Imperva Database Activity Monitoring delivers an automated and scalable database auditing solution that monitors and audits all access to sensitive data across heterogeneous database platforms. SecureSphere enables organizations to demonstrate compliance with industry regulations through automated processes, audit analysis and customizable reports. Furthermore SecureSphere accelerates incident response and forensic investigation with centralized management and advanced analytics.
It is evident to see that database activity monitoring and auditing has become a critical challenge for organizations due to increasing importance of data integrity and privacy to customers and regulators. Therefore the need to constantly audit database access, by privilege and non-privilege users, on a large number of databases, is addressed by SecureSphere’s automated and scalable database audit solution.
In addition to the above, SecureSphere enables customers to optimize their DAM implementations by combining agent-based and network activity monitoring. SecureSphere database agents can be configured for monitoring local privileged activity exclusively, or for monitoring all database activity. SecureSphere’s hybrid architecture provides comprehensive database auditing with minimal overhead and unparalleled scalability.
Streamline Compliance through Automated Controls and Reporting
SecureSphere entails a complete set of predefined, customizable audit and security policies which can be quickly implemented for monitoring any database environment. It provides detailed and summary reports on audited events that help analyze audit data and address regulatory requirements. Specific reports are designed for demonstrating compliance with SOX, PCI DSS, HIPAA and other data privacy laws. Reports can be scheduled to run automatically and are available in PDF or HTML formats. Audit details and alerts can be sent to SIEM, ticketing systems and other third party solutions in order to streamline business processes.
Audit Analytics for Incident Investigation and Forensics
SecureSphere provides complete visibility into audited activities through interactive audit analytics. It enables security teams and non-technical database auditors to analyze, correlate and view database activity from virtually any angle with just a few clicks, without requiring any SQL scripting. Interactive audit analytics simplifies forensic investigations and enables identification of trends and patters that may indicate security risks or compliance problems.
Continuously Monitoring and Audit Sensitive Data Usage
SecureSphere permits continuous monitoring and granular auditing of all database operations in real- time providing organizations with a detailed audit trail that shows the Who, What, When, Where and How’ of each transaction. It captures all database activity including DML, DDL and DCL activity, read-only activity (SELECTs), changes made to stored procedures, triggers and database objects, as well as SQL error and database login activity. SecureSphere can audit privileged users who directly access the servers, as well as non-privileged user accessing the database through various applications. It also monitors (and optionally audits) the database response to ensure there is no leakage of sensitive data.
Real-Time Alerts on Critical Security Events
SecureSphere monitors database activity in real-time and looks for various database attacks at the OS, protocol and SQL level, including SQL injection, buffer overflow and DoS attacks as well as protocol violations. Comparing monitored activity with profiled observed user behavior identifies fraudulent activities and attacks. It sends real-time alerts and enables users to create followed tasks, to ensure proper event management and change control.
Effective User Rights Management across Databases
SecureSphere streamlines the review and management of user rights across heterogeneous databases. With user rights management, organizations can establish an automated process for access rights review, identify excessive user rights and demonstrate compliance with regulations such as SOX, PCI 7 and PCI 8.5.
Manage Database Changes
SecureSphere captures all changes users, schemas, stored procedures, triggers and critical operational data. Granular row-level and column-level change auditing identifies changes that impact sensitive data. It is able to provide real-time alerts and detailed reports on database changes. Integration with ticketing systems associates changes with relevant ticket number enabling identification of authorized and unauthorized activities.
Classifying data in scope for compliance and security
SecureSphere ensures the detection of all systems and data in scope for compliance and security projects through automated discovery and classification of sensitive data. Identifying database and objects that contain sensitive and regulated data helps organizations fundamentally understand which database and objects should be audited and reduce the cost required to maintain compliance. In addition, discovery and classification provides details needed for prioritizing vulnerability remediation efforts.