Data Protection and Compliance

Features:

Flexible Enterprise Ready Deployment

Imperva takes a comprehensive view of the enterprise with a centralized management console capable of providing command and control at a global level. The top-level management console enables the rapid deployment of global policies and automation of tasks such as data classification, thereby speeding implementation time.

Imperva also recognizes the value of IT provisioning, providing API sets to facilitate seamless software distribution, configuration updates, policy distribution and data discovery. Deployment and configuration automation is a primary factor in time-to-value. As an example, an Imperva customer was able to deploy to over 69,000 databases in the span of just a few months using these automation tools.

Imperva goes beyond the typical deployment scenario where agents are required on all database servers; SecureSphere supports multiple deployment methods, including a local agent, a network transparent bridge option and a non-inline sniffer mode. By using a combination of deployment methods, the enterprise can meet a wide variety of needs without being locked into a one-size-fits-all model.

Discover Hidden Risks and Costs

SecureSphere Database Assessment identifies database vulnerabilities and measures compliance with industry standards and best practices. Combined with sensitive data discovery and data classification, organizations can accurately scope security and compliance projects and prioritize risk mitigation efforts.

Monitor all Traffic for Protection and Compliance

Even with a high volume of database traffic, SecureSphere simultaneously monitors all traffic for security policy violations and compliance policy purposes. The highly efficient monitoring for separate purposes allows companies to address both security and compliance requirements with a single unified solution.

SecureSphere analyzes all database activity in real-time, providing organizations with a proactive security enforcement layer and detailed audit trail that shows the “who, what, when, where, and how” of each transaction. SecureSphere audits privileged users who directly access the database server, as well as users accessing the database through a browser, mobile, or desktop-based application.

Manage User Access

Virtually every regulation has requirements to manage user rights to sensitive data. Complying with these requirements is one of the most difficult tasks for enterprises to manually perform across large data sets. SecureSphere automatically aggregates user rights across heterogeneous data stores and helps establish an automated access rights review process to eliminate excessive user rights. It facilitates a routine demonstration of compliance with regulations such as SOX and PCI DSS. The automation of these mundane, but critical tasks, lowers labor costs and reduces the risk of error or reporting gaps.

Streamline Data Compliance

Unlike solutions that require DBA involvement and reliance on expensive professional services, SecureSphere provides the necessary management and centralization capabilities to manage thousands of databases, Big Data nodes, and file repositories. Pre-defined policies, remediation workflows, and hundreds of reports markedly reduce the need for SQL scripts and compliance matter expertise. Elimination of the need for ongoing DBA involvement ensures compliance with the separation of duties requirement. By utilizing the out-of-the-box process APIs, management console, workflows, reports and analysis tools existing personnel can deploy and manage the system.

discover and Manage Database Vulnerabilities

Malicious insiders and hackers can easily steal data by exploiting unpatched systems, accessing accounts with default passwords, and leveraging administrative rights. SecureSphere helps you prioritize and remediate vulnerabilities with assessments for database platforms and configurations. The assessments are kept up-to-date with the latest research from the Imperva Application Defense Center (ADC).

Dynamic Profiling - Spot and Stop Abnormal Behavior

SecureSphere identifies normal user access patterns to data using Imperva patented Dynamic Learning Method (DLM) and Adaptive Normal Behavior Profile (NBP) technology. It establishes a baseline of all user activity including DML, DDL, DCL, read-only activity (SELECTs), and usage of stored procedures. SecureSphere detects material variances when users perform unexpected queries.

Multi-action alerts, temporary quarantines and if appropriate blocking of unauthorized activities can be used to protect data without the need to disable the user’s account avoiding potential disruptions in critical business processes. Automated remediation workflows drive multi-action security alerts that can send information to SPLUNK, SIEM, ticketing, or other third-party solutions to streamline business processes.

Protect in Real-Time

Stopping attacks in real-time is the only effective way to prevent hackers from getting to your data. SecureSphere monitors all traffic for security policy violations looking for attacks on the protocol and OS level, as well as unauthorized SQL activity. The highly efficient monitoring can quarantine activity pending user rights verification or block the activity – without disrupting business by disabling the entire account.

Blocking is available both at the database agent and network levels enabling the fine tuning of the security profile to balance the need for absolute security with the need for maximum performance.

Stop Advanced Targeted Attacks

To truly enhance proactive security, deploy Imperva SecureSphere Web Application Firewall, which utilizes the same architecture and management platform as SecureSphere data solutions. Additional integrations with malware protection, SIEM, and other specialized security systems help organizations align processes and close security gaps.

Discover and Manage Database Vulnerabilities

Typically, months elapse between when a database vulnerability is discovered and when it can be patched. SecureSphere Database Assessment and Database Firewall work together to identify vulnerabilities and automatically build policies that thwart them.

SecureSphere Database Firewall virtual patching provides protection for specifically known, but unpatched vulnerabilities. The assessments are kept up-to-date with the latest research from Imperva Application Defense Center (ADC).

Database Firewall and Database Activity Monitor Specifications:

Specification	Description
Supported Database Platforms	Oracle Oracle Exadata Microsoft SQL Server IBM DB2 (on LUW, z/OS and >DB2/400) IBM IMS on z/OS IBM Informix IBM Netezza SAP Sybase Teradata Oracle MySQL PostgreSQL Progress OpenEdge
Deployment Modes	Network: Non-inline sniffer , transparent bridge Host: Optional light-weight agents (local or global mode) Agentless collection of database audit logs
Performance Overhead	Network monitoring – Zero impact on monitored servers Agent based monitoring – 1-3% CPU resources
Centralized Management	MX Server for centralized management Integrated management option Hierarchical management
Database Audit	SQL operation (raw or parsed) SQL response (raw or parsed) Database, Schema and Object User name Timestamp Source IP, OS, application Parameters used Stored Procedures
Privileged Activities	All privileged activity, DDL and DCL: Schema Changes (CREATE, DROP, ALTER) Creation, modification of accounts, roles and privileges (GRANT, REVOKE)
Access to Sensitive	Successful and Failed SELECTs All data changes
Security Exceptions	Failed Logins, Connection Errors, SQL errors
Data Modification	INSERTs, UPDATEs, DELETEs (DML activity)
Stored Procedures	Creation, Modification, Execution
Triggers	Creation and Modification
Tamper-Proof Audit Trail	Audit trail stored in a tamper-proof repository Optional encryption or digitally signing of audit data Role based access controls to view audit data (read-only) Real-time visibility of audit data
Fraud Identification	Unauthorized activity on sensitive data Abnormal activity hours and source Unexpected user activity
Data Leak Identification	Requests for classified data Unauthorized/abnormal data extraction
Database Security	Dynamic Profile (White List security) Protocol Validation (SQL and protocol validation) Real-time alerts
Platform Security	Operating system intrusion signatures Known and zero-day worm security
Network Security	Stateful firewall DoS prevention
Policy Updates	Regular Application Defense Center security and compliance updates
Real-Time Event Management and Report distribution	SNMP Syslog Email Incident management ticketing integration Custom followed action SecureSphere task workflow Integrated graphical reporting Real-time dashboard
Server Discovery	Automated discovery of database servers
Data Discovery and Classification	Database servers Financial Information Credit Card Numbers System and Application Credentials Personal Identification Information Custom data types
User Rights Management (add-on option)	Audit user rights over database objects Validate excessive rights over sensitive data Identify dormant accounts Track changes to user rights
Vulnerability Assessment	Operating System vulnerabilities Database vulnerabilities Configuration flaws Risk scoring and mitigation steps

Documentation:

Download the SecureSphere Data Security Datasheet (PDF).