Imperva Transforms Database Security with Integrated Data Risk Management
Adds New Discovery and Assessment Server; Launches SecureSphere Data Security Suite
Redwood Shores, Calif., April 6, 2009 – Imperva®, the data security leader, today announced the first integrated risk management platform for protecting databases, data, and the applications that use them. The new capabilities, which are available as part of SecureSphere version 7, combine risk scoring and visualization for databases and data allowing organizations to immediately detect and fix problems before a breach or audit failure can occur. The company also introduced the SecureSphere Discovery and Assessment Server, an automated solution for identifying sensitive data and vulnerabilities in databases. Finally, Imperva announced it has repackaged its five data security products as the SecureSphere Data Security Suite to align its offerings with customer deployment scenarios.
In its recently published U.S. Cost of a Data Breach Study, Ponemon Institute, a privacy and information management research firm reported that data breach incidents cost U.S. companies $202 per compromised customer record in 2008. This is an increase of 46 percent since Ponemon’s first annual report on breach costs in 2005. The SecureSphere Suite integrates risk management that spans the entire data security spectrum - discovery, assessment, scoring, monitoring, protection and audit. This allows customers to identify and remediate latent threats before they lead to breaches or regulatory compliance failures.
Push Button Database Discovery and Vulnerability Assessment
To automate the manual task of locating database servers, classifying sensitive data, and identifying vulnerabilities, Imperva is introducing the SecureSphere Discovery and Assessment Server (DAS). This solution provides extended and enhanced capabilities in a standalone solution appropriate for both large and mid-sized enterprises. It is also available as a module with the SecureSphere Database Activity Monitoring, Database Firewall, and Data Security Suite offerings. With a few mouse clicks DAS performs the following tasks:
- Scans the network for all database servers
- Identifies and classifies sensitive data into relevant pre-defined categories
- Supports custom, user-defined sensitive data classifications
- Pinpoints security vulnerabilities on each database including missing patches, default passwords, and more
Global to Granular Views of Data Risks
To eliminate the guess work associated with understanding and remediating threats to sensitive data, SecureSphere now provides automated risk management capabilities with its Database Activity Monitoring (DAM), Database Firewall (DBF), and Data Security Suite (DSS) solutions. Using data gathered by the discovery and vulnerability assessment modules, SecureSphere assigns risk scores to databases and data based on:
- Existing vulnerabilities
- Whether sensitive data is stored on a database
- What type of sensitive data is stored on the database, such as credit card numbers, usernames/passwords, salaries, etc.
- Whether the database meets applicable requirements mandated by regulations including SOX, PCI DSS, NERC CIPS, or HIPAA
Using the SecureSphere Risk Explorer visualization tool, users can graphically navigate all the databases in their environment, easily locate databases that are at risk to prioritize remediation activities, and drill down to root causes to fix problems.
“The business impact and costs associated with data breaches and regulatory compliance violations are forcing organizations to move upstream from the tactical approach of protecting computing devices to a risk-based model that focuses on protecting data,” said Amichai Shulman, CTO of Imperva. “Imperva’s focus from the very first release of SecureSphere has been oriented on protecting sensitive data. With version 7.0 we have added innovations that make it easier than ever to identify and classify sensitive data, discover data that is at risk, find the root cause of vulnerabilities, and protect against them.”
SecureSphere Data Security Suite
To align the packaging of its assessment, monitoring, protection, audit, and risk management solutions with customer deployment scenarios, Imperva has restructured its product line as the SecureSphere Data Security Suite. This modular set of offerings can be purchased together as a full suite or individually to meet current requirements and be expanded to satisfy future needs. The SecureSphere Data Security Suite is comprised of:
- SecureSphere Web Application Firewall: Security for web applications
- SecureSphere Database Firewall: Auditing and protection for databases
- SecureSphere Database Activity Monitoring: Visibility into database usage
- SecureSphere Discovery and Assessment Server: Discovery and assessment for databases
- SecureSphere MX Management Server: Comprehensive centralized data security management
Pricing and Availability
The SecureSphere Discovery and Assessment Server and the complete SecureSphere Data Security Suite will be available in the second quarter of 2009 from Imperva and its business partners worldwide. Pricing for the Discovery and Assessment Server starts at $12,500 for 25 database servers. Pricing for the full suite starts at $50,000. Individual components, when purchased stand alone, are priced separately.
Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit www.imperva.com.
# # #
Imperva and SecureSphere are registered trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.
Neil Stinchcombe, Eskenzi PR Ltd.
Tel: +44(0)2071 832 833