IMPERVA DAM

Imperva solutions for database security are Imperva Database Firewall and Database Activity Monitoring, two solutions that integrate seamlessly to automate company-wise compliance and affirm database security by offering complete visibility into database user access, providing real-time security measures, and discovering potential vulnerabilities. Furthermore, these solutions block any untoward behavior or severe policy violations.

While Imperva Database Assessment and SecureSphere Database Activity Monitoring are individual products, they can be extended to provide database activity monitoring (DAM) functions as a single product.

SecureSphere Database Activity Monitoring Product Features

Imperva SecureSphere Database Activity Monitoring is a software product and combination appliance that can be utilized as a lightweight agent, deployed as an in-line bridge to monitor local database access.

This product is preassembled with security policies that combine with the monitoring system to notify administrators of potentially malicious activity in real-time.

• Dynamic Profiling Technology: is a feature that provides a baseline of typical user access patterns to data and gives out alerts when unusual patterns are noticed. Users who do not abide by access policies or try to perform unauthorized requests will be quarantined or blocked.

• Predefined Audit Policies: The audit policies on the product are configured for the Sarbanes-Oxley Act, PCI DSS, and Health Insurance Portability-Accountability Act.

• Web-based Interface: Imperva goes the extra mile in creating a user-friendly interface. Information is displayed concisely, and most of the command prompts are available with one or two clicks. A good example is the security alerts screen that provides a comprehensive table of violations including essential details such as database user, date, time, query, description of the breach, and Database response – on a single screen.

Imperva DAM & Compatible Databases

Imperva SecureSphere solution is compatible with the following databases:

• Microsoft SQL Server
• Sybase
• MySQL
• Oracle
• IBM DB2
• Progress OpenEdge
• IBM IMS
• MongoDB
• IBM Netezza
• Metadata
• PostgreSQL

SecureSphere Database Assessment Product Features

SecureSphere Database Assessment solution encompasses the following services: data classification, database discovery, configuration management, and vulnerability assessment. The assessment checks for more than 1000 possible flaws and vulnerabilities using CIS and DISA STIGs standards as the benchmarks.

The subsequent reports include remediation recommendations, details on vulnerabilities, and pinpoints configurations that are not up to the required standards.

The User Rights Management feature allows an administrator, at a glance, to see which users have access to sensitive data, excessive privileges, and the last time a user used a particular object.

Pricing and Licensing

Imperva licenses SecureSphere Database Activity Monitoring in the form of database transaction volume, hence price depends on the environment. In a particular licensing model, a single license can monitor and audit an unlimited number of database and Database servers.

Usually, the platform requires a management server, and a hardware or virtual appliance. The price for lower-end and higher-end devices will be provided at the discretion of our management team. Prospective customers can contact a GCA technology services representative for specific pricing and licensing costs of our database activity monitoring solutions.

Support

This software solution comes in three packages: Premium, Enhanced, and Standard packages. Each package is accompanied with access to minor and major software updates, our self-service support portal, and hardware warranties.

The Standard package is fitted with phone support during working hours; support engineers can be contacted 24x7x365 via phone when you purchase the Premium and Enhanced packages. For an additional cost, customers can gain an audience with a designated support engineer from GCA technology services.

For a minimal price, the Enhanced and Premium packages contain software product support. We encourage customers to upgrade to either if the supported versions after purchase. After purchase, customers can benefit from equipment support several years after their purchase.

Regarding our Imperva database security monitoring solution, there are simple do’s, and dont’s that the solution executes.

The Do’s

• The software solution consumes disk and CPU resources, by using the agent-only collection method. Resource consumption can be capped if needed. Compared to an online bridge deployment or non-inline sniffer, the agent-only collection method clusters gateways. In turn, this guarantees the high availability performance of your database.
• Provides constant, real-time monitoring of IPC and Bequeth SQL traffic. Besides, it also has the added option of monitoring every incoming network-based SQL traffic to the central database.
• Executes a TCP reset on blocked sessions, which occurs when a client loses network connection. As a result of this process, there are zero changes to the database and the general database client connection cleanup can resume.
• Consumes low amount of network bandwidth for inbound SQL statements to the gateway, including additional metadata such as the number of rows and response time.

Note: Outgoing network traffic can also be monitored through a separate interface, although this tends to cause security issues if sensitive data is stored. This can also create a robust volume of network traffic data.

• Provides a single graphical gateway for troubleshooting. You can quickly identify which resources are being consumed in real-time, and also check the history of resource consumption. If blocking is activated, you can specifically send an email to the DAM tool, SIEM [Security Information and Event Manager], or other notification systems.

The Don’ts

• DAM does not require the installation of any objects or scripts in your database. Also, there is no need to install credentials other than the standard operating credentials.
• Does not alter or require alteration of your database, database parameters, or database configuration files. The agent will not make any changes to your database.
• Does not sure a host reboot, except for rare occurrences like a DB2 on AIX database bounce.
• Won’t copy to the file system, except in rare cases where communication is lost to the gateway. This action can be stopped as soon as the connection is reestablished.
• Does not require an existing or new database for monitoring, blocking, or installation.

Summary

Due to the growing number of security threats in today’s world, coupled with the exponential growth in both the use and volume of sensitive data, it is essential that data-centric security protocols are utilized. These measures, which prioritize data safety as it moves across servers, networks, endpoints, or applications, occur in two forms: database activity monitoring and native database auditing solutions.

Native database auditing tools are known to be free, but they accrue various hidden costs – extra hardware, storage, performance degradation, software, and labor costs – while failing to match up to security or compliance requirements. Basically, your data is still at risk.

Database Activity Monitoring software solutions provide the extensive security coverage and compliance needed to protect your data, without subjecting your company to the costs associated with native database auditing.