Discover Hidden Risks to Protect Sensitive Data
An essential step in protecting data is uncovering blind spots such as rogue or vulnerable databases. After all, you can’t protect against problems if you don’t know they exist. For example, organizations can be blindsided by a breach of production data copied to unmanaged testing servers. SecureSphere Discovery and Assessment (DAS) solves this by quickly identifying sensitive data and assessing databases for vulnerabilities and misconfigurations. SecureSphere DAS also helps you stay in compliance by ensuring that database protection conforms to regulations, best practices, and a company’s internal governance policies.
Discover Sensitive Data
You can make informed decisions by locating sensitive data. SecureSphere DAS highlights sensitive data and provides its location down to the database object, row and column. Object and column-level classification enables your organization to focus on in-scope data, and build granular policies that streamline data protection, audit and reporting.
Detect Database Vulnerabilities
Cyber criminals can easily steal data by exploiting unpatched systems and accessing accounts using default passwords or administrative rights. SecureSphere DAS helps reduce the risk of data theft or breach with automated assessments for database platforms and configurations. SecureSphere DAS includes a library of more than 1500 vulnerability and misconfiguration tests along with industry standard assessment policies based on DISA STIG and CIS.
Simplify Test and Scan Complexity
Enterprise policies defining sensitive data requirements will overlap. SecureSphere DAS provides an abstraction layer that supports the creation of logical test sets and database groups. By utilizing policy test tags and the database groups, the complexity of overlapping policies is minimized, significantly reducing the need to create custom tests and vulnerability scans. With regular vulnerability updates from the Imperva Defense Center, you can be confident that the scans are seeking out the latest known vulnerabilities.
Management at Scale
Simple best practice tasks like quarterly password updates on database servers cripple systems not designed for enterprise scale. SecureSphere DAS provides an automation API that enables the programmatic update of the database configuration and other settings via existing IT workflow processes and provisioning systems. The need for staff to click through the user interface manually updating configurations files is eliminated, saving hundreds of hours and reducing the risk of error.
Prioritize and track vulnerabilities
Once vulnerabilities are discovered it is critical that they are remediated quickly, shortening the window of opportunity for external attackers and malicious insiders. It is easy to prioritize database risks with the Imperva RiskSense Vulnerability Manager add-on option. Imperva RiskSense Vulnerability Manger ingests database assessment results from SecureSphere DAS. It calculates a risk score for database assets based on the vulnerability severity level and business criticality of the database. A dashboard with drill down capabilities supports risk-based prioritization of mitigation efforts and reporting.
Discovery and Assessment Server Specifications
Specification Description Supported Databases
- Microsoft SQL Server
- IBM DB2 (on LUW and z/OS)
- SAP Sybase
- IBM Informix
- Oracle MySQL
- Automated discovery of database servers and services.
- Reported information: IP, ports, database version
- Financial Data – credit card, bank account numbers, transaction number, etc.
- SOX – Transaction balance, profit amount, share amount, etc.
- Personally Identifiable Information – Social Security Numbers, email, address, etc.
- Credentials – login, password, etc.
- Custom data types
- Operating System vulnerabilities
- Database vulnerabilities
- Configuration flaws
- Severity level and mitigation steps
- PCI DSS
- DISA STIG
- CIS Benchmarks
- One time and scheduled discovery and assessment tests
- Imperva Defense Center updates for latest vulnerabilities
Vulnerability Management (add-on option)
- Streamline remediation process
- Manage exceptions
- Provide audit trail of actions taken
- Prioritize remediation based on risk score
- Network monitoring – Zero impact on monitored servers
- Network based assessment scans - non-intrusive database assessments
- Web User Interface (HTTP/HTTPS)
- Command Line Interface (SSH/Console)
- API (REST)
- Flexible role-based management delegates operations and report viewing
- Incident management ticketing integration
- Real-time dashboard
- Clear, concise summary and detailed assessment reports
- Reports include remediation actions
- PDF, CSV Reports