Imperva Blog|Login|中文Deutsch日本語

White Papers

Selected Tag: Data | Show All

Download White Paper

How Malware and Targeted Attacks Infiltrate Your Data Center


Advanced targeted attacks leverage social engineering techniques and malware to bypass the security perimeter and compromise those individuals already on the inside of your enterprise. It only takes one infected employee to unknowingly unleash an attack on your entire network. This white paper will examine the seven stages of an advanced targeted attack, explore why traditional defenses, such as firewalls and IPS solutions lack the application and data focus needed to protect data center assets, and outline the functionality required to safeguard your organization from targeted attacks.

Tags: Malware, Data Security, Database Security, IPS, Firewalls


Download White Paper

Data Protection Under POPI


6 Step Data Privacy Protection Plan for the South African Protection of Personal Information (POPI) Bill

Is your organization ready to address the South African Protection of Personal Information (POPI) bill? POPI prescribes information protection principles to regulate collection and processing of South African citizens' personal data. In this paper, we review POPI's eight principles and discuss how best to address those with practical data security processes and solutions.

Tags: POPI, Data Security, Database Security, PII, Data Breach, Compliance


Download White Paper

SharePoint Governance and Security: Where to Start


SharePoint is a complex platform experiencing explosive growth in adoption, exposure, and storage of sensitive content. Consequently, SharePoint security and governance are under greater scrutiny at the executive level and require immediate mitigation actions. The phased, risk-based perspective outlined in this paper aligns investments and priorities to accomplish the greatest security return for existing SharePoint deployments. Security plans should include both preventative and analytical capabilities and incorporate automated tools to provide controls and information that cannot be addressed practically by native SharePoint functionality or corporate resources.

Tags: SharePoint, Data Security, Database Security, Government, Compliance


Download White Paper

Top Ten Database Threats


Databases contain the crown jewels of an organization, which means a break-in, by insiders or outsiders, can cost millions from lawsuits fines and customer attrition. The good news is that there are only a small number of commonly used methods to attack databases. Defend against these, and you will have a highly secure database.

Tags: Database Security, Database Hacks, Common Databases Attacks, Threats, Top Databases Attacks, Defend Against Databases Attacks, Stopping Databases Attacks


Download White Paper

Data Privacy: The High Cost of Unprotected Sensitive Data


Today, organizations face a heightened threat landscape with data breaches constantly on the rise. Financial records, medical records, personally identifiable information (PII), and other private business data exist in virtually every enterprise data center. Failing to safeguard the databases that store this information can damage your reputation, impact your operations, and result in regulatory violations, fines, and legal fees. This white paper will (1) present 6 steps to automate and enforce enterprise data privacy policies (2) identify the database security tools needed to accomplish each step (3) highlight Imperva's market-leading SecureSphere Data Security Suite.

Tags: Data Privacy, Data Security, Data Protection Plan, Database Security, Personally Identifiable Information, PII, Compliance


Download White Paper

Six Techniques for Mitigating Insider Threats


How do you protect business data from trusted individuals who choose to abuse their privileges for personal or financial gain? And, what about users whose computers or personal devices have been compromised by malware, giving hackers access to your sensitive business data? Start by asking yourself the six questions in this whitepaper to help your organization determine if you've got insider threats under control.

Tags: Data Security, Insider Threats, SOX, PCI, Database Activity Monitoring


Download White Paper

Advanced Persistent Threat - Are You the Next Target?


Security researchers have been talking about advanced persistent threat (APT) for some time. Recently, we have seen a steep increase in the number of organizations hit by this type of attack. Initially, researchers thought APTs were mostly aimed at government agencies or political targets, but the latest attacks on enterprises suggest that APTs are not confined to a specific type of organization or sector.

Tags: Data Security, Insider Threats, Advanced Persistent Threat, APT, User Rights Management, Risk Management


Download White Paper

Implementing Security Controls for addressing DHS Sensitive Systems Policy Directive 4300A


This paper reviews how SecureSphere enables DHS components to implement the technical controls described in chapter 5 of the DHS 4300A Sensitive Systems Handbook. With SecureSphere Data Security Solutions, DHS components can facilitate detection of security violations, and support security requirements for applications and data, including Identification and Authentication, Access Controls and Auditing.

Tags: Data Security, Access Controls, Auditing, Government, DHS, 4300A, Database Security, Security Controls, Sensitive Systems Handbook


Download White Paper

Compliance with the HIPAA Security Rule - Meeting the Electronic Code of Federal Requirements


The HIPAA Security Rule establishes national standards to protect individuals' medical records and other personal health information. In this paper we review the security standards for protection of e-PHI as listed under part 164 of the 45 CFR, and map SecureSphere Data Security Suite solutions to the specified requirements described in these standards.

Tags: Data Security, Compliance, HIPAA, Government, e-PHI, Database Security


Download White Paper

How to Secure Your SharePoint Deployment


This paper presents five best practices for securing your SharePoint environment. It discusses how SecureSphere for SharePoint can help organizations get the most out of SharePoint's existing permissions system, and fill some of SharePoint's security gaps.

