Imperva
SecureSphere -
Discovery and Assessment Server
Discovery and Assessment for Databases
Overview:
The Imperva SecureSphere Discovery and Assessment Server delivers a full database vulnerability assessment solution that discovers databases in networks, provides data classification on their content, and assesses vulnerability risks associated with that data. Organizations can use SecureSphere to automatically classify database data as Personally Identifiable Information (PII), financial data, SOX, or PCI-relevant data, or custom data types. SecureSphere then helps you manage risks by performing vulnerability assessment tests and mapping test results to classified data.
Moving beyond database discovery, classification, and assessment, SecureSphere Discovery and Assessment Server can be upgraded to a SecureSphere Database Activity Monitoring, Database Firewall, or full Data Security Suite. The SecureSphere Discovery and Assessment Server is an excellent choice for organizations needing a comprehensive database vulnerability solution or starting a larger database security project.
Benefits:
- Database platform, software, and configuration vulnerability analysis
- Automatic network discovery of database servers
- Comprehensive data classification by pre-defined or custom data types
- Risk scoring for vulnerability management
- Full upgrade path to Data Activity Monitoring, Database Firewall, or Data Security Suite
Features:
- Automated Database Server Discovery – SecureSphere discovers known and rogue servers over the network and reports servers, platforms,
software, versions and other critical information.
- Data Classification – SecureSphere locates sensitive data on discovered databases. Data is classified by data type, including PII
(Personally Identifiable Information), financial data, credit card numbers, PCI, SOX, and custom types.
- Vulnerability Assessment – SecureSphere performs non-intrusive assessments to detect hundreds of platform, software, and configuration
vulnerabilities specific to the assessed database platform. Comprehensive reports recommend remediation steps and actions.
- Risk-based Vulnerability Management – Risk-scoring based on data classification and assessed vulnerabilities enables SecureSphere to help
organizations prioritize security activities.
- Clear, Relevant Reports Analyze Database Threats – The SecureSphere Discovery and Assessment Server includes intuitive and easy-to-understand
reports that provide high-level summaries of security status as well as detailed, drill down reports with individual assessment results. Pre-defined
reports make it easy to document compliance to auditors.
- Scheduled Assessments and Report Distribution – Saving operational time and effort, organizations can schedule one-time or recurring database
assessments.
- Inclusive Vulnerability Knowledgebase – With the most in-depth and current database of vulnerability assessments, customers can be assured that SecureSphere will uncover all vulnerabilities and configuration flaws.
- Up-to-date Vulnerability Assessments – The Imperva Application Defense Center (ADC) constantly analyzes the latest database threats and
vulnerabilities. Assessments are continually and automatically updated.
- Upgrades to additional features – Organizations can easily use data discovery and classification as the first step to add Data Activity Monitor, Database Firewall, or the full Data Security Suite via an easy license upgrade.
Solutions:
Discovery and Classification
Discovering Databases
An essential part of any compliance and
database vulnerability management
program is a clear knowledge of the assets
requiring protection. The SecureSphere
Discovery and Assessment Server (DAS)
offers automated network-based database
discovery. Scheduled scans of designated
networks discover new database
installations and ensure awareness of
these assets. The discovery results include
detailed information about the specific
platforms and RDBMS, which combined
with data classification and vulnerability
assessment and mitigation enable risk
management that maps sensitive data
with vulnerability risks. Database discovery
also helps with asset management and is
an important first step for ensuring that
rogue database servers do not exist on
the network.
Data Classification
Classifying the data contained within
databases helps security and compliance
managers to fundamentally understand
which databases are within the scope of a
regulatory compliance project.
SecureSphere uses Dictionaries and Rules as key data classification methods to scan the contents of databases. An extensive list of pre-defined data classification types is included in the solution, and custom data types can be added as well. Asset discovery and data classification scans can be scheduled and repeated to ensure ongoing awareness of types of data within an organization’s databases.
Data Classification Types
SecureSphere DAS offers an extensive
list of built in data types in the following
classification categories:
- Financial Information
- Credit Card Numbers
- System and Application Credentials
- Personal Identification Information
- Custom Data Types
Discovery and Classification Results
Once discovered and classified,
organizations can quickly view discovered
platforms and add them to server groups
based on location, type of database, and
data by classified type. Server groups are
then applied with assessment policies. This
enables organizations to have full visibility
of the data within their organizations.
In addition, discovered servers can be
added to a server group and included
in assessment scans and on-going
monitoring.
