Imperva CEO Chris Hylen Steps Down In Wake Of Data Breach: Report

Hylen reportedly resigned as Imperva’s CEO Oct. 21 and will be replaced on an interim basis by Charles Goodman, who was CEO of financial software provider PowerPlan until late 2018.


Imperva CEO Chris Hylen resigned from the company following a data breach that exposed personal information for some web application firewall (WAF) users, according to a Calcalist report.

The Redwood Shores, Calif.-based cybersecurity vendor confirmed Hylen’s departure to Israeli business news publication Calcalist on Monday. Hylen joined Imperva as president and CEO in August 2017 following nearly four years overseeing Citrix’s mobility practice, and spearheaded publicly traded Imperva’s $2.1 billion sale to private equity giant Thoma Bravo in January 2019.

“Chris Hylen has stepped down from his role as Chief Executive Officer effective October 21,” an Imperva spokesperson told Calcalist in an email. “This decision was made mutually by Mr. Hylen and the Thoma Bravo board. Imperva Chairman Charles Goodman will step in as interim CEO while a search is underway for a new permanent CEO to lead Imperva.”

Sponsored post

[Related: Imperva Breach Exposed API Keys, SSL Certs For Some Firewall Users]

“Hylen said his departure from Imperva was a personal decision and in no way connected to the security incident, while Imperva didn’t respond to a request for comment. Goodman had served as CEO of financial software provider PowerPlan from May 2015 to November 2018 before becoming an operating partner at Thoma Bravo and chairman of Imperva’s board, according to his LinkedIn page.”

Earlier this month, Imperva publicly acknowledged that unauthorized use of an administrative API key in one of its production AWS accounts had occurred in October 2018. This resulted in the exposure of a database snapshot containing email address as well as hashed and salted passwords for some Imperva customers, Imperva CTO Kunal Anand wrote in an Oct. 10, 2019, blog post.

The source of Imperva’s problem goes back to 2017, Anand wrote, when the company’s product development team adopted cloud technologies and migrated to AWS Relational Database Service (RDS) to scale its user database to better support demand for its Cloud WAF offering, which was formerly known as Incapsula.

During the AWS evaluation process, Anand said that Imperva created an AWS database snapshot for testing as well as an internal compute instance that was accessible to the outside world and contained an AWS API key. Subsequently, Anand said the internal compute instance was compromised, the AWS API was stolen, and the AWS API key was used to access the snapshot.

Imperva said it first learned of the breach on Aug. 20, 2019, and Hylen told users a week later that some Imperva WAF users had their email addresses, hashed passwords, API keys and SSL certificates exposed. The company’s recommendations coming out of the data breach led Imperva users to change more than 13,000 passwords, rotate more than 13,500 SSL certificates, and regenerate more than 1,400 API keys.

Since the breach was discovered, Anand said that Imperva has applied tighter security access controls; increased audits of snapshot access; decommissioned inactive compute instances; rotated credentials and strengthened the credential management process; put all internal compute instances behind its VPN by default; and increased the frequency of infrastructure scanning.

In the past two years, Imperva bought Prevoty for $140 million to better protect application services residing on-premises and in the cloud, and purchased bot management vendor Distil Networks to better protect business-critical data and applications no matter where and how they're deployed. Imperva currently employs 1,211 people, down 3 percent from 1,248 in October 2018, according to LinkedIn.

Imperva’s channel partners originated more than 57 percent of the company’s sales in 2017 and fulfilled nearly 84 percent of sales in that year, according to a filing with the U.S. Securities and Exchange Commission (SEC). The company’s network of solution providers totaled more than 280 direct and 580 indirect partners worldwide at the end of 2017, including distributors, VAR and large hosting companies.