Tags: SharePoint, File Security, Compliance, Auditing, Unstructured Data, Data Security


Download White Paper

Meeting NIST SP 800-53 Guidelines


This paper reviews information security requirements described by NIST in SP 800-53. It discusses the main implementation challenges organizations struggle with. The paper also maps key capabilities of Imperva's SecureSphere Data Security Suite to NIST SP 800-53 guidelines, describing how SecureSphere solutions can be used to implement required controls, manage risk to federal information and demonstrate compliance.

Tags: Data Security, Compliance, NIST, FISMA, NIST SP 800-53, Government


Download White Paper

Facing Reality: Top Database Security Trends


Enterprise database infrastructure is subject to an overwhelming range of threats. Securing databases and the data they host is challenging not only because of the volume of data spread across heterogeneous platforms, but also because of the increased sophistication and rising rate of database security threats. This paper reviews the top database security trends that IT managers and security teams struggle to keep up with, including: advanced persistent threat (APT), SQL injection, implementation of audit controls, database patch and configuration management, limiting users rights to data based on business need-to-know, abuse of legitimate data access privileges, and cloud security.

Tags: Database Security, Trends, Advanced Persistent Threat, SQL Injection


Download White Paper

Cutting IT Operations Costs for Unstructured Data


Market analysts estimate that 80% of all enterprise data is unstructured and that unstructured data will grow tenfold in the next five years. Crushed under the weight of these files are the IT organizations tasked with managing and securing them. Operationally, it's nearly impossible to keep track of who is creating all of these business documents, who owns them, and who can - and is - accessing them.

Tags: File Security, Data Security, Unstructured Data, IT, ROI


Download White Paper

Security Trends for 2011


Imperva's Application Defense Center (ADC), led by Imperva CTO Amichai Shulman, is exclusively focused on advancing the practice of data security to help companies shield themselves from the threat of hackers and insiders. In 2010, the ADC successfully predicted many of the key issues that would plague security teams in 2010 and beyond. For 2011, the ADC has assembled its most comprehensive set of predictions.

Tags: Business Case, Database Security, File Security, Web Application Security, ROSI, Trends


Download White Paper

The Business Case for Data Security (Database, File, and Web Security)


The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.

Tags: Business Case, Database Security, File Security, Web Application Security, ROSI


Download White Paper

Security for PCI Compliance


Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers

For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.

This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.

Tags: Web Application Security, Database Security, Audit, PCI, Compliance


Download White Paper

Five Signs Your File Data is at Risk


Persistent insider threats and regulatory compliance mandates make protecting sensitive file data a business requirement for virtually every organization. However, the sheer volume of file data and its rapid and continuous growth make it a challenge to secure properly. This whitepaper reviews the five questions to help you assess your file security posture. If you aren't able to answer these five questions confidently, your file data is probably at risk.

Tags: File Security, Compliance, Threats, Insider Threat, Unstructured Data, Data, File Activity Monitoring


Download White Paper

Protected! Mitigating Web Application and Database Vulnerabilities with Virtual Patching


It's not always possible - or practical - to patch vulnerabilities in your Web applications or databases as soon as you discover them. You can use a technique known as "virtual patching" to rapidly address vulnerabilities and ensure you are protected until a long-term fix can be put in place. This brief whitepaper discusses the business benefits of virtual patching, including improved security and increased operational efficiency.

Tags: Virtual Patching, Database Security, Web Application Security, Vulnerability Assessment, Threats, Data Risk Analysis


Download White Paper

The Industrialization of Hacking


Today, hacking is $1T industry -- up from a few billion just three years ago. In 2007, professional hacking represented a multibillion-dollar industry. At present, this same industry posts -- in stolen data, IP and financial gain -- more than one trillion in value. What explains this rapid growth? Industrialization. Just as the Industrial Revolution advanced methods and accelerated assembly from single to mass production in the 19th century, today's cyber crime industry has similarly transformed and automated itself to achieve scalability and increase profits.

The industrialization of hacking coincides with a critical shift in what's considered today's prized commodity: data.

Tags: Cyber Crime, Data Security, Hacking, Automated Attacks


Download White Paper

Data Security Study: Consumer Password Worst Practices


In December 2009, a major vulnerability was discovered in Rockyou.com. By examining a hacker's blog, a major vulnerability was discovered that led to the breach of 32 million passwords and the hacker posted to the Internet the full list of the 32 million passwords (with no other identifiable information). The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. Further, never before has there been such a high volume of real-world passwords to examine. The Imperva Application Defense Center (ADC) analyzed the strength of the passwords.

Tags: Database Security, Data Security, Threats


Download White Paper

Closing the Window of Exposure with Database Virtual Patching


This white paper describes how Vulnerability Assessment and Virtual Patching can help customers to quickly and transparently address known database vulnerabilities without deploying physical patches or custom scripts on corporate databases. Thus, organizations can minimize the window of exposure created by the need to build, receive, test and deploy software and operating system patches across a wide array of database platforms and instances.

