Home

Database Security Gateway

Usage Assessment, Audit and Protection for
Business Applications and Databases

Award Winning Database Security

The SecureSphere Database Security Gateway automates database activity monitoring, audit and protection for Oracle, MS-SQL Server, DB2 (including mainframe), Sybase and Informix.

SecureSphere Network Architecture: Internal Users, Database Security Gateway, Data Center, SecureSphere Management ServerClick to enlarge
Protects Databases and Database Servers
  • Oracle
  • MS-SQL Server
  • DB/2 (including z/OS versions)
  • Sybase
  • Informix
Database Audit and Compliance Visibility
  • SOX, HIPAA, GLBA, PCI, CA 1386
  • Security Forensics

By monitoring live application and database activity and applying Imperva's Dynamic Profiling technology, the SecureSphere Database Security Gateway automatically creates database usage profiles and IT security policies that are granular down to the query level, for every user and application accessing the database. Detailed database activity auditing and reporting streamlines compliance with regulatory data audit requirements without any impact on database performance. Imperva's unique business activity analysis and correlation technologies ensure real-time protection by differentiating real attacks from harmless variations in user behavior.

Data Attacks Prevented
  • Unauthorized Access
  • Privilege Abuse
  • Data Theft
  • Data Destruction
  • DB platform/software attacks
  • Integrated IPS Protects the database platform

SecureSphere Database Security Gateway delivers industry leading database monitoring, reporting and audit capabilities for relevant databases and applications.

Prevent Data Loss, Theft and Destruction

Complete Data Security Assessment

SecureSphere delivers the industry's most detailed analysis of database security and compliance posture due to its three distinct assessment capabilities: sensitive server and data discovery, configuration assessment, and behavior assessment. SecureSphere's data security assessments are presented in easily understood reports that discover sensitive assets, prioritize risk, support targeted corrective action, and document data compliance status.

  • Sensitive Server and Data Discovery identifies and monitors sensitive data, including encrypted data such as credit card and social security numbers, by scanning the network first for the location of all database, application and web servers, and then for the sensitive data that exists within those systems.
  • Configuration Assessment queries the database for compliance with more than 350 security tests, covering five key areas including known software flaws, software configuration, privileges, external objects, and compliance.
  • Behavior Assessment identifies vulnerabilities that can only be found by monitoring user behavior over time.

Protection from Unauthorized Behavior

SecureSphere's Dynamic Profiling technology automatically creates and maintains verified baseline profiles of each user's business activity. User profiles may be customized or immediately converted into policies, which are then used to detect unauthorized behavior over time. User profiles can also be compared to job functions, regulatory requirements, or best practices by security staff. If any significant deviation from an authorized profile occurs, SecureSphere issues an alert, and may optionally block access.

Dynamic Profiling Models Database Usage

Profile ElementDescription
Database ObjectsProfiles all database objects - queries, stored procedures, SQL operations, tables, system objects
UsersAuditable trail of end-user, application, and administrative activity
Normal Business Activities and TransactionsPrevents use of legitimate privilege for illegitimate purposes
Time of Day and LocationRestricts users to normal work hours and locations
Application/Access MethodPrevents the use of stolen or abused credentials

SecureSphere's dedicated interface monitors application user sessions and correlates those sessions with specific database transactions, ensuring user accountability.

Database Platform Protection

SecureSphere's integrated Intrusion Prevention System (IPS) protects against worms and other attacks targeting known vulnerabilities in database server platforms. SecureSphere's IPS capabilities include full Snort®-compatible signature dictionaries (all protocols) and proprietary SQL-specific signatures from the Imperva Application Defense Center (ADC). With the industry's only SQL protocol validation capability, SecureSphere mitigates the risks associated with the increasing number of database protocol exploits.

SecureSphere's integrated stateful network firewall protects against unauthorized users, dangerous protocols, common network layer attacks, and worms, while its firewall policies meet data security compliance requirements by restricting database exposure to non-essential network traffic.

Sophisticated Attack Detection

No other solution can match the accuracy SecureSphere achieves through Imperva's unique Correlated Attack Validation (CAV) technology. CAV correlates violations across security layers and over time to accurately identify even the most complex attacks.

Local Database Monitoring

Together with the SecureSphere appliance, the SecureSphere DBA Monitor Agent ensures that any database access method is monitored, and all local and database activity is tracked. Agent monitoring includes console, telnet and activity occurring over SSH connections, and extends to inter-process communication (IPC) and shared memory activity.