Database Vulnerability Assessment
SecureSphere DAS identifies and quantifies vulnerabilities using over 500 tests for various platforms and databases. Operating Systems and RDBMSs are tested for known exploits and mis-configurations. Custom assessments can also be added to address specific requirements.
The assessment tests are kept up-to-date with the latest research from the Imperva Application Defense Center (ADC) research team. The ADC team conducts primary research on the latest OS, database and application vulnerabilities and exploits, and translates the findings into useful assessment tests and signatures. The updated assessments are automatically sent to the SecureSphere systems ensuring up-to-date identification of known vulnerabilities and the ability to protect systems against the latest attacks.
| Database Vulnerability
Assessments SecureSphere DAS arms organizations with a comprehensive list of predefined assessment tests, which is continuously updated by the Imperva Application Defense Center (ADC) research team, providing the most extensive database discovery and assessment solution. SecureSphere assessments address PCIDSS, SOX and HIPAA requirements and include the following:
Additional vulnerabilities specific for SAP, Oracle EBS and PeopleSoft databases are available with Imperva ADC Insights. |
Managing Database Vulnerabilities
To assist organizations with tracking
and understanding their vulnerabilities,
discovered vulnerabilities are assigned
with a severity based on the Common
Vulnerability Scoring System (CVSS). They
are also mapped to a CVE identifier and the
NIST standard, allowing users to search and
learn more about the vulnerability.
Mitigating Discovered Vulnerabilities
An interactive vulnerability dashboard
helps organization understand and analyze
vulnerabilities by showing status, top
vulnerabilities, and trending charts with
drill down capabilities.
SecureSphere also provides a Vulnerability Workbench where users can track, manage and mitigate discovered vulnerabilities. When deployed with SecureSphere Database Firewall or Data Security Suite it enables vulnerability mitigation through virtual patching and blocking capabilities.
Effective Data Risk Management
Data Risk Explorer
Though for most organizations Risk
Management is a top priority, it is often
implemented as disparate efforts and
manual processes that provide only
limited visibility and incomplete analysis.
SecureSphere delivers a unique data risk
management approach that centralizes
and automates data risk management
processes and gives better visibility into
risks to sensitive data.
The graphical Risk Explorer helps organizations effectively understand the areas of risk in the organization by geographical location, server groups, servers, and by classified data type. The views support drill down capabilities that provide more details on specific vulnerabilities, supporting quick focus and decision making.
Audit and Change Management
Pre-defined and custom reports provide
detailed visibility into configuration
changes, allowing auditors and
management to track risk mitigation
efforts. Reports are also useful for
change management as they can list the
configuration changes that take place in
the monitored environment. SecureSphere
DAS supports integration with SIEM,
Workflow and Ticketing systems.
Data Governance and Protection
SecureSphere DAS ensures that
organizations are aware of what data is
stored in their organization and what steps
should be taken to secure it. Dashboards
and reports help provide a risk-based
view into database vulnerability
management. Through centralized
management and automated
compliance reporting,
SecureSphere DAS provides
a critical part of any risk,
governance, and compliance
project.
Deploying SecureSphere DAS
The SecureSphere DAS is provided as a turn-key network appliance and available in two editions:
Enterprise Edition
Designed for larger enterprises, with
extended platform options. Upgrade paths
supported to SecureSphere DAM, DBF
and DSS. Supports integration with 3rd
party enterprise solutions including SIEM,
Workflow and Ticketing systems.
Standard Edition
Designed for medium enterprises looking
for a cost effective stand-alone database
vulnerability management solutions. No
upgrade paths are supported.
