Imperva: Protecting the Data that Drives Business Login|Japanese
Database Activity Monitoring

Market Leading Visibility into Database Usage

The SecureSphere Database Activity Monitoring delivers automated and scalable activity monitoring, auditing, and reporting for Oracle, MS-SQL, MySQL, IBM DB2 (including z/OS and DB2/400), Sybase, Informix, MySQL and Teradata environments. SecureSphere tracks privileged user access, SQL transactions for forensics, prevents database leaks, and ensures audit integrity by establishing an independent audit trail of user activity. SecureSphere is deployed as a non-inline monitor (sniffer) on the network, while light-weight agents inspect local DBA traffic. Unlike native database logging, SecureSphere can track SQL queries and responses without degrading database performance.

As the most widely-used database monitoring solution, the SecureSphere Database Activity Monitoring has become the solution of choice for many of the world’s leading organizations. Offering server and sensitive data discovery, vulnerability assessment, user rights management, activity monitoring, auditing and reporting, SecureSphere provides unmatched security, visibility, and compliance controls.

Video: Database Activity Monitoring
Featured Speakers:
 » Jeff Wheatman, Research Director, Gartner
 » Shlomo Kramer, President and CEO, Imperva

Benefits

  • Offers complete visibility and an independent audit trail of database activity
  • Streamlines data collection, analysis, and compliance report creation
  • Jumpstarts compliance initiatives by discovering and classifying sensitive data and assessing databases for vulnerabilities
  • Enables organization to audit and validate user rights over sensitive data and identify dormant users
  • Documents security and compliance with powerful reporting engine
  • Provides broadest options for network, agent, and agentless based database monitoring
  • Supports large, distributed environments with a high-performance architecture and centralized management

SecureSphere Database Activity Monitoring Features

  • Detailed and Granular Auditing for Heterogeneous Environments – SecureSphere’s comprehensive audit trail tracks the "who, what, when, where and how" details for all database transactions on all platforms, including LUW and z/OS
  • Automated Data Discovery, Classification and Vulnerability Assessment – SecureSphere discovers database servers and locates and classifies sensitive data; database assessments analyze databases for hundreds of vulnerabilities and configuration flaws.
  • Identification of Dormant Users and Excessive Rights – User Rights Management (URM) automates the aggregation and analysis of user rights across enterprise databases helping organizations identify dormant accounts and users with excessive rights to sensitive data.
  • Material Variances of Profiled User Activity – Imperva’s unique Dynamic Profiling technology establishes a baseline of user activity and continuously updates the baseline profile over time; SecureSphere identifies material variances when users perform unexpected queries or violate access policies.
  • Data Leak Prevention – SecureSphere inspects outbound traffic to identify and optionally audit leaks of sensitive data such as cardholder data and social security numbers.
  • Separation of Duties Enforcement – SecureSphere’s audit mechanism is completely independent of the database being audited and it does not require DBA involvement for setup or maintenance. The audit log is stored separately in a tamper-proof repository and may be optionally encrypted or digitally signed.
  • Low impact, High Performance, Zero Latency – By monitoring almost all SQL traffic at the network level and restricting Imperva’s light-weight agent to local DBA activity, SecureSphere offers unparalleled performance with no impact on existing applications or infrastructure.
  • Enterprise-grade Centralized Management – Scaling to protect large, distributed data centers, the MX Management Server centralizes the configuration, monitoring and reporting of multiple appliances.
  • Risk Management – Includes a powerful Risk Explorer to quickly identify and prioritize critical sensitive data and physical databases to audit.
  • Powerful Reporting Framework – SecureSphere includes a flexible, graphical reporting engine that includes both pre-defined and fully-customizable reports. SecureSphere can also integrate with third party products such as SIEM and ticketing solutions.
  • Automated Compliance Workflow – Compliance reports may be scheduled and distributed across the organization; SecureSphere can record when key stakeholders review reports or define followed tasks.
SecureSphere Database Activity MonitoringClick to enlarge

Database Activity Monitoring Specifications


Specification Description
Databases Supported
  • Oracle
  • MS-SQL
  • Sybase
  • IBM DB2 (Including z/OS and DB2/400)
  • Informix
  • Teradata
  • MySQL
Server Discovery
  • Automated discovery of database servers
Data Discovery and Classification
  • Database servers
  • Financial Information
  • Credit Card Numbers
  • System and Application Credentials
  • Personal Identification Information
  • Custom data types
User Rights Management
  • Audit user rights over database objects
  • Validate excessive rights over sensitive data
  • Identify dormant accounts
  • Track changes to user rights
Vulnerability Assessment
  • Operating System vulnerabilities
  • Database vulnerabilities
  • Configuration flaws
  • Risk scoring and mitigation steps
Database Audit
  • SQL operation (raw or parsed)
  • SQL response (raw or parsed)
  • Database, OS user name
  • Timestamp
  • Source IP, OS, application
Privileged Activities
  • All privileged activity, DDL and DCL
  • Schema Changes (CREATE, DROP, ALTER)
  • Creation, modification of accounts, roles and privileges (GRANT, REVOKE)
Access to Sensitive Data
  • Successful and Failed SELECTs
Security Exceptions
  • Failed Logins, Connection Errors, SQL errors
Data Modification
  • INSERTs, UPDATEs, DELETEs (DML activity)
Stored Procedures
  • Creation, Modification, Execution
Triggers
  • Creation and Modification
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Fraud Identification
  • Unauthorized activity on sensitive data
  • Abnormal activity hours and source
  • Unexpected user activity
Data Leak Identification
  • Requests for classified data
  • Unauthorized/abnormal data extraction
Database Security
  • Dynamic Profile (White List security)
  • Protocol Validation (SQL and protocol validation)
  • Real-time alerts
Platform Security
  • Operating system intrusion signatures
  • Known and zero-day worm security
Network Security
  • Stateful firewall
  • DoS prevention
Advanced Protection
  • Correlation rules incorporate all security elements (white list, black list) to detect complex, multi-stage attacks
Risk Management
  • Data Risk Explorer and risk scoring based on sensitive data and location. Recommended mitigation and audit activities prioritization.
Policy Updates
  • Regular Application Defense Center security and compliance updates
Deployment Modes
  • Network: Non-inline sniffer, transparent bridge
  • Host: Optional light-weight agents (local or global mode)
  • Agentless collection of database audit logs
Performance Overhead
  • Network monitoring – Zero impact on monitored servers
  • Agent based monitoring – up to 3% CPU resources
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Administration
  • MX Server for centralized management
  • Integrated management option
  • Hierarchical management
Events and Reporting
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Upgrade Paths
  • Database Firewall, Data Security Suite