is bringing healthcare to patients, wherever they are—in the clinic, on mobile devices, or telephonically.

The Challenge Today, data plays a vital role in improving patient care—from diagnostics to treatment and illness prevention. Like all healthcare organizations, this one must balance its clinicians’ needs for on-demand access to patient data against the risk of a data breach. “These days, a health record is more valuable on the black market than a social security number,” says the organization’s director of information security and data protection. “It is our responsibility to keep patient data secure so that patients can have confidence that not only are they getting the best treatment, but that they’re going to be protected.” And, with more than 400,000 people in the health system, there’s a lot of data to protect. Patient data is used at every step of the patient care experience, resulting in a sprawling environment that spans structured data, unstructured data, and data stored in the cloud. “We are a healthcare organization, so every single database has the potential to have some type of protected data in it,” adds the director of information security and data protection.“When people are pulling data into an Excel file, they’re not thinking about where they’re storing it or what might happen to it. They just see the data that they’re going to use to make patients’ lives better. They don’t understand all of the risks.” In January 2016, the health system began a multiyear project to better protect patient data across the organization. “We had industry-standard products for firewall security, intrusion prevention, and endpoint management security,” says the director of information security and data protection. “But we were not necessarily data focused. Our goal was to reposition the organization to be very operationally secure.” The organization engaged Imperva partner Network Consulting Services, Inc. (NCSi) to begin work developing a cybersecurity strategy and framework for protecting patient data in its many forms and for mitigating data breach risks. The team initially planned to implement application protection first, intending to get web application firewall and DDoS protection up and running quickly. But, in the early days of the project, a data security incident forced the group to reevaluate its priorities. “Perimeter protection is much sexier than database protection because it’s an easy win for management,” explains a security consultant at the organization. “We saw that we need to take a long-term approach to ensure that data is managed responsibly, so we shifted gears to start by looking at our highest areas of risk first.”

The Solution In the wake of the incident, the organization had a singular focus: protect its “crown jewels” and then systematically expand coverage to all its databases. NCSi worked with the health system to roll out a multi-phased data security maturity model, beginning with its most critical assets. Within three months, 20 key database servers were covered by Imperva Data Security while the security team built the architecture to support the full deployment of 15 business-critical applications and over 780 database servers. Under Imperva’s FlexProtect licensing model, the organization only had to purchase licenses for the database servers. This enabled all of the underlying Imperva virtual architecture for the organization’s environment to be designed, built, deployed and tested before the agents were fully deployed.

The Results Imperva Data Security uses machine learning and behavior analytics to distill 45 billion event alerts per day down to 150 critical alerts, avoiding millions of dollars in Splunk SIEM license fees and making it easy to identify and act on real risks. “Without Imperva’s analytics engine, the number of alerts that are generated is overwhelming,” explains the director of information security and data protection. “You can’t do anything about them because it is just paralyzing. As we change the rules, things get clearer and clearer and the policy set gets better and better. It becomes consumable and actionable.” With Imperva Data Security, the security team can now monitor data access and detect threats in real time. The stats are impressive, but, more importantly, the team has gained the confidence that they are catching the most critical threats and mitigating data breach risks more effectively. “I don’t worry about whether something is getting past us anymore. Imperva’s analytics engine looks at usage and patterns of usage to help us focus our time on what matters most,” says a security consultant at the organization. “That’s what really sold us on Imperva.” Imperva Data Security also provides the organization with automated dashboards and reports, making it easy for them to pull reports on who is accessing a given database for a specified time range. Those reports also make it easy to demonstrate compliance. “We don’t do something just to meet compliance guidelines, we do it because it’s the right thing to do for the business,” says the director of information security and data protection. “In this case, we are doing the right thing and we are meeting compliance guidelines.”

Looking Ahead As the organization enters the final phases of the maturity model, the team knows that their work will be ongoing. Like any other business, this health system is constantly changing. Every day, data volumes grow, and new applications are brought on or retired. And as cybercriminals become more sophisticated, the system must also adapt to the evolving threat landscape. “In my position, you never really sleep well at night, because as long as there’s an internet connection and a human being, a breach can happen,” says the director of information security and data protection. “With NCSi and Imperva, we feel very confident in the high alerts that we get. Nothing gets by us on the databases that we are monitoring.”

