Imperva Blog|Login|中文Deutsch日本語
Discovery and Assessment Server

Vulnerability Management and Configuration Audits

SecureSphere Discovery and Assessment Server (DAS) provides database vulnerability assessment and configuration audits enabling users to identify database vulnerabilities and measure compliance with industry standards and best practices. Combined with sensitive data discovery and data classification, organizations can accurately scope security and compliance projects and prioritize risk mitigation efforts.

Recent database breaches have demonstrated how easy it is to exploit unpatched systems, gain access to accounts with default passwords, and leverage administrative rights to steal data. In addition, periodic configuration audits are needed for demonstrating compliance with internal standards and regulatory compliance mandates. SecureSphere enables centralized assessment of vulnerabilities, patches and configuration gaps.

Key Capabilities
Detect database software vulnerabilities and mis-configurations based on Industry best practices and research by Imperva ADC
Audit database configurations and measure compliance with industry standards and best practices using pre-defined or custom policies
Virtually Patch vulnerabilities via integration with SecureSphere Database Firewall (DBF)
Identify databases that contain sensitive data and surface "rogue" databases
Calculate the risk associated with each data asset based on data sensitivity and the severity of platform and database vulnerabilities

To learn more, click on the Capabilities tab.

Vulnerability Assessment: Detect Exposed Databases

SecureSphere DAS provides a comprehensive list of over 1000 tests and assessment policies for scanning platform, software, and configuration vulnerabilities. The vulnerability assessment process, which can be fully customized, uses industry best practices such as DISA STIG and CIS benchmarks. It results in a set of detailed reports documenting vulnerabilities that put databases at risk, as well as configurations that deviate from defined standards.

Virtual Patching: Protect Before Patches Are Available

SecureSphere DAS enables protection against attempts to exploit vulnerabilities when deployed with SecureSphere Database Firewall (DBF). Customers can enable real-time security policies to block or alert on attempts to exploit vulnerabilities. This allows for immediate protection while patches are developed by the software vendors, thoroughly tested and safely deployed on the database servers.

Discovery and Classification: Locate Sensitive Data

SecureSphere DAS identifies where databases are located on the network and surfaces "rogue" databases. SecureSphere scans the databases for sensitive data that is the focus of security and compliance projects. The results highlight well-known and custom sensitive data types, and track their location down to the database object, row and column. Object and column level classification enables organizations to focus on data in scope for security and compliance projects and configuration of granular policies minimizing the resources required to support these projects.

User Rights Management: Find Excessive Rights

Enables automatic aggregation and review of user rights with the User Rights Management for Databases (URMD) add-on option. SecureSphere supports a focused analysis of rights to sensitive data and identification of excessive rights and dormant accounts based on organizational context, object sensitivity and actual usage. Using URMD organizations can demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5 and reduce the risk of data breach.

Data Risk Analysis: Putting it All Together

SecureSphere DAS enables educated decision making by providing a combined analysis of vulnerabilities and affected sensitive data. SecureSphere calculates the risk associated with each data asset based on data sensitivity and the severity of platform and database vulnerabilities. A graphical dashboard with drill down capabilities supports risk-focused prioritization of risk reduction efforts.

Discovery and Assessment Server Specifications

Specification Description
Supported Database Platforms
  • Oracle
  • Oracle Exadata
  • Microsoft SQL Server
  • IBM DB2 (on LUW and z/OS)
  • SAP Sybase
  • IBM Informix
  • Oracle MySQL
Automated Discovery
  • Automated discovery of database servers and services.
  • Reported information: IP, ports, database version
Data Classification
  • Financial Data – credit card, bank account numbers, transaction number, etc.
  • SOX – Transaction balance, profit amount, share amount, etc.
  • Personally Identifiable Information – Social Security Numbers, email, address, etc.
  • Credentials – login, password, etc.
  • Custom data types
Vulnerability Assessment
  • Operating System vulnerabilities
  • Database vulnerabilities
  • Configuration flaws
  • Risk scoring and mitigation steps
Enterprise Application Assessments
  • SAP
  • Oracle E-Business Suite
  • PeopleSoft
Compliance Assessments
  • SOX
  • CIS Benchmarks
Risk Management
  • Data Risk Explorer and risk scoring based on sensitive data and location. Recommended mitigation activities prioritization.
  • One time and scheduled discovery and assessment tests
  • Accept in scope
  • Reject out of scope
  • Group by site or category
  • Inventory export/import
Assessment Updates
  • Daily Application Defense Center updates for latest vulnerabilities
Performance Overhead
  • Network monitoring – Zero impact on monitored servers
  • Network based assessment scans - non-intrusive database assessments
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Role-Based Controls
  • Flexible role-based management delegates operations and report viewing
Event Notification
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Real-time dashboard
  • Clear, concise summary and detailed assessment reports
  • Risk analysis reports prioritize risk, severity of vulnerability
  • Reports include remediation actions
Report Formats
  • HTML, PDF, CSV Reports
Related Products