Twitter Us!

Imperva - Database and Application Security, Reporting and Audit Solutions.Imperva SecureSphere - Database Activity Monitoring

Market Leading Visibility into Database Usage

 

Overview:

The SecureSphere Database Activity Monitoring delivers automated and scalable activity monitoring, auditing, and reporting for Oracle, MS-SQL, MySQL, IBM DB2 (including z/OS), Sybase, Informix and Teradata environments. SecureSphere tracks privileged user access, SQL transactions for forensics, prevents database leaks, and ensures audit integrity by establishing an independent audit trail of user activity. SecureSphere is deployed as a non-inline monitor (sniffer) on the network, while light-weight agents inspect local DBA traffic. Unlike native database logging, SecureSphere can track SQL queries and responses without degrading database performance.

As the most widely-used database monitoring solution, the SecureSphere Database Activity Monitoring has become the solution of choice for many of the world’s leading organizations. Offering server and sensitive data discovery, vulnerability assessment, activity monitoring, auditing and reporting, SecureSphere provides unmatched security, visibility, and compliance controls.

SecureSphare Database Activity Monitoring Gateway

Benefits:

  • Offers complete visibility and an independent audit trail of database activity
  • Streamlines data collection, analysis, and compliance report creation
  • Jumpstarts compliance initiatives by discovering and classifying sensitive data and assessing databases for vulnerabilities
  • Documents security and compliance with powerful reporting engine
  • Provides broadest options for network, agent, and agentless based database monitoring
  • Supports large, distributed environments with a high-performance architecture and centralized management

Features:

  • Detailed and Granular Auditing for Heterogeneous Environments – SecureSphere’s comprehensive audit trail tracks the "who, what, when, where and how" details for all database transactions on all platforms, including LUW and z/OS
     
  • Automated Data Discovery, Classification and Vulnerability Assessment – SecureSphere discovers database servers and locates and classifies sensitive data; database assessments analyze databases for hundreds of vulnerabilities and configuration flaws.
     
  • Material Variances of Profiled User Activity – Imperva’s unique Dynamic Profiling technology establishes a baseline of user activity and continuously updates the baseline profile over time; SecureSphere identifies material variances when users perform unexpected queries or violate access policies.
     
  • Data Leak Prevention – SecureSphere inspects outbound traffic to identify and optionally audit leaks of sensitive data such as cardholder data and social security numbers.
     
  • Separation of Duties Enforcement – SecureSphere’s audit mechanism is completely independent of the database being audited and it does not require DBA involvement for setup or maintenance. The audit log is stored separately in a tamper-proof repository and may be optionally encrypted or digitally signed.
     
  • Low impact, High Performance, Zero Latency – By monitoring almost all SQL traffic at the network level and restricting Imperva’s light-weight agent to local DBA activity, SecureSphere offers unparalleled performance with no impact on existing applications or infrastructure.
     
  • Enterprise-grade Centralized Management – Scaling to protect large, distributed data centers, the MX Management Server centralizes the configuration, monitoring and reporting of multiple appliances.
     
  • Risk Management – Includes a powerful Risk Explorer to quickly identify and prioritize critical sensitive data and physical databases to audit.
     
  • Powerful Reporting Framework – SecureSphere includes a flexible, graphical reporting engine that includes both pre-defined and fully-customizable reports. SecureSphere can also integrate with third party products such as SIEM and ticketing solutions.
     
  • Automated Compliance Workflow – Compliance reports may be scheduled and distributed across the organization; SecureSphere can record when key stakeholders review reports or define followed tasks.

SecureSphere DAM Dashboard

Solutions:

The SecureSphere Database Activity Monitoring (DAM) solution is designed to provide the industry’s best automated auditing and security for critical database platforms. It helps organizations gain visibility into their database activity and understand their risk posture through discovery and assessments, continuous auditing, and effective measurements.

