Twitter Us!

Imperva - Database and Application Security, Reporting and Audit Solutions.Imperva SecureSphere - Database Firewall

Market Leading Auditing and Protection for Databases

 

Overview:

The award-winning SecureSphere Database Firewall monitors and proactively protects databases from internal abuse, database attacks, and unauthorized activity. The Database Firewall delivers a powerful platform to monitor, audit, and protect Oracle, MS-SQL, IBM DB2, Sybase, Informix and Teradata databases without impacting database performance and without requiring application or network changes. It can be deployed in front of database servers to directly protect them from attacks and data leakage. SecureSphere appliances and agents audit SQL transactions for forensics, prevent database leaks, and ensure data integrity by establishing an independent audit trail of user activity.

The SecureSphere Database Firewall is the only solution available that can directly protect databases from potential attacks. With pre-built security policies, audit rules, and reports for PCI, SOX, HIPAA, and enterprise applications, SecureSphere customers can protect their most valuable database resources.

SecureSphere Database Firewall

Benefits:

  • Accurately monitors and actively protects mission-critical database servers
  • Offers complete visibility and independent audit trail of database activity
  • Automates data collection, analysis, policy enforcement, and reports
  • Demonstrates security and compliance with best-in-class monitoring and reporting
  • Provides broadest options for network, agent, and agentless based database monitoring
  • Unifies management and monitoring of multiple gateways through centralized MX Management Server

Features:

  • Total Database Protection and Accurate Policy Enforcement – The SecureSphere Database Firewall blocks unauthorized activities and sophisticated attacks before they reach the database.
     
  • Virtual Patching solution – Protect mission critical databases with virtual patching when vendor-supplied patches cannot be deployed. Virtual patching does not require any changes to the database or applications.
     
  • Automated Data Discovery, Classification and Vulnerability Assessment – SecureSphere discovers database servers and locates and classifies sensitive data; database assessments analyze databases for hundreds of vulnerabilities and configuration flaws.
     
  • Detailed and Granular Auditing for Heterogeneous Environments – unified auditing provides the: “who, what, when, where and how” details for all major database platforms.
     
  • Data Leak Prevention – SecureSphere inspects outbound traffic to identify and optionally audit or block leaks of sensitive data such as cardholder data and social security numbers.
     
  • Low impact, High performance, Zero latency – By monitoring almost all SQL traffic at the network level and restricting Imperva’s light-weight agent to local DBA activity, SecureSphere offers unparalleled performance with no impact on existing applications or infrastructure.
     
  • Enterprise-grade Centralized Management – Scaling to protect large, distributed data centers, the MX Management Server centralizes the configuration, monitoring and reporting of multiple appliances.
     
  • Powerful Reporting framework – SecureSphere includes a flexible, graphical reporting engine that includes both pre-defined and fully-customizable reports. SecureSphere can also integrate with third party products such as SIEM and ticketing solutions.
     
  • Risk Management – Includes a powerful Risk Explorer to quickly identify and prioritize critical sensitive data and physical databases to protect.
     
  • Automated Compliance Workflow – Compliance reports may be scheduled and distributed across the organization; SecureSphere can record when key stakeholders review reports or define followed tasks.

SecureSphere DBF Dashboard

Solutions:

The SecureSphere Database Firewall (DBF) solution is designed to provide the industry’s best automated protection for critical database platforms. Through realtime activity blocking it controls access to databases and protects against fraud, abuse, and external attacks. Providing complete visibility into database activity enables organizations to implement a complete database security and compliance solution.

Discovery and Vulnerability Management

Database Discovery and Classification
SecureSphere ensures that organizations can prioritize and protect all sensitive data. Network based discovery of database servers throughout the network ensures awareness. Classifying Databases based on the data types they contain helps organizations map and prioritize the discovered servers, and understand which servers are within the scope of a regulatory compliance project and may require more stringent controls.

Comprehensive Vulnerability Assessment
SecureSphere includes a full set of platform assessment tests, RDBMS vulnerabilities and best practices. It helps organizations remediate and control the configuration of their database and implement an overall vulnerability management strategy.

The assessment tests are kept up-to-date with the latest research from the Imperva Application Defense Center (ADC) research team. From the Vulnerability Workbench users can apply Virtual Patching to block exploitation attempts.

Intelligent Behavioral Assessments
Behavioral assessments provide visibility into the ways users and application access and manipulate data stored in databases. By capturing activity details like the user, date and time of the event, source, destination and the tools/ applications used, and building a comprehensive profile, SecureSphere can provide detailed analysis, alert and optionally block abnormal activity.

Database Activity Monitoring

Automatic Auditing
SecureSphere includes a complete set of predefined security and audit policies which can be quickly implemented for protecting any database environment. These policies are based on ‘Black-list’ and ‘White-list’ security modules which are continuously updated: The ‘Black List’ is updated by the Imperva ADC research group, the ‘White List’ is updated by Imperva’s patent pending Dynamic Profiling technology, which automatically detects and incorporates valid changes over time, and relieves administrators from the need to manually create and update tedious white lists that contain hundreds and thousands of database objects, users and SQL queries.

