Security Staff Acquisition & Development, Breach, Channel partners, Content

Imperva CEO Resigns Following Data Breach


Chris Hylen has resigned as CEO of cybersecurity and distributed denial-of-service (DDoS) mitigation provider Imperva, according to CTech. Hylen's resignation comes after Imperva in August disclosed a data breach that affected its cloud web application firewall (WAF) customers.

Imperva CEO Chris Hylan
Imperva CEO Chris Hylan

Imperva Chairman Charles Goodman now serves as the company's interim CEO, CTech reported. In addition, Imperva has launched a search for a new permanent CEO.

The Imperva data breach occurred due to an exposure of a database snapshot containing emails and hashed and salted passwords, according to CTO Kunal Anand.

Imperva identified unauthorized use of an administrative API key in one of its production Amazon Web Services (AWS) accounts in October 2018, Anand said. The issue dated back to 2017, when Imperva's product development team adopted cloud technologies and migrated to AWS Relational Database Service (RDS) to scale its user database to accommodate increased demand for its cloud WAF offering (previously known as Incapsula).

Imperva created an AWS database snapshot for testing and an internal compute instance that was accessible to the outside world and contained an AWS API key, Anand stated. The internal compute instance was compromised and the AWS API key was stolen, and the AWS API key was used to access the snapshot.

Since the data breach, Imperva has taken the following steps to improve its security posture:

  • Applying tighter security access controls.
  • Increasing audits of snapshot access.
  • Decommissioning inactive compute instances.
  • Rotating credentials and improving credential management processes.
  • Putting all internal compute instances behind a virtual private network.
  • Increasing the frequency of infrastructure scanning.

Imperva offers application and data security products and partners with MSSPs and MSPs. It was acquired by private equity firm Thoma Bravo last year for $2.1 billion.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.