Addressing PCI-DSS Compliance with SecureSphere DAM
PCI-DSS requirements emphasize the importance of real-time monitoring of access to cardholder data. SecureSphere enables merchants and service providers to address the most challenging PCI requirements quickly, painlessly, and cost effectively. SecureSphere provides compensating controls for database encryption (PCI-DSS 3). It also enables critical monitoring and tracking of all access to cardholder data (PCI-DSS 10).

Additional PCI-DSS requirements are addressed through:

  • Built-in assessments to confirm vendor supplied accounts and passwords are not in use
  • Intelligent alerts on unauthorized access to cardholder data
  • Built-in and custom reports to measure effectiveness of controls

Overall, 7 out of the 12 PCI-DSS requirements are addressed by SecureSphere Database Activity Monitoring. Additional PCI requirements are addressed through SecureSphere Database Firewall and Database Security Suite.

 

Discovery and Vulnerability Management

Database Discovery and Classification
SecureSphere ensures that organizations can prioritize and protect all sensitive data. Network based discovery of database servers throughout the network ensures awareness. Classifying databases based on the data types they contain helps organizations map and prioritize the discovered servers and fundamentally understand which servers are within the scope of a regulatory compliance project.

Comprehensive Vulnerability Assessment
SecureSphere includes a full set of platform assessment tests, RDBMS vulnerabilities and best practices to help organizations remediate and control the configuration of their database environments and implement an overall vulnerability management strategy.

The assessments are kept up-to-date with the latest research from the Imperva Application Defense Center (ADC) research team.

Intelligent Behavioral Assessments
Behavioral assessment delivers unique visibility into how users and applications are actually accessing and manipulating database data. SecureSphere builds a comprehensive usage profile for analysis and reporting that shows activity details like time/date, source/destination, user, client application, and can be used to spot abnormal activity.

Automated Auditing and Security

SecureSphere includes a complete set of predefined audit and security policies which can be quickly implemented for monitoring any database environment. These policies are based on ‘Black-list’ and ‘White-list’ security modules which are continuously updated through Imperva’s patent pending Dynamic Profiling Technology and updated research conducted by the Imperva ADC.

The Dynamic Profiling technology automatically detects and incorporates valid changes over time, and relieves administrators from the need to manually create and update tedious white lists that contain hundreds and thousands of objects, users and SQL queries.

Continuous Audits and Analysis of all Database Traffic

Granular auditing and continuous monitoring of all database operations in real-time provides organizations with a detailed audit trail that shows the ‘Who, What, When, Where and How’ of each transaction. SecureSphere captures all database activity including DML, DDL and DCL activity, read-only activity (SELECTs), changes made to stored procedures, triggers and database objects, as well as SQL errors and database login activity. SecureSphere also monitors (and optionally audits) the database response to ensure there is no leakage of sensitive data.

Managing Security and Change
SecureSphere monitors database activity in real time and looks for various database attacks at the OS, protocol level, and SQL level. Granular row-level change auditing enables accurate alerts on fraudulent activity, database changes, and attacks – sending real-time alerts, assigning followed tasks, and ensuring change control.

Independent Monitoring and Auditing
As an independent monitoring solution, SecureSphere does not require enablement of native auditing tools, nor does it rely on the DBA for implementation and maintenance. SecureSphere leverages gateway appliances to monitor network traffic, and light-weight SecureSphere agents to capture local activity and eliminate blind spots. This non-intrusive hybrid architecture ensures audit independence and separation of duties.

Tamper-Proof Audit Trail
SecureSphere captures the detailed audit trail in an external, secured and hardened repository which can be accessed through read-only views. The repository enforces a role based access mechanism (RBAC) for administrative and security usage. To ensure the integrity of the audit trail it can also be encrypted.

Streamline Compliance Efforts

Interactive Audit Analytics
Complete visibility into audited activities is provided through interactive audit analytics, which enables non-technical database auditors to analyze, correlate, and view database activity from virtually any angle with just a few mouse clicks, enabling easy identification of trends and patterns that may conceal security risks or compliance problems.

