A company’s responsibility to protect data has never been higher or harder. Hackers leveraging the latest technologies are routinely exploiting users, web applications, and system vulnerabilities to breach perimeters and move laterally, stripping valuable data from the unprotected systems.
In parallel, new data protection mandates such as the European Union General Data Protection Regulation(GDPR), multiple updated US state laws including Connecticut S.B. 949, and the likely passage of the Australian data breach notification bill are adding requirements to teams already stretched thin. Many lack the time or desire to develop in-house expertise on the overlapping requirements of each regulation. Imperva addresses these concerns, providing pre-built assets and automating tasks enabling the existing teams to improve security and simplify compliance requirements.
Flexible enterprise ready deployment
Imperva takes a comprehensive view of the enterprise with a centralized management console capable of providing command and control at a global level. The automated health monitoring capabilities introduced in version SecureSphere V12 recognize IT’s need for self-monitoring systems providing intuitive alarms to indicate the presence and location of operational issues. Easy drill-down and instant detailed reporting options speed resolution.
Imperva also recognizes the value of IT provisioning, providing API sets to facilitate seamless software distribution, configuration updates, policy distribution and data discovery. Deployment and configuration automation is a primary factor in time-to-value. As an example, an Imperva customer independently deployed Agents to over 1,000 databases in just a few weeks using these automation tools.
Imperva goes beyond the typical deployment scenario where agents are required on all database servers; SecureSphere supports multiple deployment methods, including a local agent, a network transparent bridge option and a non-inline sniffer mode. By using a combination of deployment methods, the enterprise can meet a wide variety of needs without being locked into a one-size-fits-all model.
Cloud ready and the option for data security as managed service
SecureSphere supports Cloud, on-premises, and hybrid deployment models. Imperva is available for both Microsoft Azure and the Amazon Web Services (AWS) environments. In addition, Imperva offers SecureSphere data security solutions as a hosted Managed Service. Imperva has over 15 years of dedicated data protection and compliance experience. With direct access to the latest Imperva Defense Center research and expertise. Your data security will be the top priority for the dedicated staff – not something assigned to an inexperienced or resource constrained internal team.
Discover hidden risks and costs
SecureSphere identifies databases, sensitive data and system risks. Industry standards are utilized to create a prioritized risk score for each database. Combined with the automated data classification, organizations can accurately scope projects and prioritize risk mitigation efforts.
Monitor all traffic for protection, audit only what is needed for compliance
Even with a high volume of database traffic, SecureSphere simultaneously can monitor all traffic for security policy violations and only audit what is necessary for compliance policy purposes. The dual-channel monitoring for separate purposes allows companies to address both security and compliance requirements with a single unified solution. The efficiency also means companies can deploy monitoring that is more sophisticated and across more data sources than legacy solutions that must capture activity in audit logs before evaluation for policy violations. These legacy solutions can only monitor a fraction of the traffic before they impact performance, require additional appliances and more specialized resources to maintain the system.
SecureSphere analyzes all database activity in real-time, providing organizations with a proactive security enforcement layer and detailed audit trail that shows the “who, what, when, where, and how” of each transaction. SecureSphere addresses the compliance requirement for separation of duties and audits privileged users who directly access the database server, as well as users accessing the database through a browser, mobile, or desktop-based application.
Manage user access
Virtually every regulation including the new EU General Data Protection Regulation(GDPR) has requirements to manage user rights to sensitive data. Complying with these requirements is one of the most difficult tasks for enterprises to perform manually across large data sets. SecureSphere automatically aggregates user rights across heterogeneous data stores and helps establish an automated access rights review process to eliminate excessive user rights and dormant user accounts. It facilitates a routine demonstration of compliance with regulations such as HIPPA, SOX, and PCI DSS. The automation of these mundane, but critical tasks, lowers labor costs and reduces the risk of error or reporting gaps.
Protect in real-time
Stopping attacks in real-time is the only effective way to prevent hackers from getting to your data. SecureSphere monitors all traffic for security policy violations looking for attacks on the protocol and OS level, as well as unauthorized SQL activity. The highly efficient monitoring can quarantine activity pending user rights verification or block the activity – without disrupting business by disabling the entire account.
Blocking is available both at the database agent and network levels enabling the fine tuning of the security profile to balance the need for absolute security with the need for maximum performance.