Enterprise Scale Data Security and Compliance

Database Firewall and Database Activity Monitor Specifications1

  • database activity monitoring video

    A company’s responsibility to protect data has never been higher or harder. Hackers leveraging the latest technologies are routinely exploiting users, web applications, and system vulnerabilities to breach perimeters and move laterally, stripping valuable data from the unprotected systems.

    In parallel, new data protection mandates such as the European Union General Data Protection Regulation(GDPR), multiple updated US state laws including Connecticut S.B. 949, and the likely passage of the Australian data breach notification bill are adding requirements to teams already stretched thin. Many lack the time or desire to develop in-house expertise on the overlapping requirements of each regulation. Imperva addresses these concerns, providing pre-built assets and automating tasks enabling the existing teams to improve security and simplify compliance requirements.

    Key Capabilities

    • Flexible Enterprise Ready Deployment

      Imperva takes a comprehensive view of the enterprise with a centralized management console capable of providing command and control at a global level. The automated health monitoring capabilities introduced in version SecureSphere V12 recognize IT’s need for self-monitoring systems providing intuitive alarms to indicate the presence and location of operational issues. Easy drill-down and instant detailed reporting options speed resolution.

      Imperva also recognizes the value of IT provisioning, providing API sets to facilitate seamless software distribution, configuration updates, policy distribution and data discovery. Deployment and configuration automation is a primary factor in time-to-value. As an example, an Imperva customer independently deployed Agents to over 1,000 databases in just a few weeks using these automation tools.

      Imperva goes beyond the typical deployment scenario where agents are required on all database servers; SecureSphere supports multiple deployment methods, including a local agent, a network transparent bridge option and a non-inline sniffer mode. By using a combination of deployment methods, the enterprise can meet a wide variety of needs without being locked into a one-size-fits-all model.

    • Cloud Ready and the Option for Data Security as a Managed Service

      SecureSphere supports Cloud, on-premises, and hybrid deployment models. Imperva is available for both Microsoft Azure and the Amazon Web Services (AWS) environments. In addition, Imperva offers SecureSphere data security solutions as a hosted Managed Service. Imperva has over 15 years of dedicated data protection and compliance experience. With direct access to the latest Imperva Defense Center research and expertise. Your data security will be the top priority for the dedicated staff – not something assigned to an inexperienced or resource constrained internal team.

      Contact us to learn more about Imperva SecureSphere as a managed service.

    • Discover Hidden Risks and Costs

      SecureSphere identifies databases, sensitive data and system risks. Industry standards are utilized to create a prioritized risk score for each database. Combined with the automated data classification, organizations can accurately scope projects and prioritize risk mitigation efforts.

    • Monitor All Traffic for Protection, Audit only what is needed for Compliance

      Even with a high volume of database traffic, SecureSphere simultaneously can monitor all traffic for security policy violations and only audit what is necessary for compliance policy purposes. The dual-channel monitoring for separate purposes allows companies to address both security and compliance requirements with a single unified solution. The efficiency also means companies can deploy monitoring that is more sophisticated and across more data sources than legacy solutions that must capture activity in audit logs before evaluation for policy violations. These legacy solutions can only monitor a fraction of the traffic before they impact performance, require additional appliances and more specialized resources to maintain the system.

      SecureSphere analyzes all database activity in real-time, providing organizations with a proactive security enforcement layer and detailed audit trail that shows the "who, what, when, where, and how" of each transaction. SecureSphere addresses the compliance requirement for separation of duties and audits privileged users who directly access the database server, as well as users accessing the database through a browser, mobile, or desktop-based application.

    • Manage User Access

      Virtually every regulation including the new EU General Data Protection Regulation(GDPR) has requirements to manage user rights to sensitive data. Complying with these requirements is one of the most difficult tasks for enterprises to perform manually across large data sets. SecureSphere automatically aggregates user rights across heterogeneous data stores and helps establish an automated access rights review process to eliminate excessive user rights and dormant user accounts. It facilitates a routine demonstration of compliance with regulations such as HIPAA SOX, and PCI DSS. The automation of these mundane, but critical tasks, lowers labor costs and reduces the risk of error or reporting gaps.

      Learn more about Imperva User Rights Management for Databases.

