Discover Hidden Risks to Protect Sensitive Data
You can’t protect against problems if you don’t know they exist. For example, organizations can be blindsided by a breach of production data copied to unmanaged testing servers. SecureSphere Database Assessment solves this by quickly identifying sensitive data, database vulnerabilities and misconfigurations so that you can prioritize and mitigate them. SecureSphere Database Assessment helps you stay in compliance by ensuring that database protection conforms to regulations, best practices, and a company’s internal governance policies.
Manage Data Risk
It’s easy to prioritize database risks with SecureSphere Database Assessment. Database Assessment calculates the risk associated with each database asset by looking at data sensitivity, combined with a view of what vulnerabilities impact the data. A dashboard with drill down capabilities supports risk-based prioritization of mitigation efforts and reporting.
Discover Sensitive Data
You can make informed decisions by locating sensitive data. Database Assessment highlights sensitive data and provides its location down to the database object, row, and column. Object- and column-level classification enables your organization to focus on in-scope data, and build granular policies that streamline protection, auditing, and reporting.
Cyber Security Best Practices
Malicious insiders and hackers can easily steal data by exploiting unpatched systems and accessing accounts using default passwords or administrative rights. SecureSphere helps you reduce the chances of security breaches with assessments for database platforms and configurations. Database Assessment includes a library of more than 1500 vulnerability and misconfiguration tests along with industry standard assessment policies based on DISA, STIG, and CIS.
Simplify Test and Scan Complexity
Enterprise policies defining sensitive data requirements will overlap. SecureSphere provides an abstraction layer that supports the creation of logical test sets and database groups. By utilizing policy test tags and the database groups, the complexity of overlapping policies is minimized, reducing significantly the need to create custom tests and vulnerability scans. With regular vulnerability updates from the Imperva Defense Center, you can be confident that the scans are seeking out the latest known vulnerabilities.
Close the Window of Vulnerability
SecureSphere continuously protects databases from vulnerabilities, even when patches aren’t available or you’re not yet ready to deploy them. SecureSphere Database Firewall and Database Assessment work in conjunction to immediately block threats by applying virtual patches that prevent vulnerabilities from being exploited. Virtual patching buys your organization time so you can patch on your own schedule.
Management at Scale
Simple best practice tasks like quarterly password updates on database servers cripple systems not designed for enterprise scale. SecureSphere provides an automation API that enables the programmatic update of the database configuration and other settings via existing IT workflow processes and provisioning systems. The need for staff to click through the user interface manually updating configurations files is eliminated, saving hundreds of hours and reducing the risk of error.
Discovery and Assessment Server Specifications
Specification Description Supported Database Platforms
- Oracle Exadata
- Microsoft SQL Server
- IBM DB2 (on LUW and z/OS)
- SAP Sybase
- IBM Informix
- Oracle MySQL
- Automated discovery of database servers and services.
- Reported information: IP, ports, database version
- Financial Data – credit card, bank account numbers, transaction number, etc.
- SOX – Transaction balance, profit amount, share amount, etc.
- Personally Identifiable Information – Social Security Numbers, email, address, etc.
- Credentials – login, password, etc.
- Custom data types
- Operating System vulnerabilities
- Database vulnerabilities
- Configuration flaws
- Risk scoring and mitigation steps
Enterprise Application Assessments
- Oracle E-Business Suite
- PCI DSS
- DISA STIG
- CIS Benchmarks
- Data Risk Explorer and risk scoring based on sensitive data and location. Recommended mitigation activities prioritization.
- One time and scheduled discovery and assessment tests
- Accept in scope
- Reject out of scope
- Group by site or category
- Inventory export/import
- Daily Application Defense Center updates for latest vulnerabilities
- Network monitoring – Zero impact on monitored servers
- Network based assessment scans - non-intrusive database assessments
- Web User Interface (HTTP/HTTPS)
- Command Line Interface (SSH/Console)
- Flexible role-based management delegates operations and report viewing
- Incident management ticketing integration
- Real-time dashboard
- Clear, concise summary and detailed assessment reports
- Risk analysis reports prioritize risk, severity of vulnerability
- Reports include remediation actions
- HTML, PDF, CSV Reports
- User Rights Management for Databases (add-on)
- Database Activity Monitoring
- Database Firewall