Imperva CEO Steps Down 2 Months After Data Breach Disclosed
Imperva, the cybersecurity provider Thoma Bravo acquired in January, has lost its CEO in the aftermath of a data breach that resulted in a data exposure impacting its cloud Web Application Firewall (WAF) product.
Last week, Chris Hylen stepped down from his role as CEO. The decision was made mutually by Hylen and the Thoma Bravo board.
Imperva said chairman Charles Goodman will step in as interim CEO while a search is underway for a new permanent CEO to lead Imperva as it “builds on recent growth and strong market-leading position.” Hylen was Imperva’s CEO for more than two years, and before that was senior vice president and general manager at Citrix.
Thoma Bravo bought Imperva for $2.1 billion.
Eric Parizo, senior analyst with Ovum, tells us “we’re in an era where perception matters more than reality.”
“The perception is that a security vendor that suffers a data breach like Imperva did can’t possibly have competent leadership, and whether that’s true or not, a leadership change is just about the only way to change that perception,” he said.
According to a blog by Hylen, the breach impacted the email addresses and passwords of more than 13,000 customers. Imperva announced the breach on Aug. 27.
Mike Sapien, Ovum’s vice president and chief analyst of enterprise services, said Imperva has been in both financial and image trouble for the last year.
“I do think that the layoff, along with the breach, has put them into major recovery mode, as well as limited any ability to develop new product or features,” he said. “It has been facing challenges internally, as well as pressure from competition that is moving ahead of them. I seem Imperva now in full recovery mode and will need to find a way to invest in new features while building back its reputation from the breach.”
Imperva said the data breach affected a subset of its cloud WAF customers. It occurred due to errors that happened while the company was migrating to a cloud-based database service.
“We have since gone back and looked for malicious activity, leveraging threat intelligence feeds in conjunction with audit logs … related to accounts in the dataset,” said Kunal Anand, Imperva’s CTO. “Thus far, we have not found any malicious behavior targeting our customers (logins, rule changes, etc.) and have implemented procedures to continue monitoring for such activity. We remain vigilant, however, and will continue to monitor for malicious behavior.”