    • Streamline Data Compliance

      Unlike solutions that require DBA involvement and reliance on expensive professional services, SecureSphere provides the necessary management and centralization capabilities to manage thousands of databases, Big Data nodes, and file repositories. Pre-defined policies, remediation workflows, and hundreds of reports markedly reduce the need for SQL scripting and security or compliance matter expertise. Elimination of the need for ongoing DBA involvement ensures compliance with the separation of duties requirement. By utilizing the out-of-the-box process APIs, management console, workflows, reports and analysis tools existing personnel can deploy and manage the system.

    • Discover and Manage Database Vulnerabilities

      SecureSphere virtual patching capabilities help organizations quickly patch vulnerabilities that cannot be remediated in a timely manner through standard means. The same process may be used to patch legacy solutions when no permanent patch is available.

      Streamline the closure of standard system security gaps with the vulnerability management add-on module for SecureSphere. The module, introduced with SecureSphere V12, prioritizes and manages the remediation process across the entirety of your database environment.

      For more information on vulnerability assessment and management click here

    • Spot and Stop Abnormal Behavior

      SecureSphere allows administrators to define policies that granularly monitor and control how users access data objects. To streamline this, SecureSphere creates a white list of the data objects regularly accessed by individual database accounts using Imperva patented Dynamic Learning Method (DLM) and Adaptive Normal Behavior Profile (NBP) technology. It builds an activity profile for each account, including DML, DDL, DCL, read-only activity (SELECTs), and usage of stored procedures. SecureSphere detects when a profiled account accesses a data object that is not in the account's white list.

      Multi-action alerts, temporary quarantines and if appropriate blocking of unauthorized activities can be used to protect data without the need to disable the profiled account avoiding potential disruptions in critical business processes. Automated remediation workflows drive multi-action security alerts that can send information to Splunk, SIEM, ticketing, or other third-party solutions to streamline business processes.

    • Detect and Contain Insider Threats

      Protect enterprise data from theft and loss caused by compromised, careless or malicious users by seamlessly integrating the SecureSphere activity log with Imperva CounterBreach. CounterBreach uses machine learning and peer group analytics to establish a full contextual baseline of typical user access to database tables, and then detects and prioritizes anomalous activity. Once dangerous actions are identified, enterprises can quickly quarantine risky users to proactively prevent or contain data breaches.

    • Protect in Real-Time

      Stopping attacks in real-time is the only effective way to prevent hackers from getting to your data. SecureSphere monitors all traffic for security policy violations looking for attacks on the protocol and OS level, as well as unauthorized SQL activity. The highly efficient monitoring can quarantine activity pending user rights verification or block the activity – without disrupting business by disabling the entire account.

      Blocking is available both at the database agent and network levels enabling the fine tuning of the security profile to balance the need for absolute security with the need for maximum performance.

    • Stop Advanced Targeted External Attacks

      Web applications remain the number one point of entry for hackers. To enhance the security of web applications, deploy Imperva SecureSphere Web Application Firewall(WAF), which utilizes the same architecture and management platform as SecureSphere data solutions. Additional integrations with malware protection, including FireEye, and other specialized security systems help organizations align processes and close security gaps.

    • Prevent Ransomware from Holding you Hostage

      Stopping a ransomware attack before it encrypts critical assets is the best method for protecting the data and organization. Imperva File Firewall detects ransomware behavior on the network using deception-based technology, and quarantines impacted users to prevent the spread of ransomware to your network file servers. Real-time detection of ransomware file access activities provides immediate security and protects business critical data and systems from costly downtime and business interruption.

    • Visualize Database Activity Alerts

      SecureSphere provides standard integration with a wide variety of SIEM products including ArcSight, QRadar, and Splunk. Imperva provides a dedicated API set for Splunk enabling users to add custom activity feeds to their Splunk security dashboards and reports. The free Imperva Database Activity Analysis Application for Splunk, is a pre-built dashboard and report set optimized for analyzing SecureSphere database alerts and logs. The deployment requires no Splunk development experience and users may create customized reports using the pre-built reports as templates.