NetRefer deploys Imperva Incapsula for improved website security with comprehensive DDoS and web application firewall protection Imperva, Inc., a cybersecurity leader that delivers best-in-class solutions to protect data and applications on-premises, in the cloud, and across hybrid environments, today announced that NetRefer, a leading provider of performance marketing software, is using the Imperva Incapsula service to protect its website from cyberattacks. NetRefer deployed the Incapsula service across its customer-facing websites to ensure protection from malicious attacks using the service’s Web Application Firewall (WAF) feature. NetRefer provides performance marketing software that helps companies automate their entire affiliate life cycles, from enrollment through CRM management, tracking, finance and rewards management, payments, and more. While NetRefer had DDoS protection from its hosting environment, it was extremely limited in its ability to scrub traffic, and it lacked a WAF. In addition, the hosting environment was not able to provide the kind of cross-platform visibility that NetRefer’s IT team needed to enable them to see and fix problems early on. After investigating various solutions, and consulting a leading market research firm’s report on Web Application Firewalls, the NetRefer IT team found Incapsula to be the only cloud-based WAF that met its requirements of being easy to use, able to keep downtime to a minimum, and fully scalable, fast and reliable. Being able to identify threats and block them on the fly is critical. By strengthening our security, we can show our clients that their data is safe,” said Christian Cutajar, IT manager for NetRefer. Since deploying Incapsula, NetRefer can now route its traffic at the DNS level instead of dealing with multiple on-premise devices. This allows them to focus on moving towards a Platform-as-a-Service (PaaS) solution long term. More importantly, the DDoS mitigation service protects their systems from continuous attacks. It also provides the increased visibility they need to find and deal with potential security threats and malicious activity before they become serious problems. “We now have a granular view of events and traffic across all our environments,” continued Cutajar. “Incapsula has significantly improved our security posture and reduced downtime by fending off attacks. My IT team now knows when there are attempts to access protected resources on our website, such as SQL injection requests on NetRefer’s clients’ front-end systems and XSS on specific page parameters.” “Securing our core services and avoiding system hijacking is absolutely critical. Investing in a solution that gives us, and our customers, peace of mind is a must, and we’ve found that with Incapsula,” concluded Cutajar. While NetRefer engaged Imperva to solve their DDoS mitigation needs with the Incapsula service, they also achieved a significant performance benefit by activating the Incapsula Content Delivery Network. “We saw a 50 percent performance improvement on our site after turning on the Incapsula CDN,” said Cutajar. “Performance is of utmost importance to NetRefer, and Imperva Incapsula with its scalability and comprehensive cybersecurity protection is the ideal offering for its platform-as-a-service solution,” said Terry Ray, CTO for Imperva. “NetRefer can keep its customers’ data safe while improving performance and visibility at the same time.” Imperva Incapsula is a cloud-based WAF delivered as a service that enables customers to protect websites and increase their performance, improve end-user experiences and safeguard web applications and their data from attack. Incapsula has robust WAF capabilities that can thwart web attacks, DDoS mitigation to ensure access to online business assets, a content delivery network to optimize and accelerate web traffic, and a load balancer to maximize the potential of web environments.

The healthcare industry has fast become a soft target for cyber-attacks and with good reason. Hospitals host both financial and protected health information, while offering a number of easy access point for ransomware attacks and insider threats.

Company background ALYN Woldenberg Family Hospital is Israel’s only pediatric rehabilitation facility, founded by Dr. Henry Keller back in 1932. The hospital has a customer database of more than 70,000 patients and hosts its main website in four languages and across three different domains. In addition, they have a special projects website in both Hebrew and English, which is used for resource development and to coordinate special events. It’s where people can sign up to participate in events, but it also accepts donations. The hospital IT team is worried that the events site could be a possible weak point, allowing hackers easier access to their systems, and the main reason they went searching for a good WAF provider.

The Challenge Five years ago, the IT team noticed an increase in cybercrime, especially in the healthcare industry. While the hospital had never experienced an attack, the security of their content management system (CMS) became a key concern. The team didn’t feel their cybersecurity vendor was updating the security on their CMS as often as they should, leaving them vulnerable and leading the team to go looking for a new vendor. Patient privacy and regulatory compliance are key concerns for ALYN Hospital and were mitigating factors in determining which cybersecurity suite to go for. This, paired with a best cost-benefit ratio and the constraints of a small IT team meant they had to find a managed system that was easy to integrate and required minimal upkeep. Initially checking out on-premise WAF systems, the team kept coming up against the cost of securing their sites and; because of strict government regulations, they were initially hesitant to move to a cloud-based system. Ultimately, however, they decided that the Incapsula cloud-based WAF was just the thing.

