Imperva - Database and Application Security, Reporting and Audit Solutions.Imperva SecureSphere - Database Activity Monitoring

Audit Database Access and Usage of Sensitive Data

 

Overview:

SecureSphere Database Activity Monitoring delivers an automated and scalable database
auditing solution that monitors and audits all access to sensitive data across heterogeneous
database platforms. SecureSphere helps organizations demonstrate compliance with
industry regulations through automated processes, audit analysis and customizable
reports. In addition, SecureSphere accelerates incident response and forensic
investigation with centralized management and advanced analytics.

Database activity monitoring and auditing has become a critical challenge for
organizations due to increasing importance of data integrity and privacy to
customers and regulators. The need to continuously audit database access, by
privileged and non-privileged users, on a large number of databases, is
addressed by SecureSphere's automated and scalable database audit solution.

Unique to the industry, SecureSphere enables customers to optimize their DAM
implementations by combining agent-based monitoring and network activity
monitoring. SecureSphere database agents can be configured for monitoring
local privileged activity exclusively, or for monitoring all database activity.
SecureSphere's hybrid architecture provides comprehensive database auditing with
minimal overhead and unparalleled scalability.

Database Security

Key Capabilities:

  • Continuous audit of all access to sensitive data by privileged and application users
  • Alert on abnormal access requests and database attacks, in real time
  • Accelerate incident response and forensic investigation through centralized management
    and advanced analytics
  • Provide audit reports to demonstrate compliance with regulatory requirements
  • Identify databases and objects in scope for Compliance and Security Projects

Features:


Continuously Monitor and Audit Sensitive Data Usage

SecureSphere enables continuous monitoring and granular auditing of all database operations in real-time providing organizations with a detailed audit trail that shows the 'Who, What, When, Where, and How' of each transaction. SecureSphere captures all database activity including DML, DDL and DCL activity, read-only activity (SELECTs), changes made to stored procedures, triggers and database objects, as well as SQL errors, and database login activity. SecureSphere can audit privileged users who directly access the server, as well as non-privileged user accessing the database through various applications. SecureSphere also monitors (and optionally audits) the database response to ensure there is no leakage of sensitive data.

Streamline Compliance through Automated Controls and Reporting

SecureSphere includes a complete set of predefined, customizable audit and security policies which can be quickly implemented for monitoring any database environment. SecureSphere provides detailed and summary reports on audited events that help analyze audit data and address regulatory requirements. Specific reports are designed for demonstrating compliance with SOX, PCI DSS, HIPAA and other data privacy laws. Reports can be scheduled to run automatically and are available in PDF or HTML formats. Audit details and alerts can be sent to SIEM, ticketing systems and other 3rd party solutions in order to streamline business processes.

Real-Time Alerts on Critical Security Events

SecureSphere monitors database activity in real time and looks for various database attacks at the OS, protocol, and SQL level, including SQL injection, buffer overflow and DoS attacks as well as protocol violations. Comparing monitored activity with profiled observed user behavior identifies fraudulent activities and attacks. SecureSphere sends real-time alerts and enables users to create followed tasks, to ensure proper event management and change control.

Audit Analytics for Incident Investigation and Forensics

SecureSphere provides complete visibility into audited activities through interactive audit analytics. SecureSphere enables security teams and non-technical database auditors to analyze, correlate, and view database activity from virtually any angle with just a few clicks, without requiring any SQL scripting. Interactive audit analytics simplifies forensic investigations and enables identification of trends and patterns that may indicate security risks or compliance problems.

Effective User Rights Management Across Databases

SecureSphere streamlines the review and management of user rights across heterogeneous databases. With User Rights Management, organizations can establish an automated process for access rights review, identify excessive user rights and demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5.

Manage Database Changes

SecureSphere captures all changes to database users, schemas, stored procedures, triggers and critical operational data. Granular row-level and column-level change auditing identifies changes that impact sensitive data. SecureSphere can provide real-time alerts and detailed reports on database changes. Integration with ticketing systems associates changes with relevant ticket number enabling identification of authorized and unauthorized activities.

Classifying Data in Scope for Compliance and Security

SecureSphere ensures the detection of all systems and data in scope for compliance and security projects through automated discovery and classification of sensitive data. Identifying databases and objects that contain sensitive and regulated data helps organizations fundamentally understand which databases and objects should be audited and reduces the cost required to maintain compliance. In addition, discovery and classification provides details needed for prioritizing vulnerability remediation efforts.