Best-in-Class Reporting
SecureSphere provides easy reporting on audited events with predefined graphical reports that help measure risk and address regulatory requirements. Specific reports are designed for demonstrating compliance with SOX, PCI, and other data privacy laws. Scheduling automated reports, sending the results in PDF or HTML formats, and integration with SIEM, ticketing systems and other 3rd party solutions streamlines business processes.

Risk Management for Databases
SecureSphere significantly reduces the efforts required to effectively and efficiently manage risk to data. Enterprise risk management dashboards and drill-down views help organizations establish mitigating controls to prevent data loss and information leaks, reducing the risk of unauthorized access and fraudulent activity.

Flexible Deployments, Low TCO

Flexible Deployment Modes: Network, Agent, Native Audit, or Hybrid
SecureSphere offers the most flexible deployment options, offering non-intrusive network monitoring, lightweight agent monitoring, native audit collection, or a hybrid mix. This enables organizations to deploy whatever mix fits their unique topology and business needs.

Performance and Scalability
Unmatched by any other DAM solution, SecureSphere provides fast processing and complete audit capabilities that can easily scale to support any environment – from SMBs to large Enterprise.

Centralized Management
SecureSphere offers centralized management for SecureSphere gateways. This enables better efficiency and effectiveness in large-scale SecureSphere deployments. And support for hierarchical policy management and administrations supports even the largest organizations.

Monitoring and Validating Privileged Database Activity
Privileged users and DBAs are responsible for the administration and maintenance of databases and require elevated privileges and access to system resources. Complete visibility into privileged activity and real-time alerts ensure that only authorized applications and users are accessing sensitive data, or performing changes to database schemas and values.

SecureSphere light-weight agents eliminate blind spots and ensure full capturing of all network and local privileged operations including Data Definition Language (DDL) commands and Data Control Language (DCL) commands as well as Data Manipulation Language (DML) commands and SELECTs. Monitoring privileged users’ activity is critical for fully protecting databases against internal fraud and abuse as well as external attacks.

 

Features and Appliance Specifications:

Features Specifications:
Databases Supported
  • Oracle
  • MS-SQL
  • Sybase
  • IBM DB2 (Including z/OS)
  • Informix
  • Teradata
  • MySQL
Server Discovery
  • Automated discovery of database servers
Data Discovery and Classification
  • Database servers
  • Financial Information
  • Credit Card Numbers
  • System and Application Credentials
  • Personal Identification Information
  • Custom data types
Vulnerability Assessment
  • Operating System vulnerabilities
  • Database vulnerabilities
  • Configuration flaws
  • Risk scoring and mitigation steps
Database Audit
  • SQL operation (raw or parsed)
  • SQL response (raw or parsed)
  • Database, OS user name
  • Timestamp
  • Source IP, OS, application
Privileged Activities
  • All privileged activity, DDL and DCL:
  • Schema Changes (CREATE, DROP, ALTER)
  • Creation, modification of accounts, roles and privileges (GRANT, REVOKE)
Access to Sensitive
  • Successful and Failed SELECTs
Security Exceptions
  • Failed Logins, Connection Errors, SQL errors
Data Modification
  • INSERTs, UPDATEs, DELETEs (DML activity)
Stored Procedures
  • Creation, Modification, Execution
Triggers
  • Creation and Modification
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Fraud Identification
  • Unauthorized activity on sensitive data
  • Abnormal activity hours and source
  • Unexpected user activity
Data Leak Identification
  • Requests for classified data
  • Unauthorized/abnormal data extraction
Database Security
  • Dynamic Profile (White List security)
  • Protocol Validation (SQL and protocol validation)
  • Real-time alerts
Platform Security
  • Operating system intrusion signatures
  • Known and zero-day worm security
Network Security
  • Stateful firewall
  • DoS prevention
Advanced Protection
  • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks
Risk Management
  • Data Risk Explorer and risk scoring based on sensitive data and location. Recommended mitigation and audit activities prioritization.
Policy Updates
  • Regular Application Defense Center security and compliance updates
Deployment Modes
  • Network: Non-inline sniffer , transparent bridge
  • Host: Optional light-weight agents (local or global mode)
  • Agentless collection of database audit logs
Performance Overhead
  • Network monitoring – Zero impact on monitored servers
  • Agent based monitoring – up to 3% CPU resources
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Administration
  • MX Server for centralized management
  • Integrated management option
  • Hierarchical management
Events and Reporting
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Upgrade Paths
  • Database Firewall, Data Security Suite

