Imperva Blog|Login|中文Deutsch日本語
Database Agents

Complete Coverage of all Database Activity

SecureSphere's database security solutions utilize host-based agents to monitor and audit database activity and eliminate monitoring blind spots. Unique to the industry, Imperva enables customers to optimize their database activity monitoring implementations by combining agent-based monitoring and network activity monitoring. Agents can be used for monitoring local privileged activity exclusively, or for monitoring all database activity. SecureSphere offers specialized agents for monitoring mainframe databases (DB2 and IMS on z/OS) and iSeries databases (DB2/400).

SecureSphere database agents are simple to install and update, with no requirement to shut down or reboot the databases. SecureSphere database agents enable organizations to achieve comprehensive database auditing with minimal overhead and unparalleled scalability.

Comprehensive Monitoring of all Database Activity

SecureSphere agents are used in two scenarios:

  • Privileged activity monitoring: SecureSphere appliance monitors all network activity and the SecureSphere agent is configured to monitor only local, privileged activity. This configuration ensures complete coverage of all paths to the databases with minimal impact on the database server.
  • Full agent-based monitoring: the SecureSphere agent is configured to monitor all database activity regardless of its source (network and local, privileged activity).This configuration is typically used when a SecureSphere appliance cannot be deployed in front of the database.

Blocking Unauthorized Privileged Activities

SecureSphere agents can block unauthorized privileged access to database objects directly on the database server. SecureSphere can also quarantine the privileged user, denying all access from the offending users until their privileges are reviewed and approved.

Hybrid Architecture Supports Optimized Deployments

SecureSphere offers a flexible architecture allowing a choice between network-based and agent-based monitoring. The hybrid architecture enables deployment optimization based on network topology requirements and business needs. A single SecureSphere agent can be installed on a server to monitor database activity, file activity, or both.

Minimal Performance Overhead

The overhead expected from SecureSphere database agents depends on the amount of traffic being monitored. When monitoring only local, privileged activity the agent overhead is negligible (1-2% CPU). Extending agent monitoring to all database traffic customers should expect a slightly higher overhead.

In addition, SecureSphere agents can be configured to ignore trusted sessions like backup scripts or well protected IP addresses. By filtering trusted sessions the agent overhead on the monitored server is reduced.

The agents do not require a database shut-down or reboot during installation or upgrade.