Ensures Users are Accountable

SecureSphere's Universal User Tracking technology makes users accountable for their actions, even when they access data through business applications. Validating that user accountability has been established is one of the primary objectives of any security system. Unfortunately, user IDs are not always sent to the database when users access database records through custom and packaged business applications, such as Oracle EBS and SAP, and therefore cannot be detected by typical security solutions. SecureSphere changes that by tracking database users across the organization.

Flexible and Scalable Audit Policy Definition

No other solution matches SecureSphere's ability to track event detail while scaling across even the most massive global data centers. SecureSphere's Audit Policy Wizard enables monitoring of all events, or selective event tracking based on a combination of attributes. Audit data extends from high level attributes such as user names, to granular capture of query text, response text, and response codes.

SecureSpheres three assessment capabilities deliver unparallel database security and protection, enabling organizations to meet IT security policies and data security compliance regulations.

Flexible Deployment

SecureSphere requires no changes to database software, the surrounding network, servers, or application infrastructure, and can be deployed on the network as a transparent inline bridge, an inline router, or as an offline network monitor.

No Impact on Performance, Administration, or Availability

SecureSphere delivers deep database and application security without impacting database performance, administration, or availability. SecureSphere's gateways don't consume database resources and the host agent consumes minimal resources by only monitoring local activity.

Imperva's Transparent Inspection technology supports multi-gigabit throughput with sub-millisecond latency. SecureSphere deployment may also be completely separated from database administration if desired. Finally, a host of availability options including Imperva's sub-second IMPVHA (active/active, active/passive), fail-open interfaces, VRRP, STP, RSTP, and offline monitoring ensure maximum uptime.

Robust Deployment Options

SecureSphere can be deployed in one of many high availability modes to ensure maximum uptime and application availability. HA Deployment modes include active-active and active-passive configuration. Each appliance is also available in fully redundant fault tolerant models.

SecureSphere Web Application Firewall Deployment - Active/Active and Active/Passive ConfigurationsClick to enlarge

Transparent and robust deployment sets award-winning SecureSphere database and application security, auditing and compliance products far ahead of their competition.

Efficient Operations, Low Ongoing Maintenance

Eliminates Manual Configuration and Tuning

The detection of unauthorized database user behavior requires the creation of detailed baseline profiles that may contain thousands of elements and change on a daily basis. It is simply not cost effective or realistic to expect security staff to create and maintain detailed profiles for each user, or even each group.

Imperva's Dynamic Profiling simultaneously minimizes risk and total cost of ownership by eliminating the need for manual user profile configuration and tuning. SecureSphere applies adaptive learning algorithms to automatically develop and adjust profiles as behavior changes over time, while administrators still have full access to modify or create custom profiles as desired.

Database Security Management and Reporting - Browser, MX Management Server, SecureSphere Database Security AppliancesClick to enlarge

Centralizes Data Security Management

SecureSphere can be deployed as a standalone appliance or distributed across large data centers. The SecureSphere Management Server delivers centralized configuration, monitoring, and reporting, while hierarchical organizational groupings, granular administrative permissions, and a unique task-oriented workflow streamline management of large enterprise and ASP environments.

Maintains Separation of Duties

SecureSphere presents database information in a format that is accessible to non-database administrators, enabling security or compliance personnel to maintain separation of duties between security, audit, and database administration if desired.

Business Relevant Reporting


SecureSphere Database Protection Screenshot - Alerts by SeverityClick to enlarge

Flexible reporting options allow administrators to create their own security reports, aiding organization specific security analysis.

These reports focus both on specific regulatory criteria, and on criteria relevant to business applications such as SAP and Oracle EBS. No other database security solution delivers “out-of-the-box” capabilities for addressing audit questions relevant to specific regulatory issues and business applications.

SecureSphere's robust reporting framework includes a wealth of pre-defined reports, while offering complete flexibility for creating custom reports and templates appropriate for unique reporting situations, and integrating the analytical tools necessary for documenting compliance relevant to specific business environments.

Extended Security for Web-based Business Applications

Web-based business applications gain advanced protection against external threats by extending SecureSphere with the SecureSphere Web Application Firewall. The Database Security Gateway and Web Application Firewall work together in real time to defeat SQL injection, parameter tampering and other Web attacks with unparalleled accuracy by correlating database violations with Web violations, while the SecureSphere Management Server unifies management of mixed Web and database deployments. Combined, these products deliver the only complete security solution for business application data available.