• Overview
  • Specifications
  • Discover Hidden Risks to Protect Sensitive Data

    data theft prevention

    An essential step in protecting data is uncovering blind spots such as rogue or vulnerable databases. After all, you can’t protect against problems if you don’t know they exist. For example, organizations can be blindsided by a breach of production data copied to unmanaged testing servers. SecureSphere Discovery and Assessment (DAS) solves this by quickly identifying sensitive data and assessing databases for vulnerabilities and misconfigurations. SecureSphere DAS also helps you stay in compliance by ensuring that database protection conforms to regulations, best practices, and a company’s internal governance policies.

    Key Capabilities

    • Discover Sensitive Data

      You can make informed decisions by locating sensitive data. SecureSphere DAS highlights sensitive data and provides its location down to the database object, row and column. Object and column-level classification enables your organization to focus on in-scope data, and build granular policies that streamline data protection, audit and reporting.

    • Detect Database Vulnerabilities

      Cyber criminals can easily steal data by exploiting unpatched systems and accessing accounts using default passwords or administrative rights. SecureSphere DAS helps reduce the risk of data theft or breach with automated assessments for database platforms and configurations. SecureSphere DAS includes a library of more than 1500 vulnerability and misconfiguration tests along with industry standard assessment policies based on DISA STIG and CIS.

    • Simplify Test and Scan Complexity

      Enterprise policies defining sensitive data requirements will overlap. SecureSphere DAS provides an abstraction layer that supports the creation of logical test sets and database groups. By utilizing policy test tags and the database groups, the complexity of overlapping policies is minimized, significantly reducing the need to create custom tests and vulnerability scans. With regular vulnerability updates from the Imperva Defense Center, you can be confident that the scans are seeking out the latest known vulnerabilities.

    • Management at Scale

      Simple best practice tasks like quarterly password updates on database servers cripple systems not designed for enterprise scale. SecureSphere DAS provides an automation API that enables the programmatic update of the database configuration and other settings via existing IT workflow processes and provisioning systems. The need for staff to click through the user interface manually updating configurations files is eliminated, saving hundreds of hours and reducing the risk of error.

    • Prioritize and track vulnerabilities

      Once vulnerabilities are discovered it is critical that they are remediated quickly, shortening the window of opportunity for external attackers and malicious insiders. It is easy to prioritize database risks with the Imperva RiskSense Vulnerability Manager add-on option. Imperva RiskSense Vulnerability Manger ingests database assessment results from SecureSphere DAS. It calculates a risk score for database assets based on the vulnerability severity level and business criticality of the database. A dashboard with drill down capabilities supports risk-based prioritization of mitigation efforts and reporting.

  • Discovery and Assessment Server Specifications

    Specification Description
    Supported Databases
    • Oracle
    • Microsoft SQL Server
    • IBM DB2 (on LUW and z/OS)
    • SAP Sybase
    • IBM Informix
    • Oracle MySQL
    Automated Discovery
    • Automated discovery of database servers and services.
    • Reported information: IP, ports, database version
    Data Classification
    • Financial Data – credit card, bank account numbers, transaction number, etc.
    • SOX – Transaction balance, profit amount, share amount, etc.
    • Personally Identifiable Information – Social Security Numbers, email, address, etc.
    • Credentials – login, password, etc.
    • Custom data types
    Vulnerability Assessment
    • Operating System vulnerabilities
    • Database vulnerabilities
    • Configuration flaws
    • Severity level and mitigation steps
    Compliance Assessments
    • PCI DSS
    • SOX
    • HIPAA
    • DISA STIG
    • CIS Benchmarks
    Scheduling
    • One time and scheduled discovery and assessment tests
    Assessment Updates
    • Imperva Defense Center updates for latest vulnerabilities
    Vulnerability Management (add-on option)
    • Streamline remediation process
    • Manage exceptions
    • Provide audit trail of actions taken
    • Prioritize remediation based on risk score
    Performance Overhead
    • Network monitoring – Zero impact on monitored servers
    • Network based assessment scans - non-intrusive database assessments
    Management
    • Web User Interface (HTTP/HTTPS)
    • Command Line Interface (SSH/Console)
    • API (REST)
    Role-Based Controls
    • Flexible role-based management delegates operations and report viewing
    Event Notification
    • SNMP
    • Syslog
    • Email
    • Incident management ticketing integration
    • Real-time dashboard
    Reports
    • Clear, concise summary and detailed assessment reports
    • Reports include remediation actions
    Report Formats
    • PDF, CSV Reports
    Related Products