Imperva Blog|Login|中文Deutsch日本語
File Firewall

Real-Time Protection Against Improper Access and Data Loss

SecureSphere File Firewall (FFW) delivers real-time file security with policy-based alerting and blocking, access activity auditing, and user rights management for files stored on file servers and network attached storage (NAS) devices. SecureSphere policies complement native permissions which often fall out of synch with corporate security policy. In addition to blocking unwarranted access, SecureSphere creates a comprehensive file activity audit record which can be used to accelerate security incident response and forensic investigations. SecureSphere FFW helps ensure access to sensitive file data is based on a business need-to-know by identifying existing user access rights and facilitating a complete rights review.

Key Capabilities
Block and alert on file access requests that violate corporate policies
Identify excessive user access rights and enable a complete rights review
Audit all access to files and folders by users and applications
Investigate and respond to incidents and document compliance with advanced analytics and reporting
Identify data owners

To learn more, click on the Capabilities tab.

Block and Alert on Abnormal Activity in Real-Time

SecureSphere File Firewall provides file protection by blocking or alerting on access activity that deviates from corporate policy. Policy-based blocking goes beyond native permissions and offers security staff a way to guard against mistakes introduced in directory and file level permissions. The SecureSphere flexible policy framework enables administrators to create policies that consider a variety of criteria, such as file meta-data (e.g., file name, location, type, etc.), permissions and user access activity, and then take action when undesirable behaviors are observed. For example, a policy can be configured to automatically block or alert when “Support” users attempt to access files classified as “Financial Data”. This type of classification-based blocking is not possible with native file permissions. SecureSphere alerts support a broad range of actions including sending an email to interested parties, assigning a follow-up task to an administrator, or executing an operating system command.

Quickly and Efficiently Investigate Incidents and Document Compliance

SecureSphere provides interactive, on-screen audit analytics for visualizing file data access activity, Active Directory changes, and user rights with just a few clicks. Security staff can use these analytics to investigate and respond to incidents, identify suspicious behavior, and document problems. SecureSphere analytics and reporting help quantify security risks and document compliance with regulations such as SOX, PCI, and data privacy laws. SecureSphere report templates and scheduling further increase efficiency and automation.

Manage User Permissions to Sensitive File Data

SecureSphere identifies existing user access rights and facilitates a complete file rights audit to ensure sensitive file data is accessible only by those with a business need-to-know. This streamlines file permissions audits by aggregating, consolidating and reporting on user access rights to file data across all file servers and NAS devices. SecureSphere accelerates file security reviews by:

  • Identifying users with access to sensitive, high-risk file data
  • Highlighting users with excessive access rights
  • Discovering dormant users and un-used access rights
  • Providing rights review workflow capabilities
  • Tracking and alerting on Active Directory changes in real-time

Audit Without Impacting Critical Systems

SecureSphere FFW performs continuous auditing of all file operations in real-time, providing organizations with a complete audit trail that shows the ‘Who, What, When, Where, and How’ of each file data access. Because SecureSphere audits network communications transparently, without requiring modifications to clients or file servers, it records all file access activity without impacting business operations. SecureSphere captures the name of the user, file accessed, parent directory, access operation (e.g., open, read, write, delete, etc.), access time, etc., for every file accessed. For maximum security, the audit trail is maintained in an external, secured, and hardened repository which can be accessed exclusively through read-only views via a role based access mechanism. In addition, users can audit all changes made to users and groups within Microsoft Active Directory with SecureSphere Directory Services Monitoring.

Identify Owners of Files and Folders

SecureSphere FFW helps security teams identify data owners by providing visibility into the users of files and folders. The primary file and folder users are either the data owners or, as the largest data consumers, are able to immediately identify an owner. Because owners best understand the business relevance of data, owner identification is critical for creating file protection policies and meeting compliance requirements.

Deploy with Confidence

SecureSphere offers multiple deployment options, with drop-in simplicity through physical and virtual appliances, lightweight SecureSphere agents or a hybrid mix. Centrally managed, SecureSphere meets the needs of any environment – from small organizations with a single file server to large enterprises with geographically distributed data centers.

File Firewall Specifications

Specification Description
File Systems Supported
  • Windows file servers
  • Unix/Linux file servers
  • NAS devices with CIFS (v1 and v2) file shares and NFS (v3) file shares
Directory Services Supported
  • Microsoft Active Directory (AD) users and groups
  • LDAP v3 users and groups
User Rights Management
  • Audit user access rights to files via file system permissions
  • Validate excessive rights on sensitive data
  • Identify dormant accounts
  • Identify files accessible by global groups
  • Track changes to user rights
  • Revoke rights and group membership
  • Recommend data owners
File System Activity Audit
  • User name
  • Organizational department
  • File name
  • Folder path
  • File & Folder operations
  • Source & Destination IP
  • Data classification
  • Data owner
Data Classification
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Deployment Modes
  • Network: Non-inline sniffer, transparent bridge
  • Host: Lightweight agents (local or global mode)
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
  • MX Server for centralized management
  • Integrated management option
Events and Reporting
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Related Products