Independent Monitoring and Auditing
As an independent security solution, SecureSphere does not require enablement of native auditing tools, nor does it rely on the DBA for implementation and maintenance. SecureSphere leverages gateway appliances to monitor network traffic, and light-weight SecureSphere agents to capture local activity and eliminate blind spots.

Tamper-Proof Audit Trail
SecureSphere captures the detailed audit trail that shows the ‘Who, What, When, Where and How’ of each transaction. The audit trail is stored in an external, secured and hardened repository which can be accessed through read-only views. To ensure the integrity of the audit trail it can also be signed or encrypted.

Database Security Aspects of SOX Compliance:
SOX sections 302 and 404 require that appropriate steps and controls are implemented to ensure consistent production of reliable financial information. SecureSphere enables organizations to keep an independent audit trail which provides detailed information on the ‘Who, What, When, Where and How’ on activity related to financial data, supporting the enforcement of access controls and ensuring the integrity of financial data.

Built-in audit analytics views and reports help organizations address SOX specific requirements like identification of dormant accounts, monitoring of failed logins and implementation of change controls.

 

Real-Time Database Protection

Blocking Unauthorized Activity
Continuous real-time monitoring and analysis of all database operations allows SecureSphere to respond quickly and block unauthorized activities. SecureSphere monitors network and direct access to databases and captures all database

Activity including DML, DDL and DCL activity, read-only activity (SELECTs), changes made to stored procedures, triggers and database objects, as well as SQL Errors and database login activity. SecureSphere also monitors (and optionally audits) the database response to ensure there is no leakage of sensitive data.

Attack Blocking and Virtual Patching
As SecureSphere monitors live database activity it looks for various database attacks at the OS and protocol level as well as the SQL activity level to provide accurate real-time protection. Unauthorized change, fraudulent activity, and database attacks can be blocked on the network before reaching the protected system, or on the system itself.

Virtual Patching helps transparently protect vulnerable systems which can’t be patched or modified.

Streamline Compliance Efforts

Interactive Audit Analytics
Complete visibility into audited activities is provided through Interactive Audit Analytics, which enables non technical database auditors to analyze, correlate, and view database activity from virtually any angle with just a few mouse clicks, enabling easy identification of trends and patterns that may conceal security risks or compliance problems.

Best-in-Class Reporting
SecureSphere provides easy reporting on monitored events with predefined graphical reports that help measure risk and address regulatory requirements. Specific reports are designed for demonstrating compliance with SOX, PCI, and other data privacy laws. Scheduling automated reports, sending the results in PDF or HTML formats, and integration with SIEM, ticketing systems, and other 3rd party solutions streamlines business processes.

Risk Management for Databases

SecureSphere significantly reduces the efforts required to effectively and efficiently manage risk to data. Dashboards and drill-down views help organizations establish mitigating controls to prevent data loss and information leaks, reducing the risk of unauthorized access and fraudulent activity.

Flexible Deployments, Low TCO

Flexible Deployment Modes: Network, Agent, Native Audit, or Hybrid
SecureSphere offers the most flexible deployment options, offering non-intrusive network monitoring, lightweight agent monitoring, native audit collection, or a hybrid mix. This enables organizations to deploy whatever mix fits their unique topology and business needs.

Performance and Scalability
Unmatched by any other DAM solution, SecureSphere provides fast processing and complete audit capabilities that can easily scale to support any environment – from SMBs to large Enterprise.

Centralized Management
SecureSphere offers centralized management for SecureSphere gateways. This enables better efficiency and effectiveness in large-scale SecureSphere deployments. And support for hierarchical policy management and administrations supports even the largest organizations.

Monitoring and Validating Privileged Database Activity
Privileged users and DBAs are responsible for the administration and maintenance of databases and require elevated privileges and access to system resources. Complete visibility into privileged activity and real-time alerts ensure that only authorized applications and users are accessing sensitive data, or performing changes to database schemas and values.

SecureSphere light-weight agents eliminate blind spots and ensure full capturing of all network and local privileged operations including Data Definition Language (DDL) commands and Data Control Language (DCL) commands as well as Data Manipulation Language (DML) commands and SELECTs. Monitoring privileged users’ activity is critical for fully protecting databases against internal fraud and abuse as well as external attacks.


Features and Appliance Specifications:

