Imperva Detects and Protects Against Ransomware with the Introduction of SecureSphere v12


Real-time, deception-based approach protects against ransomware before valuable data is encrypted

SAN FRANCISCO, Feb. 14, 2017 (GLOBE NEWSWIRE) -- RSA  Imperva, Inc. (NASDAQ:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today announced the release of Imperva SecureSphere File Firewall v12 with real-time deception technology designed to detect ransomware and to prevent it from encrypting enterprise data. The Imperva deception technology adds decoy files to network file shares, luring hackers to strike there first so they can be neutralized before encrypting critical data.

According to the FBI, ransomware is a growing problem, with hackers expected to take in nearly $1 billion from ransomware payments in 2016. Even if victims have backup files or are willing to pay the ransom, the costs associated with productivity downtime add up quickly. Additionally, the availability of ransomware-as-a-service combined with high profits for the attackers means ransomware attacks are likely to escalate in 2017.

“Despite years of spending on cyber security, attacks and breaches have continued and extorting money through ransomware is increasingly popular,” said Scott Crawford, research director for Information Security at 451 Research. “Given the speed of the ransomware and the depth of its operational disruptions, it’s imperative that security teams have techniques in place to defend against such attacks at the earliest stage possible. Deception technology, such as that in SecureSphere v12, represents an innovative way to identify and mitigate such activity and help organizations defend against ransomware and other attacks.”

Imperva SecureSphere File Firewall uses real-time monitoring to constantly watch file access activity and provides an audit trail showing who, what, when, where and how data was accessed. The solution also incorporates deception-based technology to identify and quarantine users infected with ransomware. This is designed to isolate the ransomware, preventing it from accessing other network file servers while also allowing users who are not infected to continue to access the file share.

Once ransomware behavior is detected, SecureSphere policies quarantine the infected system and block it from accessing enterprise file servers. It also alerts administrators so that infected systems can be remediated.

“It’s not the cost of the ransom that hurts the business; it’s the downtime,” said Amichai Shulman, CTO and cofounder of Imperva. “We have carefully studied ransomware behavior to develop this unique combination of deception technology and real-time monitoring. The best defense is to catch the extortionists before files are taken hostage.”

To learn more about Imperva SecureSphere File Firewall visit, or to learn more about ransomware, visit

About Imperva 
Imperva® (NASDAQ:IMPV) is a leading provider of cyber security solutions that protect business-critical data and applications. The company’s SecureSphereCounterBreach, and Incapsula product lines enable organizations to discover assets and risks, protect information wherever it lives – in the cloud and on-premises – and comply with regulations. The Imperva Defense Center, a research team comprised of some of the world’s leading experts in data and application security, continually enhances Imperva products with up-to-the-minute threat intelligence, and publishes reports that provide insight and guidance on the latest threats and how to mitigate them. Imperva is headquartered in Redwood Shores, California. Learn more:, our blog, on Twitter.

© 2017 Imperva, Inc. All rights reserved. Imperva, the Imperva logo, CounterBreach, Incapsula, SecureSphere, Skyfence, ThreatRadar and Camouflage and design are trademarks of Imperva, Inc. and its subsidiaries.