Features and Appliance Specifications:
| Features Specifications: | |
|---|---|
| Supported Database Platforms |
|
| Automated Discovery |
|
| Data Classification |
|
| Vulnerability Assessment |
|
| Enterprise Application Assessments |
|
| Compliance Assessments |
|
| Risk Management |
|
| Scheduling |
|
| Actions |
|
| Assessment Updates |
|
| Performance Overhead |
|
| Management |
|
| Role-Based Controls |
|
| Event Notification |
|
| Reports |
|
| Report Formats |
|
| Upgrade Paths |
|
| Appliance Specifications: | |||||
|---|---|---|---|---|---|
 |
 |
|
 |
|
|
| X6500 | X4500 | X2500 | X2000 | X1000 | |
| Fault Tolerance | Dual, hot-swap hard drives, power supplies, and fans | Dual, hot-swap hard drives, power supplies, and fans | Dual, hot-swap hard drives, power supplies, and fans | N/A | N/A |
| Throughput | 2 Gbps | 1 Gbps | 500 Mbps | 500 Mbps | 100 Mbps |
| HTTP Transactions/Sec | 44,000 | 36,000 | 22,000 | 22,000 | 8,000 |
| SQL Transactions/Sex | 200,000 | 100,000 | 50,000 | N/A | N/A |
| Latency | Sub-millisecond | Sub-millisecond | Sub-millisecond | Sub-millisecond | Sub-millisecond |
| Interfaces |
10 x 10/100/1000 Mbps (max 4 Fiber interfaces; optional 10Gbps Fiber) |
6 x 10/100/1000 Mbps (max 4 Fiber interfaces; optional 10Gbps Fiber; optional 4 additional Copper) |
6 x 10/100/1000 Mbps (max 4 Fiber interfaces) |
6 x 1GbE | 6 x 1GbE |
| Interface Types | Copper, Fiber SX, Fiber SR or Fiber LR | Copper, Fiber SX, Fiber SR or Fiber LR | Copper or Fiber SX | Copper | Copper |
| Max Network Segments | (4) Bridge; (9) Proxy, Non-inline | (4) Bridge; (9) Proxy, Non-inline | (2) Bridge; (5) Proxy, Non-inline | (2) Bridge; (5) Proxy, Non-inline | (2) Bridge; (5) Proxy, Non-inline |
| Inline Fail Open (Bridging only) | 4 bypass segments | Up to 4 bypass segments | 2 bypass segments | 2 bypass segments | 2 bypass segments |
| Hard Drive | 2 hot-swap 1 TB | 2 hot-swap 1 TB | 2 hot-swap 500 GB | 500 GB | 500 GB |
| Memory | 8 GB | 8 GB | 4 GB | 4 GB | 2 GB |
| Serial Port | RJ45 connector | RJ45 connector | RJ45 connector | RJ45 connector | RJ45 connector |
| USB Port | 2 | 2 | 2 | 2 | 2 |
| SSL Acceleration | Included | Optional | Optional | N/A | N/A |
| Fibre Channel, LOM or HSM | Optional | Optional | Optional | N/A | N/A |
| Power Supply | Dual 400 W | Dual 400 W | Dual 400 W | 250 W | 250 W |
| AC Power | 100-240V, 50-60 Hz | 100-240V, 50-60 Hz | 100-240V, 50-60 Hz | 100-240V, 50-60 Hz | 100-240V, 50-60 Hz |
| Typical Consumption | 290 W | 210 W | 190 W | 110W | 80 W |
| Typical Heat Output | 990 BTU/Hr | 720 BTU/Hr | 650 BTU/Hr | 375 BTU/Hr | 275 BTU/Hr |
| Form Factor | 2U | 2U | 2U | 1U | 1U |
| Dimensions | 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm | 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm | 17.4 x 20.1 x 3.46 in 443 x 512 x 88 mm | 17 x 14 x 1.73 in 431.8 x 355.2 x 44 mm | 17 x 14 x 1.73 in 431.8 x 355.2 x 44 mm |
| Weight | 53.3 lbs (24.2 Kg) | 51.10 lbs (23.2 Kg) | 50.44 lbs (22.9 Kg) | 14.1 lbs (6.4 Kg) | 14.1 lbs (6.4 Kg) |
| Operating Environment |
Temperature: 5° - 40° C Relative Humidity: 20% - 90% |
||||
| Storage Environment |
Temperature: 0° - 70° C Relative Humidity: 20% - 90% |
||||
| Safety Agency Approval | CE/FCC/cTUVus/VCCI | ||||
| Supported SecureSphere Products |
Web Application Firewall Discovery and Assessment Server Database Activity Monitoring Database Firewall Data Security Suite |
Web Application Firewall Web Application Firewall Standard Edition (SE) Discovery and Assessment Server |
|||
| Database Agents Included1 | 100 | 50 | 20 | N/A | N/A |
| Database Vulnerability Assessments Included2 | 400 | 200 | 100 | 100 | 25 |
1 Database agents only included with SecureSphere Database Activity Monitoring, Database Firewall, and Data Security Suite.
2 Database assessments only included with Discovery and Assessment Server, Database Activity Monitoring, Database Firewall, and Data Security Suite. (and Discovery and Assessment Server for X2000 and X1000)
Documentation:
Download the Imperva SecureSphere Discovery and Assessment Server Datasheet (PDF).