Features Specifications:
Database Supported
  • Oracle
  • MS-SQL
  • Sybase
  • IBM DB2 (Including z/OS)
  • Informix
  • Teradata
  • MySQL
Server Discovery
  • Automated discovery of database servers
Data Discovery and Classification
  • Financial Data – credit card, bank account numbers, transaction number, etc.
  • SOX – Transaction balance, profit amount, share amount, etc.
  • Personally Identifiable Information – Social Security Numbers, email, address, etc.
  • Credentials – login, password, etc.
  • Custom data types
Vulnerability Assessment
  • Operating System vulnerabilities
  • Database vulnerabilities
  • Configuration flaws
  • Risk scoring and mitigation steps
Database Audit
  • SQL operation (raw or parsed)
  • SQL response (raw or parsed)
  • Database, OS user name
  • Timestamp
  • Source IP, OS, application
Privileged Activities
  • All privileged activity, DDL and DCL:
  • Schema Changes (CREATE, DROP, ALTER)
  • Creation, modification of accounts, roles and privileges (GRANT, REVOKE)
Access to Sensitive Data
  • Successful and Failed SELECTs
Security Exceptions
  • Failed Logins, Connection Errors, SQL errors
Data Modification
  • INSERTs, UPDATEs, DELETEs (DML activity)
Stored Procedures
  • Creation, Modification, Execution
Triggers
  • Creation and Modification
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Virtual Patching
  • Protects databases when patches unavailable
  • Protects databases while testing new patches
Fraud Prevention
  • Unauthorized activity on sensitive data
  • Abnormal activity hours and source
  • Unexpected user activity
Data Leak Prevention
  • Analyze extracted data for existence of classified data
  • Alert on unauthorized/abnormal data extraction
Policy Enforcement
  • Enforce Access Controls
Database Security
  • Dynamic Profile (White List security)
  • Protocol Validation (SQL and protocol validation)
  • Real-time alerts
Platform Security
  • Operating system intrusion signatures
  • Known and zero-day worm security
Network Security
  • Stateful firewall
  • DoS prevention
Advanced Protection
  • Real-time activity blocking
  • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks
Policy Updates
  • Regular Application Defense Center security and compliance updates
Deployment Modes
  • Network: Non-inline sniffer , transparent bridge
  • Host: Optional light-weight agents (local or global mode)
Performance Overhead
  • Transparent Bridge – Zero Impact on monitored servers, sub-millisecond latency
  • Non-inline monitoring - Zero impact on monitored servers, zero latency
  • Agent based monitoring – up to 3% CPU resources
Risk Management
  • Data Risk Explorer and risk scoring based on sensitive data and location. Recommended mitigation activities prioritization.
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Administration
  • MX Server for centralized management
  • Integrated management option
  • Hierarchical management
Events and Reporting
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Upgrade Paths
  • Data Security Suite

 

Appliance Specifications:
  X6500 X4500 X2500
  X6500 X4500 X2500
Fault Tolerance Dual, hot-swap hard drives, power supplies, and fans Dual, hot-swap hard drives, power supplies, and fans Dual, hot-swap hard drives, power supplies, and fans
Throughput 2 Gbps 1 Gbps 500 Mbps
HTTP Transactions/Sec 44,000 36,000 22,000
SQL Transactions/Sex 200,000 100,000 50,000
Latency Sub-millisecond Sub-millisecond Sub-millisecond
Interfaces 10 x 10/100/1000 Mbps
(max 4 Fiber interfaces; optional 10Gbps Fiber)		 6 x 10/100/1000 Mbps
(max 4 Fiber interfaces; optional 10Gbps Fiber; optional 4 additional Copper)		 6 x 10/100/1000 Mbps
(max 4 Fiber interfaces)
Interface Types Copper, Fiber SX, Fiber SR or Fiber LR Copper, Fiber SX, Fiber SR or Fiber LR Copper or Fiber SX
Max Network Segments (4) Bridge; (9) Proxy, Non-inline (4) Bridge; (9) Proxy, Non-inline (2) Bridge; (5) Proxy, Non-inline
Inline Fail Open (Bridging only) 4 bypass segments Up to 4 bypass segments 2 bypass segments
Hard Drive 2 hot-swap 1 TB 2 hot-swap 1 TB 2 hot-swap 500 GB
Memory 8 GB 8 GB 4 GB
Serial Port RJ45 connector RJ45 connector RJ45 connector
USB Port 2 2 2
SSL Acceleration Included Optional Optional
Fibre Channel, LOM or HSM Optional Optional Optional
Power Supply Dual 400 W Dual 400 W Dual 400 W
AC Power 100-240V, 50-60 Hz 100-240V, 50-60 Hz 100-240V, 50-60 Hz
Typical Consumption 290 W 210 W 190 W
Typical Heat Output 990 BTU/Hr 720 BTU/Hr 650 BTU/Hr
Form Factor 2U 2U 2U
Dimensions 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm
Weight 53.3 lbs (24.2 Kg) 51.10 lbs (23.2 Kg) 50.44 lbs (22.9 Kg)
Operating Environment Temperature: 5° - 40° C
Relative Humidity: 20% - 90%
Storage Environment Temperature: 0° - 70° C
Relative Humidity: 20% - 90%
Safety Agency Approval CE/FCC/cTUVus/VCCI
Supported SecureSphere Products Web Application Firewall
Discovery and Assessment Server
Database Activity Monitoring
Database Firewall
Data Security Suite
Database Agents Included1 100 50 20
Database Vulnerability Assessments Included2 400 200 100

1 Database agents only included with SecureSphere Database Activity Monitoring, Database Firewall, and Data Security Suite.
2 Database assessments only included with Discovery and Assessment Server, Database Activity Monitoring, Database Firewall, and Data Security Suite.

View Demo:

 

Documentation:

PDF File
Download the Imperva SecureSphere Database Firewall Datasheet (PDF).