Our release notes provide information on changes and enhancements in each release.

Note: Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts.

In this release:

API Security

API Security is now available under the account-level on the Cloud Security Console as an add-on to the CloudWAF.

The API Security feature under the website-level has been renamed API Schema Protection and still exists as a built-in feature of the CloudWAF. It will continue to be supported for customers who want to validate API calls using their own well defined API Specifications. In addition, CloudWAF will continue to support automatic generation of API endpoints as a baseline.

The API Security add-on is purpose-built to address application specific threats against custom APIs. It is not uncommon for APIs in production to deviate from API specifications due to the lack of API documentation or frequent changes. There are also categories of data exfiltration attacks leveraging schema conforming API calls that cannot be detected by API Schema Protection. The key first step to protect applications against these new categories of threats is to discover the APIs, to discover their structure in order to differentiate from API endpoint detection, and to identify sensitive information that is being transferred using the APIs.

The initial release of the API Security add-on provides a comprehensive, data driven API Discovery, which enables you to:

  • Understand your API exposure surface with complete and up to date inventory of your APIs and their configuration.

  • Protect your APIs with a positive security model even if you don’t have an OAS file. With an ongoing learning mechanism, API Discovery constantly learns the structure of the APIs whenever they are updated.

  • Gain tighter protection of your APIs on top of the existing OAS files provided by the development teams.

  • Decide on the appropriate security level for each API endpoint according to the sensitivity of the data returned by it.

  • Download a specifications file of the discovered endpoints.

  • Identify contextually sensitive data.

  • Use analytics and display Data Classification so that you can know which API endpoint transfers PII and other sensitive information.

Additional capabilities
  • Integrates with API management platforms through designated APIs and open source tools, making security an integral part of API lifecycle management.

  • Automatically disables Captcha cookie challenges and JavaScript challenges on API traffic.

  • Leverages the SaaS infrastructure and the CDN, WAF, BOT and DDoS capabilities of the Imperva Application Security suite, and uses the same management portal.

For more details, see Imperva API Security.

Notification Settings update

The new Notification Settings feature introduced earlier this year provides you with more granular control over which notifications you receive, and the list of recipients who receive them.

What changed: The following changes are introduced in this release:

  • Next phase of migration: We are starting to rollout the new Notification Settings to partners and reseller accounts, as well as their customer accounts. The new settings replace the former email notification options in Account Settings. The migration of all accounts is expected to be completed within several weeks.

  • Get notified about activity in your subaccounts: For accounts with subaccounts, you can now also create policies to receive notifications about activity in your subaccounts. The new functionality is available via the UI and the API in accounts that have been moved over to the new Notification Settings mechanism.

    For reseller accounts, your existing Account E-mail Settings that determine if you receive notifications on activity in your subaccounts will be automatically moved over to the Notification Settings page. They will be listed as Subaccount Default Notifications.

Where it’s located: On the Notification Settings page, you can view default notification settings and create new notification policies. In the Cloud Security Console, navigate to Account > Account Management > Notification Settings.

For more details, see Notification Settings.

DDoS Protection for Networks/IPs: Account Asset API

An API was added to enable you to easily retrieve a list of the protected network ranges and IPs defined for your account. This list can be useful for using in other API calls.

For details, see Asset Management API Definition.

Recently mitigated CVEs

Mitigation for new Common Vulnerabilities and Exposures (CVEs) is added weekly by Imperva Research Labs.

To view the latest CVEs for which coverage was added, see Recently Mitigated CVEs.

 

 

 

Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.

 

To subscribe to updates about weekly releases, add the following link to your RSS feed reader: https://docs.imperva.com/bundle/cloud-application-security/page/release-notes.rss