Imperva Blog|Login|中文Deutsch日本語
Press Releases

Imperva Provides 360 Degree Protection Against Insider Database Threats

SecureSphere Database Firewall Locks Down and Locks Out Privileged Users that Violate Security Policies

Redwood Shores, Calif., May 27, 2009 – Imperva®, the data security leader, today announced new insider abuse protection capabilities for its SecureSphere Data Security Suite and Database Firewall solutions. In addition to its existing network-based monitoring and blocking of unauthorized activity by trusted insiders, SecureSphere can now terminate local user activity and quarantine user accounts in the event of a security policy violation. This extends Imperva's unmatched database protection to a full 360 degrees.

The current economic recession is straining employee-employer loyalties and raising the threat that insiders may abuse their data access privileges. Earlier this month, the former IT director for a nonprofit organ and tissue donation center pleaded guilty to a charge that she broke into the organization’s computer network and deleted organ donation database records, invoice files, and database and accounting software. These types of incidents reinforce the need for database activity monitoring that is divorced from the server so it can not be disabled, and spans all user groups, including those with elevated privileges like database administrators.

“SecureSphere has always provided the most complete network-based database protection capabilities for privileged and non-privileged users, as well as some core local activity monitoring,” said Amichai Shulman, CTO of Imperva. “To address the growing risk of insider abuse, we have boosted SecureSphere’s ability to detect, block, and prevent subsequent attempts by privileged users to breach security policies through direct access to the database server. With local activity termination and user account quarantine, we truly provide 360 degree data protection.”

Local Lockdown

To protect sensitive database records from intentional or unintentional abuse by insiders, SecureSphere can terminate unauthorized activity by privileged users even when these operations take place directly on protected servers. SecureSphere enables security teams to create very granular security rules to define acceptable use policies for users with elevated privileges such as database administrators. In the event that a policy is violated, SecureSphere prevents the activity from occurring. SecureSphere can be configured to block a single unauthorized event, as well as prevent new connections from the same user. This ensures that a user who has violated security policy remains blocked when accessing the database via an application which can automatically renew its connections.

Quarantine Suspicious Accounts

In addition to local activity termination, SecureSphere can quarantine users by removing their RDBMS privileges. Privileged account quarantine not only ensures that a specified user is unable to execute any further actions, but also removes their ability to login to the database. To reinstate a quarantined account, a security review is required before it can be reactivated. This capability allows IT security departments to stop insider data breaches at the source, and prevent any subsequent attempts by the same individual to compromise the company’s assets.

Pricing and Availability

The Imperva SecureSphere Database Firewall, also offered as part of the Data Security Suite, with local activity termination and user account quarantine is available immediately from Imperva and its business partners worldwide. Pricing starts at $45,000 USD.

About Imperva

Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit www.imperva.com.

# # #

Imperva and SecureSphere are registered trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Neil Stinchcombe, Eskenzi PR Ltd.
Tel: +44(0)2071 832 833
neil@eskenzipr.com