  • Specification Description
    Supported Database Platforms
    • Oracle (Including NDE/ASO, SSL)
    • Oracle Exadata
    • Microsoft SQL Server
    • MSSQL with Diffie-Hellman and Kerberos-gMSA *ACP Required
    • IBM DB2 (on LUW, z/OS and DB2/400)
    • IBM IMS on z/OS
    • IBM Informix
    • IBM Netezza
    • SAP Sybase (ASE, IQ, SQL Anywhere)
    • SAP-HANA
    • Teradata
    • MySQL
    • PostgreSQL
    • Progress OpenEdge
    • Maria DB

    * Agent Compatibility Package(ACP): SecureSphere now provides a dynamic mechanism for updating agents with protocol and other changes. These updates are automatically distributed using the Agent Compatibility Package (ACP) through Software Updates but can also be manually uploaded.

    Supported Big Data Platforms
    • Cloudera Enterprise (HDFS, HIVE, HBASE, Impala)
    • Hortonworks (HDFS, HIVE, HBASE)
    • IBM BigInsights (HDFS, HIVE, HBASE)
    • MongoDB
    • Cassandra
    Cloud Support
    • Amazon Web Services
    • Microsoft Azure
    Deployment Modes
    • Network: Non-inline sniffer, transparent bridge
    • Host: Light-weight agents (local or global mode)
    • Agentless collection of 3rd party database audit logs
    Performance Overhead
    • Network monitoring – Zero impact on monitored servers
    • Agent based monitoring – 1-3% CPU resources
    Centralized Management
    • Web User Interface (HTTP/HTTPS)
    • Command Line Interface (SSH/Console)
    • Common Criteria Certified
    Database Audit Details
    • SQL request (raw and parsed)
    • SQL response
    • Database, Schema and Object
    • User name
    • Timestamp
    • Source IP, OS, application
    • OS-User-Chaining
    • SSH/RDP Source-IP
    • Parameters used
    • Stored Procedures
    • Indication of failed activities
    • Integration with LDAP
    Privileged Activities All privileged activity, DDL and DCL such as:
    • Schema Changes (CREATE, DROP, ALTER, etc.)
    • Creation, modification of accounts, roles and privileges (GRANT, REVOKE, etc.)
    Access to Sensitive Data
    • SELECTs
    • Data manipulation
    Security Exceptions
    • Failed Logins, Connection Errors, SQL errors and other exceptions
    Data Modification
    • INSERTs, UPDATEs, DELETEs (DML activity)
    Stored Procedures
    • Creation, Modification, Execution
    • Creation and Modification
    Tamper-Proof Audit Trail
    • Audit trail stored in a tamper-proof repository
    • Optional encryption or digitally signing of audit data
    • Role based access controls to view audit data (read-only)
    • Real-time visibility of audit data
    Fraud Identification
    • Unauthorized activity on sensitive data
    • Abnormal activity hours and source
    • Unexpected user activity
    • FireEye integration
    Data Leak Identification
    • Requests for classified data
    • Abnormal data extraction
    Database Security
    • Dynamic Profile (White List security)
    • Protocol Validation (SQL and protocol validation)
    • Real-time alerts and blocking
    • Virtual Patching
    Platform Security
    • Operating system intrusion signatures
    • Known and zero-day worm security
    • Integration with external authentication systems
    Network Security
    • Stateful firewall
    • DoS prevention
    Policy Updates
    • Regular Imperva Defense Center security and compliance updates
    • API for script-based (new) deployments and updates
    Real-Time Event Management and Report distribution
    • SNMP
    • Syslog
    • Email
    • Incident management ticketing integration
    • Custom followed action
    • SecureSphere task workflow
    • Integrated graphical reporting
    • Real-time dashboard
    • Integration with SIEM systems
    • Free Imperva Database Audit Analysis Splunk App
    Server Discovery
    • Automated discovery of database servers
    Data Discovery and Classification Predefined data types, including:
    • Financial Information
    • Credit Card Numbers
    • System and Application Credentials
    • Personal Identification Information
    • Health information
    • Custom data types
    User Rights Management (add-on option)
    • Audit user rights over database objects
    • Validate excessive rights over sensitive data
    • Identify dormant accounts
    • Track changes to user rights
    Vulnerability Assessment
    • Database vulnerabilities
    • Configuration flaws
    • Security level and mitigation steps

    1 Note: Not all functionality is available in all configurations, for more information please contact an Imperva SecureSphere representative.