The Solution “We looked at community reviews and talked with colleagues at other hospitals and got the impression that Incapsula is one of the best in terms of cost-benefit ratio, which is important to us, in addition to robustness, ease-of-use, and integration, which was very smooth. It all proved to be correct, for which I am very glad,” said Uri Inbar, Director of IT for ALYN Hospital. Integration took less than a day and ALYN Hospital still manages its servers in-house, with a staff member who is now dedicated to security. Incapsula has been low maintenance from the start, so, while customer support was with them every step of the way at the beginning; they haven’t needed any for the last few years because the system has been running smoothly on its own. “It gives us peace of mind to know that someone has dedicated themselves to the subject and keeps us updated. It’s one less worry to take care of.”

Benefits Increased visibility for monitoring security threats: The Incapsula dashboard is easy to use and provides information that helps ALYN Hospital keep its systems secure. And for their special projects, they can even see which countries are generating the most traffic. 24/7 DDoS mitigation: ALYN Hospital uses Incapsula’s DDoS protection, which significantly improves security and reduces down time by fending off attacks. Good cost-benefit ratio:
One of the most important aspects of any new security system for ALYN, the costs were reasonable, especially given the security benefits they received from the Incapsula system. Faster content delivery:
While no formal studies were done, the IT staff has heard from some users that their CDN is delivering content faster than before. Just one more benefit of using Incapsula.

Description is not ready yet

One of the largest computer technology companies in the world replaced their IBM Guardium deployment with Imperva SecureSphere, to audit and protect their database environment. Switching to SecureSphere reduced operational costs by over 70%, saving the company $1.9M a year in recurring labor and support costs. This level of ongoing cost savings was a huge win for the company that operates with razor-thin margins, in a price-competitive industry. In addition to operating margin pressure, this Fortune 500 company had to address SOX and PCI-DSS regulations, on a global scale. The company’s over 100,000 employees developed, manufactured, and serviced the company’s products worldwide. For years, the company tried to expand their IBM Guardium deployment beyond the 500 databases it covered, but was hindered by the overwhelming amount of labor required. This meant that some critical databases could not be monitored, which introduced compliance and security risks the company deemed unacceptable. The high labor cost was mainly due to Guardium’s architecture deficiencies, which required a large number of virtual appliances, to cover the company’s 500 databases. The volume of virtual appliances made the deployment complicated and costly to operate. Furthermore, Guardium’s integration with the company’s Remedy change ticketing and workflow system was cumbersome, and presented many challenges. A huge amount of manual labor was associated with vetting false positives around Remedy change tickets; copying and pasting ticket events into emails to database administrators; and reconciling administrator responses with the events in question. The Guardium deficiencies ultimately required the company to employ a large number of full time staff, to manage the Guardium virtual server farm, and to compensate for the awkward Remedy integration. These factors, combined with Guardium’s support renewal costs, forced the company to evaluate other vendor

TicketNetwork chose Imperva for several reasons: Scalability – Prior to deploying Imperva’s WAF, TicketNetwork used F5 Networks’ WAF in production. However, TicketNetwork encountered challenges with the F5 WAF’s ability to handle its needs for high traffic loads. After this problem continued for nearly a year, TicketNetwork decided to evaluate other WAF vendors, including Imperva.

“During our evaluation, it was clear that Imperva was not only easy to use, but could easily scale to meet our demanding requirements,” said Mr. Mathena.

ThreatRadar – Not only did the Imperva WAF easily handle TicketNetwork’s heavy traffic requirements, but Imperva also offered ThreatRadar, an add-on security service for SecureSphere Web Application Firewall (WAF) that provides an automated defense against automated attacks. By integrating credible, timely information on known attack sources into the WAF defense, ThreatRadar can quickly and accurately stop traffic from malicious sources before an attack can be launched.

“For TicketNetwork, ThreatRadar’s ability to block malicious IPs is huge. Traffic from bots and other automated attacks comprises about 25 percent of our site visits,” explained Mr. Mathena.

TicketNetwork uses Imperva’s WAF in block mode, stopping a good chunk of bad traffic before it even comes to the gate.

“Today, all of our traffic flows through Imperva,” said Mr. Mathena.

Fast time to deployment – Quick deployment means quick compliance and security.

Mr. Mathena explains, “With Imperva, our WAF was up in less than a week. This dramatically improves our speed to security and compliance. Additionally, this means my security team can focus on other priorities.”“My favorite thing about the Imperva SecureSphere product is its ease of use—it’s simply unparalleled,” explained Mr. Mathena.

Description is not ready yet