Imperva's CEO says the data security company has stood up a global cross-functional team that is working 24/7 on the breach it announced this week.
Here are some things you need to know.
The breach involves Incapsula, the company's cloud-based Web Application Firewall (WAF).
CEO Chris Hylen wrote about what the company knows at this point:
And for a subset of the Incapsula customers through September 15, 2017:
• API keys
• customer-provided SSL certificates
With API keys and SSL certificates potentially accessed, the fallout could be significant. Brian Krebs has a good write-up on the potential impact. His interview with Rich Mogull, founder of cloud security firm DisruptOps, paints a clear picture:
"Attackers could whitelist themselves and begin attacking the site without the WAF's protection," Mogull told KrebsOnSecurity. "They could modify any of the security Incapsula security settings, and if they got [the target's SSL] certificate, that can potentially expose traffic. For a security-as-a-service provider like Imperva, this is the kind of mistake that's up there with their worst nightmare."
And what's also interesting is how Imperva is approaching the "nightmare" situation.
The company's CEO says it wants to do the right thing here, and his blog post on the security incident comes across as transparent and sincere.
Specifically, he lists the following steps the company has underway:
Aside from the specific incident response steps the company is taking, CEO Chris Hylen makes big promises about Imperva's actions in this case.
He says the company will be fact and data driven, and that it will, "Share what we know, when we know it to be true, to live up to our company values and leadership expectations."
That's an impressive stand to take when you're a security company investigating a security incident in your own organization.
Read it for yourself: Imperva CEO on Incapsula security incident.
[RESOURCE: SecureWorld cybersecurity conference schedule]