Real-Time Protection Against Data Loss and Theft
Database attacks such as SQL injection are on the rise and databases containing sensitive data are a top target for hackers and malicious insiders. Many databases are vulnerable and attackers take advantage of the fact that patching databases takes on average 6-9 months. And recent incidents show that insiders may represent a significant risk to data security. By validating access requests and identifying material variance when users perform unexpected queries SecureSphere accurately blocks exploit attempts.
Unique to the industry, SecureSphere enables customers to optimize their DBF implementations by combining agent-based monitoring and network activity monitoring. SecureSphere database agents can be configured for monitoring local privileged activity exclusively, or for monitoring all database activity. SecureSphere can block attacks and unauthorized access both on the network and on the DB server. SecureSphere’s hybrid architecture provides comprehensive database security with minimal overhead and unparalleled scalability.
To learn more, click on the Capabilities tab.
Real-Time Blocking of SQL Injection, DoS, and More
While selectively auditing access to sensitive data, SecureSphere monitors database activity in real-time and analyzes the traffic to the database looking for attacks at the protocol and OS level, as well as unauthorized SQL activity. Whether the attack source is an application or a privileged user, identified attacks can be blocked by preventing access to the database. SecureSphere can also monitor the database response and block data leakage. For added protection against sophisticated application attacks SecureSphere offers an integrated Web Application Firewall (WAF).
Preventing Unauthorized Access and Fraudulent Activity
SecureSphere identifies normal user access patterns to data using patented Dynamic Profiling technology. It establishes a baseline of all user activity including: DML, DDL, DCL, read-only activity (SELECTs) and usage of stored procedures. SecureSphere identifies material variances when users perform unexpected queries or violate access policies and alerts or blocks the access. Users performing unauthorized requests to the database can also be quarantined until their access rights have been reviewed and approved.
Virtual Patching Prevents Vulnerability Exploits
SecureSphere mitigates identified database vulnerabilities by enabling a security policy (i.e. Virtual Patch) to block exploit attempts. Surveys have shown that most organizations are behind on database patch deployment due to the need to validate a vendor patch before production rollout. However, while databases are un-patched, they're exposed to attackers looking to capitalize on the vulnerability. Virtual Patching can be deployed immediately to minimize the window of exposure and reduce the risk of a data breach.
Continuous Auditing, Analytics for Forensic Investigations
SecureSphere continuously monitors and audits all database operations, in real-time. The detailed audit trail provide organizations with the complete ’Who, What, When, Where, and How’ of each transaction. The detailed audit trail enables security teams to perform forensic investigations on data breach events. Interactive audit analytics simplifies identification of trends and patterns that indicate security risks or compliance problems.
Policy Enforcement, Streamlined Compliance Reporting
SecureSphere includes a complete set of predefined customizable security and audit policies. The policies can be quickly implemented to enforce separation of duties through global or granular access controls on any database environment. Reports on security events can be scheduled to run automatically and are available in PDF or HTML formats. Specific reports are designed for demonstrating compliance with SOX, PCI DSS, HIPAA and other data privacy laws. Security alerts can be sent to SIEM, ticketing systems and other 3rd party solutions in order to streamline business processes.
Effective User Rights Management Across Databases
SecureSphere streamlines the review and management of user rights across heterogeneous databases. With User Rights Management, organizations can establish an automated process for access rights review, identify excessive user rights and demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5.
Classifying Data in Scope for Compliance and Security
SecureSphere detects all database systems in scope for security and compliance projects through automated discovery and classification of sensitive data. Identifying databases and objects that contain sensitive and regulated data helps organizations fundamentally understand which databases and objects should be audited and support implementation of granular audit policies. In addition, discovery and classification provides details needed for prioritizing vulnerability remediation efforts.
Deployment and Coverage
Optimized architecture, flexible deployment options
SecureSphere offers multiple deployment options, with non-intrusive network monitoring appliances, lightweight SecureSphere agents, 3rd party audit log collection, or a hybrid mix. SecureSphere drop-in physical and virtual appliances provide high performance monitoring and auditing capabilities that can scale to support any environment – from SMBs to large Enterprises. SecureSphere agents eliminate ‘blind-spots’ by auditing activity that can’t be seen on the network. SecureSphere’s flexible architecture simplifies the design of custom deployments that fit unique topology and business needs.
Database Firewall Specifications
|Supported Database Platforms|
|Database Audit Details|
|Access to Sensitive Data|
|Tamper-Proof Audit Trail|
|Data Leak Identification|
|Real-Time Event Management and Report distribution|
|Data Discovery and Classification|
|User Rights Management (add-on option)|