Imperva: Protecting the Data that Drives Business Login|Japanese
Discovery and Assessment Server

Discovery and Assessment for Databases

The Imperva SecureSphere Discovery and Assessment Server (DAS) delivers a full database vulnerability assessment solution that discovers databases in networks, provides data classification on their content, and assesses vulnerability risks associated with that data. Organizations can use SecureSphere to automatically classify database data as Personally Identifiable Information (PII), financial data, SOX, or PCI-relevant data, or custom data types. SecureSphere then helps you manage risks by performing vulnerability assessment tests and mapping test results to classified data.

User Rights Management (URM) is an add-on option to SecureSphere DAS which automates the aggregation and analysis of user rights across enterprise databases helping organizations identify dormant accounts and users with excessive rights to sensitive data.

Moving beyond database discovery, classification, and assessment, SecureSphere Discovery and Assessment Server can be upgraded to a SecureSphere Database Activity Monitoring, Database Firewall, or full Data Security Suite. The SecureSphere Discovery and Assessment Server is an excellent choice for organizations needing a comprehensive database vulnerability solution or starting a larger database security project.

Discovery and Vulnerability DashboardClick to enlarge

Benefits

  • Database platform, software, and configuration vulnerability analysis
  • Automatic network discovery of database servers
  • Comprehensive data classification by pre-defined or custom data types
  • Enables organization to audit and validate user rights over sensitive data and identify dormant users
  • Risk scoring for vulnerability management
  • Full upgrade path to Data Activity Monitoring, Database Firewall, or Data Security Suite

SecureSphere Discovery and Assessment Server Features

  • Automated Database Server Discovery – SecureSphere discovers known and rogue servers over the network and reports servers, platforms, software, versions and other critical information.
  • Data Classification – SecureSphere locates sensitive data on discovered databases. Data is classified by data type, including PII (Personally Identifiable Information), financial data, credit card numbers, PCI, SOX, and custom types.
  • Vulnerability Assessment – SecureSphere performs non-intrusive assessments to detect hundreds of platform, software, and configuration vulnerabilities specific to the assessed database platform. Comprehensive reports recommend remediation steps and actions.
  • Risk-based Vulnerability Management – Risk-scoring based on data classification and assessed vulnerabilities enables SecureSphere to help organizations prioritize security activities.
  • Clear, Relevant Reports Analyze Database Threats – The SecureSphere Discovery and Assessment Server includes intuitive and easy-to-understand reports that provide high-level summaries of security status as well as detailed, drill down reports with individual assessment results. Pre-defined reports make it easy to document compliance to auditors.
  • Scheduled Assessments and Report Distribution – Saving operational time and effort, organizations can schedule one-time or recurring database assessments.
  • Inclusive Vulnerability Knowledgebase – With the most in-depth and current database of vulnerability assessments, customers can be assured that SecureSphere will uncover all vulnerabilities and configuration flaws.
  • Up-to-date Vulnerability Assessments – The Imperva Application Defense Center (ADC) constantly analyzes the latest database threats and vulnerabilities. Assessments are continually and automatically updated.
  • Upgrades to additional features – Organizations can easily use data discovery and classification as the first step to add Data Activity Monitor, Database Firewall, or the full Data Security Suite via an easy license upgrade.

Discovery and Assessment Server Specifications


Specification Description
Supported Database Platforms
  • Oracle
  • MS-SQL
  • Sybase
  • DB2
  • Informix
  • MySQL
Automated Discovery
  • Automated discovery of database servers and services.
  • Reported information: IP, ports, database version
Data Classification
  • Financial Data – credit card, bank account numbers, transaction number, etc.
  • SOX – Transaction balance, profit amount, share amount, etc.
  • Personally Identifiable Information – Social Security Numbers, email, address, etc.
  • Credentials – login, password, etc.
  • Custom data types
Vulnerability Assessment
  • Operating System vulnerabilities
  • Database vulnerabilities
  • Configuration flaws
  • Risk scoring and mitigation steps
Enterprise Application Assessments
  • SAP
  • Oracle E-Business Suite
  • PeopleSoft
Compliance Assessments
  • PCI DSS
  • SOX
  • HIPAA
  • DISA STIG
Risk Management
  • Data Risk Explorer and risk scoring based on sensitive data and location. Recommended mitigation activities prioritization.
Scheduling
  • One time and scheduled discovery and assessment tests
Actions
  • Accept in scope
  • Reject out of scope
  • Group by site or category
  • Inventory export/import
Assessment Updates
  • Daily Application Defense Center updates for latest vulnerabilities
Performance Overhead
  • Network monitoring – Zero impact on monitored servers
  • Network based assessment scans - non-intrusive database assessments
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Role-Based Controls
  • Flexible role-based management delegates operations and report viewing
Event Notification
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Real-time dashboard
Reports
  • Clear, concise summary and detailed assessment reports
  • Risk analysis reports prioritize risk, severity of vulnerability
  • Reports include remediation actions
Report Formats
  • HTML, PDF, CSV Reports
Upgrade Paths
  • Database Activity Monitoring
  • Database Firewall
  • Data Security Suite