SecureSphere Compliance Bundles Monitor and Secure Database, Web Application, Platform, and Network to Satisfy Regulatory Requirements
FOSTER CITY, Calif., Jan. 30, 2006 – Imperva™, the leader in data security for the data center, today announced three compliance modules for its SecureSphere™ Gateway appliances that enable organizations to meet audit and data protection requirements imposed by the PCI, HIPAA, and Sarbanes-Oxley (Sarbox) legislations. These modules are individually configured to monitor, assess, and report on activity within the data center infrastructure for compliance with the specific security guidelines of these regulations.
“Showing compliance with regulations and industry mandates requires auditing and protection strategies that are tuned for each regulation,” said Andrew Jaquith, Senior Analyst for Yankee Group. “Products that help network managers and database administrators demonstrate adherence to the most important requirements helps reduce the cost of compliance initiatives.”
End-to-End Security and Audit
To comply with PCI, HIPAA, Sarbox and other mandates, organizations require controls and reporting capabilities that encompass the complexity of the data center. This includes end-to-end security enforcement and audit from the web application front-end to the database back-end; along with the underlying operating system and network layers. SecureSphere addresses the full spectrum of this infrastructure by providing protection and reporting that integrates a database security gateway, web application firewall, network firewall and Intrusion Prevention System (IPS).
Automated Closed Loop Compliance
Security reporting is the most visible, yet smallest component of the regulatory compliance life cycle. The biggest source of compliance costs is the on-going effort to keep up with changes in applications and databases to maintain compliance with audit and protection requirements. SecureSphere frees up IT resources by automating this manually intensive and continuous process.
Multi-Layer Assessment
For PCI, HIPAA, and Sarbox, SecureSphere compliance assessment reports detail data usage, configuration, and policy settings that include:
- Network firewall configuration
- Data server configuration
- User account analysis
- Data storage policy
- Data usage policy
Intelligent Auditing
SecureSphere audit reports go beyond simple logging of events to answer difficult questions that allow security administrators and auditors to know whether a given transaction is an attack or an acceptable change in the application. Specifically, these reports identify:
- What happened and when (easy)
- Was the activity an attack (difficult)
- Was the activity a new legitimate user or new use of the application (difficult)
Real-Time Data Protection
To ensure compliance with the data protection and data assurance requirements of these three regulations, SecureSphere protection reporting covers:
- Real-time monitoring of activity at the database, web application, platform, and network layers
- Real-time alerts of policy violations or, where appropriate, automated blocking of unauthorized activity and transactions
“The cost and complexity of achieving and maintaining regulatory compliance is staggering because it requires ongoing assessment, audit and protection, not just reporting,” said Shlomo Kramer, founder and CEO of Imperva. “With the ability to monitor and protect the entire data center infrastructure, SecureSphere’s regulation-specific compliance bundles slash the expenditures and IT resources needed to implement and document PCI, HIPAA, and Sarbox requirements.”
Pricing and Availability
SecureSphere/PCI, SecureSphere/HIPAA and SecureSphere/SOX solutions bundles are available immediately from Imperva and its business partners worldwide. Pricing starts at $42,500 USD for a SecureSphere database security gateway appliance bundled with support for unlimited databases and one compliance module.
About Imperva
Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com
# # #
Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.
Editorial Contact
Marc Gendron
(781) 237-0341
marc@mqpr.net