Back to Home Back to Home



Company Overview
Imperva - The Leader in Data Security More organizations trust Imperva to protect their business applications and databases than any other vendor. Only Imperva delivers innovative technology to give full audit accountability and separation of duties to meet regulatory compliance. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user.

Product Overview
SecureSphere Data Security Suite Full Visibility and Control for Applications and Databases

The SecureSphere Data Security Suite delivers a complete lifecycle for Web application and database security in a single platform. By securing transactions from the end user through the Web application to the database, the SecureSphere Data Security Suite offers complete data security and visibility. SecureSphere can identify the unique application users that performed database queries—even in multi-tier environments. This Universal User Tracking capability provides user accountability to database audit trails and compliance reports.

As the premier SecureSphere Suite it combines the power of the Web Application Firewall, the visibility of the Database Activity Monitoring and the vulnerability tests of the Discovery and Assessment Server. The Data Security Suite provides complete visibility into application data usage and more accurate protection against a large variety of sophisticated attacks.



Benefits
• Complete Application and Database Security Suite to secure databases and the applications that use them
• Accurately protects against sophisticated attacks such as SQL Injection, Cross Site Scripting and database protocol manipulation
• Tracks application users to database transactions, even for pooled connections
• Streamlines auditing and compliance with automated data collection and analysis and a powerful compliance reporting engine
• Scales to support large, distributed environments with centralized management


SecureSphere Data Security Suite Features • Fully Integrated Data Security Suite – The Data Security Suite is the complete integrated package of the other SecureSphere product lines- Web Application Firewall, Discovery and Assessment Server, Database Activity Monitoring, and Database Firewall.
• Accurate Protection against Web application and Database Attacks – SecureSphere detects multiple types of security violations, including unexpected application or database requests, known (signature-based)attacks, privilege abuse, protocol violations, and session exploits.
• Complete Visibility – From the database to the application end user, the SecureSphere Data Security Suite can monitor and track the full transaction. SecureSphere audits all types of activities, including all types of SQL operations and local, privileged access by DBAs. Supporting heterogeneous database deployments, SecureSphere is the clear choice for data auditing, monitoring and forensics.
• User Accountability – The SecureSphere Data Security Suite makes individual users accountable even when user connections are pooled by an application server. Imperva’s innovative Universal User Tracking capability offers four different user tracking mechanisms to correctly identify end users regardless of how the users authenticate and access the database.
• Discovery and Assessment – SecureSphere offers server and sensitive data discovery, configuration assessment, and behavior assessment. SecureSphere enables organizations to identify and prioritize risks, mitigate vulnerabilities, and document compliance.
• Data Leak Prevention – SecureSphere detects and can optionally block sensitive data leaks, such as credit card and social security numbers, from Web applications and databases.
• Automated, Intuitive Management – Imperva’s unique Dynamic Profiling technology automatically learns the structure, elements, and expected usage of protected applications and databases.
• Enterprise-grade Centralized Management – Scaling to protect large, distributed data centers, the MX Management Server centralizes the configuration, monitoring and reporting of multiple appliances.
• Integrated Risk Management – Includes innovative Risk Dashboard to visualize and prioritize data security activities based on risk.



Business Relevant Reporting – SecureSphere includes a powerful reporting framework with both pre-defined and fully-customizable reports that offers instant visibility for security and compliance requirements.


Specification

Description

Integrated Suite
  • Licensed to include the full features for the following: Web Application Firewall, Discovery and Assessment Server, Database Activity Monitoring, and Database Firewall.

Databases Supported
  • Oracle
  • MS-SQL
  • Sybase
  • DB2
  • Informix
  • Teradata
  • MySQL

Discovery and Classification
  • Database servers
  • Financial Information
  • Credit Card Numbers
  • System and Application Credentials
  • Personal Identification Information
  • Custom data types

Vulnerability Assessment
  • Operating system vulnerabilities
  • Database software vulnerabilities
  • Configuration weaknesses

Database Audit
  • All SQL operations – DML, DCL, DDL
  • Database, application user name
  • Timestamp
  • Stored procedures, prepared statements, triggers
  • Source IP, OS, application
  • Full (raw) SQL query and response

Database Security
  • Dynamic Profile of user activity
  • Database attack signatures
  • SQL protocol violations

Web Security
  • Dynamic Profile (White List security)
  • Web server & application signatures
  • HTTP RFC compliance
  • Normalization of encoded data

See list of attacks prevented

HTTPS/SSL Inspection
  • Passive decryption or termination
  • Optional HSM for SSL key storage

Web Services Security
  • XML/SOAP profile enforcement
  • Web services signatures
  • XML protocol conformance

Platform Security
  • Operating system intrusion prevention
  • Known and zero-day worm security

Network Security
  • Stateful firewall
  • DoS prevention

Advanced Protection
  • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks

Fraud Prevention
  • Unauthorized access to sensitive data
  • Unexpected source IP or time of day
  • Abnormal user activity

Data Leak Prevention
  • Credit card number
  • PII (personally identifiable information)
  • Pattern matching

Policy/Signature Updates
  • Security updates provided weekly or immediately for critical threats

User Tracking Methods
  • Web Application User Tracking
  • Web to Database User Tracking
  • SQL Connection User Tracking
  • Direct Database User Tracking

Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)

Administration
  • MX Server for centralized management
  • Integrated management option (G4, G8)
  • Hierarchical management groupings

Monitoring
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • SecureSphere task workflow
  • Custom followed action
  • Integrated graphical reporting
  • Real-time dashboard

High Availability
  • IMPVHA (Active/Active, Active/Passive)
  • Fail open interfaces (bridge mode only)
  • VRRP
  • STP and RSTP

Deployment Modes
  • Transparent Bridge (Layer 2)
  • Router (Layer 3)
  • Non-inline sniffer
  • Light-weight agents for database host monitoring
  • Agentless collection of database audit logs


back to top