 

Appliance Specifications:
  Imperva X6500 Imperva X4500 Imperva X2500
  X6500 X4500 X2500
Fault Tolerance Dual, hot-swap hard drives, power supplies, and fans Dual, hot-swap hard drives, power supplies, and fans Dual, hot-swap hard drives, power supplies, and fans
Throughput 2 Gbps 1 Gbps 500 Mbps
HTTP Transactions/Sec 44,000 36,000 22,000
SQL Transactions/Sex 200,000 100,000 50,000
Latency Sub-millisecond Sub-millisecond Sub-millisecond
Interfaces 10 x 10/100/1000 Mbps
(max 4 Fiber interfaces; optional 10Gbps Fiber)		 6 x 10/100/1000 Mbps
(max 4 Fiber interfaces; optional 10Gbps Fiber; optional 4 additional Copper)		 6 x 10/100/1000 Mbps
(max 4 Fiber interfaces)
Interface Types Copper, Fiber SX, Fiber SR or Fiber LR Copper, Fiber SX, Fiber SR or Fiber LR Copper or Fiber SX
Max Network Segments (4) Bridge; (9) Proxy, Non-inline (4) Bridge; (9) Proxy, Non-inline (2) Bridge; (5) Proxy, Non-inline
Inline Fail Open (Bridging only) 4 bypass segments Up to 4 bypass segments 2 bypass segments
Hard Drive 2 hot-swap 1 TB 2 hot-swap 1 TB 2 hot-swap 500 GB
Memory 8 GB 8 GB 4 GB
Serial Port RJ45 connector RJ45 connector RJ45 connector
USB Port 2 2 2
SSL Acceleration Included Optional Optional
Fibre Channel, LOM or HSM Optional Optional Optional
Power Supply Dual 400 W Dual 400 W Dual 400 W
AC Power 100-240V, 50-60 Hz 100-240V, 50-60 Hz 100-240V, 50-60 Hz
Typical Consumption 290 W 210 W 190 W
Typical Heat Output 990 BTU/Hr 720 BTU/Hr 650 BTU/Hr
Form Factor 2U 2U 2U
Dimensions 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm
Weight 53.3 lbs (24.2 Kg) 51.10 lbs (23.2 Kg) 50.44 lbs (22.9 Kg)
Operating Environment Temperature: 5° - 40° C
Relative Humidity: 20% - 90%
Storage Environment Temperature: 0° - 70° C
Relative Humidity: 20% - 90%
Safety Agency Approval CE/FCC/cTUVus/VCCI
Supported SecureSphere Products Web Application Firewall
Discovery and Assessment Server
Database Activity Monitoring
Database Firewall
Data Security Suite
Database Agents Included1 100 50 20
Database Vulnerability Assessments Included2 400 200 100

1 Database agents only included with SecureSphere Database Activity Monitoring, Database Firewall, and Data Security Suite.
2 Database assessments only included with Discovery and Assessment Server, Database Activity Monitoring, Database Firewall, and Data Security Suite.

View Demo:

 

Documentation:

PDF File
Download the Imperva SecureSphere Database Activity Monitoring Datasheet (PDF).