Database Vulnerability Assessment and Mitigation

SecureSphere includes a full set of platform assessment tests, RDBMS vulnerabilities, configuration audits and best practices to help organizations remediate and control the configuration of their database environments and implement an overall vulnerability management strategy. SecureSphere Database Firewall (DBF) enables mitigation through 'Virtual Patching'. The assessments are kept up-to-date with the latest research from the Imperva Application Defense Center (ADC) research team.

Optimized Audit Architecture, Flexible Deployment Options

SecureSphere offers multiple deployment options, with non-intrusive network monitoring appliances, lightweight SecureSphere agents, 3rd party audit log collection, or a hybrid mix. SecureSphere drop-in physical and virtual appliances provide high performance monitoring and auditing capabilities that can scale to support any environment – from SMBs to large Enterprises. SecureSphere agents eliminate 'blind-spots' by auditing activity that can't be seen on the network. SecureSphere's flexible architecture simplifies the design of custom deployments that fit unique topology and business needs.

Deployment:



Unparalleled Database Security and Compliance

SecureSphere addresses all aspects of database security and compliance with industry-best database auditing and real-time protection that will not impact performance or availability. With its multi-tier architecture, SecureSphere scales to support the largest database installations. By automating security and compliance, it is not surprising that thousands of organizations choose Imperva SecureSphere to safeguard their most valuable assets.

  • Non-inline Network Monitoring: Activity monitoring with zero impact on database performance or availability
  • Transparent Inline Protection: Drop-in deployment and industry-best performance
  • Agent-based Monitoring: Lightweight software agents that monitor direct privileged activities and network traffic
  • Audit Log Collection: Leverages third-party database log files for heterogeneous audit analytics, alerts, and reporting
  • Audit Log Collection: Leverages third-party database log files for heterogeneous audit analytics, alerts, and reporting

Data Security Deployment


Features and Appliance Specifications:

Features Specifications:
Databases Supported
  • Oracle
  • MS-SQL
  • Sybase
  • DB2 (including LUW, z/OS and DB2/400)
  • Informix
  • Teradata
  • MySQL
  • Progress
  • Netezza
Deployment Modes
  • Network: Non-inline sniffer , transparent bridge
  • Host: Optional light-weight agents (local or global mode)
  • Agentless collection of database audit logs
Performance Overhead
  • Network monitoring – Zero impact on monitored servers
  • Agent based monitoring – up to 3% CPU resources
Centralized Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Database Audit
  • SQL operation (raw or parsed)
  • SQL response (raw or parsed)
  • Database, OS user name
  • User name
  • Timestamp
  • Source IP, OS, application
  • Parameters used
  • Stored Procedures
Privileged Activities
  • All privileged activity, DDL and DCL:
  • Schema Changes (CREATE, DROP, ALTER)
  • Creation, modification of accounts, roles and privileges (GRANT, REVOKE)
Access to Sensitive
  • Successful and Failed SELECTs
  • All data changes
Security Exceptions
  • Failed Logins, Connection Errors, SQL errors
Data Modification
  • INSERTs, UPDATEs, DELETEs (DML activity)
Stored Procedures
  • Creation, Modification, Execution
Triggers
  • Creation and Modification
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Fraud Identification
  • Unauthorized activity on sensitive data
  • Abnormal activity hours and source
  • Unexpected user activity
Data Leak Identification
  • Requests for classified data
  • Unauthorized/abnormal data extraction
Database Security
  • Dynamic Profile (White List security)
  • Protocol Validation (SQL and protocol validation)
  • Real-time alerts
Platform Security
  • Operating system intrusion signatures
  • Known and zero-day worm security
Network Security
  • Stateful firewall
  • DoS prevention
Advanced Protection
  • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks
Risk Management
  • Data Risk Explorer and risk scoring based on sensitive data and location. Recommended mitigation and audit activities prioritization.
Policy Updates
  • Regular Application Defense Center security and compliance updates
 
 
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Administration
  • MX Server for centralized management
  • Integrated management option
  • Hierarchical management
Real-Time Event Management and Report distribution
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Upgrade Paths
  • Database Firewall, Data Security Suite

View Demo:

 

Documentation:

PDF File
Download the Imperva SecureSphere Database Security Products Datasheet (PDF).

PDF File
Download the Imperva SecureSphere Appliances Datasheet (PDF).