SecureSphere File Firewall

SecureSphere File Firewall

Protect sensitive files from cybercriminals and malicious insiders.
Prevent file theft and stop ransomware while securely sharing files.

Granular data capture

Deploy file security

Continuously monitor all user access to enterprise file storage systems and keep a detailed record of all file access activity, including privileged users, with SecureSphere File Firewall. Show that you have file security under control by using predefined reports to demonstrate tight controls and blocked attacks.

Protect files against external and internal threats

Protect files against external and internal threats

Protect against external and internal threats with SecureSphere File Firewall monitoring. Respond quickly or block suspicious file access activity immediately with notifications based on a robust policy framework.


Stops ransomware in its tracks

Stop Ransomware before it starts

Detect ransomware activity before it does widespread damage. SecureSphere File Firewall leverages policy-based monitoring and deception technology to quarantine infected users/devices based on file access behavior in real-time. Easily detect, block, investigate and report on ransomware activities.

Learn more

Protect SharePoint

Protect your business-critical SharePoint applications at the web, file and database level with SecureSphere. Gain visibility into access to SharePoint data and accelerate your time-to-compliance.

Deploy with CounterBreach

Integrate SecureSphere File Firewall with Imperva CounterBreach to identify malicious, compromised and careless users. CounterBreach analyzes the detailed file activity monitoring logs captured by SecureSphere to establish a baseline of typical user access to files and then pinpoints anomalous activity.

Learn more

How SecureSphere Protects Your Files

Pre-built integrations with common SIEM tools

Access monitoring

SecureSphere File Firewall provides the flexibility to monitor file activity via the network, agents on file servers, or both. You’ll gain visibility into every file access, even by privileged users with local access to file servers.

Granular data capture

SecureSphere captures granular user (e.g., user name, user department, client IP, and file share IP) and file (e.g., file operation, file path, file type and operation response time) data for audit reporting and establishes behavioral activity baselines.

Flexible policies

SecureSphere File Firewall provides the same powerful policy infrastructure used by SecureSphere Web Application Firewall and SecureSphere Database Firewall. Leverage out-of-the-box policies for standard compliance or security activities, or build your own policies.

Quarantining and blocking

Quarantining and blocking

In addition to monitoring and applying policies, SecureSphere also blocks. Mitigate threats, quarantine risky users, and block ransomware infected end-points from connecting to remote file shares.

Ransomware mitigation with deception

SecureSphere provides deception capabilities to detect and automatically block ransomware. From the SecureSphere console, admins can easily deploy deception files on monitored file servers designed specifically to trip up ransomware while being transparent to interactive users.

Learn More

Specifications/system requirements

Specification Description
Operating Systems Supported
  • Windows 2008, 2012, 2012R2 and 2016
  • RedHat 5.X
  • Solaris 10
File Systems Supported
  • Windows file storage systems
  • UNIX/Linux file storage systems
  • NAS devices
Directory Services Supported
  • Microsoft Active Directory users and groups
File System Activity Audit
  • User name
  • Domain
  • Object name
  • Groups
  • Operation (add/remove/delete)
  • Object type
  • Source and Destination IP
Data Classification
  • Metadata and content-based via integration with third party Data Loss Prevention (DLP) vendors such as RSA, Websense, McAfee, and Symantec
  • Manual designation
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Deployment Modes
  • Network: Non-inline sniffer, transparent bridge
  • Host: Lightweight agents
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
  • MX Server for centralized management
Events and Reporting
  • SNMP
  • Syslog
  • Integration with leading SIEM vendors
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Related Products
  • Imperva CounterBreach
  • SecureSphere for SharePoint