Tags: Database Security, Vulnerability Assessment, Data Risk Analysis, Database Discovery, Virtual Patching


Download White Paper

Top 10 Guide to Data Security for Federal Agencies


Web application and database security remains one of the most vulnerable areas across federal agencies as well as the private sector in virtually every geography and business vertical. An essential difference between enterprises and federal agencies is the attacker.

Irrespective of attacks from inside or outside an organization data remains the prize. Traditional network security controls while valuable and necessary simply don't scale to address data-centric attacks, and organizations need to augment them with data-centric solutions focused on the targets: Web applications and databases. But federal agencies are not just focused on security - they also need to demonstrate compliance to both agency and congressional mandates.

Tags: Government, Federal, Compliance, FISMA, SOX, PCI, GLBA, HIPAA, NERC, Data Security


Download White Paper

Top 10 Guide for Protecting Sensitive Data from Malicious Insiders


For years, organizations have worked diligently to lock down their perimeters only to find out that the most devastating enemy is already inside.

Insider threats, both careless and malicious, abound. This fact is amplified during difficult economic times. With a plethora of digitized information, and vehicles for turning credit card data, personally identifiable information and intellectual property into cash, goods, and other services, risks have increased. It's no wonder that we're hearing about a growing number of attacks where the target is sensitive data, and the perpetrators are those with evaluated levels of trust and access: insiders. This guide will explore the top ten ways to protect sensitive data from the very people that need access to it. While this is a difficult problem to address, it is not impossible -- especially when leveraging the right tools.

Tags: Insider Threat, Threats, Sensitive Data Protection, Database Security, Data Security


Download White Paper

The Anatomy of an Insider: Bad Guys Don't Always Wear Black


Sensitive data protection is essential to any effective security or compliance strategy. Purpose-built data security solutions can prevent, detect, and continually audit how users, including privileged users interact with sensitive data. Visibility into ordinary users and privileged users in terms of their interactions with mission-critical applications and databases gives organizations the ability to effectively mitigate insider threats.

Tags: Insider Threat, Privileged User Monitoring, Sensitive Data Protection, Threats


Download White Paper

Managing Risk to Sensitive Data with SecureSphere


You can't protect it if you don't know about it. This paper explores the need to discover and classify sensitive data in enterprise databases. It explains how SecureSphere Discovery and Assessment Server (DAS) enables the assessment of data risk posture through the analysis of discovered data and vulnerabilities on database platforms. Additionally, we will explore risk mitigation via Imperva SecureSphere Data Security Suite in terms of identifying and managing risk to sensitive data.

Tags: DAS, Discovery and Classification, Discovery and Assessment, Database Security, SecureSphere


Download White Paper

Protecting Databases from Unauthorized Activities


The threat of compromising sensitive information either by leakage or unauthorized changes is driving compliance regulations such as Sarbanes-Oxley (SOX), the Payment Card Industry Data Security Standard (PCI DSS), and others, which require organizations to implement strong database access controls.

Tags: Compliance, Data Security, Database Security, PCI, SOX


Download White Paper

The Business Case for Database Security


Build an airtight business case for database security and convince your senior management of the need for a dedicated security solution. This white paper describes database compliance and security requirements, project risks, alternatives, and evaluates the economic benefits of selecting Imperva SecureSphere.

Tags: Database Security, Compliance, Business Case


Download White Paper

Imperva Data Security and Compliance Lifecycle


SOX and other regulatory legislation are increasingly expanding formal enterprise audit processes to include information technology (IT) assets, especially databases. Imperva's Data Security and Compliance Lifecycle provides step-by-step best practices for implementing database controls and web application security.

Tags: Data Security Lifecycle, Compliance Lifecycle, Audit, Best Practices


Download White Paper

What Auditors Want -- Database Auditing


Give your auditors what they want -- the way they want it -- with zero impact to your database and staff. Learn the top 5 key requirements for database auditing for SOX, PCI, HIPAA and other regulations. Understand the options to native database logging of Web-based applications, such as Oracle E-Business Suite, PeopleSoft or SAP. Learn more about what auditors want for compliance, so you can make informed choices and deliver.

Tags: Database Auditing, Database Security, Compliance, SOX, PCI, HIPAA


Download White Paper

The Hidden Costs of Free Database Auditing


Native database auditing mechanisms are not as inexpensive as they might seem. This paper compares the costs of native database auditing with SecureSphere for a midsized IT datacenter.

Tags: Database Auditing, Datacenter


Download White Paper

The Top 5 On-Line Identity Theft Attacks


When digital thieves impersonate authorized users, everyone loses. On-line identity theft by insiders and outsiders can cost millions in fraud, fines, lawsuits, and customer attrition. Unfortunately, even sophisticated solutions, such as two-factor authorization, can be fooled by digital identity theft attacks. The good news is there are 5 commonly used methods for on-line identity theft. Defend against these, and you will have greatly increased the security of your on-line web application.

Tags: Identity Theft, Web Application Security, Database Security

Selected Tag: Data | Show All


Term of the Month